U nciB@sdZddlmZddlmZmZmZmZddlZ ddl m Z ddl m Z ddl mZddlmZdd lmZdd lmZdd lmZddlZ dd lmZdd lmZdZe ZeZeGdddZGdddej Z!Gdddej"ej#Z$dS)zAECDSA verifier and signer that use the ``cryptography`` library. ) dataclass)AnyDictOptionalUnionN)backends)hashes) serialization)ec)padding)decode_dss_signature)encode_dss_signature)_helpers)bases-----BEGIN CERTIFICATE-----c@s^eZdZUdZeed<ejed<eed<e e e j e j fdddZe e jdd d Zd S) _ESAttributeszA class that models ECDSA attributes. Attributes: rs_size (int): Size for ASN.1 r and s size. sha_algo (hashes.HashAlgorithm): Hash algorithm. algorithm (str): Algorithm name. rs_sizesha_algo algorithm)keycCs ||jSN) from_curvecurve)clsrr8/tmp/pip-unpacked-wheel-fpe1mg0e/google/auth/crypt/es.pyfrom_key6sz_ESAttributes.from_key)rcCs0t|tjr|dtdS|dtdSdS)N0ZES384 ZES256) isinstancer Z SECP384R1rSHA384SHA256)rrrrrr<s z_ESAttributes.from_curveN)__name__ __module__ __qualname____doc__int__annotations__rZ HashAlgorithmstr classmethodrr EllipticCurvePublicKeyEllipticCurvePrivateKeyrZ EllipticCurverrrrrr(s  rc@s\eZdZdZejddddZee j e e e dddZ eeee fddd d ZdS) EsVerifierzVerifies ECDSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey): The public key used to verify signatures. N) public_keyreturncCs||_t||_dSr)_pubkeyrr _attributes)selfr,rrr__init__RszEsVerifier.__init__)message signaturer-c Cst|}t||jjdkr"dStj|d|jjdd}tj||jjddd}t||}t|}z |j ||t |jj WdSt tjjfk rYdSXdS)NFbig byteorderT)rto_byteslenr/rr% from_bytesr r.verifyr ECDSAr ValueError cryptography exceptionsZInvalidSignature)r0r2r3Z sig_bytesrsZasn1_sigrrrr;Vs   zEsVerifier.verifycCsRt|}t|kr*tj|t}|}n t |t}t |t j sJt d||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. z2Expected public key of type EllipticCurvePublicKey)rr8_CERTIFICATE_MARKERr>x509Zload_pem_x509_certificate_BACKENDr,r Zload_pem_public_keyrr r) TypeError)rr,Zpublic_key_datacertZpubkeyrrr from_stringgs    zEsVerifier.from_string)r!r"r#r$r r)r1rcopy_docstringrVerifierbytesboolr;r(rr'rGrrrrr+Is  r+c@seZdZdZdejeeddddZe edddZ e e e jeedd d Ze e jeed d d ZedeeefeeddddZeeefdddZeeefddddZdS)EsSigneraSigns messages with an ECDSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. N) private_keykey_idr-cCs||_||_t||_dSr)_key_key_idrrr/)r0rMrNrrrr1szEsSigner.__init__)r-cCs|jjS)zkName of the algorithm used to sign messages. Returns: str: The algorithm name. )r/rr0rrrrszEsSigner.algorithmcCs|jSr)rPrQrrrrNszEsSigner.key_id)r2r-cCsRt|}|j|t|jj}t|\}}|j|jj dd|j|jj ddS)Nr5r6) rr8rOsignr r<r/rr r)r0r2Zasn1_signaturer@rArrrrRs  z EsSigner.sign)rrNr-cCs:t|}tj|dtd}t|tjs.td|||dS)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackendz4Expected private key of type EllipticCurvePrivateKey)rN) rr8r load_pem_private_keyrDrr r*rE)rrrN key_bytesrMrrrrGs  zEsSigner.from_stringcCs0|j}|jjtjjtjjt d|d<|S)z1Pickle helper that serializes the _key attribute.)encodingformatZencryption_algorithmrO) __dict__copyrOZ private_bytesr EncodingZPEMZ PrivateFormatZPKCS8Z NoEncryptionr0staterrr __getstate__s  zEsSigner.__getstate__)r]r-cCs$t|dd|d<|j|dS)z3Pickle helper that deserializes the _key attribute.rON)r rUrYupdater\rrr __setstate__szEsSigner.__setstate__)N)N)r!r"r#r$r r*rr'r1propertyrrrHrSignerrNrJrRr(rrGrrr^r`rrrrrLs.       rL)%r$Z dataclassesrtypingrrrrZcryptography.exceptionsr>Zcryptography.hazmatrZcryptography.hazmat.primitivesrr Z)cryptography.hazmat.primitives.asymmetricr r Z/cryptography.hazmat.primitives.asymmetric.utilsr r Zcryptography.x509Z google.authrZgoogle.auth.cryptrrBZdefault_backendrDZPKCS1v15Z_PADDINGrrIr+rbZFromServiceAccountMixinrLrrrrs(           >