U *”}f›¡ã@sÒddlmZmZmZddlZddlZddlZddlZddlmZddl Z ddl m Z ddl m Z mZddlmZmZddlmZmZmZmZmZddlmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'dd l(m)Z)dd l*m+Z+dd l,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5dd l6m7Z7m8Z8m9Z9m:Z:ddl;mZ>ddl?m@Z@mAZAddlBmCZCmDZDddlEmFZFmGZGmHZHddlImJZJmKZKmLZLmMZMmNZNmOZOmPZPmQZQmRZRddlSmTZTddlUmVZVddlWmXZXmYZYddlZm[Z[m\Z\ddl]m^Z^m_Z_ddl`maZambZbddlcmdZdmeZeddlfmgZgmhZhmiZimjZjddlkmlZlddlmmnZnmoZoddlpmqZqmrZrmsZsmtZtmuZuddlvmwZwmxZxmyZymzZzddl{m|Z|m}Z}m~Z~mZm€Z€mZm‚Z‚mƒZƒm„Z„dd l…m†Z†m‡Z‡mˆZˆm‰Z‰mŠZŠm‹Z‹mŒZŒmZdd!lŽmZdd"lm‘Z‘m’Z’dd#l“m”Z”e •d$d%d&g¡Z–Gd'd(„d(e—ƒZ˜e  ™e¡e  ™e¡e  ™e¡e  ™e¡e  ™e¡e  ™e¡e  ™e ¡e  ™e¡e  ™e!¡e  ™e#¡e  ™e"¡e  ™e%¡e  šel ›¡jœje$¡Gd)d*„d*e—ƒƒƒƒƒƒƒƒƒƒƒƒƒƒZžGd+d,„d,e—ƒZŸd-d.„Z ežƒZ¡dS)/é)Úabsolute_importÚdivisionÚprint_functionN)Úcontextmanager©Úrange)ÚutilsÚx509)ÚUnsupportedAlgorithmÚ_Reasons)ÚINTEGERÚNULLÚSEQUENCEÚ encode_derÚencode_der_integer) Ú CMACBackendÚ CipherBackendÚDERSerializationBackendÚ DHBackendÚ DSABackendÚEllipticCurveBackendÚ HMACBackendÚ HashBackendÚPBKDF2HMACBackendÚPEMSerializationBackendÚ RSABackendÚ ScryptBackendÚ X509Backend)Úaead)Ú_CipherContext©Ú _CMACContext) Ú_CRL_ENTRY_REASON_ENUM_TO_CODEÚ_CRL_EXTENSION_HANDLERSÚ_EXTENSION_HANDLERS_BASEÚ_EXTENSION_HANDLERS_SCTÚ"_OCSP_BASICRESP_EXTENSION_HANDLERSÚ_OCSP_REQ_EXTENSION_HANDLERSÚ'_OCSP_SINGLERESP_EXTENSION_HANDLERS_SCTÚ_REVOKED_EXTENSION_HANDLERSÚ_X509ExtensionParser)Ú _DHParametersÚ _DHPrivateKeyÚ _DHPublicKeyÚ_dh_params_dup)Ú_DSAParametersÚ_DSAPrivateKeyÚ _DSAPublicKey)Ú_EllipticCurvePrivateKeyÚ_EllipticCurvePublicKey)Ú_Ed25519PrivateKeyÚ_Ed25519PublicKey)Ú_ED448_KEY_SIZEÚ_Ed448PrivateKeyÚ_Ed448PublicKey) Ú$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSÚ_CRL_EXTENSION_ENCODE_HANDLERSÚ_EXTENSION_ENCODE_HANDLERSÚ)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSÚ'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSÚ_encode_asn1_int_gcÚ_encode_asn1_str_gcÚ_encode_name_gcÚ _txt2obj_gc©Ú _HashContext©Ú _HMACContext)Ú _OCSPRequestÚ _OCSPResponse)Ú_POLY1305_KEY_SIZEÚ_Poly1305Context)Ú_RSAPrivateKeyÚ _RSAPublicKey)Ú_X25519PrivateKeyÚ_X25519PublicKey)Ú_X448PrivateKeyÚ_X448PublicKey)Ú _CertificateÚ_CertificateRevocationListÚ_CertificateSigningRequestÚ_RevokedCertificate)Úbinding)ÚhashesÚ serialization)ÚdsaÚecÚed25519Úed448Úrsa)ÚMGF1ÚOAEPÚPKCS1v15ÚPSS) ÚAESÚARC4ÚBlowfishÚCAST5ÚCamelliaÚChaCha20ÚIDEAÚSEEDÚ TripleDES)ÚCBCÚCFBÚCFB8ÚCTRÚECBÚGCMÚOFBÚXTS)Úscrypt)Úpkcs7Ússh)ÚocspÚ _MemoryBIOÚbioZchar_ptrc@s eZdZdS)Ú_RC2N)Ú__name__Ú __module__Ú __qualname__©r{r{úP/tmp/pip-unpacked-wheel-x36vw73o/cryptography/hazmat/backends/openssl/backend.pyrw¢srwc @s|eZdZdZdZddddddhZeefZe j e j e j e j e je je je je je je je je jf Zd Zd Zd d >Zd Zd e>Zd d „Zd-dd„Zdd„Zdd„Z e!j"dd„ƒZ#dd„Z$dd„Z%dd„Z&dd„Z'dd „Z(d!d"„Z)d#d$„Z*d%d&„Z+d'd(„Z,d)d*„Z-d+d,„Z.d-d.„Z/d/d0„Z0d1d2„Z1d3d4„Z2d5d6„Z3d7d8„Z4d9d:„Z5d;d<„Z6d=d>„Z7d?d@„Z8dAdB„Z9d.dCdD„Z:dEdF„Z;dGdH„ZdMdN„Z?dOdP„Z@dQdR„ZAdSdT„ZBdUdV„ZCdWdX„ZDdYdZ„ZEd[d\„ZFd]d^„ZGd_d`„ZHdadb„ZIdcdd„ZJdedf„ZKdgdh„ZLdidj„ZMdkdl„ZNdmdn„ZOdodp„ZPdqdr„ZQdsdt„ZRdudv„ZSdwdx„ZTdydz„ZUd{d|„ZVd}d~„ZWdd€„ZXdd‚„ZYdƒd„„ZZd…d†„Z[d‡dˆ„Z\d‰dŠ„Z]d‹dŒ„Z^ddŽ„Z_dd„Z`d‘d’„Zad“d”„Zbd•d–„Zcd—d˜„Zdd™dš„Zed›dœ„Zfddž„ZgdŸd „Zhd¡d¢„Zid£d¤„Zjd¥d¦„Zkd§d¨„Zld©dª„Zmd«d¬„Znd­d®„Zod¯d°„Zpd±d²„Zqd³d´„Zrdµd¶„Zsd·d¸„Ztd¹dº„Zud»d¼„Zvd½d¾„Zwd¿dÀ„ZxdÁd„ZydÃdÄ„ZzdÅdÆ„Z{dÇdÈ„Z|dÉdÊ„Z}dËdÌ„Z~e"dÍd΄ƒZdÏdЄZ€dÑdÒ„ZdÓdÔ„Z‚dÕdÖ„Zƒd×dØ„Z„dÙdÚ„Z…dÛdÜ„Z†dÝdÞ„Z‡dßdà„Zˆdádâ„Z‰dãdä„ZŠdådæ„Z‹dçdè„ZŒdédê„Zd/dëdì„ZŽdídî„Zdïdð„Zdñdò„Z‘dódô„Z’dõdö„Z“d÷dø„Z”dùdú„Z•dûdü„Z–dýdþ„Z—dÿd„Z˜dd„Z™dd„Zšdd„Z›dd„Zœd d „Zd d „Zžd d„ZŸdd„Z dd„Z¡dd„Z¢dd„Z£e!j"dd„ƒZ¤dd„Z¥e!j"dd„ƒZ¦dd„Z§dd „Z¨d!d"„Z©d#d$„Zªd%d&„Z«d'd(„Z¬d)d*„Z­d+d,„Z®dS(0ÚBackendz) OpenSSL API binding interfaces. Zopenssls aes-128-ccms aes-192-ccms aes-256-ccms aes-128-gcms aes-192-gcms aes-256-gcméiécCs’t ¡|_|jj|_|jj|_| ¡|_i|_ |  ¡|  ¡|  ¡|jrb|jj rbt dt¡n| ¡|jjg|_|jjrŽ|j |jj¡dS)Nz÷óz*Backend._is_fips_enabled..r)Úgetattrr„ZERR_clear_errorÚbool)r”Z fips_modeÚmoder{r{r|r…ös  zBackend._is_fips_enabledcCsf|jjrb|j ¡}||jjkrb|j |¡|j |jj¡}| |dk¡|j |¡}| |dk¡dS©Nr) r„r‹ZENGINE_get_default_RANDr‚r ZENGINE_unregister_RANDÚRAND_set_rand_methodr˜Ú ENGINE_finish©r”ÚeÚresr{r{r|Úactivate_builtin_randomþs    zBackend.activate_builtin_randomc cs‚|j |jj¡}| ||jjk¡|j |¡}| |dk¡z |VW5|j |¡}| |dk¡|j |¡}| |dk¡XdSrŸ) r„Z ENGINE_by_idZCryptography_osrandom_engine_idr˜r‚r Z ENGINE_initZ ENGINE_freer¡r¢r{r{r|Ú_get_osurandom_engine s    zBackend._get_osurandom_enginec Cs`|jjr\| ¡| ¡ }|j |¡}| |dk¡W5QRX|j |jj¡}| |dk¡dSrŸ) r„r‹r¥r¦ZENGINE_set_default_RANDr˜r r‚r r¢r{r{r|rs  z Backend.activate_osrandom_enginec Cs`|j dd¡}| ¡2}|j |dt|ƒ||jjd¡}| |dk¡W5QRX|j |¡  d¡S)Núchar[]é@sget_implementationrÚascii) r‚Únewr¦r„ZENGINE_ctrl_cmdÚlenr r˜ÚstringÚdecode)r”Úbufr£r¤r{r{r|Úosrandom_engine_implementation+s ÿz&Backend.osrandom_engine_implementationcCs|j |j |jj¡¡ d¡S)zÀ Friendly string name of the loaded OpenSSL library. This is not necessarily the same version as it was compiled against. Example: OpenSSL 1.1.1d 10 Sep 2019 r©)r‚r¬r„ZOpenSSL_versionÚOPENSSL_VERSIONr­r“r{r{r|Úopenssl_version_text4s ÿþzBackend.openssl_version_textcCs |j ¡S©N)r„ZOpenSSL_version_numr“r{r{r|Úopenssl_version_number?szBackend.openssl_version_numbercCs t|||ƒSr²rD)r”ÚkeyÚ algorithmr{r{r|Úcreate_hmac_ctxBszBackend.create_hmac_ctxcCsL|jdks|jdkr0d |j|jd¡ d¡}n |j d¡}|j |¡}|S)NÚblake2bÚblake2sz{}{}ér©)ÚnameÚformatÚ digest_sizeÚencoder„ZEVP_get_digestbyname)r”rµZalgÚevp_mdr{r{r|Ú_evp_md_from_algorithmEsÿþ  zBackend._evp_md_from_algorithmcCs | |¡}| ||jjk¡|Sr²)r¿r˜r‚r ©r”rµr¾r{r{r|Ú_evp_md_non_null_from_algorithmPs z'Backend._evp_md_non_null_from_algorithmcCs,|jrt||jƒsdS| |¡}||jjkS©NF)r†Ú isinstanceÚ _fips_hashesr¿r‚r rÀr{r{r|Úhash_supportedUs zBackend.hash_supportedcCs | |¡Sr²©rÅ©r”rµr{r{r|Úhmac_supported\szBackend.hmac_supportedcCs t||ƒSr²rBrÇr{r{r|Úcreate_hash_ctx_szBackend.create_hash_ctxcCs`|jrt||jƒsdSz|jt|ƒt|ƒf}Wntk rFYdSX||||ƒ}|jj|kSrÂ)r†rÃÚ _fips_ciphersr‡ÚtypeÚKeyErrorr‚r )r”ÚcipherržÚadapterÚ evp_cipherr{r{r|Úcipher_supportedbs zBackend.cipher_supportedcCs0||f|jkrtd ||¡ƒ‚||j||f<dS)Nz"Duplicate registration for: {} {}.)r‡Ú ValueErrorr»)r”Ú cipher_clsÚmode_clsrÎr{r{r|Úregister_cipher_adapterlsÿÿzBackend.register_cipher_adaptercCsVtttttttfD]}| t|t dƒ¡qtttttfD]}| t |t dƒ¡q8ttttfD]}| t |t dƒ¡q\| t tt dƒ¡ttttfD]}| t |t dƒ¡q’ttttfD]}| t |t dƒ¡q¶t ttgttttg¡D]\}}| ||t dƒ¡qæ| ttdƒt dƒ¡| ttdƒt dƒ¡| ttdƒt d ƒ¡| ttt¡dS) Nz+{cipher.name}-{cipher.key_size}-{mode.name}zdes-ede3-{mode.name}zdes-ede3zbf-{mode.name}zseed-{mode.name}z{cipher.name}-{mode.name}Zrc4Zrc2Zchacha20)rirlrmrorjrkrnrÔr`ÚGetCipherByNamerdrhrbrgÚ itertoolsÚproductrcrfrarËrwrerpÚ_get_xts_cipher)r”rÓrÒr{r{r|rˆushýýÿÿÿÿ þ ýÿz!Backend._register_default_cipherscCsæt ¡}t ¡}|jjr,| t¡| t¡t||jj |jj |d|_ t||jj |jj |d|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jjtd|_t||jj|jj|d|_ dS)N)Z ext_countZget_extÚhandlers)!r$Úcopyr)r„ZCryptography_HAS_SCTÚupdater%r(r*ZX509_get_ext_countZ X509_get_extZ_certificate_extension_parserZsk_X509_EXTENSION_numZsk_X509_EXTENSION_valueZ_csr_extension_parserZX509_REVOKED_get_ext_countZX509_REVOKED_get_extZ_revoked_cert_extension_parserZX509_CRL_get_ext_countZX509_CRL_get_extr#Z_crl_extension_parserZOCSP_REQUEST_get_ext_countZOCSP_REQUEST_get_extr'Z_ocsp_req_ext_parserZOCSP_BASICRESP_get_ext_countZOCSP_BASICRESP_get_extr&Z_ocsp_basicresp_ext_parserZOCSP_SINGLERESP_get_ext_countZOCSP_SINGLERESP_get_extZ_ocsp_singleresp_ext_parser)r”Z ext_handlersZsingleresp_handlersr{r{r|r‰¢s^  üüüüüüüz"Backend._register_x509_ext_parserscCs6t ¡|_t ¡|_t ¡|_t ¡|_t  ¡|_ dSr²) r;rÚÚ_extension_encode_handlersr:Ú_crl_extension_encode_handlersr9Ú$_crl_entry_extension_encode_handlersr=Ú'_ocsp_request_extension_encode_handlersr<Ú)_ocsp_basicresp_extension_encode_handlersr“r{r{r|rŠ×s ÿÿÿÿzBackend._register_x509_encoderscCst|||tjƒSr²)rZ_ENCRYPT©r”rÍržr{r{r|Úcreate_symmetric_encryption_ctxæsz'Backend.create_symmetric_encryption_ctxcCst|||tjƒSr²)rZ_DECRYPTrár{r{r|Úcreate_symmetric_decryption_ctxész'Backend.create_symmetric_decryption_ctxcCs | |¡Sr²)rÈrÇr{r{r|Úpbkdf2_hmac_supportedìszBackend.pbkdf2_hmac_supportedc Csh|j d|¡}| |¡}|j |¡}|j |t|ƒ|t|ƒ||||¡} | | dk¡|j |¡dd…S)Núunsigned char[]r) r‚rªrÁÚ from_bufferr„ZPKCS5_PBKDF2_HMACr«r˜Úbuffer) r”rµÚlengthÚsaltZ iterationsÚ key_materialr®r¾Úkey_material_ptrr¤r{r{r|Úderive_pbkdf2_hmacïs  ø zBackend.derive_pbkdf2_hmaccCs t |j¡Sr²)rTÚ_consume_errorsr„r“r{r{r|ríszBackend._consume_errorscCs t |j¡Sr²)rTÚ_consume_errors_with_textr„r“r{r{r|rîsz!Backend._consume_errors_with_textcCsÂ||jjkst‚tjs~|j |¡}|j d|¡}|j ||¡}|  |dk¡t   |j  |¡d|…d¡}|j  |¡rz| }|S|j |¡}|  ||jjk¡|j |¡}|j |¡t |dƒSdS)NrårÚbigé)r‚r ÚAssertionErrorÚsixÚPY2r„Z BN_num_bytesrªZ BN_bn2binr˜ÚintÚ from_bytesrçZBN_is_negativeZ BN_bn2hexr¬Ú OPENSSL_free)r”ÚbnZ bn_num_bytesZbin_ptrZbin_lenÚvalZ hex_cdataÚhex_strr{r{r|Ú _bn_to_ints     zBackend._bn_to_intcCsâ|dks||jjkst‚|dkr(|jj}tjst| t| ¡ddƒd¡}|j  |t |ƒ|¡}|  ||jjk¡|St |ƒ  d¡dd… d¡}|j d¡}||d <|j ||¡}|  |d k¡|  |d |jjk¡|d SdS) a  Converts a python integer to a BIGNUM. The returned BIGNUM will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. Ng @rrïÚLér©ú BIGNUM **r)r‚r rñròróÚto_bytesrôÚ bit_lengthr„Z BN_bin2bnr«r˜ÚhexÚrstripr½rªZ BN_hex2bn)r”Únumr÷ÚbinaryZbn_ptrZhex_numr¤r{r{r|Ú _int_to_bns zBackend._int_to_bncCst ||¡|j ¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|j  ||||jj¡}| |dk¡|  |¡}t |||ƒSrŸ)r[Z_verify_rsa_parametersr„ÚRSA_newr˜r‚r ÚgcÚRSA_freerÚBN_freeZRSA_generate_key_exÚ_rsa_cdata_to_evp_pkeyrJ)r”Úpublic_exponentÚkey_sizeÚ rsa_cdatar÷r¤Úevp_pkeyr{r{r|Úgenerate_rsa_private_key=s   ÿ z Backend.generate_rsa_private_keycCs|dko|d@dko|dkS)Nérrér{)r”r r r{r{r|Ú!generate_rsa_parameters_supportedOs  ÿýz)Backend.generate_rsa_parameters_supportedc Cs2t |j|j|j|j|j|j|jj |jj ¡|j   ¡}|  ||jjk¡|j ||j j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |j¡}| |jj ¡} | |jj ¡} |j  |||¡} |  | dk¡|j  || | |¡} |  | dk¡|j  ||||¡} |  | dk¡| |¡} t||| ƒSrŸ)r[Z_check_private_key_componentsÚpÚqÚdÚdmp1Údmq1ÚiqmpÚpublic_numbersr£Únr„rr˜r‚r rrrZRSA_set0_factorsÚ RSA_set0_keyZRSA_set0_crt_paramsr rJ) r”Únumbersr rrrrrrr£rr¤r r{r{r|Úload_rsa_private_numbersVs:ø        z Backend.load_rsa_private_numberscCst |j|j¡|j ¡}| ||jjk¡|j  ||jj ¡}|  |j¡}|  |j¡}|j  ||||jj¡}| |dk¡|  |¡}t|||ƒSrŸ)r[Z_check_public_key_componentsr£rr„rr˜r‚r rrrrr rK)r”rr r£rr¤r r{r{r|Úload_rsa_public_numbersvs    zBackend.load_rsa_public_numberscCs2|j ¡}| ||jjk¡|j ||jj¡}|Sr²)r„Z EVP_PKEY_newr˜r‚r rÚ EVP_PKEY_free©r”r r{r{r|Ú_create_evp_pkey_gcƒs zBackend._create_evp_pkey_gccCs(| ¡}|j ||¡}| |dk¡|SrŸ)r r„ZEVP_PKEY_set1_RSAr˜)r”r r r¤r{r{r|r ‰szBackend._rsa_cdata_to_evp_pkeycCsH|j |¡}|j |t|ƒ¡}| ||jjk¡t|j ||jj ¡|ƒS)z® Return a _MemoryBIO namedtuple of (BIO, char*). The char* is the storage for the BIO and it must stay alive until the BIO is finished with. ) r‚rær„ZBIO_new_mem_bufr«r˜r