U ¨Ãq`G›ã@s®ddlZddlZddlZddlZddlmZddlmZmZddlm Z m Z ddl m Z m Z mZmZmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZddlm Z ddl!m"Z"dd l#m$Z$dd l%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.dd l/m0Z0m1Z1m2Z2m3Z3dd l4m5Z5m6Z6m7Z7dd l8m9Z9m:Z:ddl;mm?Z?m@Z@mAZAddlBmCZCmDZDmEZEmFZFmGZGmHZHmIZImJZJmKZKddlLmMZMddlNmOZOddlPmQZQmRZRddlSmTZTmUZUddlVmWZWmXZXddlYmZZZm[Z[ddl\m]Z]m^Z^ddl_m`Z`maZambZbmcZcddldmeZeddlfmgZgmhZhddlimjZjmkZkmlZlmmZmmnZnmoZoddlpmqZqmrZrmsZsmtZtddlumvZvmwZwmxZxmyZymzZzm{Z{m|Z|m}Z}m~Z~ddlm€Z€mZm‚Z‚mƒZƒm„Z„m…Z…m†Z†m‡Z‡ddlˆm‰Z‰dd lŠm‹Z‹mŒZŒdd!lmŽZŽe d"d#d$g¡ZGd%d&„d&e‘ƒZ’e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e “e¡e ”ee •¡j–j—e¡Gd'd(„d(e‘ƒƒƒƒƒƒƒƒƒƒƒƒƒƒZ˜Gd)d*„d*e‘ƒZ™d+d,„Zše˜ƒZ›dS)-éN)Úcontextmanager)ÚutilsÚx509)ÚUnsupportedAlgorithmÚ_Reasons)ÚINTEGERÚNULLÚSEQUENCEÚ encode_derÚencode_der_integer) Ú CMACBackendÚ CipherBackendÚDERSerializationBackendÚ DHBackendÚ DSABackendÚEllipticCurveBackendÚ HMACBackendÚ HashBackendÚPBKDF2HMACBackendÚPEMSerializationBackendÚ RSABackendÚ ScryptBackendÚ X509Backend)Úaead)Ú_CipherContext©Ú _CMACContext) Ú_CRL_ENTRY_REASON_ENUM_TO_CODEÚ_CRL_EXTENSION_HANDLERSÚ_EXTENSION_HANDLERS_BASEÚ_EXTENSION_HANDLERS_SCTÚ"_OCSP_BASICRESP_EXTENSION_HANDLERSÚ_OCSP_REQ_EXTENSION_HANDLERSÚ'_OCSP_SINGLERESP_EXTENSION_HANDLERS_SCTÚ_REVOKED_EXTENSION_HANDLERSÚ_X509ExtensionParser)Ú _DHParametersÚ _DHPrivateKeyÚ _DHPublicKeyÚ_dh_params_dup)Ú_DSAParametersÚ_DSAPrivateKeyÚ _DSAPublicKey)Ú_EllipticCurvePrivateKeyÚ_EllipticCurvePublicKey)Ú_Ed25519PrivateKeyÚ_Ed25519PublicKey)Ú_ED448_KEY_SIZEÚ_Ed448PrivateKeyÚ_Ed448PublicKey) Ú$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSÚ_CRL_EXTENSION_ENCODE_HANDLERSÚ_EXTENSION_ENCODE_HANDLERSÚ)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSÚ'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSÚ_encode_asn1_int_gcÚ_encode_asn1_str_gcÚ_encode_name_gcÚ _txt2obj_gc©Ú _HashContext©Ú _HMACContext)Ú _OCSPRequestÚ _OCSPResponse)Ú_POLY1305_KEY_SIZEÚ_Poly1305Context)Ú_RSAPrivateKeyÚ _RSAPublicKey)Ú_X25519PrivateKeyÚ_X25519PublicKey)Ú_X448PrivateKeyÚ_X448PublicKey)Ú _CertificateÚ_CertificateRevocationListÚ_CertificateSigningRequestÚ_RevokedCertificate)Úbinding)ÚhashesÚ serialization)ÚdhÚdsaÚecÚed25519Úed448Úrsa)ÚMGF1ÚOAEPÚPKCS1v15ÚPSS) ÚAESÚARC4ÚBlowfishÚCAST5ÚCamelliaÚChaCha20ÚIDEAÚSEEDÚ TripleDES)ÚCBCÚCFBÚCFB8ÚCTRÚECBÚGCMÚOFBÚXTS)Úscrypt)Úpkcs7Ússh)ÚocspÚ _MemoryBIOÚbioZchar_ptrc@s eZdZdS)Ú_RC2N)Ú__name__Ú __module__Ú __qualname__©rwrwúS/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/backends/openssl/backend.pyrsŸsrsc @s|eZdZdZdZddddddhZeefZe j e j e j e j e je je je je je je je je jf Zd Zd Zd d >Zd Zd e>Zd d „Zd-dd„Zdd„Zdd„Z e!j"dd„ƒZ#dd„Z$dd„Z%dd„Z&dd„Z'dd „Z(d!d"„Z)d#d$„Z*d%d&„Z+d'd(„Z,d)d*„Z-d+d,„Z.d-d.„Z/d/d0„Z0d1d2„Z1d3d4„Z2d5d6„Z3d7d8„Z4d9d:„Z5d;d<„Z6d=d>„Z7d?d@„Z8dAdB„Z9d.dCdD„Z:dEdF„Z;dGdH„ZdMdN„Z?dOdP„Z@dQdR„ZAdSdT„ZBdUdV„ZCdWdX„ZDdYdZ„ZEd[d\„ZFd]d^„ZGd_d`„ZHdadb„ZIdcdd„ZJdedf„ZKdgdh„ZLdidj„ZMdkdl„ZNdmdn„ZOdodp„ZPdqdr„ZQdsdt„ZRdudv„ZSdwdx„ZTdydz„ZUd{d|„ZVd}d~„ZWdd€„ZXdd‚„ZYdƒd„„ZZd…d†„Z[d‡dˆ„Z\d‰dŠ„Z]d‹dŒ„Z^ddŽ„Z_dd„Z`d‘d’„Zad“d”„Zbd•d–„Zcd—d˜„Zdd™dš„Zed›dœ„Zfddž„ZgdŸd „Zhd¡d¢„Zid£d¤„Zjd¥d¦„Zkd§d¨„Zld©dª„Zmd«d¬„Znd­d®„Zod¯d°„Zpd±d²„Zqd³d´„Zrdµd¶„Zsd·d¸„Ztd¹dº„Zud»d¼„Zvd½d¾„Zwd¿dÀ„ZxdÁd„ZydÃdÄ„ZzdÅdÆ„Z{dÇdÈ„Z|dÉdÊ„Z}dËdÌ„Z~e"dÍd΄ƒZdÏdЄZ€dÑdÒ„ZdÓdÔ„Z‚dÕdÖ„Zƒd×dØ„Z„dÙdÚ„Z…dÛdÜ„Z†dÝdÞ„Z‡dßdà„Zˆdádâ„Z‰dãdä„ZŠdådæ„Z‹dçdè„ZŒdédê„Zd/dëdì„ZŽdídî„Zdïdð„Zdñdò„Z‘dódô„Z’dõdö„Z“d÷dø„Z”dùdú„Z•dûdü„Z–dýdþ„Z—dÿd„Z˜dd„Z™dd„Zšdd„Z›dd„Zœd d „Zd d „Zžd d„ZŸdd„Z dd„Z¡dd„Z¢dd„Z£e!j"dd„ƒZ¤dd„Z¥e!j"dd„ƒZ¦dd„Z§dd „Z¨d!d"„Z©d#d$„Zªd%d&„Z«d'd(„Z¬d)d*„Z­d+d,„Z®dS(0ÚBackendz) OpenSSL API binding interfaces. Zopenssls aes-128-ccms aes-192-ccms aes-256-ccms aes-128-gcms aes-192-gcms aes-256-gcméiécCs’t ¡|_|jj|_|jj|_| ¡|_i|_ |  ¡|  ¡|  ¡|jrb|jj rbt dt¡n| ¡|jjg|_|jjrŽ|j |jj¡dS)Nzôóz*Backend._is_fips_enabled..r)Úgetattrr€ZERR_clear_errorÚbool)rZ fips_modeÚmoderwrwrxrós  zBackend._is_fips_enabledcCsf|jjrb|j ¡}||jjkrb|j |¡|j |jj¡}| |dk¡|j |¡}| |dk¡dS©Nr{) r€r‡ZENGINE_get_default_RANDr~rZENGINE_unregister_RANDÚRAND_set_rand_methodr”Ú ENGINE_finish©rÚeÚresrwrwrxÚactivate_builtin_randomûs    zBackend.activate_builtin_randomc cs‚|j |jj¡}| ||jjk¡|j |¡}| |dk¡z |VW5|j |¡}| |dk¡|j |¡}| |dk¡XdSr›) r€Z ENGINE_by_idZCryptography_osrandom_engine_idr”r~rZ ENGINE_initZ ENGINE_freerržrwrwrxÚ_get_osurandom_engines    zBackend._get_osurandom_enginec Cs`|jjr\| ¡| ¡ }|j |¡}| |dk¡W5QRX|j |jj¡}| |dk¡dSr›) r€r‡r¡r¢ZENGINE_set_default_RANDr”rœr~rržrwrwrxr‹s  z Backend.activate_osrandom_enginec Cs`|j dd¡}| ¡2}|j |dt|ƒ||jjd¡}| |dk¡W5QRX|j |¡  d¡S)Núchar[]é@sget_implementationrÚascii) r~Únewr¢r€ZENGINE_ctrl_cmdÚlenrr”ÚstringÚdecode)rÚbufrŸr rwrwrxÚosrandom_engine_implementation(s ÿz&Backend.osrandom_engine_implementationcCs|j |j |jj¡¡ d¡S)zÀ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r¥)r~r¨r€ZOpenSSL_versionÚOPENSSL_VERSIONr©rrwrwrxÚopenssl_version_text1s ÿþzBackend.openssl_version_textcCs |j ¡S©N)r€ZOpenSSL_version_numrrwrwrxÚopenssl_version_number<szBackend.openssl_version_numbercCs t|||ƒSr®r?)rÚkeyÚ algorithmrwrwrxÚcreate_hmac_ctx?szBackend.create_hmac_ctxcCsL|jdks|jdkr0d |j|jd¡ d¡}n |j d¡}|j |¡}|S)NÚblake2bÚblake2sz{}{}ér¥)ÚnameÚformatÚ digest_sizeÚencoder€ZEVP_get_digestbyname)rr±ÚalgÚevp_mdrwrwrxÚ_evp_md_from_algorithmBsÿþ  zBackend._evp_md_from_algorithmcCs | |¡}| ||jjk¡|Sr®)r¼r”r~r©rr±r»rwrwrxÚ_evp_md_non_null_from_algorithmMs z'Backend._evp_md_non_null_from_algorithmcCs,|jrt||jƒsdS| |¡}||jjkS©NF)r‚Ú isinstanceÚ _fips_hashesr¼r~rr½rwrwrxÚhash_supportedRs zBackend.hash_supportedcCs | |¡Sr®©r©rr±rwrwrxÚhmac_supportedYszBackend.hmac_supportedcCs t||ƒSr®r=rÄrwrwrxÚcreate_hash_ctx\szBackend.create_hash_ctxcCs`|jrt||jƒsdSz|jt|ƒt|ƒf}Wntk rFYdSX||||ƒ}|jj|kSr¿)r‚rÀÚ _fips_ciphersrƒÚtypeÚKeyErrorr~r)rÚcipherršÚadapterÚ evp_cipherrwrwrxÚcipher_supported_s zBackend.cipher_supportedcCs0||f|jkrtd ||¡ƒ‚||j||f<dS)Nz"Duplicate registration for: {} {}.)rƒÚ ValueErrorr·)rÚ cipher_clsÚmode_clsrËrwrwrxÚregister_cipher_adapterisÿÿzBackend.register_cipher_adaptercCsVtttttttfD]}| t|t dƒ¡qtttttfD]}| t |t dƒ¡q8ttttfD]}| t |t dƒ¡q\| t tt dƒ¡ttttfD]}| t |t dƒ¡q’ttttfD]}| t |t dƒ¡q¶t ttgttttg¡D]\}}| ||t dƒ¡qæ| ttdƒt dƒ¡| ttdƒt dƒ¡| ttdƒt d ƒ¡| ttt¡dS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20)rerhrirkrfrgrjrÑr\ÚGetCipherByNamer`rdr^rcÚ itertoolsÚproductr_rbr]rÈrsrarlÚ_get_xts_cipher)rrÐrÏrwrwrxr„rshýýÿÿÿÿ þ ýÿz!Backend._register_default_cipherscCsæt ¡}t ¡}|jjr,| t¡| t¡t||jj |jj |d|_ t||jj |jj |d|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jj|d|_ dS)N)Z ext_countZget_extÚhandlers)!rÚcopyr$r€ZCryptography_HAS_SCTÚupdater r#r%ZX509_get_ext_countZ X509_get_extZ_certificate_extension_parserZsk_X509_EXTENSION_numZsk_X509_EXTENSION_valueZ_csr_extension_parserZX509_REVOKED_get_ext_countZX509_REVOKED_get_extZ_revoked_cert_extension_parserZX509_CRL_get_ext_countZX509_CRL_get_extrZ_crl_extension_parserZOCSP_REQUEST_get_ext_countZOCSP_REQUEST_get_extr"Z_ocsp_req_ext_parserZOCSP_BASICRESP_get_ext_countZOCSP_BASICRESP_get_extr!Z_ocsp_basicresp_ext_parserZOCSP_SINGLERESP_get_ext_countZOCSP_SINGLERESP_get_extZ_ocsp_singleresp_ext_parser)rZ ext_handlersZsingleresp_handlersrwrwrxr…Ÿs^  üüüüüüüz"Backend._register_x509_ext_parserscCs6t ¡|_t ¡|_t ¡|_t ¡|_t  ¡|_ dSr®) r6r×Ú_extension_encode_handlersr5Ú_crl_extension_encode_handlersr4Ú$_crl_entry_extension_encode_handlersr8Ú'_ocsp_request_extension_encode_handlersr7Ú)_ocsp_basicresp_extension_encode_handlersrrwrwrxr†Ôs ÿÿÿÿzBackend._register_x509_encoderscCst|||tjƒSr®)rZ_ENCRYPT©rrÊršrwrwrxÚcreate_symmetric_encryption_ctxãsz'Backend.create_symmetric_encryption_ctxcCst|||tjƒSr®)rZ_DECRYPTrÞrwrwrxÚcreate_symmetric_decryption_ctxæsz'Backend.create_symmetric_decryption_ctxcCs | |¡Sr®)rÅrÄrwrwrxÚpbkdf2_hmac_supportedészBackend.pbkdf2_hmac_supportedc Csh|j d|¡}| |¡}|j |¡}|j |t|ƒ|t|ƒ||||¡} | | dk¡|j |¡dd…S)Núunsigned char[]r{) r~r¦r¾Ú from_bufferr€ZPKCS5_PBKDF2_HMACr§r”Úbuffer) rr±ÚlengthÚsaltZ iterationsÚ key_materialrªr»Úkey_material_ptrr rwrwrxÚderive_pbkdf2_hmacìs  ø zBackend.derive_pbkdf2_hmaccCs t |j¡Sr®)rOÚ_consume_errorsr€rrwrwrxrêÿszBackend._consume_errorscCs t |j¡Sr®)rOÚ_consume_errors_with_textr€rrwrwrxrësz!Backend._consume_errors_with_textcCsx||jjkst‚|j |¡}|j d|¡}|j ||¡}| |dk¡t  |j  |¡d|…d¡}|j  |¡rt| }|S)NrârÚbig) r~rÚAssertionErrorr€Z BN_num_bytesr¦Z BN_bn2binr”ÚintÚ from_bytesräZBN_is_negative)rÚbnZ bn_num_bytesZbin_ptrZbin_lenÚvalrwrwrxÚ _bn_to_ints  zBackend._bn_to_intcCsn|dks||jjkst‚|dkr(|jj}| t| ¡ddƒd¡}|j |t|ƒ|¡}|  ||jjk¡|S)a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @r{rì) r~rríÚto_bytesrîÚ bit_lengthr€Z BN_bin2bnr§r”)rÚnumrðÚbinaryZbn_ptrrwrwrxÚ _int_to_bnszBackend._int_to_bncCst ||¡|j ¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|j  ||||jj¡}| |dk¡|  |¡}t |||ƒSr›)rWZ_verify_rsa_parametersr€ÚRSA_newr”r~rÚgcÚRSA_freer÷ÚBN_freeZRSA_generate_key_exÚ_rsa_cdata_to_evp_pkeyrE)rÚpublic_exponentÚkey_sizeÚ rsa_cdatarðr Úevp_pkeyrwrwrxÚgenerate_rsa_private_key#s   ÿ z Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)Nér{rirw)rrýrþrwrwrxÚ!generate_rsa_parameters_supported5s  ÿýz)Backend.generate_rsa_parameters_supportedc Cs2t |j|j|j|j|j|j|jj |jj ¡|j   ¡}|  ||jjk¡|j ||j j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |jj ¡} | |jj ¡} |j  |||¡} |  | dk¡|j  || | |¡} |  | dk¡|j  ||||¡} |  | dk¡| |¡} t||| ƒSr›)rWZ_check_private_key_componentsÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbersrŸÚnr€rør”r~rrùrúr÷ZRSA_set0_factorsÚ RSA_set0_keyZRSA_set0_crt_paramsrürE) rÚnumbersrÿrrrrrr rŸr r rrwrwrxÚload_rsa_private_numbers<s:ø        z Backend.load_rsa_private_numberscCst |j|j¡|j ¡}| ||jjk¡|j  ||jj ¡}|  |j¡}|  |j¡}|j  ||||jj¡}| |dk¡|  |¡}t|||ƒSr›)rWZ_check_public_key_componentsrŸr r€rør”r~rrùrúr÷r rürF)rr rÿrŸr r rrwrwrxÚload_rsa_public_numbers\s    zBackend.load_rsa_public_numberscCs2|j ¡}| ||jjk¡|j ||jj¡}|Sr®)r€Z EVP_PKEY_newr”r~rrùÚ EVP_PKEY_free©rrrwrwrxÚ_create_evp_pkey_gcis zBackend._create_evp_pkey_gccCs(| ¡}|j ||¡}| |dk¡|Sr›)rr€ZEVP_PKEY_set1_RSAr”)rrÿrr rwrwrxrüoszBackend._rsa_cdata_to_evp_pkeycCsH|j |¡}|j |t|ƒ¡}| ||jjk¡t|j ||jj ¡|ƒS)z® Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) r~rãr€ZBIO_new_mem_bufr§r”rrqrùÚBIO_free)rÚdataÚdata_ptrrrrwrwrxÚ _bytes_to_bious zBackend._bytes_to_biocCsP|j ¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|S)z. Creates an empty memory BIO. )r€Z BIO_s_memr”r~rZBIO_newrùr)rZ bio_methodrrrwrwrxÚ_create_mem_bio_gc‚s   zBackend._create_mem_bio_gccCs\|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|¡dd…}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)r~r¦r€ZBIO_get_mem_datar”rrä)rrrrªZbuf_lenÚbio_datarwrwrxÚ _read_mem_bios  zBackend._read_mem_biocCs°|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krœ|j  |¡}| ||jjk¡|j ||jj ¡}t |||ƒS||jjkrä|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jkr,|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrJt||ƒS|t|jddƒkrht||ƒS|t|jddƒkr†t||ƒS|t|jddƒkr¤t||ƒStdƒ‚dS)zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. ÚEVP_PKEY_ED25519NÚ EVP_PKEY_X448ÚEVP_PKEY_X25519ÚEVP_PKEY_ED448úUnsupported key type.)r€Ú EVP_PKEY_idÚ EVP_PKEY_RSAÚEVP_PKEY_get1_RSAr”r~rrùrúrEÚ EVP_PKEY_DSAÚEVP_PKEY_get1_DSAÚDSA_freer+Ú EVP_PKEY_ECÚEVP_PKEY_get1_EC_KEYÚ EC_KEY_freer-rŒÚEVP_PKEY_get1_DHÚDH_freer'r˜r/rIrGr2r©rrÚkey_typerÿÚ dsa_cdataÚec_cdataÚdh_cdatarwrwrxÚ_evp_pkey_to_private_key˜s<                 z Backend._evp_pkey_to_private_keycCs°|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krœ|j  |¡}| ||jjk¡|j ||jj ¡}t |||ƒS||jjkrä|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jkr,|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrJt||ƒS|t|jddƒkrht||ƒS|t|jddƒkr†t||ƒS|t|jddƒkr¤t||ƒStdƒ‚dS)zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. rNrrrr)r€rr r!r”r~rrùrúrFr"r#r$r,r%r&r'r.rŒr(r)r(r˜r0rJrHr3rr*rwrwrxÚ_evp_pkey_to_public_keyÃs<                 zBackend._evp_pkey_to_public_keycCs6|jjr&t|tjtjtjtjtjfƒSt|tjƒSdSr®) r€ZCryptography_HAS_RSA_OAEP_MDrÀrPÚSHA1ÚSHA224ÚSHA256ÚSHA384ÚSHA512rÄrwrwrxÚ_oaep_hash_supportedîsûþ zBackend._oaep_hash_supportedcCsŽt|tƒrdSt|tƒr2t|jtƒr2| |jj¡St|tƒr†t|jtƒr†| |jj¡o„| |j¡o„|j dkp„t |j ƒdkp„|j j dkSdSdS)NTrr{F) rÀrZr[Z_mgfrXrÂÚ _algorithmrYr6Z_labelr§r€ZCryptography_HAS_RSA_OAEP_LABEL)rÚpaddingrwrwrxÚrsa_padding_supportedýs  ÿ û zBackend.rsa_padding_supportedc Cs~|dkrtdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j |||jjd|jj|jj|jj¡}| |dk¡t ||ƒS)N)irzi iz0Key size must be 1024, 2048, 3072, or 4096 bits.rr{) rÎr€ÚDSA_newr”r~rrùr$ZDSA_generate_parameters_exr*)rrþÚctxr rwrwrxÚgenerate_dsa_parameterss$ÿ ù zBackend.generate_dsa_parameterscCsT|j |j¡}| ||jjk¡|j ||jj¡}|j |¡|  |¡}t |||ƒSr®) r€Z DSAparams_dupZ _dsa_cdatar”r~rrùr$ZDSA_generate_keyÚ_dsa_cdata_to_evp_pkeyr+)rÚ parametersr;rrwrwrxÚgenerate_dsa_private_key&s   z Backend.generate_dsa_private_keycCs| |¡}| |¡Sr®)r<r?)rrþr>rwrwrxÚ'generate_dsa_private_key_and_parameters/s z/Backend.generate_dsa_private_key_and_parameterscCsB|j ||||¡}| |dk¡|j |||¡}| |dk¡dSr›)r€Ú DSA_set0_pqgr”Z DSA_set0_key)rr,rrÚgÚpub_keyÚpriv_keyr rwrwrxÚ_dsa_cdata_set_values3szBackend._dsa_cdata_set_valuesc Cs¨t |¡|jj}|j ¡}| ||jjk¡|j  ||jj ¡}|  |j ¡}|  |j ¡}|  |j¡}|  |jj¡}|  |j¡}| ||||||¡| |¡} t||| ƒSr®)rSZ_check_dsa_private_numbersr Úparameter_numbersr€r:r”r~rrùr$r÷rrrBÚyÚxrEr=r+) rr rFr,rrrBrCrDrrwrwrxÚload_dsa_private_numbers9s       z Backend.load_dsa_private_numbersc Cs¢t |j¡|j ¡}| ||jjk¡|j ||jj ¡}|  |jj ¡}|  |jj ¡}|  |jj ¡}|  |j¡}|jj}| ||||||¡| |¡}t|||ƒSr®)rSÚ_check_dsa_parametersrFr€r:r”r~rrùr$r÷rrrBrGrEr=r,) rr r,rrrBrCrDrrwrwrxÚload_dsa_public_numbersLs    zBackend.load_dsa_public_numberscCs†t |¡|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|  |j ¡}|j  ||||¡}| |dk¡t||ƒSr›)rSrJr€r:r”r~rrùr$r÷rrrBrAr*)rr r,rrrBr rwrwrxÚload_dsa_parameter_numbers]s     z"Backend.load_dsa_parameter_numberscCs(| ¡}|j ||¡}| |dk¡|Sr›)rr€ZEVP_PKEY_set1_DSAr”)rr,rr rwrwrxr=kszBackend._dsa_cdata_to_evp_pkeycCs | |¡Sr®rÃrÄrwrwrxÚdsa_hash_supportedqszBackend.dsa_hash_supportedcCsdS)NTrw)rrrrBrwrwrxÚdsa_parameters_supportedtsz Backend.dsa_parameters_supportedcCs| |td|jƒ¡S)Nó)rÍreÚ block_sizerÄrwrwrxÚcmac_algorithm_supportedws ÿz Backend.cmac_algorithm_supportedcCs t||ƒSr®rrÄrwrwrxÚcreate_cmac_ctx|szBackend.create_cmac_ctxcCs~t|tjtjfƒr$|dk rztdƒ‚nVt|tjtj t j fƒsDt dƒ‚n6t|t jƒsZt dƒ‚n t|t jƒrzt|tjƒsztdƒ‚dS)Nz8algorithm must be None when signing via ed25519 or ed448z;Key must be an rsa, dsa, ec, ed25519, or ed448 private key.z.Algorithm must be a registered hash algorithm.z2MD5 hash algorithm is only supported with RSA keys)rÀrUÚEd25519PrivateKeyrVÚEd448PrivateKeyrÎrWZ RSAPrivateKeyrSZ DSAPrivateKeyrTZEllipticCurvePrivateKeyÚ TypeErrorrPZ HashAlgorithmÚMD5©rÚ private_keyr±rwrwrxÚ_x509_check_signature_paramss0 ÿÿþÿ  ÿÿz$Backend._x509_check_signature_paramsc s´t|tjƒstdƒ‚ˆ ||¡ˆ ||¡}ˆj ¡}ˆ |ˆj j k¡ˆj   |ˆjj ¡}ˆj  |tjjj¡}ˆ |dk¡ˆj |tˆ|jƒ¡}ˆ |dk¡| ¡}ˆj ||j¡}ˆ |dk¡ˆj ¡}ˆ |ˆj j k¡ˆj   |‡fdd„¡}ˆj|jˆj|ˆjjddˆj ||¡}ˆ |dk¡|jD]D\} } tˆ| jƒ} ˆj  || tj!j"j#j| t$| ƒ¡}ˆ |dk¡q6ˆj %||j|¡}|dkrªˆ &¡} t'd| ƒ‚t(ˆ|ƒS) NúBuilder type mismatch.r{csˆj |ˆj ˆjjd¡¡S)NÚX509_EXTENSION_free)r€Zsk_X509_EXTENSION_pop_freer~Ú addressofÚ _original_lib)rHrrwrxr–¸s ÿþz)Backend.create_x509_csr..F©Ú extensionsrÖÚx509_objÚadd_funcrùrúSigning failed))rÀrZ CertificateSigningRequestBuilderrUrYÚ_evp_md_x509_null_if_eddsar€Z X509_REQ_newr”r~rrùÚ X509_REQ_freeZX509_REQ_set_versionÚVersionZv1ÚvalueZX509_REQ_set_subject_namer;Ú _subject_nameÚ public_keyZX509_REQ_set_pubkeyÚ _evp_pkeyZsk_X509_EXTENSION_new_nullÚ_create_x509_extensionsÚ _extensionsrÙZsk_X509_EXTENSION_insertZX509_REQ_add_extensionsÚ _attributesr<Ú dotted_stringZX509_REQ_add1_attr_by_OBJr¶Z _ASN1TypeZ UTF8Stringr§Z X509_REQ_signrërÎrM) rÚbuilderrXr±r»Úx509_reqr rhZ sk_extensionZattr_oidZattr_valÚobjr’rwrrxÚcreate_x509_csr—s^     ÿ  þ û  û  zBackend.create_x509_csrc Csxt|tjƒstdƒ‚| ||¡| ||¡}|j ¡}|j  ||jj ¡}|j  ||j j ¡}| |dk¡|j |t||jƒ¡}| |dk¡|j ||jj¡}| |dk¡t||jƒ}|j ||¡}| |dk¡| |j |¡|j¡| |j |¡|j¡|j|j|j||jj dd|j !|t||j"ƒ¡}| |dk¡|j #||j|¡}|dkrn| $¡}t%d|ƒ‚t&||ƒS©NrZr{Tr^rrb)'rÀrZCertificateBuilderrUrYrcr€ZX509_newr~rùÚ X509_freeZX509_set_versionÚ_versionrfr”ZX509_set_subject_namer;rgZX509_set_pubkeyZ _public_keyrir9Ú_serial_numberZX509_set_serialNumberÚ_set_asn1_timeZX509_getm_notBeforeZ_not_valid_beforeZX509_getm_notAfterZ_not_valid_afterrjrkrÙZ X509_add_extZX509_set_issuer_nameÚ _issuer_nameZ X509_signrërÎrK) rrnrXr±r»Z x509_certr Ú serial_numberr’rwrwrxÚcreate_x509_certificateßs\     ÿÿ  ÿ ÿû  ÿ  zBackend.create_x509_certificatecCs(t|tjtjfƒr|jjS| |¡SdSr®)rÀrUrSrVrTr~rr¾rWrwrwrxrc!s  ÿz"Backend._evp_md_x509_null_if_eddsacCsL|jdkr| d¡ d¡}n| d¡ d¡}|j ||¡}| |dk¡dS)Niz %Y%m%d%H%M%SZr¥z %y%m%d%H%M%SZr{)ÚyearÚstrftimer¹r€ZASN1_TIME_set_stringr”)rÚ asn1_timeÚtimeZasn1_strr rwrwrxrv*s  zBackend._set_asn1_timecCs>|j ¡}| ||jjk¡|j ||jj¡}| ||¡|Sr®)r€Z ASN1_TIME_newr”r~rrùZASN1_TIME_freerv)rr}r|rwrwrxÚ_create_asn1_time2s   zBackend._create_asn1_timec Cstt|tjƒstdƒ‚| ||¡| ||¡}|j ¡}|j  ||jj ¡}|j  |d¡}|  |dk¡|j  |t||jƒ¡}|  |dk¡| |j¡}|j ||¡}|  |dk¡| |j¡}|j ||¡}|  |dk¡|j|j|j||jjdd|jD]@} |j | j¡} |  | |jjk¡|j || ¡}|  |dk¡qú|j ||j|¡}|dkrj|  ¡} t!d| ƒ‚t"||ƒSrr)#rÀrZ CertificateRevocationListBuilderrUrYrcr€Z X509_CRL_newr~rùÚ X509_CRL_freeZX509_CRL_set_versionr”ZX509_CRL_set_issuer_namer;rwr~Ú _last_updateZX509_CRL_set1_lastUpdateÚ _next_updateZX509_CRL_set1_nextUpdaterjrkrÚZX509_CRL_add_extZ_revoked_certificatesZX509_REVOKED_dupZ _x509_revokedrZX509_CRL_add0_revokedZ X509_CRL_signrirërÎrL) rrnrXr±r»Úx509_crlr Z last_updateÚ next_updateZ revoked_certZrevokedr’rwrwrxÚcreate_x509_crl9sH     ÿ  û   zBackend.create_x509_crlc Csdt|ƒD]V\}}| ||¡}| ||jjk¡|rD|j ||jj¡}||||ƒ} | | dk¡qdSr›)Ú enumerateÚ_create_x509_extensionr”r~rrùr€r[) rr_rÖr`rarùÚiÚ extensionZx509_extensionr rwrwrxrjqs ÿ zBackend._create_x509_extensionscCs.t||jjƒ}|j |jj||jr&dnd|¡S)Nr{r)r<Úoidrmr€ZX509_EXTENSION_create_by_OBJr~rÚcritical)rrˆrfrprwrwrxÚ_create_raw_x509_extensions ÿz"Backend._create_raw_x509_extensioncCst|jtjƒr(t||jjƒ}| ||¡St|jtjƒrfttfdd„|jDƒžŽ}t||ƒ}| ||¡St|jtj ƒrŽt|tt ƒƒ}| ||¡Sz||j }Wn$t k rÀt d |j ¡ƒ‚YnX|||jƒ}|j |j j d¡¡}| ||jjk¡|j ||jr dnd|¡SdS)NcSsg|]}ttt|jƒƒ‘qSrw)r rr rf)Ú.0rHrwrwrxÚ Œsÿz2Backend._create_x509_extension..zExtension not supported: {}r¥r{r)rÀrfrZUnrecognizedExtensionr:r‹Z TLSFeaturer r Z PrecertPoisonrr‰rÉÚNotImplementedErrorr·r€Z OBJ_txt2nidrmr¹r”Ú NID_undefZX509V3_EXT_i2drŠ)rrÖrˆrfZasn1r¹Z ext_structÚnidrwrwrxr†…s@ ÿþþ    ÿ   ÿÿzBackend._create_x509_extensioncCsºt|tjƒstdƒ‚|j ¡}| ||jjk¡|j  ||jj ¡}t ||j ƒ}|j  ||¡}| |dk¡| |j¡}|j ||¡}| |dk¡|j|j|j||jjddt|d|ƒS)NrZr{Tr^)rÀrZRevokedCertificateBuilderrUr€ZX509_REVOKED_newr”r~rrùZX509_REVOKED_freer9ruZX509_REVOKED_set_serialNumberr~Z_revocation_dateZX509_REVOKED_set_revocationDaterjrkrÛZX509_REVOKED_add_extrN)rrnZ x509_revokedrxr Zrev_daterwrwrxÚcreate_x509_revoked_certificate§s,   ÿ ûz'Backend.create_x509_revoked_certificatecCs| |jj|j||¡Sr®)Ú _load_keyr€ZPEM_read_bio_PrivateKeyr/)rrÚpasswordrwrwrxÚload_pem_private_keyÀs üzBackend.load_pem_private_keycCsÖ| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj|jj|jj¡}||jjkrÊ|j ||jj ¡}| |¡}t|||ƒS| ¡dSr›)rr€ZPEM_read_bio_PUBKEYrrr~rrùrr0rêÚ BIO_resetr”ZPEM_read_bio_RSAPublicKeyrúrürFÚ_handle_key_loading_error©rrÚmem_biorr rÿrwrwrxÚload_pem_public_keyÈs0 ÿ  ÿ   zBackend.load_pem_public_keycCs^| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}t||ƒS|  ¡dSr®) rr€ZPEM_read_bio_DHparamsrrr~rrùr)r&r–)rrr˜r.rwrwrxÚload_pem_parametersás ÿ  zBackend.load_pem_parameterscCs>| |¡}| ||¡}|r$| |¡S| |jj|j||¡SdSr®)rÚ"_evp_pkey_from_der_traditional_keyr/r’r€Zd2i_PKCS8PrivateKey_bio)rrr“rr°rwrwrxÚload_der_private_keyís   üzBackend.load_der_private_keycCsV|j |j|jj¡}||jjkrF|j ||jj¡}|dk rBtdƒ‚|S| ¡dSdS)Nú4Password was given but private key is not encrypted.) r€Úd2i_PrivateKey_biorrr~rrùrrUrê)rrr“r°rwrwrxr›s ÿz*Backend._evp_pkey_from_der_traditional_keycCs¾| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr²|j ||jj ¡}| |¡}t|||ƒS| ¡dSr›)rr€Zd2i_PUBKEY_biorrr~rrùrr0rêr•r”Zd2i_RSAPublicKey_biorúrürFr–r—rwrwrxÚload_der_public_keys"   ÿ   zBackend.load_der_public_keycCsº| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}t||ƒS|jj r®|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr®|j ||jj¡}t||ƒS| ¡dSr›)rr€Zd2i_DHparams_biorrr~rrùr)r&rrêr•r”ZCryptography_d2i_DHxparams_bior–)rrr˜r.r rwrwrxÚload_der_parameters%s"   ÿ  zBackend.load_der_parameterscCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)Nz{Unable to load certificate. See https://cryptography.io/en/latest/faq.html#why-can-t-i-import-my-pem-file for more details.) rr€ZPEM_read_bio_X509rrr~rrêrÎrùrsrK©rrr˜rrwrwrxÚload_pem_x509_certificate9s ÿ ÿz!Backend.load_pem_x509_certificatecCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load certificate) rr€Z d2i_X509_biorrr~rrêrÎrùrsrKr¡rwrwrxÚload_der_x509_certificateIs  z!Backend.load_der_x509_certificatecCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzsUnable to load CRL. See https://cryptography.io/en/latest/faq.html#why-can-t-i-import-my-pem-file for more details.) rr€ZPEM_read_bio_X509_CRLrrr~rrêrÎrùrrL©rrr˜r‚rwrwrxÚload_pem_x509_crlSs ÿ ÿzBackend.load_pem_x509_crlcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load CRL) rr€Zd2i_X509_CRL_biorrr~rrêrÎrùrrLr¤rwrwrxÚload_der_x509_crlcs  zBackend.load_der_x509_crlcCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzwUnable to load request. See https://cryptography.io/en/latest/faq.html#why-can-t-i-import-my-pem-file for more details.) rr€ZPEM_read_bio_X509_REQrrr~rrêrÎrùrdrM©rrr˜rorwrwrxÚload_pem_x509_csrms ÿ ÿzBackend.load_pem_x509_csrcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load request) rr€Zd2i_X509_REQ_biorrr~rrêrÎrùrdrMr§rwrwrxÚload_der_x509_csr}s  zBackend.load_der_x509_csrc Cs| |¡}|j d¡}|dk rFt d|¡|j |¡}||_t|ƒ|_||j |jj |j  |j j d¡|ƒ}||jj krÆ|jdkr¾| ¡|jdkrštdƒ‚qÆ|jdks¨t‚td |jd ¡ƒ‚n| ¡|j ||j j¡}|dk rò|jdkròtd ƒ‚|dk r|jd ks|dkst‚||ƒS) NzCRYPTOGRAPHY_PASSWORD_DATA *r“ZCryptography_pem_password_cbréÿÿÿÿz3Password was not given but private key is encryptedéþÿÿÿzAPasswords longer than {} bytes are not supported by this backend.r{r)rr~r¦rÚ_check_byteslikerãr“r§rårrrr\r€r]ÚerrorrêrUrírÎr·Úmaxsizer–rùrÚcalled) rZopenssl_read_funcZ convert_funcrr“r˜ZuserdataZ password_ptrrrwrwrxr’‡sT     ÿú   ÿÿÿÿÿÿþzBackend._load_keycs|ˆ ¡}|stdƒ‚nb|d ˆjjˆjj¡sF|d ˆjjˆjj¡rPtdƒ‚n(t‡fdd„|Dƒƒrptdƒ‚ntdƒ‚dS)Nz|Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.rz Bad decrypt. Incorrect password?c3s"|]}| ˆjjˆjj¡VqdSr®)Ú_lib_reason_matchr€Ú ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)rŒr­rrwrxÚ Ès üþz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.) rêrÎr°r€r±ZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORÚany)rr’rwrrxr–·s,ÿÿþþ  û ÿz!Backend._handle_key_loading_errorcCsvz| |¡}Wntk r*|jj}YnX|j |¡}||jjkrP| ¡dS| ||jjk¡|j  |¡dSdS)NFT) Ú_elliptic_curve_to_nidrr€rZEC_GROUP_new_by_curve_namer~rrêr”Z EC_GROUP_free)rÚcurveÚ curve_nidÚgrouprwrwrxÚelliptic_curve_supportedØs   z Backend.elliptic_curve_supportedcCst|tjƒsdS| |¡Sr¿)rÀrTZECDSAr¸)rZsignature_algorithmrµrwrwrxÚ,elliptic_curve_signature_algorithm_supportedès z4Backend.elliptic_curve_signature_algorithm_supportedcCs\| |¡rD| |¡}|j |¡}| |dk¡| |¡}t|||ƒStd |j ¡t j ƒ‚dS)z@ Generate a new private key on the named curve. r{z#Backend object does not support {}.N) r¸Ú_ec_key_new_by_curver€ZEC_KEY_generate_keyr”Ú_ec_cdata_to_evp_pkeyr-rr·r¶rÚUNSUPPORTED_ELLIPTIC_CURVE)rrµr-r rrwrwrxÚ#generate_elliptic_curve_private_keyñs      þz+Backend.generate_elliptic_curve_private_keycCsp|j}| |j¡}|j | |j¡|jj¡}|j  ||¡}|  |dk¡|  ||j |j ¡}| |¡}t|||ƒSr›)r rºrµr~rùr÷Ú private_valuer€Ú BN_clear_freeÚEC_KEY_set_private_keyr”Ú)_ec_key_set_public_key_affine_coordinatesrHrGr»r-)rr Úpublicr-r¾r rrwrwrxÚ#load_elliptic_curve_private_numberss  ÿÿ z+Backend.load_elliptic_curve_private_numberscCs4| |j¡}| ||j|j¡}| |¡}t|||ƒSr®)rºrµrÁrHrGr»r.)rr r-rrwrwrxÚ"load_elliptic_curve_public_numberss ÿ z*Backend.load_elliptic_curve_public_numbersc CsÎ| |¡}|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|  ¡6}|j  |||t |ƒ|¡}|dkr’|  ¡t dƒ‚W5QRX|j ||¡}| |dk¡| |¡}t|||ƒS)Nr{z(Invalid public bytes for the given curve)rºr€ÚEC_KEY_get0_groupr”r~rÚ EC_POINT_newrùÚ EC_POINT_freeÚ _tmp_bn_ctxZEC_POINT_oct2pointr§rêrÎÚEC_KEY_set_public_keyr»r.) rrµZ point_bytesr-r·ÚpointÚbn_ctxr rrwrwrxÚ load_elliptic_curve_public_bytes!s*    ÿ z(Backend.load_elliptic_curve_public_bytesc CsD| |¡}| |¡\}}|j |¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|  ¡h}|j  ||||jj|jj|¡} | | dk¡|j  |¡} |j  |¡} |||| | |ƒ} | | dk¡W5QRX|j ||¡} | | dk¡|  |¡} |j | |jj ¡} |j || ¡} | | dk¡| |¡} t||| ƒSr›)rºÚ _ec_key_determine_group_get_funcr€rÆr”r~rrùrÇr÷r¿rÈZ EC_POINT_mulZ BN_CTX_getrÉrÀr»r-)rr¾rµr-Úget_funcr·rÊrfrËr Zbn_xZbn_yÚprivaterrwrwrxÚ!derive_elliptic_curve_private_key5s:    ÿ    z)Backend.derive_elliptic_curve_private_keycCs| |¡}| |¡Sr®)r´Ú_ec_key_new_by_curve_nid)rrµr¶rwrwrxrºXs zBackend._ec_key_new_by_curvecCs0|j |¡}| ||jjk¡|j ||jj¡Sr®)r€ZEC_KEY_new_by_curve_namer”r~rrùr')rr¶r-rwrwrxrÑ\s z Backend._ec_key_new_by_curve_nidcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load OCSP request) rr€Zd2i_OCSP_REQUEST_biorrr~rrêrÎrùÚOCSP_REQUEST_freerA)rrr˜ÚrequestrwrwrxÚload_der_ocsp_requestas  zBackend.load_der_ocsp_requestcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load OCSP response) rr€Zd2i_OCSP_RESPONSE_biorrr~rrêrÎrùÚOCSP_RESPONSE_freerB)rrr˜ÚresponserwrwrxÚload_der_ocsp_responseks  zBackend.load_der_ocsp_responsec Cs°|j ¡}| ||jjk¡|j ||jj¡}|j\}}}| |¡}|j  ||j |j ¡}| ||jjk¡|j  ||¡}| ||jjk¡|j |j |j||jjddt||ƒS)NTr^)r€ZOCSP_REQUEST_newr”r~rrùrÒÚ_requestr¾ÚOCSP_cert_to_idÚ_x509ZOCSP_request_add0_idrjrkrÜZOCSP_REQUEST_add_extrA) rrnZocsp_reqÚcertZissuerr±r»ÚcertidZonereqrwrwrxÚcreate_ocsp_requestus"   ûzBackend.create_ocsp_requestc Csô| ||¡|j ¡}| ||jjk¡|j ||jj¡}| |j j ¡}|j  ||j j j |j jj ¡}| ||jjk¡|j ||jj¡}|j jdkršd}n t|j j}|j jdkr¼|jj}n| |j j¡}|jj} |j jdk rì| |j j¡} | |j j¡} |j |||j jj||| | ¡} | | |jjk¡| ||¡}|j\} } |jj}| tjjkrb||jjO}|j dk rš|j D]$}|j !||j ¡} | | dk¡qt|j"|j#|j$||jj%dd|j &|| j |j'||jj|¡} | dkrð| (¡}t)d|ƒ‚|S)Nrªr{Tr^zAError while signing. responder_cert must be signed by private_key)*rYr€ZOCSP_BASICRESP_newr”r~rrùZOCSP_BASICRESP_freer¾Ú _responser7rÙZ_certrÚZ_issuerZOCSP_CERTID_freeZ_revocation_reasonrZ_revocation_timer~rZ _this_updateZOCSP_basic_add1_statusZ _cert_statusrfrcZ _responder_idZ OCSP_NOCERTSrpZOCSPResponderEncodingÚHASHZOCSP_RESPID_KEYZ_certsZOCSP_basic_add1_certrjrkrÝZOCSP_BASICRESP_add_extZOCSP_basic_signrirërÎ)rrnrXr±Úbasicr»rÜÚreasonZrev_timerƒZ this_updater Zresponder_certZresponder_encodingÚflagsrÛr’rwrwrxÚ_create_ocsp_basic_responseˆsŽ  ÿý ÿ  ÿ ÿù      ûú ýz#Backend._create_ocsp_basic_responsecCsb|tjjkr| |||¡}n|jj}|j |j|¡}|  ||jjk¡|j  ||jj ¡}t ||ƒSr®) rpZOCSPResponseStatusZ SUCCESSFULrãr~rr€ZOCSP_response_createrfr”rùrÕrB)rZresponse_statusrnrXr±ràZ ocsp_resprwrwrxÚcreate_ocsp_responseÝs ÿÿzBackend.create_ocsp_responsecCs| |¡ot|tjƒSr®)r¸rÀrTZECDH)rr±rµrwrwrxÚ+elliptic_curve_exchange_algorithm_supportedîs ÿz3Backend.elliptic_curve_exchange_algorithm_supportedcCs(| ¡}|j ||¡}| |dk¡|Sr›)rr€ZEVP_PKEY_set1_EC_KEYr”)rr-rr rwrwrxr»ószBackend._ec_cdata_to_evp_pkeycCsNdddœ}| |j|j¡}|j | ¡¡}||jjkrJtd |j¡tj ƒ‚|S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) Úgetr¶r€Ú OBJ_sn2nidr¹rrr·rr¼)rrµZ curve_aliasesZ curve_namer¶rwrwrxr´ùs   þzBackend._elliptic_curve_to_nidc csX|j ¡}| ||jjk¡|j ||jj¡}|j |¡z |VW5|j |¡XdSr®) r€Z BN_CTX_newr”r~rrùZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)rrËrwrwrxrÈ s   zBackend._tmp_bn_ctxcCs¼| ||jjk¡|j d¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡||kr¤|jj r¤|jj }n|jj }|s´t ‚||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) r”r~rr€rçrrÅZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFprí)rr;Z nid_two_fieldr·ÚmethodrrÎrwrwrxrÍs     z(Backend._ec_key_determine_group_get_funccCst|dks|dkrtdƒ‚|j | |¡|jj¡}|j | |¡|jj¡}|j |||¡}|dkrp| ¡tdƒ‚|S)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.r{zInvalid EC key.)rÎr~rùr÷r€rûZ(EC_KEY_set_public_key_affine_coordinatesrê)rr;rHrGr rwrwrxrÁ1sÿz1Backend._ec_key_set_public_key_affine_coordinatesc Cs(t|tjƒstdƒ‚t|tjƒs(tdƒ‚t|tjƒs|j j}n | |j jkrV|j j}nt d ƒ‚| |||¡S|tjjkrä|rˆt d ƒ‚| |j jkr |j j}n8| |j jkr¸|j j}n | |j jkrÐ|j j}nt d ƒ‚| ||¡St d ƒ‚|tjjkr|tjj krt  !||¡St d ƒ‚t dƒ‚dS)Nú/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instancer—iÿzBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingúformat is invalid with this key)"rÀrQÚEncodingrUZ PrivateFormatZKeySerializationEncryptionÚ NoEncryptionÚBestAvailableEncryptionr“r§rÎZPKCS8ÚPEMr€ZPEM_write_bio_PKCS8PrivateKeyÚDERZi2d_PKCS8PrivateKey_bioÚ_private_key_bytes_via_bioZTraditionalOpenSSLr‚rr ZPEM_write_bio_RSAPrivateKeyr"ZPEM_write_bio_DSAPrivateKeyr%ZPEM_write_bio_ECPrivateKeyZi2d_RSAPrivateKey_bioZi2d_ECPrivateKey_bioZi2d_DSAPrivateKey_bioÚ_bio_func_outputÚOpenSSHroZserialize_ssh_private_key) rÚencodingr·Úencryption_algorithmr°rÚcdatar“Ú write_bior+rwrwrxÚ_private_key_bytesEs¦  ÿÿÿ ÿ ÿ     ÿÿÿ    ÿÿÿ   ÿ  ÿzBackend._private_key_bytesc Cs<|s|jj}n |j d¡}| ||||t|ƒ|jj|jj¡S)Ns aes-256-cbc)r~rr€ÚEVP_get_cipherbynamerñr§)rrörr“rÌrwrwrxrð®s  ùz"Backend._private_key_bytes_via_biocGs.| ¡}||f|žŽ}| |dk¡| |¡Sr›)rr”r)rröÚargsrrr rwrwrxrñ¿szBackend._bio_func_outputcCst|tjƒstdƒ‚t|tjƒs(tdƒ‚|tjjkrt|tjjkrJ|jj}n|tjj kr`|jj }nt dƒ‚|  ||¡S|tjj krà|j |¡}||jjkr t dƒ‚|tjjkr¶|jj}n|tjj krÌ|jj}nt dƒ‚|  ||¡S|tjjkr|tjjkrt |¡St dƒ‚t dƒ‚dS)Nréz1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingrê)rÀrQrërUZ PublicFormatZSubjectPublicKeyInforîr€ZPEM_write_bio_PUBKEYrïZi2d_PUBKEY_biorÎrñZPKCS1rr ZPEM_write_bio_RSAPublicKeyZi2d_RSAPublicKey_bioròroZserialize_ssh_public_key)rrór·r°rrõrör+rwrwrxÚ_public_key_bytesÅs@  ÿ     ÿ          ÿzBackend._public_key_bytescCsÌ|tjjkrtdƒ‚|j d¡}|j ||jj||jj¡|tjj krj|d|jjkr`|jj }q¢|jj }n8|tjj krš|d|jjkr|jj }q¢|jj}ntdƒ‚| ¡}|||ƒ}| |dk¡| |¡S)Nz!OpenSSH encoding is not supportedz BIGNUM **rrér{)rQrëròrUr~r¦r€Z