o -׾gx@sjddlmZmZmZmZddlZddlZddlZddlZddl m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZm Z m!Z!m"Z"ddl#m$Z$ddl%m&Z&dd l'm(Z(m)Z)m*Z*Gd d d Z+Gd d d Z,GdddZ-ddZ.ddZ/e e!ee"edZ0ddZ1ddZ2d%ddZ3d%ddZ4ddZ5dd Z6d!d"Z7d#d$Z8dS)&)unicode_literalsdivisionabsolute_importprint_functionN)CertBag Certificate DSAPrivateKey ECPrivateKey EncryptedDataEncryptedPrivateKeyInfoInteger OctetStringPfxPrivateKeyInfo PublicKeyInfo RSAPrivateKey RSAPublicKey SafeContentsunarmor)pbkdf1pbkdf2 pkcs12_kdf)aes_cbc_pkcs7_decryptdes_cbc_pkcs5_decryptrc2_cbc_pkcs5_decrypt rc4_decrypttripledes_cbc_pkcs5_decrypt)constant_compare)pretty_message)byte_clsstr_cls type_namec@sLeZdZdZdZddZeddZeddZedd Z ed d Z dS) _PrivateKeyBaseNcCs|jdkr |jdjS|jdkr/|jdd}td|d|d|d |j|jdjd S|jd krL|jdj}|jdd|d<|j|d <|Sd S)a. Unwraps the private key into an asn1crypto.keys.RSAPrivateKey, asn1crypto.keys.DSAPrivateKey or asn1crypto.keys.ECPrivateKey object :return: An asn1crypto.keys.RSAPrivateKey, asn1crypto.keys.DSAPrivateKey or asn1crypto.keys.ECPrivateKey object rsa private_keydsaprivate_key_algorithm parametersrpqgversionr)r*r+ public_keyr%ecr.N) algorithmasn1parsedr r.unwrap)selfparamsoutputr7^/var/www/html/backend_erp/backend_erp_env/lib/python3.10/site-packages/oscrypto/_asymmetric.pyr3-s$    z_PrivateKeyBase.unwrapcC|jjSzO :return: A unicode string of "rsa", "dsa" or "ec" r1r0r4r7r7r8r0Kz_PrivateKeyBase.algorithmcC |jjdSH :return: A unicode string of EC curve name rr1curver<r7r7r8rBT z_PrivateKeyBase.curvecCr9zS :return: The number of bits in the key, as an integer r1bit_sizer<r7r7r8rF]r=z_PrivateKeyBase.bit_sizecCr9zT :return: The number of bytes in the key, as an integer r1 byte_sizer<r7r7r8rIfr=z_PrivateKeyBase.byte_size) __name__ __module__ __qualname__r1 _fingerprintr3propertyr0rBrFrIr7r7r7r8r#(s   r#c@sXeZdZdZdZddZeddZeddZedd Z ed d Z ed d Z dS)_PublicKeyBaseNcCs |jdkr |jdS|jdjS)a7 Unwraps a public key into an asn1crypto.keys.RSAPublicKey, asn1crypto.core.Integer (for DSA) or asn1crypto.keys.ECPointBitString object :return: An asn1crypto.keys.RSAPublicKey, asn1crypto.core.Integer or asn1crypto.keys.ECPointBitString object r/r.)r0r1r2r<r7r7r8r3us  z_PublicKeyBase.unwrapcCs|jdur t|jd|_|jS)aZ Creates a fingerprint that can be compared with a private key to see if the two form a pair. This fingerprint is not compatible with fingerprints generated by any other software. :return: A byte string that is a sha256 hash of selected components (based on the key type) N)rMr1r<r7r7r8 fingerprints z_PublicKeyBase.fingerprintcCr9r:r;r<r7r7r8r0r=z_PublicKeyBase.algorithmcCr>r?rAr<r7r7r8rBrCz_PublicKeyBase.curvecCr9rDrEr<r7r7r8rFr=z_PublicKeyBase.bit_sizecCr9rGrHr<r7r7r8rIr=z_PublicKeyBase.byte_size) rJrKrLr1rMr3rNrPr0rBrFrIr7r7r7r8rOps    rOc@s@eZdZdZeddZeddZeddZedd ZdS) _CertificateBaseNcCr9r:)r.r0r<r7r7r8r0r=z_CertificateBase.algorithmcCr9)r@)r.rBr<r7r7r8rBr=z_CertificateBase.curvecCr9)zZ :return: The number of bits in the public key, as an integer )r.rFr<r7r7r8rFr=z_CertificateBase.bit_sizecCr9)z[ :return: The number of bytes in the public key, as an integer )r.rIr<r7r7r8rIr=z_CertificateBase.byte_size) rJrKrLr1rNr0rBrFrIr7r7r7r8rQs   rQc Cs|j}|dks |dkr|djS|dkr=|dd}|dj}td|d|d |d tt|d j|j|dj|d S|d