rurÚBIO_free)r”ÚdataÚdata_ptrrvr{r{r|Ú _bytes_to_bios zBackend._bytes_to_biocCsP|j ¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|S)z. Creates an empty memory BIO. )r„Z BIO_s_memr˜r‚r ZBIO_newrr!)r”Z bio_methodrvr{r{r|Ú_create_mem_bio_gcœs   zBackend._create_mem_bio_gccCs\|j d¡}|j ||¡}| |dk¡| |d|jjk¡|j |d|¡dd…}|S)zE Reads a memory BIO. This only works on memory BIOs. zchar **rN)r‚rªr„ZBIO_get_mem_datar˜r rç)r”rvr®Zbuf_lenÚbio_datar{r{r|Ú _read_mem_bio§s  zBackend._read_mem_biocCs°|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krœ|j  |¡}| ||jjk¡|j ||jj ¡}t |||ƒS||jjkrä|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jkr,|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrJt||ƒS|t|jddƒkrht||ƒS|t|jddƒkr†t||ƒS|t|jddƒkr¤t||ƒStdƒ‚dS)zd Return the appropriate type of PrivateKey given an evp_pkey cdata pointer. ÚEVP_PKEY_ED25519NÚ EVP_PKEY_X448ÚEVP_PKEY_X25519ÚEVP_PKEY_ED448úUnsupported key type.)r„Ú EVP_PKEY_idÚ EVP_PKEY_RSAÚEVP_PKEY_get1_RSAr˜r‚r rrrJÚ EVP_PKEY_DSAÚEVP_PKEY_get1_DSAÚDSA_freer0Ú EVP_PKEY_ECÚEVP_PKEY_get1_EC_KEYÚ EC_KEY_freer2rÚEVP_PKEY_get1_DHÚDH_freer,rœr4rNrLr7r ©r”r Úkey_typer Ú dsa_cdataÚec_cdataÚdh_cdatar{r{r|Ú_evp_pkey_to_private_key²s<                 z Backend._evp_pkey_to_private_keycCs°|j |¡}||jjkrT|j |¡}| ||jjk¡|j ||jj¡}t |||ƒS||jj krœ|j  |¡}| ||jjk¡|j ||jj ¡}t |||ƒS||jjkrä|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS||jkr,|j |¡}| ||jjk¡|j ||jj¡}t|||ƒS|t|jddƒkrJt||ƒS|t|jddƒkrht||ƒS|t|jddƒkr†t||ƒS|t|jddƒkr¤t||ƒStdƒ‚dS)zc Return the appropriate type of PublicKey given an evp_pkey cdata pointer. r(Nr)r*r+r,)r„r-r.r/r˜r‚r rrrKr0r1r2r1r3r4r5r3rr6r7r-rœr5rOrMr8r r8r{r{r|Ú_evp_pkey_to_public_keyÝs<                 zBackend._evp_pkey_to_public_keycCs6|jjr&t|tjtjtjtjtjfƒSt|tjƒSdSr²) r„ZCryptography_HAS_RSA_OAEP_MDrÃrUÚSHA1ÚSHA224ÚSHA256ÚSHA384ÚSHA512rÇr{r{r|Ú_oaep_hash_supportedsûþ zBackend._oaep_hash_supportedcCsŽt|tƒrdSt|tƒr2t|jtƒr2| |jj¡St|tƒr†t|jtƒr†| |jj¡o„| |j¡o„|j dkp„t |j ƒdkp„|j j dkSdSdS)NTrrF) rÃr^r_Z_mgfr\rÅÚ _algorithmr]rDZ_labelr«r„ZCryptography_HAS_RSA_OAEP_LABEL)r”Úpaddingr{r{r|Úrsa_padding_supporteds  ÿ û zBackend.rsa_padding_supportedc Cs~|dkrtdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j |||jjd|jj|jj|jj¡}| |dk¡t ||ƒS)N)ir~i iz0Key size must be 1024, 2048, 3072, or 4096 bits.rr) rÑr„ÚDSA_newr˜r‚r rr2ZDSA_generate_parameters_exr/)r”r Úctxr¤r{r{r|Úgenerate_dsa_parameters(s$ÿ ù zBackend.generate_dsa_parameterscCsT|j |j¡}| ||jjk¡|j ||jj¡}|j |¡|  |¡}t |||ƒSr²) r„Z DSAparams_dupZ _dsa_cdatar˜r‚r rr2ZDSA_generate_keyÚ_dsa_cdata_to_evp_pkeyr0)r”Ú parametersrIr r{r{r|Úgenerate_dsa_private_key@s   z Backend.generate_dsa_private_keycCs| |¡}| |¡Sr²)rJrM)r”r rLr{r{r|Ú'generate_dsa_private_key_and_parametersIs z/Backend.generate_dsa_private_key_and_parameterscCsB|j ||||¡}| |dk¡|j |||¡}| |dk¡dSrŸ)r„Ú DSA_set0_pqgr˜Z DSA_set0_key)r”r:rrÚgÚpub_keyÚpriv_keyr¤r{r{r|Ú_dsa_cdata_set_valuesMszBackend._dsa_cdata_set_valuesc Cs¨t |¡|jj}|j ¡}| ||jjk¡|j  ||jj ¡}|  |j ¡}|  |j ¡}|  |j¡}|  |jj¡}|  |j¡}| ||||||¡| |¡} t||| ƒSr²)rWZ_check_dsa_private_numbersrÚparameter_numbersr„rHr˜r‚r rr2rrrrPÚyÚxrSrKr0) r”rrTr:rrrPrQrRr r{r{r|Úload_dsa_private_numbersSs       z Backend.load_dsa_private_numbersc Cs¢t |j¡|j ¡}| ||jjk¡|j ||jj ¡}|  |jj ¡}|  |jj ¡}|  |jj ¡}|  |j¡}|jj}| ||||||¡| |¡}t|||ƒSr²)rWÚ_check_dsa_parametersrTr„rHr˜r‚r rr2rrrrPrUrSrKr1) r”rr:rrrPrQrRr r{r{r|Úload_dsa_public_numbersfs    zBackend.load_dsa_public_numberscCs†t |¡|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|  |j ¡}|j  ||||¡}| |dk¡t||ƒSrŸ)rWrXr„rHr˜r‚r rr2rrrrPrOr/)r”rr:rrrPr¤r{r{r|Úload_dsa_parameter_numbersws     z"Backend.load_dsa_parameter_numberscCs(| ¡}|j ||¡}| |dk¡|SrŸ)r r„ZEVP_PKEY_set1_DSAr˜)r”r:r r¤r{r{r|rK…szBackend._dsa_cdata_to_evp_pkeycCs | |¡Sr²rÆrÇr{r{r|Údsa_hash_supported‹szBackend.dsa_hash_supportedcCsdS)NTr{)r”rrrPr{r{r|Údsa_parameters_supportedŽsz Backend.dsa_parameters_supportedcCs| |td|jƒ¡S)Nó)rÐriÚ block_sizerÇr{r{r|Úcmac_algorithm_supported‘s ÿz Backend.cmac_algorithm_supportedcCs t||ƒSr²r rÇr{r{r|Úcreate_cmac_ctx–szBackend.create_cmac_ctxcCs~t|tjtjfƒr$|dk rztdƒ‚nVt|tjtj t j fƒsDt dƒ‚n6t|t jƒsZt dƒ‚n t|t jƒrzt|tjƒsztdƒ‚dS)Nz8algorithm must be None when signing via ed25519 or ed448z;Key must be an rsa, dsa, ec, ed25519, or ed448 private key.z.Algorithm must be a registered hash algorithm.z2MD5 hash algorithm is only supported with RSA keys)rÃrYÚEd25519PrivateKeyrZÚEd448PrivateKeyrÑr[Z RSAPrivateKeyrWZ DSAPrivateKeyrXZEllipticCurvePrivateKeyÚ TypeErrorrUZ HashAlgorithmÚMD5©r”Ú private_keyrµr{r{r|Ú_x509_check_signature_params™s0 ÿÿþÿ  ÿÿz$Backend._x509_check_signature_paramsc s´t|tjƒstdƒ‚ˆ ||¡ˆ ||¡}ˆj ¡}ˆ |ˆj j k¡ˆj   |ˆjj ¡}ˆj  |tjjj¡}ˆ |dk¡ˆj |tˆ|jƒ¡}ˆ |dk¡| ¡}ˆj ||j¡}ˆ |dk¡ˆj ¡}ˆ |ˆj j k¡ˆj   |‡fdd„¡}ˆj|jˆj|ˆjjddˆj ||¡}ˆ |dk¡|jD]D\} } tˆ| jƒ} ˆj  || tj!j"j#j| t$| ƒ¡}ˆ |dk¡q6ˆj %||j|¡}|dkrªˆ &¡} t'd| ƒ‚t(ˆ|ƒS) NúBuilder type mismatch.rcsˆj |ˆj ˆjjd¡¡S)NÚX509_EXTENSION_free)r„Zsk_X509_EXTENSION_pop_freer‚Ú addressofÚ _original_lib)rVr“r{r|ršÒs ÿþz)Backend.create_x509_csr..F©Ú extensionsrÙÚx509_objÚadd_funcrrúSigning failed))rÃr Z CertificateSigningRequestBuilderrcrgÚ_evp_md_x509_null_if_eddsar„Z X509_REQ_newr˜r‚r rÚ X509_REQ_freeZX509_REQ_set_versionÚVersionZv1ÚvalueZX509_REQ_set_subject_namer@Ú _subject_nameÚ public_keyZX509_REQ_set_pubkeyÚ _evp_pkeyZsk_X509_EXTENSION_new_nullÚ_create_x509_extensionsÚ _extensionsrÜZsk_X509_EXTENSION_insertZX509_REQ_add_extensionsÚ _attributesrAÚ dotted_stringZX509_REQ_add1_attr_by_OBJrºZ _ASN1TypeZ UTF8Stringr«Z X509_REQ_signrîrÑrR) r”Úbuilderrfrµr¾Úx509_reqr¤rvZ sk_extensionZattr_oidZattr_valÚobjr–r{r“r|Úcreate_x509_csr±s^     ÿ  þ û  û  zBackend.create_x509_csrc Csxt|tjƒstdƒ‚| ||¡| ||¡}|j ¡}|j  ||jj ¡}|j  ||j j ¡}| |dk¡|j |t||jƒ¡}| |dk¡|j ||jj¡}| |dk¡t||jƒ}|j ||¡}| |dk¡| |j |¡|j¡| |j |¡|j¡|j|j|j||jj dd|j !