ó ‚Ÿ^Yc@s_dZddlmZddlmZdefd„ƒYZdefd„ƒYZd„Zd S( s1OpenSSL Crypto-related routines for oauth2client.iÿÿÿÿ(tcrypto(t_helperstOpenSSLVerifiercBs/eZdZd„Zd„Zed„ƒZRS(s$Verifies the signature on a message.cCs ||_dS(slConstructor. Args: pubkey: OpenSSL.crypto.PKey, The public key to verify with. N(t_pubkey(tselftpubkey((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyt__init__scCsgtj|ddƒ}tj|ddƒ}y!tj|j||dƒtSWntjk rbtSXdS(sØVerifies a message against a signature. Args: message: string or bytes, The message to verify. If string, will be encoded to bytes as utf-8. signature: string or bytes, The signature on the message. If string, will be encoded to bytes as utf-8. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. tencodingsutf-8tsha256N(Rt _to_bytesRtverifyRtTruetErrortFalse(Rtmessaget signature((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyR s cCsLtj|ƒ}|r-tjtj|ƒ}ntjtj|ƒ}t|ƒS(s“Construct a Verified instance from a string. Args: key_pem: string, public key in PEM format. is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is expected to be an RSA key in PEM format. Returns: Verifier instance. Raises: OpenSSL.crypto.Error: if the key_pem can't be parsed. (RR Rtload_certificatet FILETYPE_PEMtload_privatekeyR(tkey_pemt is_x509_certR((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyt from_string5s (t__name__t __module__t__doc__RR t staticmethodR(((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyRs  t OpenSSLSignercBs2eZdZd„Zd„Zedd„ƒZRS(s"Signs messages with a private key.cCs ||_dS(stConstructor. Args: pkey: OpenSSL.crypto.PKey (or equiv), The private key to sign with. N(t_key(Rtpkey((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyROscCs+tj|ddƒ}tj|j|dƒS(s°Signs a message. Args: message: bytes, Message to be signed. Returns: string, The signature of the message for the given key. Rsutf-8R(RR RtsignR(RR((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyRWs t notasecretcCsstj|ƒ}tj|ƒ}|r<tjtj|ƒ}n-tj|ddƒ}tj||ƒjƒ}t|ƒS(s>Construct a Signer instance from a string. Args: key: string, private key in PKCS12 or PEM format. password: string, password for the private key file. Returns: Signer instance. Raises: OpenSSL.crypto.Error if the key can't be parsed. Rsutf-8( RR t_parse_pem_keyRRRt load_pkcs12tget_privatekeyR(tkeytpasswordtparsed_pem_keyR((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyRcs(RRRRRRR(((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyRLs   cCs:tj|ƒ}tj||ƒ}tjtj|jƒƒS(sConvert the contents of a PKCS#12 key to PEM using pyOpenSSL. Args: private_key_bytes: Bytes. PKCS#12 key in DER format. private_key_password: String. Password for PKCS#12 key. Returns: String. PEM contents of ``private_key_bytes``. (RR RR tdump_privatekeyRR!(tprivate_key_bytestprivate_key_passwordtpkcs12((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pytpkcs12_key_as_pem{s  N( RtOpenSSLRt oauth2clientRtobjectRRR)(((sA/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_openssl_crypt.pyts 7/