krP|dj}|dd|d<|Std |j)a Unwraps an asn1crypto.keys.PrivateKeyInfo object into an asn1crypto.keys.RSAPrivateKey, asn1crypto.keys.DSAPrivateKey or asn1crypto.keys.ECPrivateKey. :param key_info: An asn1crypto.keys.PrivateKeyInfo object :return: One of: - asn1crypto.keys.RSAPrivateKey - asn1crypto.keys.DSAPrivateKey - asn1crypto.keys.ECPrivateKey r$ rsassa_pssr%r&r'r(rr)r*r+r,r/z#Unsupported key_info.algorithm "%s")r0r2r r pownative ValueError)key_infokey_algr5r2r7r7r8_unwrap_private_key_infos.    rXcCst|tr|dj}|jdkrd|dj|djf}nZ|jdkrL|dd}tt|d j|djj|d j}d |d j|d j|d j|jf}n*|jd krv|dj}|durf||j}|jdjj}d|j d}| d}||7}t|t r| d}t |St|tr|jdkr|dj}d|dj|djf}n=|jdkr|dj}|dd}d |d j|d j|d j|jf}n|jd kr|dj}d|j d}| d}||7}t|t r| d}t |Sttdt|)a5 Returns a fingerprint used for correlating public keys and private keys :param key_object: An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo :raises: ValueError - when the key_object is not of the proper type ;return: A byte string fingerprint r%r$z%d:%dmoduluspublic_exponentr&r'r(r+r)z %d:%d:%d:%dr*r/r.Nz%s:rzutf-8r0z key_object must be an instance of the asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo classes, not %s ) isinstancerr2r0rTr rSr.r1rBencoder!hashlibsha256digestrrUrr") key_objectload_private_keykeyto_hashr5r.public_key_objectr7r7r8rMsv                       rM)rc2rc4des tripledesaescCs t|tsttdt|d}td|dur3t|\}}}|dkr)ttd|dkr3t |dS|dus;|dkriz t |}|j |WStyOYnwzt |}|j t |dWStyhYnw|dusq|dkrzt |}|d d }|WStyYtd wtd ) a Loads a public key from a DER or PEM-formatted file. Supports RSA, DSA and EC public keys. For RSA keys, both the old RSAPublicKey and SubjectPublicKeyInfo structures are supported. Also allows extracting a public key from an X.509 certificate. :param data: A byte string to load the public key from :raises: ValueError - when the data does not appear to contain a public key :return: An asn1crypto.keys.PublicKeyInfo object < data must be a byte string, not %s N\s*----- private keyz The data specified does not appear to be a public key or certificate, but rather a private key r$ public key certificatetbs_certificatesubject_public_key_infozQThe data specified does not appear to be a known public key or certificate format)r[r TypeErrorrr"rematch _unarmor_pemrUrwraploadrTrr)datakey_typealgopkirpk parsed_certrVr7r7r8 parse_public~sN         r}cCst|tsttdt|d}td|dur3t|\}}}|dkr)ttd|dkr3ttd|dus;|dkrKzt |WStyJYnwttd ) a@ Loads a certificate from a DER or PEM-formatted file. Supports X.509 certificates only. :param data: A byte string to load the certificate from :raises: ValueError - when the data does not appear to contain a certificate :return: An asn1crypto.x509.Certificate object rjNrkrlz The data specified does not appear to be a certificate, but rather a private key rmz The data specified does not appear to be a certificate, but rather a public key rnzU The data specified does not appear to be a known certificate format ) r[r rqrr"rrrsrtrUrrv)rwrx_r7r7r8parse_certificates2   rc Cst|tsttdt||dur!t|ts ttdt|nd}td|durGt||\}}}|dkr=ttd|dkrGttd z t |}|j |WSty[Ynwzt |}|d }|d j }t |||}t |}|j |WStyYnwzt |} | j t | d WStyYnwzt |} | j t | d WStyYnwzt |} | j t | dWStyYnwttd)a% Loads a private key from a DER or PEM-formatted