U §Ãq`gã@sÜddlZddlmZddlmZddlmZddlmZm Z ddl m Z m Z ddl mZeejejdœd d „Zeejejdœd d „ZejejejejejejfZeje je jfZGd d„deƒZGdd„deƒZ dS)éN)ÚEnum)Úx509)Ú _get_backend)ÚhashesÚ serialization)ÚecÚrsa)Ú_check_byteslike©ÚdataÚreturncCstdƒ}| |¡S©N)rÚload_pem_pkcs7_certificates©r Úbackend©rúY/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/primitives/serialization/pkcs7.pyrsrcCstdƒ}| |¡Sr )rÚload_der_pkcs7_certificatesrrrrrsrc@s$eZdZdZdZdZdZdZdZdS)Ú PKCS7OptionszAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) Ú__name__Ú __module__Ú __qualname__ÚTextÚBinaryÚDetachedSignatureÚNoCapabilitiesÚ NoAttributesZNoCertsrrrrr&s rc@speZdZdggfdd„Zeddœdd„Zejee ddœdd „Z ejdd œd d „Z de j ejeed œdd„ZdS)ÚPKCS7SignatureBuilderNcCs||_||_||_dSr )Ú_dataÚ_signersÚ_additional_certs)Úselfr ZsignersZadditional_certsrrrÚ__init__0szPKCS7SignatureBuilder.__init__r cCs(td|ƒ|jdk rtdƒ‚t||jƒS)Nr zdata may only be set once)r rÚ ValueErrorrr)r!r rrrÚset_data5s  zPKCS7SignatureBuilder.set_data)Ú certificateÚ private_keyÚhash_algorithmr cCsnt|tjtjtjtjtjfƒs&tdƒ‚t|tj ƒs:tdƒ‚t|t j t j fƒsTtdƒ‚t|j|j|||fgƒS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512ú&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.)Ú isinstancerÚSHA1ÚSHA224ÚSHA256ÚSHA384ÚSHA512Ú TypeErrorrÚ CertificaterÚ RSAPrivateKeyrÚEllipticCurvePrivateKeyrrr)r!r%r&r'rrrÚ add_signer<s.ûþ ÿ  ÿþz PKCS7SignatureBuilder.add_signer)r%r cCs,t|tjƒstdƒ‚t|j|j|j|gƒS)Nr()r)rr0r/rrrr )r!r%rrrÚadd_certificate]s  ÿz%PKCS7SignatureBuilder.add_certificate)ÚencodingÚoptionsr cCsàt|jƒdkrtdƒ‚|jdkr(tdƒ‚t|ƒ}tdd„|DƒƒsJtdƒ‚|tjjtjj tjj fkrltdƒ‚t j |krˆt j |krˆtdƒ‚t j |kr®|tjj tjjfkr®td ƒ‚t j|krÊt j|krÊtd ƒ‚t|ƒ}| |||¡S) NrzMust have at least one signerzYou must add data to signcss|]}t|tƒVqdSr )r)r)Ú.0ÚxrrrÚ rsz-PKCS7SignatureBuilder.sign..z*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.)Úlenrr#rÚlistÚallrÚEncodingZPEMZDERZSMIMErrrrrrZ pkcs7_sign)r!r5r6rrrrÚsigngsL ýÿÿþÿ þÿÿþÿzPKCS7SignatureBuilder.sign)N)rrrr"Úbytesr$rr0Ú_ALLOWED_PRIVATE_KEY_TYPESÚ_ALLOWED_PKCS7_HASH_TYPESr3r4rr=ÚtypingÚIterablerr>rrrrr/s  û "þ üûr)!rBÚenumrZ cryptographyrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZcryptography.utilsr r?ÚListr0rrÚUnionr*r+r,r-r.rAr1r2r@rÚobjectrrrrrÚs*    üÿ ÿ