o j DiB@sdZddlmZddlmZmZmZmZddlZ ddl m Z ddl m Z ddl mZddlmZdd lmZdd lmZdd lmZddlZ dd lmZdd lmZdZe ZeZeGdddZGdddej Z!Gdddej"ej#Z$dS)zAECDSA verifier and signer that use the ``cryptography`` library. ) dataclass)AnyDictOptionalUnionN)backends)hashes) serialization)ec)padding)decode_dss_signature)encode_dss_signature)_helpers)bases-----BEGIN CERTIFICATE-----c@s^eZdZUdZeed<ejed<eed<e de e j e j ffddZe de jfd d Zd S) _ESAttributeszA class that models ECDSA attributes. Attributes: rs_size (int): Size for ASN.1 r and s size. sha_algo (hashes.HashAlgorithm): Hash algorithm. algorithm (str): Algorithm name. rs_sizesha_algo algorithmkeycCs ||jSN) from_curvecurve)clsrrT/home/air/goalskill_t/back/venv/lib/python3.10/site-packages/google/auth/crypt/es.pyfrom_key6s z_ESAttributes.from_keyrcCs,t|tjr|dtdS|dtdS)N0ES384 ES256) isinstancer SECP384R1rSHA384SHA256)rrrrrr<s z_ESAttributes.from_curveN)__name__ __module__ __qualname____doc__int__annotations__r HashAlgorithmstr classmethodrr EllipticCurvePublicKeyEllipticCurvePrivateKeyr EllipticCurverrrrrr(s   rc@sdeZdZdZdejddfddZee j de de de fd d Z edeee fddfd d ZdS) EsVerifierzVerifies ECDSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey): The public key used to verify signatures. public_keyreturnNcCs||_t||_dSr)_pubkeyrr _attributes)selfr1rrr__init__RszEsVerifier.__init__message signaturec Cst|}t||jjdkrdStj|d|jjdd}tj||jjddd}t||}t|}z|j ||t |jj WdSt tjjfySYdSw)NFbig byteorderT)rto_byteslenr4rr( from_bytesr r3verifyr ECDSAr ValueError cryptography exceptionsInvalidSignature)r5r7r8 sig_bytesrsasn1_sigrrrr@Vs   zEsVerifier.verifycCsRt|}t|vrtj|t}|}nt |t}t |t j s%t d||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. z2Expected public key of type EllipticCurvePublicKey)rr=_CERTIFICATE_MARKERrCx509load_pem_x509_certificate_BACKENDr1r load_pem_public_keyr r r- TypeError)rr1public_key_datacertpubkeyrrr from_stringgs    zEsVerifier.from_string)r$r%r&r'r r-r6rcopy_docstringrVerifierbytesboolr@r,rr+rSrrrrr0Is  r0c@seZdZdZ ddejdeeddfddZe defdd Z e e e jdeefd d Ze e jd edefd dZe ddeeefdeeddfddZdeeeffddZdeeefddfddZdS)EsSigneraSigns messages with an ECDSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. N private_keykey_idr2cCs||_||_t||_dSr)_key_key_idrrr4)r5rYrZrrrr6szEsSigner.__init__cCs|jjS)zkName of the algorithm used to sign messages. Returns: str: The algorithm name. )r4rr5rrrrszEsSigner.algorithmcCs|jSr)r\r]rrrrZszEsSigner.key_idr7cCsRt|}|j|t|jj}t|\}}|j|jj dd|j|jj ddS)Nr:r;) rr=r[signr rAr4rr r)r5r7asn1_signaturerGrHrrrr^s  z EsSigner.signrcCs:t|}tj|dtd}t|tjstd|||dS)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackendz4Expected private key of type EllipticCurvePrivateKey)rZ) rr=r load_pem_private_keyrMr r r.rO)rrrZ key_bytesrYrrrrSs   zEsSigner.from_stringcCs0|j}|jjtjjtjjt d|d<|S)z1Pickle helper that serializes the _key attribute.)encodingformatencryption_algorithmr[) __dict__copyr[ private_bytesr EncodingPEM PrivateFormatPKCS8 NoEncryptionr5staterrr __getstate__s  zEsSigner.__getstate__rpcCs$t|dd|d<|j|dS)z3Pickle helper that deserializes the _key attribute.r[N)r rbrgupdaterorrr __setstate__szEsSigner.__setstate__r)r$r%r&r'r r.rr+r6propertyrrrTrSignerrZrVr^r,rrSrrrqrsrrrrrXs8        rX)%r' dataclassesrtypingrrrrcryptography.exceptionsrCcryptography.hazmatrcryptography.hazmat.primitivesrr )cryptography.hazmat.primitives.asymmetricr r /cryptography.hazmat.primitives.asymmetric.utilsr r cryptography.x509 google.authrgoogle.auth.cryptrrJdefault_backendrMPKCS1v15_PADDINGrrUr0ruFromServiceAccountMixinrXrrrrs*           >