file. Supports RSA, DSA and EC private keys. Works with the follow formats: - RSAPrivateKey (PKCS#1) - ECPrivateKey (SECG SEC1 V2) - DSAPrivateKey (OpenSSL) - PrivateKeyInfo (RSA/DSA/EC - PKCS#8) - EncryptedPrivateKeyInfo (RSA/DSA/EC - PKCS#8) - Encrypted RSAPrivateKey (PEM only, OpenSSL) - Encrypted DSAPrivateKey (PEM only, OpenSSL) - Encrypted ECPrivateKey (PEM only, OpenSSL) :param data: A byte string to load the private key from :param password: The password to unencrypt the private key :raises: ValueError - when the data does not appear to contain a private key, or the password is invalid :return: An asn1crypto.keys.PrivateKeyInfo object rjNH password must be a byte string, not %s rkrmz The data specified does not appear to be a private key, but rather a public key rnz The data specified does not appear to be a private key, but rather a certificate encryption_algorithmencrypted_datar$r&r/zU The data specified does not appear to be a known private key format )r[r rqrr"rrrsrtrUrrvrTr _decrypt_encrypted_datarrur r ) rwpasswordrxr~rzparsed_wrapperencryption_algorithm_infordecrypted_datar2r7r7r8 parse_privates               rc Cst|\}}}d}t||}|sttd|d}|}|tgdvr8|d}d|t |||fS|} d}| dkrEd} n| d krMd } d }| ||fS) a3 Removes PEM-encoding from a public key, private key or certificate. If the private key is encrypted, the password will be used to decrypt it. :param data: A byte string of the PEM-encoded data :param password: A byte string of the encryption password, or None :return: A 3-element tuple in the format: (key_type, algorithm, der_bytes). The key_type will be a unicode string of "public key", "private key" or "certificate". The algorithm will be a unicode string of "rsa", "dsa" or "ec". zc^((DSA|EC|RSA) PRIVATE KEY|ENCRYPTED PRIVATE KEY|PRIVATE KEY|PUBLIC KEY|RSA PUBLIC KEY|CERTIFICATE)zx data does not seem to contain a PEM-encoded certificate, private key or public key r)zRSA PRIVATE KEYzDSA PRIVATE KEYzEC PRIVATE KEYrlNzencrypted private keyzrsa public keyrmr$) rrrrsrUrgroupstripsetlower_unarmor_pem_openssl_private) rwr object_typeheaders der_bytes type_regex armor_type pem_headerryrxr7r7r8rtvs(   rtc Csd}d}d}d|vr!|d}|ddkr|d\}}nd}|s%|S|r/t|d}|}iddd dd d d d d ddddddddddddddddddd dd dd ddddd|}t||dd }|t |kr|t|||dd 7}|t |ks|d|}iddd dd dd dd ddddddddddddddddddd dd dd dd d!d!d|} t | } | dkr| ||S| |||S)"a Parses a PKCS#1 private key, or encrypted private key :param headers: A dict of "Name: Value" lines from right after the PEM header :param data: A byte string of the DER-encoded PKCS#1 private key :param password: A byte string of the password to use if the private key is encrypted :return: A byte string of the DER-encoded private key NzDEK-Info,RC4asciiz aes-128-cbczaes-128z aes-192-cbczaes-192z aes-256-cbc zaes-256rfzrc4-64zrc4-40z rc2-64-cbcz rc2-40-cbczrc2-cbcrez des-ede3-cbczdes-ede3des3z des-ede-cbc)zdes-cbcrgrrirhrg) findrsplitbinascii unhexlifyr\rr]md5r_len crypto_funcs) rrwrenc_algo enc_iv_hexenc_ivr5enc_key_lengthenc_key enc_algo_name decrypt_funcr7r7r8rs      "        rcst|tsttdt||dur!t|ts ttdt|nd}ii}t|}|d}|djdkr=ttd|j }|d }|r|d d d j}d ddddddd|} t |||dj|dj| d} t t |} t | |dj| } |d dj} t| | std|D];}|d}t|trt|j|||qt|tr|d}|d}|dj}t|||}t||||qttdt|}t}tt||@}d}d}g}t|dkr|d|}}fdd