|t||j"ƒ¡}| |dk¡|j #||j|¡}|dkrn| $¡}t%d|ƒ‚t&||ƒS©NrhrTrlrrp)'rÃr ZCertificateBuilderrcrgrqr„ZX509_newr‚rÚ X509_freeZX509_set_versionÚ_versionrtr˜ZX509_set_subject_namer@ruZX509_set_pubkeyZ _public_keyrwr>Ú_serial_numberZX509_set_serialNumberÚ_set_asn1_timeZX509_getm_notBeforeZ_not_valid_beforeZX509_getm_notAfterZ_not_valid_afterrxryrÜZ X509_add_extZX509_set_issuer_nameÚ _issuer_nameZ X509_signrîrÑrP) r”r|rfrµr¾Z x509_certr¤Ú serial_numberr–r{r{r|Úcreate_x509_certificateùs\     ÿÿ  ÿ ÿû  ÿ  zBackend.create_x509_certificatecCs(t|tjtjfƒr|jjS| |¡SdSr²)rÃrYrarZrbr‚r rÁrer{r{r|rq;s  ÿz"Backend._evp_md_x509_null_if_eddsacCsL|jdkr| d¡ d¡}n| d¡ d¡}|j ||¡}| |dk¡dS)Niz %Y%m%d%H%M%SZr©z %y%m%d%H%M%SZr)ÚyearÚstrftimer½r„ZASN1_TIME_set_stringr˜)r”Ú asn1_timeÚtimeZasn1_strr¤r{r{r|r„Ds  zBackend._set_asn1_timecCs>|j ¡}| ||jjk¡|j ||jj¡}| ||¡|Sr²)r„Z ASN1_TIME_newr˜r‚r rZASN1_TIME_freer„)r”r‹rŠr{r{r|Ú_create_asn1_timeLs   zBackend._create_asn1_timec Cstt|tjƒstdƒ‚| ||¡| ||¡}|j ¡}|j  ||jj ¡}|j  |d¡}|  |dk¡|j  |t||jƒ¡}|  |dk¡| |j¡}|j ||¡}|  |dk¡| |j¡}|j ||¡}|  |dk¡|j|j|j||jjdd|jD]@} |j | j¡} |  | |jjk¡|j || ¡}|  |dk¡qú|j ||j|¡}|dkrj|  ¡} t!d| ƒ‚t"||ƒSr€)#rÃr Z CertificateRevocationListBuilderrcrgrqr„Z X509_CRL_newr‚rÚ X509_CRL_freeZX509_CRL_set_versionr˜ZX509_CRL_set_issuer_namer@r…rŒÚ _last_updateZX509_CRL_set_lastUpdateÚ _next_updateZX509_CRL_set_nextUpdaterxryrÝZX509_CRL_add_extZ_revoked_certificatesZX509_REVOKED_dupZ _x509_revokedr ZX509_CRL_add0_revokedZ X509_CRL_signrwrîrÑrQ) r”r|rfrµr¾Úx509_crlr¤Z last_updateÚ next_updateZ revoked_certZrevokedr–r{r{r|Úcreate_x509_crlSsH     ÿ  û   zBackend.create_x509_crlc Csdt|ƒD]V\}}| ||¡}| ||jjk¡|rD|j ||jj¡}||||ƒ} | | dk¡qdSrŸ)Ú enumerateÚ_create_x509_extensionr˜r‚r rr„ri) r”rmrÙrnrorÚiÚ extensionZx509_extensionr¤r{r{r|rx‹s ÿ zBackend._create_x509_extensionscCs.t||jjƒ}|j |jj||jr&dnd|¡S)Nrr)rAÚoidr{r„ZX509_EXTENSION_create_by_OBJr‚r Úcritical)r”r–rtr~r{r{r|Ú_create_raw_x509_extension™s ÿz"Backend._create_raw_x509_extensioncCst|jtjƒr(t||jjƒ}| ||¡St|jtjƒrfttfdd„|jDƒžŽ}t||ƒ}| ||¡St|jtj ƒrŽt|tt ƒƒ}| ||¡Sz||j }Wn$t k rÀt d |j ¡ƒ‚YnX|||jƒ}|j |j j d¡¡}| ||jjk¡|j ||jr dnd|¡SdS)NcSsg|]}ttt|jƒƒ‘qSr{)rr rrt)Ú.0rVr{r{r|Ú ¦sÿz2Backend._create_x509_extension..zExtension not supported: {}r©rr)rÃrtr ZUnrecognizedExtensionr?r™Z TLSFeaturerrZ PrecertPoisonr r—rÌÚNotImplementedErrorr»r„Z OBJ_txt2nidr{r½r˜Ú NID_undefZX509V3_EXT_i2dr˜)r”rÙr–rtZasn1r½Z ext_structÚnidr{r{r|r”Ÿs@ ÿþþ    ÿ   ÿÿzBackend._create_x509_extensioncCsºt|tjƒstdƒ‚|j ¡}| ||jjk¡|j  ||jj ¡}t ||j ƒ}|j  ||¡}| |dk¡| |j¡}|j ||¡}| |dk¡|j|j|j||jjddt|d|ƒS)NrhrTrl)rÃr ZRevokedCertificateBuilderrcr„ZX509_REVOKED_newr˜r‚r rZX509_REVOKED_freer>rƒZX509_REVOKED_set_serialNumberrŒZ_revocation_dateZX509_REVOKED_set_revocationDaterxryrÞZX509_REVOKED_add_extrS)r”r|Z x509_revokedr†r¤Zrev_dater{r{r|Úcreate_x509_revoked_certificateÁs,   ÿ ûz'Backend.create_x509_revoked_certificatecCs| |jj|j||¡Sr²)Ú _load_keyr„ZPEM_read_bio_PrivateKeyr=)r”r"Úpasswordr{r{r|Úload_pem_private_keyÚs üzBackend.load_pem_private_keycCsÖ| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj|jj|jj¡}||jjkrÊ|j ||jj ¡}| |¡}t|||ƒS| ¡dSrŸ)r$r„ZPEM_read_bio_PUBKEYrvr‚r rrr>ríÚ BIO_resetr˜ZPEM_read_bio_RSAPublicKeyrr rKÚ_handle_key_loading_error©r”r"Úmem_bior r¤r r{r{r|Úload_pem_public_keyâs0 ÿ  ÿ   zBackend.load_pem_public_keycCs^| |¡}|j |j|jj|jj|jj¡}||jjkrR|j ||jj¡}t||ƒS|  ¡dSr²) r$r„ZPEM_read_bio_DHparamsrvr‚r rr7r+r¤)r”r"r¦r<r{r{r|Úload_pem_parametersûs ÿ  zBackend.load_pem_parameterscCs>| |¡}| ||¡}|r$| |¡S| |jj|j||¡SdSr²)r$Ú"_evp_pkey_from_der_traditional_keyr=r r„Zd2i_PKCS8PrivateKey_bio)r”r"r¡r&r´r{r{r|Úload_der_private_keys   üzBackend.load_der_private_keycCsV|j |j|jj¡}||jjkrF|j ||jj¡}|dk rBtdƒ‚|S| ¡dSdS)Nú4Password was given but private key is not encrypted.) r„Úd2i_PrivateKey_biorvr‚r rrrcrí)r”r&r¡r´r{r{r|r©s ÿz*Backend._evp_pkey_from_der_traditional_keycCs¾| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}| |¡S|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr²|j ||jj ¡}| |¡}t|||ƒS| ¡dSrŸ)r$r„Zd2i_PUBKEY_biorvr‚r rrr>rír£r˜Zd2i_RSAPublicKey_biorr rKr¤r¥r{r{r|Úload_der_public_key(s"   ÿ   zBackend.load_der_public_keycCsº| |¡}|j |j|jj¡}||jjkrF|j ||jj¡}t||ƒS|jj r®|  ¡|j  |j¡}|  |dk¡|j  |j|jj¡}||jjkr®|j ||jj¡}t||ƒS| ¡dSrŸ)r$r„Zd2i_DHparams_biorvr‚r rr7r+r‘rír£r˜ZCryptography_d2i_DHxparams_bior¤)r”r"r¦r<r¤r{r{r|Úload_der_parameters?s"   ÿ  zBackend.load_der_parameterscCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzwUnable to load certificate. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) r$r„ZPEM_read_bio_X509rvr‚r rírÑrrrP©r”r"r¦r r{r{r|Úload_pem_x509_certificateSs ÿ ÿz!Backend.load_pem_x509_certificatecCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load certificate) r$r„Z d2i_X509_biorvr‚r rírÑrrrPr¯r{r{r|Úload_der_x509_certificatebs  z!Backend.load_der_x509_certificatecCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzoUnable to load CRL. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) r$r„ZPEM_read_bio_X509_CRLrvr‚r rírÑrrrQ©r”r"r¦rr{r{r|Úload_pem_x509_crlls ÿ ÿzBackend.load_pem_x509_crlcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load CRL) r$r„Zd2i_X509_CRL_biorvr‚r rírÑrrrQr²r{r{r|Úload_der_x509_crl{s  zBackend.load_der_x509_crlcCsb| |¡}|j |j|jj|jj|jj¡}||jjkrF| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzsUnable to load request. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details.) r$r„ZPEM_read_bio_X509_REQrvr‚r rírÑrrrrR©r”r"r¦r}r{r{r|Úload_pem_x509_csr…s ÿ ÿzBackend.load_pem_x509_csrcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load request) r$r„Zd2i_X509_REQ_biorvr‚r rírÑrrrrRrµr{r{r|Úload_der_x509_csr”s  zBackend.load_der_x509_csrc Cs(| |¡}|j d¡}|dk rFt d|¡|j |¡}||_t|ƒ|_||j |jj |j  |j j d¡|ƒ}||jj krÐ|jdkrÈ| ¡} | | ¡|jdkr¤tdƒ‚qÐ|jdks²t‚td |jd ¡ƒ‚n| ¡|j ||j j¡}|dk rü|jdkrütd ƒ‚|dk r|jd ks |dks t‚||ƒS) NzCRYPTOGRAPHY_PASSWORD_DATA *r¡ZCryptography_pem_password_cbréÿÿÿÿz3Password was not given but private key is encryptedéþÿÿÿzAPasswords longer than {} bytes are not supported by this backend.rr«)r$r‚rªrÚ_check_byteslikerær¡r«rèrvr rjr„rkÚerrorrír˜rcrñrÑr»Úmaxsizer¤rrÚcalled) r”Zopenssl_read_funcZ convert_funcr"r¡r¦ZuserdataZ password_ptrr r–r{r{r|r žsV     ÿú    ÿÿÿÿÿÿþzBackend._load_keycsÞˆ ¡}|stdƒ‚nÄ|d ˆjjˆjj¡sF|d ˆjjˆjj¡rPtdƒ‚nŠ|d ˆjjˆjj¡s€|d ˆjj ˆjj ¡rŽt dt j ƒ‚nLt‡fdd„|Dƒƒr®tdƒ‚n,|djˆjjˆjj ˆjjfksÒt‚tdƒ‚dS)NzCould not deserialize key data.rz Bad decrypt. Incorrect password?z0PEM data is encrypted with an unsupported cipherc3s"|]}| ˆjjˆjj¡VqdSr²)Ú_lib_reason_matchr„Ú ERR_LIB_EVPZ'EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)ršr»r“r{r|Ú çs üþz4Backend._handle_key_loading_error..z!Unsupported public key algorithm.)rírÑr¾r„r¿ZEVP_R_BAD_DECRYPTZERR_LIB_PKCS12Z!PKCS12_R_PKCS12_CIPHERFINAL_ERRORZEVP_R_UNKNOWN_PBE_ALGORITHMZ ERR_LIB_PEMZPEM_R_UNSUPPORTED_ENCRYPTIONr r ZUNSUPPORTED_CIPHERÚanyrƒZ ERR_LIB_ASN1rñ)r”r–r{r“r|r¤ÏsH ÿþþ ÿÿþþ û ý z!Backend._handle_key_loading_errorcCsvz| |¡}Wntk r*|jj}YnX|j |¡}||jjkrP| ¡dS| ||jjk¡|j  |¡dSdS)NFT) Ú_elliptic_curve_to_nidr r„rZEC_GROUP_new_by_curve_namer‚r rír˜Z EC_GROUP_free)r”ÚcurveÚ curve_nidÚgroupr{r{r|Úelliptic_curve_supportedøs   z Backend.elliptic_curve_supportedcCst|tjƒsdS| |¡SrÂ)rÃrXZECDSArÆ)r”Zsignature_algorithmrÃr{r{r|Ú,elliptic_curve_signature_algorithm_supporteds z4Backend.elliptic_curve_signature_algorithm_supportedcCs\| |¡rD| |¡}|j |¡}| |dk¡| |¡}t|||ƒStd |j ¡t j ƒ‚dS)z@ Generate a new private key on the named curve. rz#Backend object does not support {}.N) rÆÚ_ec_key_new_by_curver„ZEC_KEY_generate_keyr˜Ú_ec_cdata_to_evp_pkeyr2r r»rºr ÚUNSUPPORTED_ELLIPTIC_CURVE)r”rÃr;r¤r r{r{r|Ú#generate_elliptic_curve_private_keys      þz+Backend.generate_elliptic_curve_private_keycCsp|j}| |j¡}|j | |j¡|jj¡}|j  ||¡}|  |dk¡|  ||j |j ¡}| |¡}t|||ƒSrŸ)rrÈrÃr‚rrÚ private_valuer„Ú BN_clear_freeÚEC_KEY_set_private_keyr˜Ú)_ec_key_set_public_key_affine_coordinatesrVrUrÉr2)r”rÚpublicr;rÌr¤r r{r{r|Ú#load_elliptic_curve_private_numbers%s  ÿÿ z+Backend.load_elliptic_curve_private_numberscCs4| |j¡}| ||j|j¡}| |¡}t|||ƒSr²)rÈrÃrÏrVrUrÉr3)r”rr;r r{r{r|Ú"load_elliptic_curve_public_numbers8s ÿ z*Backend.load_elliptic_curve_public_numbersc CsÎ| |¡}|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j ||jj¡}|  ¡6}|j  |||t |ƒ|¡}|dkr’|  ¡t dƒ‚W5QRX|j ||¡}| |dk¡| |¡}t|||ƒS)Nrz(Invalid public bytes for the given curve)rÈr„ÚEC_KEY_get0_groupr˜r‚r Ú EC_POINT_newrÚ EC_POINT_freeÚ _tmp_bn_ctxZEC_POINT_oct2pointr«rírÑÚEC_KEY_set_public_keyrÉr3) r”rÃZ point_bytesr;rÅÚpointÚbn_ctxr¤r r{r{r|Ú load_elliptic_curve_public_bytesAs*    ÿ z(Backend.load_elliptic_curve_public_bytesc CsD| |¡}| |¡\}}|j |¡}| ||jjk¡|j ||jj¡}|  |¡}|j ||jj ¡}|  ¡h}|j  ||||jj|jj|¡} | | dk¡|j  |¡} |j  |¡} |||| | |ƒ} | | dk¡W5QRX|j ||¡} | | dk¡|  |¡} |j | |jj ¡} |j || ¡} | | dk¡| |¡} t||| ƒSrŸ)rÈÚ _ec_key_determine_group_get_funcr„rÔr˜r‚r rrÕrrÍrÖZ EC_POINT_mulZ BN_CTX_getr×rÎrÉr2)r”rÌrÃr;Úget_funcrÅrØrtrÙr¤Zbn_xZbn_yÚprivater r{r{r|Ú!derive_elliptic_curve_private_keyUs:    ÿ    z)Backend.derive_elliptic_curve_private_keycCs| |¡}| |¡Sr²)rÂÚ_ec_key_new_by_curve_nid)r”rÃrÄr{r{r|rÈxs zBackend._ec_key_new_by_curvecCsB|j |¡}| ||jjk¡|j |tjj¡|j ||jj ¡Sr²) r„ZEC_KEY_new_by_curve_namer˜r‚r ZEC_KEY_set_asn1_flagÚbackendZOPENSSL_EC_NAMED_CURVErr5)r”rÄr;r{r{r|rß|s ÿz Backend._ec_key_new_by_curve_nidcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load OCSP request) r$r„Zd2i_OCSP_REQUEST_biorvr‚r rírÑrÚOCSP_REQUEST_freerF)r”r"r¦Úrequestr{r{r|Úload_der_ocsp_request‰s  zBackend.load_der_ocsp_requestcCsV| |¡}|j |j|jj¡}||jjkr:| ¡tdƒ‚|j ||jj ¡}t ||ƒS)NzUnable to load OCSP response) r$r„Zd2i_OCSP_RESPONSE_biorvr‚r rírÑrÚOCSP_RESPONSE_freerG)r”r"r¦Úresponser{r{r|Úload_der_ocsp_response“s  zBackend.load_der_ocsp_responsec Cs°|j ¡}| ||jjk¡|j ||jj¡}|j\}}}| |¡}|j  ||j |j ¡}| ||jjk¡|j  ||¡}| ||jjk¡|j |j |j||jjddt||ƒS)NTrl)r„ZOCSP_REQUEST_newr˜r‚r rráÚ_requestrÁÚOCSP_cert_to_idÚ_x509ZOCSP_request_add0_idrxryrßZOCSP_REQUEST_add_extrF) r”r|Zocsp_reqÚcertZissuerrµr¾ÚcertidZonereqr{r{r|Úcreate_ocsp_requests"   ûzBackend.create_ocsp_requestc Csô| ||¡|j ¡}| ||jjk¡|j ||jj¡}| |j j ¡}|j  ||j j j |j jj ¡}| ||jjk¡|j ||jj¡}|j jdkršd}n t|j j}|j jdkr¼|jj}n| |j j¡}|jj} |j jdk rì| |j j¡} | |j j¡} |j |||j jj||| | ¡} | | |jjk¡| ||¡}|j\} } |jj}| tjjkrb||jjO}|j dk rš|j D]$}|j !