B #aV3@sXddlmZmZmZmZddlZddlZddlmZddl m Z m Z m Z mZmZmZmZmZmZddlmZddlmZddlmZmZdd lmZmZdd lmZdd l m!Z!eZ"e"d krdd l#m Z m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7ne"dks2e"dkrdd l8m Z m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7n\dd l9m Z m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7ddddddddddddddddd d!d"d#d$d%d&d'd(d)gZ:d1d+dZ;d2d,dZd0dZ?dS)5)unicode_literalsdivisionabsolute_importprint_functionN)backend) armor Certificate DHParametersEncryptedPrivateKeyInfoNull OrderedDict Pbkdf2SaltPrivateKeyInfo PublicKeyInfo)_unwrap_private_key_info)pretty_message) type_namestr_cls)pbkdf2pbkdf2_iteration_calculator)aes_cbc_pkcs7_encrypt) rand_bytesmac)r dsa_sign dsa_verify ecdsa_sign ecdsa_verify generate_pairgenerate_dh_parametersload_certificate load_pkcs12load_private_keyload_public_key PrivateKey PublicKeyrsa_pkcs1v15_signrsa_pkcs1v15_verify rsa_pss_signrsa_pss_verifyrsa_pkcs1v15_encryptrsa_pkcs1v15_decryptrsa_oaep_encryptrsa_oaep_decryptwinZ winlegacyr rrdump_certificatedump_dh_parametersdump_openssl_private_keydump_private_keydump_public_keyrrrrr r!r"r#r$r%r-r,r+r*r&r'r(r)pemcCs\|tddgkr"ttdt|t|ts>ttdt||}|dkrXt d|}|S)a Serializes an asn1crypto.algos.DHParameters object into a byte string :param dh_parameters: An asn1crypto.algos.DHParameters object :param encoding: A unicode string of "pem" or "der" :return: A byte string of the encoded DH parameters r4derzF encoding must be one of "pem", "der", not %s zp dh_parameters must be an instance of asn1crypto.algos.DHParameters, not %s z DH PARAMETERS) set ValueErrorrrepr isinstancer TypeErrorrdumpr)Z dh_parametersencodingoutputr>:/tmp/pip-target-jgxl_w8r/lib/python/oscrypto/asymmetric.pyr0s    cCst|tddgkr"ttdt|t|t}t|tsL|sLttdt||rV|j }| }|dkrpt d|}|S)a# Serializes a public key object into a byte string :param public_key: An oscrypto.asymmetric.PublicKey or asn1crypto.keys.PublicKeyInfo object :param encoding: A unicode string of "pem" or "der" :return: A byte string of the encoded public key r4r5zF encoding must be one of "pem", "der", not %s z public_key must be an instance of oscrypto.asymmetric.PublicKey or asn1crypto.keys.PublicKeyInfo, not %s z PUBLIC KEY) r6r7rr8r9r%rr:rasn1r;r)Z public_keyr< is_oscryptor=r>r>r?r3s    cCst|tddgkr"ttdt|t|t}t|tsL|sLttdt||rV|j }| }|dkrpt d|}|S)a& Serializes a certificate object into a byte string :param certificate: An oscrypto.asymmetric.Certificate or asn1crypto.x509.Certificate object :param encoding: A unicode string of "pem" or "der" :return: A byte string of the encoded certificate r4r5zF encoding must be one of "pem", "der", not %s z certificate must be an instance of oscrypto.asymmetric.Certificate or asn1crypto.x509.Certificate, not %s Z CERTIFICATE) r6r7rr8r9r Asn1Certificater:rr@r;r)Z certificater<rAr=r>r>r?r/s    cCsh|tddgkr"ttdt||dk rZt|tsFttdt||dkrZttdt|t}t|t s|sttdt||r|j }| }|dk rr>r?r2sb          c Csp|dk r8t|ts$ttdt||dkr8ttdt|t}t|tsb|sbttdt||rl|j}t | }d}|dk r.t d}t }d|d<d t |d |d <d}|d }t||d d}x4|t|kr|t|||d d7}qW|d |}t|||\}}|jdkr@d} n"|jdkrRd} n|jdkrbd} t| ||dS)a  Serializes a private key object into a byte string of the PEM formats used by OpenSSL. The format chosen will depend on the type of private key - RSA, DSA or EC. Do not use this method unless you really must interact with a system that does not support PKCS#8 private keys. The encryption provided by PKCS#8 is far superior to the OpenSSL formats. This is due to the fact that the OpenSSL formats don't stretch the passphrase, making it very easy to brute-force. :param private_key: An oscrypto.asymmetric.PrivateKey or asn1crypto.keys.PrivateKeyInfo object :param passphrase: A unicode string of the passphrase to encrypt the private key with. A passphrase of None will result in no encryption. A blank string will result in a ValueError to help ensure that the lack of passphrase is intentional. :raises: ValueError - when a blank string is provided for the passphrase :return: A byte string of the encoded and encrypted public key NzM passphrase must be a unicode string, not %s rDzx passphrase may not be a blank string - pass None to disable encryption z private_key must be an instance of oscrypto.asymmetric.PrivateKey or asn1crypto.keys.PrivateKeyInfo, not %s z 4,ENCRYPTEDz Proc-TypezAES-128-CBC,%sasciizDEK-Infozutf-8rZeczEC PRIVATE KEYZrsazRSA PRIVATE KEYZdsazDSA PRIVATE KEY)headers)r9rr:rrr7r$rr@rr;rr binasciihexlifydecoderMhashlibmd5digestlenrrKr) rNrOrAr=rYrTrQrRrSrUr>r>r?r1usH       &    )r4)r4)r4)r4rC)@ __future__rrrrr]rZrDrZ_asn1rr rBr r r r rrrZ _asymmetricr_errorsr_typesrrZkdfrrZ symmetricrutilrZ_backendZ_mac.asymmetricrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-Z_win.asymmetricZ_openssl.asymmetric__all__r0r3r/r2r1r>r>r>r?s^ ,     ^^\ % ) ) v