3 lá˜_ã@s˜ddlmZmZmZddlmZddlmZddlm Z ddl m Z m Z ddl mZmZddlmZdd „Zd d „ZGd d „d eƒZGdd„deƒZdS)é)Úabsolute_importÚdivisionÚprint_function)ÚEnum)Úx509)Ú _get_backend)ÚhashesÚ serialization)ÚecÚrsa)Ú_check_byteslikecCstdƒ}|j|ƒS)N)rÚload_pem_pkcs7_certificates)ÚdataÚbackend©rú/usr/lib64/python3.6/pkcs7.pyr sr cCstdƒ}|j|ƒS)N)rÚload_der_pkcs7_certificates)rrrrrrsrc@s>eZdZdggfdd„Zdd„Zdd„Zdd „Zd d d „ZdS) ÚPKCS7SignatureBuilderNcCs||_||_||_dS)N)Ú_dataÚ_signersÚ_additional_certs)ÚselfrZsignersZadditional_certsrrrÚ__init__szPKCS7SignatureBuilder.__init__cCs(td|ƒ|jdk rtdƒ‚t||jƒS)Nrzdata may only be set once)r rÚ ValueErrorrr)rrrrrÚset_data s  zPKCS7SignatureBuilder.set_datacCsnt|tjtjtjtjtjfƒs&tdƒ‚t|tj ƒs:tdƒ‚t|t j t j fƒsTtdƒ‚t|j|j|||fgƒS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512z&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.)Ú isinstancerZSHA1ZSHA224ZSHA256ZSHA384ZSHA512Ú TypeErrorrÚ Certificater Z RSAPrivateKeyr ZEllipticCurvePrivateKeyrrr)rÚ certificateZ private_keyZhash_algorithmrrrÚ add_signer's"  z PKCS7SignatureBuilder.add_signercCs,t|tjƒstdƒ‚t|j|j|j|gƒS)Nz&certificate must be a x509.Certificate)rrrrrrrr)rrrrrÚadd_certificateCs z%PKCS7SignatureBuilder.add_certificatecCsàt|jƒdkrtdƒ‚|jdkr(tdƒ‚t|ƒ}tdd„|DƒƒsJtdƒ‚|tjjtjj tjj fkrltdƒ‚t j |krˆt j |krˆtdƒ‚t j |kr®|tjj tjjfkr®td ƒ‚t j|krÊt j|krÊtd ƒ‚t|ƒ}|j|||ƒS) NrzMust have at least one signerzYou must add data to signcss|]}t|tƒVqdS)N)rÚ PKCS7Options)Ú.0Úxrrrú Qsz-PKCS7SignatureBuilder.sign..z*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.)ÚlenrrrÚlistÚallr ZEncodingZPEMZDERZSMIMEr!ÚTextÚDetachedSignatureÚ NoAttributesÚNoCapabilitiesrZ pkcs7_sign)rÚencodingZoptionsrrrrÚsignKs8        zPKCS7SignatureBuilder.sign)N)Ú__name__Ú __module__Ú __qualname__rrrr r-rrrrrs rc@s$eZdZdZdZdZdZdZdZdS)r!zAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) r.r/r0r(ZBinaryr)r+r*ZNoCertsrrrrr!~s r!N)Z __future__rrrÚenumrZ cryptographyrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z)cryptography.hazmat.primitives.asymmetricr r Zcryptography.utilsr r rÚobjectrr!rrrrÚs    d