3 L(Y@sdZddlmZddlZddlZddlmZddlmZddl m Z ddl m Z ddl Z ddlZddlmZdd lmZdZdZd Zd!Ze ZdZdZddZGdddejZGdddejZdS)"zPure-Python RSA cryptography implementation. Uses the ``rsa``, ``pyasn1`` and ``pyasn1_modules`` packages to parse PEM files storing PKCS#1 or PKCS#8 keys as well as certificates. There is no support for p12 files. )absolute_importN)decoder)pem) Certificate)PrivateKeyInfo)_helpers)base@ s-----BEGIN CERTIFICATE----------BEGIN RSA PRIVATE KEY----------END RSA PRIVATE KEY----------BEGIN PRIVATE KEY----------END PRIVATE KEY----- private_keyZprivate_key_idcCsft|}t}xNtjjd|dD]:}|||d}tddtjjt|D}|j|q Wt |S)zConverts an iterable of 1s and 0s to bytes. Combines the list 8 at a time, treating each group of 8 bits as a single byte. Args: bit_list (Sequence): Sequence of 1s and 0s. Returns: bytes: The decoded bytes. rr css|]\}}||VqdS)N).0valdigitrrL/private/tmp/pip-build-nl73fm5q/google-auth/google/auth/crypt/_python_rsa.py Asz%_bit_list_to_bytes..) len bytearraysixmovesxrangesumzip_POW2appendbytes)Zbit_listZnum_bitsZ byte_valsstartZ curr_bitschar_valrrr_bit_list_to_bytes0s r(c@s8eZdZdZddZejejddZ e ddZ dS) RSAVerifierzVerifies RSA cryptographic signatures using public keys. Args: public_key (rsa.key.PublicKey): The public key used to verify signatures. cCs ||_dS)N)_pubkey)self public_keyrrr__init__NszRSAVerifier.__init__c Cs>tj|}ytjj|||jSttjjfk r8dSXdS)NF)rto_bytesrsapkcs1verifyr* ValueErrorZVerificationError)r+message signaturerrrr1Qs  zRSAVerifier.verifyc Cstj|}t|k}|rrtjj|d}tj|td\}}|dkrJt d||dd}t |d}tj j |d}ntj j |d }||S) ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public_key can't be parsed. Z CERTIFICATE)asn1Specz Unused bytesZtbsCertificateZsubjectPublicKeyInfoZsubjectPublicKeyDERZPEM) rr._CERTIFICATE_MARKERr/rZload_pemrdecoderr2r(Z PublicKey load_pkcs1) clsr,Z is_x509_certZderZ asn1_cert remainingZ cert_info key_bytesZpubkeyrrr from_stringYs    zRSAVerifier.from_stringN) __name__ __module__ __qualname____doc__r-rcopy_docstringrVerifierr1 classmethodr>rrrrr)Fsr)c@sleZdZdZdddZeejej ddZ ejej ddZ e dd d Z e d d Ze d dZdS) RSASignera?Signs messages with an RSA private key. Args: private_key (rsa.key.PrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. NcCs||_||_dS)N)_key_key_id)r+rkey_idrrrr-szRSASigner.__init__cCs|jS)N)rH)r+rrrrIszRSASigner.key_idcCstj|}tjj||jdS)NzSHA-256)rr.r/r0signrG)r+r3rrrrJs zRSASigner.signc Cstj|}tjtj|tt\}}|dkr>tj j j |dd}nV|dkrt j |td\}}|dkrjtd||jd}tj j j |jdd}ntd |||d S) aConstruct an Signer instance from a private key in PEM format. Args: key (str): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt.Signer: The constructed signer. Raises: ValueError: If the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format. rr7)formatr)r5r6z Unused bytesZ privateKeyzNo key could be detected.)rI)r from_bytesrZreadPemBlocksFromFilerStringIO _PKCS1_MARKER _PKCS8_MARKERr/keyZ PrivateKeyr:rr9 _PKCS8_SPECr2ZgetComponentByNameZasOctets) r;rPrIZ marker_idr=rZkey_infor<Zprivate_key_inforrrr>s     zRSASigner.from_stringcCs&t|krtd|j|t|jtS)aCreates a Signer instance instance from a dictionary containing service account info in Google format. Args: info (Mapping[str, str]): The service account info in Google format. Returns: google.auth.crypt.Signer: The constructed signer. Raises: ValueError: If the info is not in the expected format. z@The private_key field was not found in the service account info.)_JSON_FILE_PRIVATE_KEYr2r>get_JSON_FILE_PRIVATE_KEY_ID)r;inforrrfrom_service_account_infos z#RSASigner.from_service_account_infoc Cs0tj|ddd}tj|}WdQRX|j|S)aCreates a Signer instance from a service account .json file in Google format. Args: filename (str): The path to the service account .json file. Returns: google.auth.crypt.Signer: The constructed signer. rzutf-8)encodingN)ioopenjsonloadrV)r;filenameZ json_filedatarrrfrom_service_account_files z#RSASigner.from_service_account_file)N)N)r?r@rArBr-propertyrrCrSignerrIrJrEr>rVr_rrrrrFzs  $ rF)r r r r r rrr)rr)rr)rB __future__rrYr[Zpyasn1.codec.derrZpyasn1_modulesrZpyasn1_modules.rfc2459rZpyasn1_modules.rfc5208rr/rZ google.authrZgoogle.auth.cryptrr#r8rNrOrQrRrTr(rDr)rarFrrrrs.       4