pgddlZddlmZddlmZddlmZmZddlmZm Z ddl m Z de dej ejfd Zde dej ejfd Zd ej ejd ejde fd ZejejejejejejfZeje jejfZGddejZGddZdS)N)utils)x509)hashes serialization)ecrsa)_check_byteslikedatareturnc8ddlm}||SNrbackend),cryptography.hazmat.backends.openssl.backendrload_pem_pkcs7_certificatesr rs T/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/pkcs7.pyrr(DDDDDD  . .t 4 44c8ddlm}||Sr )rrload_der_pkcs7_certificatesrs rrrrrcertsencodingc:ddlm}|||Sr )rrpkcs7_serialize_certificates)rrrs rserialize_certificatesrs-EDDDDD  / /x @ @@rc&eZdZdZdZdZdZdZdZdS) PKCS7OptionszAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) __name__ __module__ __qualname__TextBinaryDetachedSignatureNoCapabilities NoAttributesNoCertsrrrr0s- %D DFA5N8L.GGGrrc .eZdZdggfdejedejejej e e fdejej fdZ deddfdZ dej d e d e ddfd Zdej ddfd Z dd ejdejedejdefdZdS)PKCS7SignatureBuilderNr signersadditional_certsc0||_||_||_dSN)_data_signers_additional_certs)selfr r+r,s r__init__zPKCS7SignatureBuilder.__init__:s   !1rr cxtd||jtdt||jS)Nr zdata may only be set once)r r/ ValueErrorr*r0)r2r s rset_datazPKCS7SignatureBuilder.set_dataJs;&&& : !899 9$T4=999r certificate private_keyhash_algorithmct|tjtjtjtjtjfstdt|tj stdt|tj tj fstdt|j|j|||fgzS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.) isinstancerSHA1SHA224SHA256SHA384SHA512 TypeErrorr Certificater RSAPrivateKeyrEllipticCurvePrivateKeyr*r/r0)r2r7r8r9s r add_signerz PKCS7SignatureBuilder.add_signerQs           , +t'788 FDEE E #+R-GH   NLMM M$ J Mk;GH H   rct|tjstdt |j|j|j|gzS)Nr;)r<rrCrBr*r/r0r1)r2r7s radd_certificatez%PKCS7SignatureBuilder.add_certificatersP+t'788 FDEE E$ J t'= 'M   rroptionsrct|jdkrtd|jtdt |}t d|Dstd|t jjt jj t jj fvrtdtj |vrtj |vrtdtj |vr3|t jj t jjfvrtdtj|vrtj|vrtd dd lm}||||S) NrzMust have at least one signerzYou must add data to signc3@K|]}t|tVdSr.)r<r).0xs r z-PKCS7SignatureBuilder.sign..s,@@1:a..@@@@@@rz*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.r)lenr0r5r/listallrEncodingPEMDERSMIMErr"r$r&r%rr pkcs7_sign)r2rrIrossls rsignzPKCS7SignatureBuilder.sign|s t}   " "<== = : 899 9w--@@@@@@@ KIJJ J   " &  " &  " (   C    ( (.g==$    ' 'H  " &  " &9 - - K   % 0 0+w66        tXw777rr.)rr r!typingOptionalbytesListTuplerrC_ALLOWED_PRIVATE_KEY_TYPES_ALLOWED_PKCS7_HASH_TYPESr3r6rFrHrrRIterablerAnyrXr(rrr*r*9sa(, :<22oe$2 L *)+  2!+d&672222 :U:'>:::: % 0 2  !     B +     # 8888(88.88 88  888888888888rr*) rY cryptographyrrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrcryptography.utilsr r[r\rCrrrRrUnionr=r>r?r@rAr_rDrEr^Enumrr*r(rrrhs  @@@@@@@@========//////5e5 D