DH_get0_pqgrrîZPEM_write_bio_DHxparamsZPEM_write_bio_DHparamsrïZCryptography_i2d_DHxparams_bioZi2d_DHparams_biorr”r)rrór·rõrrörrr rwrwrxÚ_parameter_bytesõs"         zBackend._parameter_bytescCs†|tjkrtd tj¡ƒ‚|dkr*tdƒ‚|j ¡}| ||jjk¡|j  ||jj ¡}|j  ||||jj¡}| |dk¡t ||ƒS)Nz$DH key_size must be at least {} bits)éézDH generator must be 2 or 5r{) rRZ_MIN_MODULUS_SIZErÎr·r€ÚDH_newr”r~rrùr)ZDH_generate_parameters_exr&)rÚ generatorrþZdh_param_cdatar rwrwrxÚgenerate_dh_parameterss& ÿÿ ÿzBackend.generate_dh_parameterscCs(| ¡}|j ||¡}| |dk¡|Sr›)rr€ZEVP_PKEY_set1_DHr”)rr.rr rwrwrxÚ_dh_cdata_to_evp_pkey$szBackend._dh_cdata_to_evp_pkeycCs<t|j|ƒ}|j |¡}| |dk¡| |¡}t|||ƒSr›)r)Z _dh_cdatar€ZDH_generate_keyr”rr')rr>Z dh_key_cdatar rrwrwrxÚgenerate_dh_private_key*s    zBackend.generate_dh_private_keycCs| | ||¡¡Sr®)rr)rrÿrþrwrwrxÚ&generate_dh_private_key_and_parameters4s ÿz.Backend.generate_dh_private_key_and_parametersc Cs>|jj}|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|j dk rf|  |j ¡}n|jj}|  |jj ¡}|  |j¡}|j ||||¡} | | dk¡|j |||¡} | | dk¡|j dd¡} |j || ¡} | | dk¡| ddkr(|j dkr | d|jjAdks(tdƒ‚| |¡} t||| ƒS)Nr{úint[]rrüz.DH private numbers did not pass safety checks.)r rFr€rþr”r~rrùr)r÷rrBrrGrHÚ DH_set0_pqgÚ DH_set0_keyr¦ÚCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORrÎrr') rr rFr.rrBrrCrDr ÚcodesrrwrwrxÚload_dh_private_numbers9s4      ÿþ zBackend.load_dh_private_numbersc CsÐ|j ¡}| ||jjk¡|j ||jj¡}|j}| |j ¡}| |j ¡}|j dk rd| |j ¡}n|jj}| |j ¡}|j  ||||¡}| |dk¡|j |||jj¡}| |dk¡| |¡} t||| ƒSr›)r€rþr”r~rrùr)rFr÷rrBrrGrrrr() rr r.rFrrBrrCr rrwrwrxÚload_dh_public_numbersgs       zBackend.load_dh_public_numberscCs|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j ¡}|j dk r^| |j ¡}n|jj}|j  ||||¡}| |dk¡t ||ƒSr›) r€rþr”r~rrùr)r÷rrBrrr&)rr r.rrBrr rwrwrxÚload_dh_parameter_numbers‚s    z!Backend.load_dh_parameter_numberscCs´|j ¡}| ||jjk¡|j ||jj¡}| |¡}| |¡}|dk rV| |¡}n|jj}|j ||||¡}| |dk¡|j  dd¡}|j  ||¡}| |dk¡|ddkS)Nr{rr) r€rþr”r~rrùr)r÷rr¦r)rrrBrr.r rrwrwrxÚdh_parameters_supported”s    zBackend.dh_parameters_supportedcCs |jjdkSr›)r€rrrwrwrxÚdh_x942_serialization_supportedªsz'Backend.dh_x942_serialization_supportedcsxtˆ|ƒ}ˆj d¡}ˆj ||¡}ˆ |dˆjjk¡ˆj |‡fdd„¡}ˆ |dk¡ˆj |d|¡dd…S)Nzunsigned char **rcsˆj |d¡Sr•)r€Z OPENSSL_free)Úpointerrrwrxr–³r—z)Backend.x509_name_bytes..) r;r~r¦r€Z i2d_X509_NAMEr”rrùrä)rr¶Z x509_nameÚppr rwrrxÚx509_name_bytes­s   ÿzBackend.x509_name_bytescCsht|ƒdkrtdƒ‚| ¡}|j ||jj¡}| |dk¡|j ||t|ƒ¡}| |dk¡t||ƒS)Né z%An X25519 public key is 32 bytes longr{) r§rÎrr€ZEVP_PKEY_set_typeÚ NID_X25519r”ZEVP_PKEY_set1_tls_encodedpointrH)rrrr rwrwrxÚx25519_load_public_bytes¸s ÿz Backend.x25519_load_public_bytesc Cs¬t|ƒdkrtdƒ‚d}| d¡<}||dd…<||dd…<| |¡}|j |j|jj¡}W5QRX|  ||jjk¡|j  ||jj ¡}|  |j  |¡|jj k¡t||ƒS)Nrz&An X25519 private key is 32 bytes longs0.0+en" é0ré)r§rÎÚ_zeroed_bytearrayrr€ržrrr~rr”rùrrrrG)rrZ pkcs8_prefixÚbarrrrwrwrxÚx25519_load_private_bytesÇs     ÿz!Backend.x25519_load_private_bytescCs¨|j ||jj¡}| ||jjk¡|j ||jj¡}|j |¡}| |dk¡|j d¡}|j  ||¡}| |dk¡| |d|jjk¡|j |d|jj ¡}|S)Nr{ú EVP_PKEY **r) r€ZEVP_PKEY_CTX_new_idr~rr”rùZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initr¦ZEVP_PKEY_keygenr)rrZ evp_pkey_ctxr Z evp_ppkeyrrwrwrxÚ_evp_pkey_keygen_gcés  zBackend._evp_pkey_keygen_gccCs| |jj¡}t||ƒSr®)rr€rrGrrwrwrxÚx25519_generate_keyöszBackend.x25519_generate_keycCs|jr dS|jj Sr¿)r‚r€ZCRYPTOGRAPHY_IS_LIBRESSLrrwrwrxÚx25519_supportedúszBackend.x25519_supportedcCs`t|ƒdkrtdƒ‚|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t ||ƒS)Né8z#An X448 public key is 56 bytes long) r§rÎr€ÚEVP_PKEY_new_raw_public_keyÚNID_X448r~rr”rùrrJ©rrrrwrwrxÚx448_load_public_bytesÿs ÿzBackend.x448_load_public_bytescCslt|ƒdkrtdƒ‚|j |¡}|j |jj|jj|t|ƒ¡}| ||jjk¡|j  ||jj ¡}t ||ƒS)Nrz$An X448 private key is 56 bytes long) r§rÎr~rãr€ÚEVP_PKEY_new_raw_private_keyrrr”rùrrI©rrrrrwrwrxÚx448_load_private_bytes s  ÿzBackend.x448_load_private_bytescCs| |jj¡}t||ƒSr®)rr€rrIrrwrwrxÚx448_generate_key szBackend.x448_generate_keycCs|jr dS|jj Sr¿)r‚r€Z"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111rrwrwrxÚx448_supported szBackend.x448_supportedcCs|jr dS|jj Sr¿©r‚r€Z#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111BrrwrwrxÚed25519_supported szBackend.ed25519_supportedcCsnt d|¡t|ƒtjkr"tdƒ‚|j |jj|j j |t|ƒ¡}|  ||j j k¡|j   ||jj ¡}t||ƒS)Nrz&An Ed25519 public key is 32 bytes long)rÚ _check_bytesr§rUÚ_ED25519_KEY_SIZErÎr€rÚ NID_ED25519r~rr”rùrr0r rwrwrxÚed25519_load_public_bytes$ s ÿz!Backend.ed25519_load_public_bytescCszt|ƒtjkrtdƒ‚t d|¡|j |¡}|j  |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj¡}t||ƒS)Nz'An Ed25519 private key is 32 bytes longr)r§rUr*rÎrr¬r~rãr€r"r+rr”rùrr/r#rwrwrxÚed25519_load_private_bytes2 s  ÿz"Backend.ed25519_load_private_bytescCs| |jj¡}t||ƒSr®)rr€r+r/rrwrwrxÚed25519_generate_key@ szBackend.ed25519_generate_keycCs|jr dS|jj Sr¿r'rrwrwrxÚed448_supportedD szBackend.ed448_supportedcCslt d|¡t|ƒtkr tdƒ‚|j |jj|jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t ||ƒS)Nrz$An Ed448 public key