D}|||fSt|dkrtt|d}||}tdkr2ttd}|}|=tdkrEttd!d"d#}|||fS)$aY Parses a PKCS#12 ANS.1 DER-encoded structure and extracts certs and keys :param data: A byte string of a DER-encoded PKCS#12 file :param password: A byte string of the password to any encrypted data :param load_private_key: A callable that will accept a byte string and return an oscrypto.asymmetric.PrivateKey object :raises: ValueError - when any of the parameters are of the wrong type or value OSError - when an error is returned by one of the OS decryption functions :return: A three-element tuple of: 1. An asn1crypto.keys.PrivateKeyInfo object 2. An asn1crypto.x509.Certificate object 3. A list of zero or more asn1crypto.x509.Certificate objects that are "extra" certificates, possibly intermediates from the cert chain rjNrr auth_safe content_typerwzV Only password-protected PKCS12 files are currently supported mac_datamacdigest_algorithmr0r0@)sha1sha224r^sha384sha512 sha512_224 sha512_256mac_salt iterationscontentr_zPassword provided is invalidencrypted_content_infocontent_encryption_algorithmencrypted_contentz[ Public-key-based PKCS12 files are not currently supported rrcsg|] }|kr|qSr7r7).0fcertsrPr7r8 |sz!_parse_pkcs12..cSr9N)subjecthuman_friendly)cr7r7r8sz_parse_pkcs12..)rb)r[r rqrr"rrvrTrUauthenticated_safergetattrr]hmacnewcontentsr_rr_parse_safe_contentsr rrkeyssortedlistrvalues)rwrra private_keyspfxrrrmac_algo key_lengthmac_keyhash_mod computed_hmac stored_hmac content_inforrrrdecrypted_contentkey_fingerprintscert_fingerprintscommon_fingerprintsrbcert other_certs first_keyr7rr8 _parse_pkcs12s              rc Cst|tr t|}|D]e}|d}t|tr4|djdkr3|dj}|dd}|dj|t|d<q t|trA||t||<q t|t rb|d} |d j} t | | |} t| } | |t| |<q t|trpt |||||q q dS) a& Parses a SafeContents PKCS#12 ANS.1 structure and extracts certs and keys :param safe_contents: A byte string of ber-encoded SafeContents, or a asn1crypto.pkcs12.SafeContents parsed object :param certs: A dict to store certificates in :param keys: A dict to store keys in :param password: A byte string of the password to any encrypted data :param load_private_key: A callable that will accept a byte string and return an oscrypto.asymmetric.PrivateKey object bag_valuecert_idx509 cert_valuerorpNrr) r[r rrvrrTr2rMrr rr) safe_contentsrrrrasafe_bagrrpublic_key_inforencrypted_key_bytesdecrypted_key_bytesr%r7r7r8rs,           rcCs t|j}|jdkr,|jdkrttdt|j||j|j|j }|j }||||}|S|jdkrSt |j||j|j|j d}|dd}|dd}||||}|S|jdkrt |j||j|j|j d }|jd krq|||}|St |j||j|j|j d }||||}|S) al Decrypts encrypted ASN.1 data :param encryption_algorithm_info: An instance of asn1crypto.pkcs5.Pkcs5EncryptionAlgorithm :param encrypted_content: A byte string of the encrypted content :param password: A byte string of the encrypted content's password :return: A byte string of the decrypted plaintext rrc5zc PBES2 encryption scheme utilizing RC5 encryption is not supported rrrrrrrfr)rencryption_cipherkdfrUrrkdf_hmackdf_saltkdf_iterationsr encryption_ivrrencryption_block_size)rrrrrr plaintextderived_outputr7r7r8rsd    (        rr)9 __future__rrrrr]rrrr_asn1rrr r r r r rrrrrrrrrrrr symmetricrrrrrutilr_errorsr_typesr r!r"r#rOrQrXrMrr}rrrtrrrrr7r7r7r8s>D  HK)-e I : u3[ 4