o gev@sddlZddlmZddlmZddlmZddlmZmZddl m Z m Z ddl m Z ded ejejfd d Zded ejejfd d ZejejejejejejfZeje je jfZGdddejZGdddeZ dS)N)utils)x509) _get_backend)hashes serialization)ecrsa)_check_byteslikedatareturncCtd}||SN)rload_pem_pkcs7_certificatesr backendrT/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/serialization/pkcs7.pyr rcCr r )rload_der_pkcs7_certificatesrrrrrrrc@s$eZdZdZdZdZdZdZdZdS) PKCS7OptionszAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) __name__ __module__ __qualname__TextBinaryDetachedSignatureNoCapabilities NoAttributesNoCertsrrrrr&src@seZdZdggfddZdeddfddZdejd ed e ddfd d Z dejddfd dZ dde j dejedefddZdS)PKCS7SignatureBuilderNcCs||_||_||_dSr )_data_signers_additional_certs)selfr signersadditional_certsrrr__init__0s zPKCS7SignatureBuilder.__init__r r cCs(td||jdurtdt||jS)Nr zdata may only be set once)r r ValueErrorrr!)r#r rrrset_data5s   zPKCS7SignatureBuilder.set_data certificate private_keyhash_algorithmcCsnt|tjtjtjtjtjfstdt|tj stdt|t j t j fs*tdt|j|j|||fgS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.) isinstancerSHA1SHA224SHA256SHA384SHA512 TypeErrorr Certificater RSAPrivateKeyrEllipticCurvePrivateKeyrr r!)r#r)r*r+rrr add_signer<s,   z PKCS7SignatureBuilder.add_signercCs,t|tjs tdt|j|j|j|gS)Nr,)r-rr4r3rr r!r")r#r)rrradd_certificate]s z%PKCS7SignatureBuilder.add_certificateencodingoptionscCst|jdkr td|jdurtdt|}tdd|Ds%td|tjjtjj tjj fvr6tdt j |vrDt j |vrDtdt j |vrW|tjj tjjfvrWtd t j|vret j|vretd t|}||||S) NrzMust have at least one signerzYou must add data to signcss|]}t|tVqdSr )r-r).0xrrr rsz-PKCS7SignatureBuilder.sign..z*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.)lenr!r'r listallrEncodingPEMDERSMIMErrrrrr pkcs7_sign)r#r9r:rrrrsigngsD      zPKCS7SignatureBuilder.signr )rrrr&bytesr(rr4_ALLOWED_PRIVATE_KEY_TYPES_ALLOWED_PKCS7_HASH_TYPESr7r8rrAtypingIterablerrFrrrrr/s2 ! r)!rJ cryptographyrrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrcryptography.utilsr rGListr4rrUnionr.r/r0r1r2rIr5r6rHEnumrobjectrrrrrs,