is 57 bytes long)rr)r§r1rÎr€rÚ NID_ED448r~rr”rùrr3r rwrwrxÚed448_load_public_bytesI s  ÿzBackend.ed448_load_public_bytescCsxt d|¡t|ƒtkr tdƒ‚|j |¡}|j |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t||ƒS)Nrz%An Ed448 private key is 57 bytes long)rr¬r§r1rÎr~rãr€r"r0rr”rùrr2r#rwrwrxÚed448_load_private_bytesV s   ÿz Backend.ed448_load_private_bytescCs| |jj¡}t||ƒSr®)rr€r0r2rrwrwrxÚed448_generate_keyd szBackend.ed448_generate_keyc Cs†|j d|¡}|j |¡}|j |t|ƒ|t|ƒ|||tj||¡ } | dkrr| ¡} d||d} t d  | ¡| ƒ‚|j  |¡dd…S)Nrâr{é€izJNot enough memory to derive key. These parameters require {} MB of memory.) r~r¦rãr€ZEVP_PBE_scryptr§rmZ _MEM_LIMITrëÚ MemoryErrorr·rä) rrçrærår Úrrrªrèr r’Z min_memoryrwrwrxÚ derive_scrypth s0 ö ÿýzBackend.derive_scryptcCs2t |¡}|jr||jkrdS|j |¡|jjkSr¿)rZ_aead_cipher_namer‚Ú _fips_aeadr€rør~r)rrÊÚ cipher_namerwrwrxÚaead_cipher_supportedƒ s zBackend.aead_cipher_supportedc cs&t|ƒ}z |VW5| ||¡XdS)zÁ This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N)Ú bytearrayÚ _zero_data)rrårrwrwrxr‰ s zBackend._zeroed_bytearraycCst|ƒD] }d||<qdSr•)Úrange)rrrår‡rwrwrxr<– s zBackend._zero_datac csf|dkr|jjVnNt|ƒ}|j d|d¡}|j |||¡z |VW5| |j d|¡|¡XdS)aâ This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nr£r{z uint8_t *)r~rr§r¦Úmemmover<Úcast)rrZdata_lenrªrwrwrxÚ_zeroed_null_terminated_buf s   z#Backend._zeroed_null_terminated_bufc CsÊ|dk rt d|¡| |¡}|j |j|jj¡}||jjkrN| ¡t dƒ‚|j  ||jj ¡}|j  d¡}|j  d¡}|j  d¡}|  |¡}|j |||||¡} W5QRX| dkrÆ| ¡t dƒ‚d} d} g} |d|jjkr|j  |d|jj¡} | | ¡} |d|jjkr6|j  |d|jj¡}t||ƒ} |d|jjkrÀ|j  |d|jj¡}|j |d¡}t|ƒD]H}|j ||¡}| ||jjk¡|j  ||jj¡}|  t||ƒ¡qv| | | fS)Nr“z!Could not deserialize PKCS12 datarzX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)rr¬rr€Zd2i_PKCS12_biorrr~rrêrÎrùÚ PKCS12_freer¦r@Z PKCS12_parserr/rsrKÚ sk_X509_freeÚ sk_X509_numr=Ú sk_X509_valuer”rŽ)rrr“rrÚp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptrÚ password_bufr rÛr°Zadditional_certificatesrrÚsk_x509rõr‡rwrwrxÚ%load_key_and_certificates_from_pkcs12´ sP       ÿ   z-Backend.load_key_and_certificates_from_pkcs12cCsŠd}|dk rt d|¡t|tjƒr6d}d}d} d} n4t|tjƒrb|jj}|jj}d} d} |j}nt dƒ‚|dks~t |ƒdkrˆ|j j } nH|j  ¡} |j  | |jj¡} t|ƒD]"} |j | | j¡} t | dk¡q¬| |¡X}| |¡B}|j |||rü|jn|j j |r|jn|j j | ||| | d¡ }W5QRXW5QRX| ||j j k¡|j  ||jj¡}| ¡}|j ||¡} | | dk¡| |¡S)Nr¶rªri Nr{zUnsupported key encryption type)rr)rÀrQrìrír€Z&NID_pbe_WithSHA1And3_Key_TripleDES_CBCr“rÎr§r~rÚsk_X509_new_nullrùrBÚreversedÚ sk_X509_pushrÚÚbackendr”r@Z PKCS12_createrirArZi2d_PKCS12_bior)rr¶r°rÛZcasrôr“Znid_certZnid_keyZ pkcs12_iterZmac_iterrGÚcar rFZname_bufrErrrwrwrxÚ(serialize_key_and_certificates_to_pkcs12â sZ  ÿ     ö z0Backend.serialize_key_and_certificates_to_pkcs12cCs|jr dS|jjdkS)NFr{)r‚r€ZCryptography_HAS_POLY1305rrwrwrxÚpoly1305_supported" szBackend.poly1305_supportedcCs*t d|¡t|ƒtkr tdƒ‚t||ƒS)Nr°zA poly1305 key is 32 bytes long)rr¬r§rCrÎrD)rr°rwrwrxÚcreate_poly1305_ctx' s  zBackend.create_poly1305_ctxcCsnt d|¡| |¡}|j |j|jj|jj|jj¡}||jjkrR| ¡t dƒ‚|j  ||jj ¡}|  |¡S©NrzUnable to parse PKCS7 data) rr)rr€ZPEM_read_bio_PKCS7rrr~rrêrÎrùÚ PKCS7_freeÚ_load_pkcs7_certificates©rrrrÚp7rwrwrxÚload_pem_pkcs7_certificates. s  ÿ z#Backend.load_pem_pkcs7_certificatescCsbt d|¡| |¡}|j |j|jj¡}||jjkrF| ¡t dƒ‚|j  ||jj ¡}|  |¡SrQ) rr)rr€Z d2i_PKCS7_biorrr~rrêrÎrùrRrSrTrwrwrxÚload_der_pkcs7_certificates; s   z#Backend.load_der_pkcs7_certificatesc CsÆ|j |j¡}| ||jjk¡||jjkr>td |¡tj ƒ‚|j j j }|j  |¡}g}t|ƒD]`}|j ||¡}| ||jjk¡|j |¡}| |dk¡|j ||jj¡}| t||ƒ¡q`|S)NzNOnly basic signed structures are currently supported. NID for this data was {}r{)r€Z OBJ_obj2nidrÈr”rZNID_pkcs7_signedrr·rZUNSUPPORTED_SERIALIZATIONrÚsignrÛrCr=rDr~rZ X509_up_refrùrsrŽrK) rrUrrGrõÚcertsr‡rr rwrwrxrSF s( ÿý    z Backend._load_pkcs7_certificatescCs‚| |j¡}|jj}d}t|jƒdkr0|jj}nF|j ¡}|j  ||jj ¡}|jD]"}|j  ||j ¡} |  | dk¡qRtjj|krš||jjO}||jjO}|j |jj|jj||jj|¡} |  | |jjk¡|j  | |jj¡} d} tjj|krü| |jjO} ntjj|kr| |jjO} tjj|kr0| |jjO} |jD]@\} } }| |¡}|j | | j | j|| ¡}|  ||jjk¡q6|D]<}|tjjkrœ||jjO}n|tjj kr|||jj!O}q|| "¡}|t#j$j%kræ|j &|| |j'|¡} n„|t#j$j(kr*|j )| |j'|¡} |  | dk¡|j *|| |j'|¡} n@|t#j$j+ksZ)cryptography.hazmat.backends.openssl.hmacr@Z)cryptography.hazmat.backends.openssl.ocsprArBZ-cryptography.hazmat.backends.openssl.poly1305rCrDZ(cryptography.hazmat.backends.openssl.rsarErFZ+cryptography.hazmat.backends.openssl.x25519rGrHZ)cryptography.hazmat.backends.openssl.x448rIrJZ)cryptography.hazmat.backends.openssl.x509rKrLrMrNZ$cryptography.hazmat.bindings.opensslrOZcryptography.hazmat.primitivesrPrQZ)cryptography.hazmat.primitives.asymmetricrRrSrTrUrVrWZ1cryptography.hazmat.primitives.asymmetric.paddingrXrYrZr[Z1cryptography.hazmat.primitives.ciphers.algorithmsr\r]r^r_r`rarbrcrdZ,cryptography.hazmat.primitives.ciphers.modesrerfrgrhrirjrkrlZ"cryptography.hazmat.primitives.kdfrmZ,cryptography.hazmat.primitives.serializationrnroZcryptography.x509rpÚ namedtuplerqÚobjectrsZregister_interfaceZregister_interface_ifr|rZCryptography_HAS_SCRYPTryrÒrÕrLrwrwrwrxÚsš <   , ,    , (   ÿ*