||j ¡} | | dk¡qt|j"|j#|j$||jj%dd|j &|| j |j'||jj|¡} | dkrð| (¡}t)d|ƒ‚|S)Nr¸rTrlzAError while signing. responder_cert must be signed by private_key)*rgr„ZOCSP_BASICRESP_newr˜r‚r rZOCSP_BASICRESP_freerÁÚ _responserErèZ_certréZ_issuerZOCSP_CERTID_freeZ_revocation_reasonr"Z_revocation_timerŒrZ _this_updateZOCSP_basic_add1_statusZ _cert_statusrtrqZ _responder_idZ OCSP_NOCERTSrtZOCSPResponderEncodingÚHASHZOCSP_RESPID_KEYZ_certsZOCSP_basic_add1_certrxryràZOCSP_BASICRESP_add_extZOCSP_basic_signrwrîrÑ)r”r|rfrµÚbasicr¾rëÚreasonZrev_timer‘Z this_updater¤Zresponder_certZresponder_encodingÚflagsrêr–r{r{r|Ú_create_ocsp_basic_response°sŽ  ÿý ÿ  ÿ ÿù      ûú ýz#Backend._create_ocsp_basic_responsecCsb|tjjkr| |||¡}n|jj}|j |j|¡}|  ||jjk¡|j  ||jj ¡}t ||ƒSr²) rtZOCSPResponseStatusZ SUCCESSFULròr‚r r„ZOCSP_response_creatertr˜rrärG)r”Zresponse_statusr|rfrµrïZ ocsp_respr{r{r|Úcreate_ocsp_responses ÿÿzBackend.create_ocsp_responsecCs| |¡ot|tjƒSr²)rÆrÃrXZECDH)r”rµrÃr{r{r|Ú+elliptic_curve_exchange_algorithm_supporteds ÿz3Backend.elliptic_curve_exchange_algorithm_supportedcCs(| ¡}|j ||¡}| |dk¡|SrŸ)r r„ZEVP_PKEY_set1_EC_KEYr˜)r”r;r r¤r{r{r|rÉszBackend._ec_cdata_to_evp_pkeycCsNdddœ}| |j|j¡}|j | ¡¡}||jjkrJtd |j¡tj ƒ‚|S)z/ Get the NID for a curve name. Z prime192v1Z prime256v1)Z secp192r1Z secp256r1z${} is not a supported elliptic curve) Úgetrºr„Ú OBJ_sn2nidr½rr r»r rÊ)r”rÃZ curve_aliasesZ curve_namerÄr{r{r|rÂ!s   þzBackend._elliptic_curve_to_nidc csX|j ¡}| ||jjk¡|j ||jj¡}|j |¡z |VW5|j |¡XdSr²) r„Z BN_CTX_newr˜r‚r rZ BN_CTX_freeZ BN_CTX_startZ BN_CTX_end)r”rÙr{r{r|rÖ2s   zBackend._tmp_bn_ctxcCs¼| ||jjk¡|j d¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡|j |¡}| ||jjk¡||kr¤|jj r¤|jj }n|jj }|s´t ‚||fS)zu Given an EC_KEY determine the group and what function is required to get point coordinates. scharacteristic-two-field) r˜r‚r r„rörrÓZEC_GROUP_method_ofZEC_METHOD_get_field_typeZCryptography_HAS_EC2MZ$EC_POINT_get_affine_coordinates_GF2mZ#EC_POINT_get_affine_coordinates_GFprñ)r”rIZ nid_two_fieldrÅÚmethodržrÜr{r{r|rÛ=s     z(Backend._ec_key_determine_group_get_funccCst|dks|dkrtdƒ‚|j | |¡|jj¡}|j | |¡|jj¡}|j |||¡}|dkrp| ¡tdƒ‚|S)zg Sets the public key point in the EC_KEY context to the affine x and y values. rz2Invalid EC key. Both x and y must be non-negative.rzInvalid EC key.)rÑr‚rrr„rZ(EC_KEY_set_public_key_affine_coordinatesrí)r”rIrVrUr¤r{r{r|rÏYsÿz1Backend._ec_key_set_public_key_affine_coordinatesc Cs(t|tjƒstdƒ‚t|tjƒs(tdƒ‚t|tjƒs|j j}n | |j jkrV|j j}nt d ƒ‚| |||¡S|tjjkrä|rˆt d ƒ‚| |j jkr |j j}n8| |j jkr¸|j j}n | |j jkrÐ|j j}nt d ƒ‚| ||¡St d ƒ‚|tjjkr|tjj krt  !||¡St d ƒ‚t dƒ‚dS)Nú/encoding must be an item from the Encoding enumz2format must be an item from the PrivateFormat enumzBEncryption algorithm must be a KeySerializationEncryption instancer›iÿzBPasswords longer than 1023 bytes are not supported by this backendzUnsupported encryption typezUnsupported encoding for PKCS8zCEncrypted traditional OpenSSL format is not supported in FIPS mode.z+Unsupported key type for TraditionalOpenSSLzDEncryption is not supported for DER encoded traditional OpenSSL keysz+Unsupported encoding for TraditionalOpenSSLz=OpenSSH private key format can only be used with PEM encodingúformat is invalid with this key)"rÃrVÚEncodingrcZ PrivateFormatZKeySerializationEncryptionÚ NoEncryptionÚBestAvailableEncryptionr¡r«rÑZPKCS8ÚPEMr„ZPEM_write_bio_PKCS8PrivateKeyÚDERZi2d_PKCS8PrivateKey_bioÚ_private_key_bytes_via_bioZTraditionalOpenSSLr†r-r.ZPEM_write_bio_RSAPrivateKeyr0ZPEM_write_bio_DSAPrivateKeyr3ZPEM_write_bio_ECPrivateKeyZi2d_RSAPrivateKey_bioZi2d_ECPrivateKey_bioZi2d_DSAPrivateKey_bioÚ_bio_func_outputÚOpenSSHrsZserialize_ssh_private_key) r”Úencodingr»Úencryption_algorithmr´r Úcdatar¡Ú write_bior9r{r{r|Ú_private_key_bytesms¦  ÿÿÿ ÿ ÿ     ÿÿÿ    ÿÿÿ   ÿ  ÿzBackend._private_key_bytesc Cs<|s|jj}n |j d¡}| ||||t|ƒ|jj|jj¡S)Ns aes-256-cbc)r‚r r„ÚEVP_get_cipherbynamerr«)r”rr r¡rÏr{r{r|rÿÖs  ùz"Backend._private_key_bytes_via_biocGs.| ¡}||f|žŽ}| |dk¡| |¡SrŸ)r%r˜r')r”rÚargsrvr¤r{r{r|rçszBackend._bio_func_outputcCst|tjƒstdƒ‚t|tjƒs(tdƒ‚|tjjkrt|tjjkrJ|jj}n|tjj kr`|jj }nt dƒ‚|  ||¡S|tjj krà|j |¡}||jjkr t dƒ‚|tjjkr¶|jj}n|tjj krÌ|jj}nt dƒ‚|  ||¡S|tjjkr|tjjkrt |¡St dƒ‚t dƒ‚dS)Nrøz1format must be an item from the PublicFormat enumz8SubjectPublicKeyInfo works only with PEM or DER encodingz+PKCS1 format is supported only for RSA keysz)PKCS1 works only with PEM or DER encodingz1OpenSSH format must be used with OpenSSH encodingrù)rÃrVrúrcZ PublicFormatZSubjectPublicKeyInforýr„ZPEM_write_bio_PUBKEYrþZi2d_PUBKEY_biorÑrZPKCS1r-r.ZPEM_write_bio_RSAPublicKeyZi2d_RSAPublicKey_biorrsZserialize_ssh_public_key)r”rr»r´r rrr9r{r{r|Ú_public_key_bytesís@  ÿ     ÿ          ÿzBackend._public_key_bytescCsÌ|tjjkrtdƒ‚|j d¡}|j ||jj||jj¡|tjj krj|d|jjkr`|jj }q¢|jj }n8|tjj krš|d|jjkr|jj }q¢|jj}ntdƒ‚| ¡}|||ƒ}| |dk¡| |¡S)Nz!OpenSSH encoding is not supportedrýrrør)rVrúrrcr‚rªr„Z DH_get0_pqgr rýZPEM_write_bio_DHxparamsZPEM_write_bio_DHparamsrþZCryptography_i2d_DHxparams_bioZi2d_DHparams_bior%r˜r')r”rr»rrrrvr¤r{r{r|Ú_parameter_bytess"         zBackend._parameter_bytescCs||dkrtdƒ‚|dkr tdƒ‚|j ¡}| ||jjk¡|j ||jj¡}|j ||||jj¡}| |dk¡t ||ƒS)Nrz%DH key_size must be at least 512 bits)rüézDH generator must be 2 or 5r) rÑr„ÚDH_newr˜r‚r rr7ZDH_generate_parameters_exr+)r”Ú generatorr Zdh_param_cdatar¤r{r{r|Úgenerate_dh_parameters6s ÿzBackend.generate_dh_parameterscCs(| ¡}|j ||¡}| |dk¡|SrŸ)r r„ZEVP_PKEY_set1_DHr˜)r”r<r r¤r{r{r|Ú_dh_cdata_to_evp_pkeyHszBackend._dh_cdata_to_evp_pkeycCs<t|j|ƒ}|j |¡}| |dk¡| |¡}t|||ƒSrŸ)r.Z _dh_cdatar„ZDH_generate_keyr˜rr,)r”rLZ dh_key_cdatar¤r r{r{r|Úgenerate_dh_private_keyNs    