o @sldZddlmZddlZddlZddlmZdZdZdZ dZ da d d Z Gd d d e ZGd dde ZdS)zPure Python crypto-related routines for oauth2client. Uses the ``rsa``, ``pyasn1`` and ``pyasn1_modules`` packages to parse PEM files storing PKCS#1 or PKCS#8 keys as well as certificates. )pemN)_helpersz\ PKCS12 format is not supported by the RSA library. Either install PyOpenSSL, or please convert .p12 format to .pem format: $ cat key.p12 | \ > openssl pkcs12 -nodes -nocerts -passin pass:notasecret | \ > openssl rsa > key.pem )@ )z-----BEGIN RSA PRIVATE KEY-----z-----END RSA PRIVATE KEY-----)z-----BEGIN PRIVATE KEY-----z-----END PRIVATE KEY-----cCs^t|}t}tjd|dD]}|||d}tddtt|D}||qt |S)zConverts an iterable of 1's and 0's to bytes. Combines the list 8 at a time, treating each group of 8 bits as a single byte. rrcss|] \}}||VqdSN).0valdigitr r H/tmp/google-cloud-sdk/lib/third_party/oauth2client/_pure_python_crypt.py 8sz%_bit_list_to_bytes..) len bytearraysixmovesxrangesumzip_POW2appendbytes)bit_listnum_bits byte_valsstart curr_bitschar_valr r r_bit_list_to_bytes.s r#c@s,eZdZdZddZddZeddZdS) RsaVerifierzVerifies the signature on a message. Args: pubkey: rsa.key.PublicKey (or equiv), The public key to verify with. cC ||_dSr )_pubkey)selfpubkeyr r r__init__E zRsaVerifier.__init__c Cs@tj|dd}z tj|||jWSttjjfyYdSw)aVerifies a message against a signature. Args: message: string or bytes, The message to verify. If string, will be encoded to bytes as utf-8. signature: string or bytes, The signature on the message. If string, will be encoded to bytes as utf-8. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. utf-8encodingF)r _to_bytesrsapkcs1verifyr& ValueErrorVerificationError)r'message signaturer r rr1Hs  zRsaVerifier.verifyc Cst|}|rEddlm}ddlm}tj|d}|j || d\}}|dkr.t d||dd }t |d } tj | d } || Stj |d } || S) aConstruct an RsaVerifier instance from a string. Args: key_pem: string, public key in PEM format. is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is expected to be an RSA key in PEM format. Returns: RsaVerifier instance. Raises: ValueError: if the key_pem can't be parsed. In either case, error will begin with 'No PEM start marker'. If ``is_x509_cert`` is True, will fail to find the "-----BEGIN CERTIFICATE-----" error, otherwise fails to find "-----BEGIN RSA PUBLIC KEY-----". rdecoder)rfc2459 CERTIFICATEasn1Spec Unused bytestbsCertificatesubjectPublicKeyInfosubjectPublicKeyDERPEM)rr.pyasn1.codec.derr7pyasn1_modulesr8r/rload_pemdecode Certificater2r# PublicKey load_pkcs1) clskey_pem is_x509_certr7r8der asn1_cert remaining cert_info key_bytesr(r r r from_string[s      zRsaVerifier.from_stringN)__name__ __module__ __qualname____doc__r)r1 classmethodrRr r r rr$>s r$c@s.eZdZdZddZddZed ddZd S) RsaSignerz}Signs messages with a private key. Args: pkey: rsa.key.PrivateKey (or equiv), The private key to sign with. cCr%r )_key)r'pkeyr r rr)r*zRsaSigner.__init__cCs tj|dd}tj||jdS)zSigns a message. Args: message: bytes, Message to be signed. Returns: string, The signature of the message for the given key. r+r,zSHA-256)rr.r/r0signrY)r'r4r r rr[s zRsaSigner.sign notasecretc Cst|}tt|tt\}}|dkr"tj j j |dd}||S|dkr`ddl m }ddlm}tdur:|a|j|td\}} | d krLtd | |d } tj j j | dd}||Std ) aConstruct an RsaSigner instance from a string. Args: key: string, private key in PEM format. password: string, password for private key file. Unused for PEM files. Returns: RsaSigner instance. Raises: ValueError if the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format. rrA)formatr r6)rfc5208Nr:r<r= privateKeyzNo key could be detected.)r _from_bytesrreadPemBlocksFromFilerStringIO _PKCS1_MARKER _PKCS8_MARKERr/key PrivateKeyrIrCr7rDr^ _PKCS8_SPECPrivateKeyInforFr2getComponentByNameasOctets) rJrepassword marker_idrQrZr7r^key_inforO pkey_infor r rrRs2        zRsaSigner.from_stringN)r\)rSrTrUrVr)r[rWrRr r r rrXs  rX)rVrDrr/r oauth2clientr _PKCS12_ERRORrrcrdrgr#objectr$rXr r r rs   B