a °…bîã@sìddlZddlmZddlmZddlmZmZddlmZm Z ddl m Z e ej ejdœdd „Ze ej ejdœd d „Zej ejeje d œd d„ZejejejejejejfZeje jejfZGdd„dejƒZGdd„dƒZdS)éN)Úutils)Úx509)ÚhashesÚ serialization)ÚecÚrsa)Ú_check_byteslike©ÚdataÚreturncCsddlm}| |¡S©Nr©Úbackend)Ú,cryptography.hazmat.backends.openssl.backendrÚload_pem_pkcs7_certificates©r r©rúY/tmp/pip-target-98j97qn4/lib/python/cryptography/hazmat/primitives/serialization/pkcs7.pyrs rcCsddlm}| |¡Sr )rrÚload_der_pkcs7_certificatesrrrrrs r)ÚcertsÚencodingr cCsddlm}| ||¡Sr )rrZpkcs7_serialize_certificates)rrrrrrÚserialize_certificatess rc@s$eZdZdZdZdZdZdZdZdS)Ú PKCS7OptionszAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) Ú__name__Ú __module__Ú __qualname__ÚTextÚBinaryÚDetachedSignatureÚNoCapabilitiesÚ NoAttributesZNoCertsrrrrr0s rc@s eZdZdggfejeejejej e e fejej dœdd„Z eddœdd„Z ej e e ddœd d „Zej dd œd d „Zdejejeejedœdd„ZdS)ÚPKCS7SignatureBuilderN)r ÚsignersÚadditional_certscCs||_||_||_dS©N)Ú_dataÚ_signersÚ_additional_certs)Úselfr r"r#rrrÚ__init__:s zPKCS7SignatureBuilder.__init__r cCs(td|ƒ|jdurtdƒ‚t||jƒS)Nr zdata may only be set once)rr%Ú ValueErrorr!r&)r(r rrrÚset_dataJs  zPKCS7SignatureBuilder.set_data)Ú certificateÚ private_keyÚhash_algorithmr cCsnt|tjtjtjtjtjfƒs&tdƒ‚t|tj ƒs:tdƒ‚t|t j t j fƒsTtdƒ‚t|j|j|||fgƒS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512ú&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.)Ú isinstancerÚSHA1ÚSHA224ÚSHA256ÚSHA384ÚSHA512Ú TypeErrorrÚ CertificaterÚ RSAPrivateKeyrÚEllipticCurvePrivateKeyr!r%r&)r(r,r-r.rrrÚ add_signerQs,ûþ ÿ  ÿþz PKCS7SignatureBuilder.add_signer)r,r cCs,t|tjƒstdƒ‚t|j|j|j|gƒS)Nr/)r0rr7r6r!r%r&r')r(r,rrrÚadd_certificaters  ÿz%PKCS7SignatureBuilder.add_certificate)rÚoptionsrr cCsät|jƒdkrtdƒ‚|jdur(tdƒ‚t|ƒ}tdd„|DƒƒsJtdƒ‚|tjjtjj tjj fvrltdƒ‚t j |vrˆt j |vrˆtdƒ‚t j |vr®|tjj tjjfvr®td ƒ‚t j|vrÊt j|vrÊtd ƒ‚dd lm}| |||¡S) NrzMust have at least one signerzYou must add data to signcss|]}t|tƒVqdSr$)r0r)Ú.0ÚxrrrÚ ‡óz-PKCS7SignatureBuilder.sign..z*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.r )Úlenr&r*r%ÚlistÚallrÚEncodingZPEMZDERZSMIMErrrr rrrZ pkcs7_sign)r(rr<rZosslrrrÚsign|sL ýÿÿþÿ þÿÿþÿ zPKCS7SignatureBuilder.sign)N)rrrÚtypingÚOptionalÚbytesÚListÚTuplerr7Ú_ALLOWED_PRIVATE_KEY_TYPESÚ_ALLOWED_PKCS7_HASH_TYPESr)r+r:r;rrDÚIterablerÚAnyrErrrrr!9s>öþÿÿ ö  û "þ üûr!) rFZ cryptographyrrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZcryptography.utilsrrHrIr7rrrDrÚUnionr1r2r3r4r5rLr8r9rKÚEnumrr!rrrrÚs0    ý üÿ ÿ