zBackend.generate_dh_private_keycCs| | ||¡¡Sr²)rr)r”r r r{r{r|Ú&generate_dh_private_key_and_parametersXs ÿz.Backend.generate_dh_private_key_and_parametersc Cs>|jj}|j ¡}| ||jjk¡|j ||jj¡}|  |j ¡}|  |j ¡}|j dk rf|  |j ¡}n|jj}|  |jj ¡}|  |j¡}|j ||||¡} | | dk¡|j |||¡} | | dk¡|j dd¡} |j || ¡} | | dk¡| ddkr(|j dkr | d|jjAdks(tdƒ‚| |¡} t||| ƒS)Nrúint[]rrüz.DH private numbers did not pass safety checks.)rrTr„r r˜r‚r rr7rrrPrrUrVÚ DH_set0_pqgÚ DH_set0_keyrªÚCryptography_DH_checkZDH_NOT_SUITABLE_GENERATORrÑrr,) r”rrTr<rrPrrQrRr¤Úcodesr r{r{r|Úload_dh_private_numbers]s4      ÿþ zBackend.load_dh_private_numbersc CsÐ|j ¡}| ||jjk¡|j ||jj¡}|j}| |j ¡}| |j ¡}|j dk rd| |j ¡}n|jj}| |j ¡}|j  ||||¡}| |dk¡|j |||jj¡}| |dk¡| |¡} t||| ƒSrŸ)r„r r˜r‚r rr7rTrrrPrrUrrrr-) r”rr<rTrrPrrQr¤r r{r{r|Úload_dh_public_numbers‹s       zBackend.load_dh_public_numberscCs|j ¡}| ||jjk¡|j ||jj¡}| |j¡}| |j ¡}|j dk r^| |j ¡}n|jj}|j  ||||¡}| |dk¡t ||ƒSrŸ) r„r r˜r‚r rr7rrrPrrr+)r”rr<rrPrr¤r{r{r|Úload_dh_parameter_numbers¦s    z!Backend.load_dh_parameter_numberscCs´|j ¡}| ||jjk¡|j ||jj¡}| |¡}| |¡}|dk rV| |¡}n|jj}|j ||||¡}| |dk¡|j  dd¡}|j  ||¡}| |dk¡|ddkS)Nrrr) r„r r˜r‚r rr7rrrªr)r”rrPrr<r¤rr{r{r|Údh_parameters_supported¸s    zBackend.dh_parameters_supportedcCs |jjdkSrŸ)r„r‘r“r{r{r|Údh_x942_serialization_supportedÎsz'Backend.dh_x942_serialization_supportedcsxtˆ|ƒ}ˆj d¡}ˆj ||¡}ˆ |dˆjjk¡ˆj |‡fdd„¡}ˆ |dk¡ˆj |d|¡dd…S)Nzunsigned char **rcsˆj |d¡Sr™)r„rö)Úpointerr“r{r|rš×r›z)Backend.x509_name_bytes..) r@r‚rªr„Z i2d_X509_NAMEr˜r rrç)r”rºZ x509_nameÚppr¤r{r“r|Úx509_name_bytesÑs   ÿzBackend.x509_name_bytescCsht|ƒdkrtdƒ‚| ¡}|j ||jj¡}| |dk¡|j ||t|ƒ¡}| |dk¡t||ƒS)Né z%An X25519 public key is 32 bytes longr) r«rÑr r„ZEVP_PKEY_set_typeÚ NID_X25519r˜ZEVP_PKEY_set1_tls_encodedpointrM)r”r"r r¤r{r{r|Úx25519_load_public_bytesÜs ÿz Backend.x25519_load_public_bytesc Cs¬t|ƒdkrtdƒ‚d}| d¡<}||dd…<||dd…<| |¡}|j |j|jj¡}W5QRX|  ||jjk¡|j  ||jj ¡}|  |j  |¡|jj k¡t||ƒS)Nrz&An X25519 private key is 32 bytes longs0.0+en" é0rrð)r«rÑÚ_zeroed_bytearrayr$r„r¬rvr‚r r˜rrr-r*rL)r”r"Z pkcs8_prefixÚbarvr r{r{r|Úx25519_load_private_bytesës     ÿz!Backend.x25519_load_private_bytescCs¨|j ||jj¡}| ||jjk¡|j ||jj¡}|j |¡}| |dk¡|j d¡}|j  ||¡}| |dk¡| |d|jjk¡|j |d|jj ¡}|S)Nrú EVP_PKEY **r) r„ZEVP_PKEY_CTX_new_idr‚r r˜rZEVP_PKEY_CTX_freeZEVP_PKEY_keygen_initrªZEVP_PKEY_keygenr)r”ržZ evp_pkey_ctxr¤Z evp_ppkeyr r{r{r|Ú_evp_pkey_keygen_gc s  zBackend._evp_pkey_keygen_gccCs| |jj¡}t||ƒSr²)r'r„r rLrr{r{r|Úx25519_generate_key szBackend.x25519_generate_keycCs|jr dS|jjSrÂ)r†r„Z#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERr“r{r{r|Úx25519_supported szBackend.x25519_supportedcCs`t|ƒdkrtdƒ‚|j |jj|jj|t|ƒ¡}| ||jjk¡|j ||jj ¡}t ||ƒS)Né8z#An X448 public key is 56 bytes long) r«rÑr„ÚEVP_PKEY_new_raw_public_keyÚNID_X448r‚r r˜rrrO©r”r"r r{r{r|Úx448_load_public_bytes# s ÿzBackend.x448_load_public_bytescCslt|ƒdkrtdƒ‚|j |¡}|j |jj|jj|t|ƒ¡}| ||jjk¡|j  ||jj ¡}t ||ƒS)Nr*z$An X448 private key is 56 bytes long) r«rÑr‚rær„ÚEVP_PKEY_new_raw_private_keyr,r r˜rrrN©r”r"r#r r{r{r|Úx448_load_private_bytes. s  ÿzBackend.x448_load_private_bytescCs| |jj¡}t||ƒSr²)r'r„r,rNrr{r{r|Úx448_generate_key: szBackend.x448_generate_keycCs|jr dS|jj SrÂ)r†r„Z"CRYPTOGRAPHY_OPENSSL_LESS_THAN_111r“r{r{r|Úx448_supported> szBackend.x448_supportedcCs|jr dS|jj Sr©r†r„Z#CRYPTOGRAPHY_OPENSSL_LESS_THAN_111Br“r{r{r|Úed25519_supportedC szBackend.ed25519_supportedcCsnt d|¡t|ƒtjkr"tdƒ‚|j |jj|j j |t|ƒ¡}|  ||j j k¡|j   ||jj ¡}t||ƒS)Nr"z&An Ed25519 public key is 32 bytes long)rÚ _check_bytesr«rYÚ_ED25519_KEY_SIZErÑr„r+Ú NID_ED25519r‚r r˜rrr5r-r{r{r|Úed25519_load_public_bytesH s ÿz!Backend.ed25519_load_public_bytescCszt|ƒtjkrtdƒ‚t d|¡|j |¡}|j  |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj¡}t||ƒS)Nz'An Ed25519 private key is 32 bytes longr")r«rYr7rÑrrºr‚rær„r/r8r r˜rrr4r0r{r{r|Úed25519_load_private_bytesV s  ÿz"Backend.ed25519_load_private_bytescCs| |jj¡}t||ƒSr²)r'r„r8r4rr{r{r|Úed25519_generate_keyd szBackend.ed25519_generate_keycCs|jr dS|jj SrÂr4r“r{r{r|Úed448_supportedh szBackend.ed448_supportedcCslt d|¡t|ƒtkr tdƒ‚|j |jj|jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t ||ƒS)Nr"z$An Ed448 public key is 57 bytes long)rr6r«r6rÑr„r+Ú NID_ED448r‚r r˜rrr8r-r{r{r|Úed448_load_public_bytesm s  ÿzBackend.ed448_load_public_bytescCsxt d|¡t|ƒtkr tdƒ‚|j |¡}|j |jj |jj |t|ƒ¡}|  ||jj k¡|j  ||jj ¡}t||ƒS)Nr"z%An Ed448 private key is 57 bytes long)rrºr«r6rÑr‚rær„r/r=r r˜rrr7r0r{r{r|Úed448_load_private_bytesz s   ÿz Backend.ed448_load_private_bytescCs| |jj¡}t||ƒSr²)r'r„r=r7rr{r{r|Úed448_generate_keyˆ szBackend.ed448_generate_keyc Cs†|j d|¡}|j |¡}|j |t|ƒ|t|ƒ|||tj||¡ } | dkrr| ¡} d||d} t d  | ¡| ƒ‚|j  |¡dd…S)Nråré€izJNot enough memory to derive key. These parameters require {} MB of memory.) r‚rªrær„ZEVP_PBE_scryptr«rqZ _MEM_LIMITrîÚ MemoryErrorr»rç) r”rêrérèrÚrrr®rër¤r–Z min_memoryr{r{r|Ú derive_scryptŒ s0 ö ÿýzBackend.derive_scryptcCs2t |¡}|jr||jkrdS|j |¡|jjkSrÂ)rZ_aead_cipher_namer†Ú _fips_aeadr„rr‚r )r”rÍÚ cipher_namer{r{r|Úaead_cipher_supported§ s zBackend.aead_cipher_supportedc cs&t|ƒ}z |VW5| ||¡XdS)zÁ This method creates a bytearray, which we copy data into (hopefully also from a mutable buffer that can be dynamically erased!), and then zero when we're done. N)Ú bytearrayÚ _zero_data)r”rèr$r{r{r|r#­ s zBackend._zeroed_bytearraycCst|ƒD] }d||<qdSr™r)r”r"rèr•r{r{r|rIº s zBackend._zero_datac csf|dkr|jjVnNt|ƒ}|j d|d¡}|j |||¡z |VW5| |j d|¡|¡XdS)aâ This method takes bytes, which can be a bytestring