ó ‚¾^Yc@sÈdZddlmZddlmZddlmZddlmZddl Z ddl Z ddl m Z dZ dZdZdZeƒZd„Zdefd„ƒYZdefd„ƒYZdS(s¾Pure Python crypto-related routines for oauth2client. Uses the ``rsa``, ``pyasn1`` and ``pyasn1_modules`` packages to parse PEM files storing PKCS#1 or PKCS#8 keys as well as certificates. iÿÿÿÿ(tdecoder(tpem(t Certificate(tPrivateKeyInfoN(t_helperssô\ PKCS12 format is not supported by the RSA library. Either install PyOpenSSL, or please convert .p12 format to .pem format: $ cat key.p12 | \ > openssl pkcs12 -nodes -nocerts -passin pass:notasecret | \ > openssl rsa > key.pem i€i@i iiiiis-----BEGIN RSA PRIVATE KEY-----s-----END RSA PRIVATE KEY-----s-----BEGIN PRIVATE KEY-----s-----END PRIVATE KEY-----cCst|ƒ}tƒ}x]tjjd|dƒD]C}|||d!}td„tt|ƒDƒƒ}|j|ƒq.Wt |ƒS(sŠConverts an iterable of 1's and 0's to bytes. Combines the list 8 at a time, treating each group of 8 bits as a single byte. iicss|]\}}||VqdS(N((t.0tvaltdigit((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pys ;s( tlent bytearraytsixtmovestxrangetsumtzipt_POW2tappendtbytes(tbit_listtnum_bitst byte_valststartt curr_bitstchar_val((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyt_bit_list_to_bytes1s   t RsaVerifiercBs/eZdZd„Zd„Zed„ƒZRS(sVerifies the signature on a message. Args: pubkey: rsa.key.PublicKey (or equiv), The public key to verify with. cCs ||_dS(N(t_pubkey(tselftpubkey((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyt__init__HscCsWtj|ddƒ}ytjj|||jƒSWnttjjfk rRtSXdS(sèVerifies a message against a signature. Args: message: string or bytes, The message to verify. If string, will be encoded to bytes as utf-8. signature: string or bytes, The signature on the message. If string, will be encoded to bytes as utf-8. Returns: True if message was signed by the private key associated with the public key that this object was constructed with. tencodingsutf-8N( Rt _to_bytestrsatpkcs1tverifyRt ValueErrortVerificationErrortFalse(Rtmessaget signature((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyR"Ks c Cs»tj|ƒ}|rœtjj|dƒ}tj|dtƒƒ\}}|dkrftd|ƒ‚n|dd}t |dƒ}tj j |dƒ}ntj j |d ƒ}||ƒS( s¿Construct an RsaVerifier instance from a string. Args: key_pem: string, public key in PEM format. is_x509_cert: bool, True if key_pem is an X509 cert, otherwise it is expected to be an RSA key in PEM format. Returns: RsaVerifier instance. Raises: ValueError: if the key_pem can't be parsed. In either case, error will begin with 'No PEM start marker'. If ``is_x509_cert`` is True, will fail to find the "-----BEGIN CERTIFICATE-----" error, otherwise fails to find "-----BEGIN RSA PUBLIC KEY-----". t CERTIFICATEtasn1Spects Unused bytesttbsCertificatetsubjectPublicKeyInfotsubjectPublicKeytDERtPEM( RRR Rtload_pemRtdecodeRR#Rt PublicKeyt load_pkcs1( tclstkey_pemt is_x509_certtdert asn1_certt remainingt cert_infot key_bytesR((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyt from_string^s (t__name__t __module__t__doc__RR"t classmethodR<(((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyRAs  t RsaSignercBs2eZdZd„Zd„Zedd„ƒZRS(s}Signs messages with a private key. Args: pkey: rsa.key.PrivateKey (or equiv), The private key to sign with. cCs ||_dS(N(t_key(Rtpkey((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyR‡scCs.tj|ddƒ}tjj||jdƒS(s°Signs a message. Args: message: bytes, Message to be signed. Returns: string, The signature of the message for the given key. Rsutf-8sSHA-256(RRR R!tsignRB(RR&((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyRDŠs t notasecretc Csëtj|ƒ}tjtj|ƒttƒ\}}|dkr]tj j j |ddƒ}n„|dkrÕt j |dtƒ\}}|dkr¢td|ƒ‚n|jdƒ}tj j j |jƒddƒ}n td ƒ‚||ƒS( sˆConstruct an RsaSigner instance from a string. Args: key: string, private key in PEM format. password: string, password for private key file. Unused for PEM files. Returns: RsaSigner instance. Raises: ValueError if the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format. itformatR.iR)R*s Unused bytest privateKeysNo key could be detected.(Rt _from_bytesRtreadPemBlocksFromFileR tStringIOt _PKCS1_MARKERt _PKCS8_MARKERR tkeyt PrivateKeyR3RR1t _PKCS8_SPECR#tgetComponentByNametasOctets( R4RMtpasswordt marker_idR;RCtkey_infoR9t pkey_info((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyR<–s       (R=R>R?RRDR@R<(((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyRA€s   (i€i@i iiiii(s-----BEGIN RSA PRIVATE KEY-----s-----END RSA PRIVATE KEY-----(s-----BEGIN PRIVATE KEY-----s-----END PRIVATE KEY-----(R?tpyasn1.codec.derRtpyasn1_modulesRtpyasn1_modules.rfc2459Rtpyasn1_modules.rfc5208RR R t oauth2clientRt _PKCS12_ERRORRRKRLRORtobjectRRA(((sE/tmp/pip-build-kpPAdC/oauth2client/oauth2client/_pure_python_crypt.pyts"     ?