or a mutable buffer like a bytearray, and yields a null-terminated version of that data. This is required because PKCS12_parse doesn't take a length with its password char * and ffi.from_buffer doesn't provide null termination. So, to support zeroing the data via bytearray we need to build this ridiculous construct that copies the memory, but zeroes it after use. Nr§rz uint8_t *)r‚r r«rªÚmemmoverIÚcast)r”r"Zdata_lenr®r{r{r|Ú_zeroed_null_terminated_bufÁ s   z#Backend._zeroed_null_terminated_bufc CsÊ|dk rt d|¡| |¡}|j |j|jj¡}||jjkrN| ¡t dƒ‚|j  ||jj ¡}|j  d¡}|j  d¡}|j  d¡}|  |¡}|j |||||¡} W5QRX| dkrÆ| ¡t dƒ‚d} d} g} |d|jjkr|j  |d|jj¡} | | ¡} |d|jjkr6|j  |d|jj¡}t||ƒ} |d|jjkrÀ|j  |d|jj¡}|j |d¡}t|ƒD]H}|j ||¡}| ||jjk¡|j  ||jj¡}|  t||ƒ¡qv| | | fS)Nr¡z!Could not deserialize PKCS12 datar&zX509 **zCryptography_STACK_OF_X509 **rzInvalid password or PKCS12 data)rrºr$r„Zd2i_PKCS12_biorvr‚r rírÑrÚ PKCS12_freerªrLZ PKCS12_parserr=rrPÚ sk_X509_freeÚ sk_X509_numrÚ sk_X509_valuer˜r’)r”r"r¡rvÚp12Z evp_pkey_ptrZx509_ptrZ sk_x509_ptrÚ password_bufr¤rêr´Zadditional_certificatesr r Úsk_x509rr•r{r{r|Ú%load_key_and_certificates_from_pkcs12Ø sP       ÿ   z-Backend.load_key_and_certificates_from_pkcs12cCsŠd}|dk rt d|¡t|tjƒr6d}d}d} d} n4t|tjƒrb|jj}|jj}d} d} |j}nt dƒ‚|dks~t |ƒdkrˆ|j j } nH|j  ¡} |j  | |jj¡} t|ƒD]"} |j | | j¡} t | dk¡q¬| |¡X}| |¡B}|j |||rü|jn|j j |r|jn|j j | ||| | d¡ }W5QRXW5QRX| ||j j k¡|j  ||jj¡}| ¡}|j ||¡} | | dk¡| |¡S)Nrºr¸ri NrzUnsupported key encryption type)rr6rÃrVrûrür„Z&NID_pbe_WithSHA1And3_Key_TripleDES_CBCr¡rÑr«r‚r Úsk_X509_new_nullrrNÚreversedÚ sk_X509_pushréràr˜rLZ PKCS12_createrwrMr%Zi2d_PKCS12_bior')r”rºr´rêZcasrr¡Znid_certZnid_keyZ pkcs12_iterZmac_iterrSÚcar¤rRZname_bufrQrvr{r{r|Ú(serialize_key_and_certificates_to_pkcs12 sZ  ÿ     ö z0Backend.serialize_key_and_certificates_to_pkcs12cCs|jr dS|jjdkS)NFr)r†r„ZCryptography_HAS_POLY1305r“r{r{r|Úpoly1305_supportedF szBackend.poly1305_supportedcCs*t d|¡t|ƒtkr tdƒ‚t||ƒS)Nr´zA poly1305 key is 32 bytes long)rrºr«rHrÑrI)r”r´r{r{r|Úcreate_poly1305_ctxK s  zBackend.create_poly1305_ctxcCsnt d|¡| |¡}|j |j|jj|jj|jj¡}||jjkrR| ¡t dƒ‚|j  ||jj ¡}|  |¡S©Nr"zUnable to parse PKCS7 data) rr6r$r„ZPEM_read_bio_PKCS7rvr‚r rírÑrÚ PKCS7_freeÚ_load_pkcs7_certificates©r”r"rvÚp7r{r{r|Úload_pem_pkcs7_certificatesR s  ÿ z#Backend.load_pem_pkcs7_certificatescCsbt d|¡| |¡}|j |j|jj¡}||jjkrF| ¡t dƒ‚|j  ||jj ¡}|  |¡Sr\) rr6r$r„Z d2i_PKCS7_biorvr‚r rírÑrr]r^r_r{r{r|Úload_der_pkcs7_certificates_ s   z#Backend.load_der_pkcs7_certificatesc CsÆ|j |j¡}| ||jjk¡||jjkr>td |¡tj ƒ‚|j j j }|j  |¡}g}t|ƒD]`}|j ||¡}| ||jjk¡|j |¡}| |dk¡|j ||jj¡}| t||ƒ¡q`|S)NzNOnly basic signed structures are currently supported. NID for this data was {}r)r„Z OBJ_obj2nidrËr˜rZNID_pkcs7_signedr r»r ZUNSUPPORTED_SERIALIZATIONrÚsignrêrOrrPr‚r Z X509_up_refrrr’rP) r”r`ržrSrÚcertsr•r r¤r{r{r|r^j s( ÿý    z Backend._load_pkcs7_certificatescCs‚| |j¡}|jj}d}t|jƒdkr0|jj}nF|j ¡}|j  ||jj ¡}|jD]"}|j  ||j ¡} |  | dk¡qRtjj|krš||jjO}||jjO}|j |jj|jj||jj|¡} |  | |jjk¡|j  | |jj¡} d} tjj|krü| |jjO} ntjj|kr| |jjO} tjj|kr0| |jjO} |jD]@\} } }| |¡}|j | | j | j|| ¡}|  ||jjk¡q6|D]<}|tjjkrœ||jjO}n|tjj kr|||jj!O}q|| "¡}|t#j$j%kræ|j &|| |j'|¡} n„|t#j$j(kr*|j )| |j'|¡} |  | dk¡|j *|| |j'|¡} n@|t#j$j+ksrDrGrJrMrNrSrWrYrZrKr[r\r_r`rgrr‡rqr„rŒr’rxr™r”rŸr¢r§r¨rªr©r­r®r°r±r³r´r¶r·r r¤rÆrÇrËrÑrÒrÚrÞrÈrßrãrærìròrórôrÉrÂrÖrÛrÏrrÿrr r rrrrrrrrrrr!r%r'r(r)r.r1r2r3r5r9r:r;r<r>r?r@rDrGr#rIrLrTrYrZr[rarbr^rjr{r{r{r|r}¦sbúó         -5      ++ HB 8"    1)  #   U i0 .  "               . @   r}c@seZdZdd„Zdd„ZdS)rÕcCs ||_dSr²)Ú_fmt)r”Úfmtr{r{r|r•Ô szGetCipherByName.__init__cCs&|jj||d ¡}|j | d¡¡S)N)rÍržr©)rmr»Úlowerr„rr½)r”ràrÍržrFr{r{r|Ú__call__× szGetCipherByName.__call__N)rxryrzr•rpr{r{r{r|rÕÓ srÕcCs"d |jd¡}|j | d¡¡S)Nz aes-{}-xtsrür©)r»r r„rr½)ràrÍržrFr{r{r|rØÜ srØ)¢Ú __future__rrrÚ collectionsrlrÖrŒrròZ six.movesrZ cryptographyrr Zcryptography.exceptionsr r Zcryptography.hazmat._derr r rrrZ'cryptography.hazmat.backends.interfacesrrrrrrrrrrrrrZ$cryptography.hazmat.backends.opensslrZ,cryptography.hazmat.backends.openssl.ciphersrZ)cryptography.hazmat.backends.openssl.cmacr!Z0cryptography.hazmat.backends.openssl.decode_asn1r"r#r$r%r&r'r(r)r*Z'cryptography.hazmat.backends.openssl.dhr+r,r-r.Z(cryptography.hazmat.backends.openssl.dsar/r0r1Z'cryptography.hazmat.backends.openssl.ecr2r3Z,cryptography.hazmat.backends.openssl.ed25519r4r5Z*cryptography.hazmat.backends.openssl.ed448r6r7r8Z0cryptography.hazmat.backends.openssl.encode_asn1r9r:r;r<r=r>r?r@rAZ+cryptography.hazmat.backends.openssl.hashesrCZ)cryptography.hazmat.backends.openssl.hmacrEZ)cryptography.hazmat.backends.openssl.ocsprFrGZ-cryptography.hazmat.backends.openssl.poly1305rHrIZ(cryptography.hazmat.backends.openssl.rsarJrKZ+cryptography.hazmat.backends.openssl.x25519rLrMZ)cryptography.hazmat.backends.openssl.x448rNrOZ)cryptography.hazmat.backends.openssl.x509rPrQrRrSZ$cryptography.hazmat.bindings.opensslrTZcryptography.hazmat.primitivesrUrVZ)cryptography.hazmat.primitives.asymmetricrWrXrYrZr[Z1cryptography.hazmat.primitives.asymmetric.paddingr\r]r^r_Z1cryptography.hazmat.primitives.ciphers.algorithmsr`rarbrcrdrerfrgrhZ,cryptography.hazmat.primitives.ciphers.modesrirjrkrlrmrnrorpZ"cryptography.hazmat.primitives.kdfrqZ,cryptography.hazmat.primitives.serializationrrrsZcryptography.x509rtÚ namedtupleruÚobjectrwZregister_interfaceZregister_interface_ifr€rƒZCryptography_HAS_SCRYPTr}rÕrØràr{r{r{r|Ús   <   , ,   , (   ÿ*2