o c< @s\ddlZddlmZddlmZddlmZddlmZm Z m Z m Z m Z ddl mZgdZeje jeje je je jfZGdd d ZGd d d Z dd ed ejedejdejejeejejejejffddZ dd ed ejedejdefddZ ejejefZ!dejedejedejejdejej"e!dej#def ddZ$dS)N)x509) serialization)PBES)dsaeced448ed25519rsa)PRIVATE_KEY_TYPES)rPKCS12CertificatePKCS12KeyAndCertificatesload_key_and_certificates load_pkcs12serialize_key_and_certificatesc@seZdZdejdejefddZe dejefddZ e dejfdd Z d e de fd d Zdefd dZdefddZdS)r cert friendly_namecCs>t|tjs td|durt|tstd||_||_dS)Nz!Expecting x509.Certificate objectz#friendly_name must be bytes or None) isinstancer Certificate TypeErrorbytes_cert_friendly_name)selfrrr`/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/pkcs12.py__init__&s  zPKCS12Certificate.__init__returncC|jSN)rrrrrr2zPKCS12Certificate.friendly_namecCrrrrrrr certificate6r zPKCS12Certificate.certificateothercCs&t|tstS|j|jko|j|jkSr)rr NotImplementedr"rrr#rrr__eq__:s   zPKCS12Certificate.__eq__cCst|j|jfSr)hashr"rrrrr__hash__CszPKCS12Certificate.__hash__cCsd|j|jS)Nz+)formatr"rrrrr__repr__FszPKCS12Certificate.__repr__N)__name__ __module__ __qualname__rrtypingOptionalrrpropertyrr"objectboolr&intr(strr*rrrrr %s   r c@seZdZdejedejedejefddZe dejefddZ e dejefd d Z e dejefd d Z d e defddZdefddZdefddZdS)r keyradditional_certscCsx|durt|tjtjtjtjt j fst d|dur$t|t s$t dt dd|Ds1t d||_||_||_dS)NLKey must be RSA, DSA, EllipticCurve, ED25519, or ED448 private key, or None.z/cert must be a PKCS12Certificate object or Nonecss|]}t|tVqdSr)rr ).0add_certrrr cs  z4PKCS12KeyAndCertificates.__init__..z@all values in additional_certs must be PKCS12Certificate objects)rr RSAPrivateKeyr DSAPrivateKeyrEllipticCurvePrivateKeyrEd25519PrivateKeyrEd448PrivateKeyrr all_keyr_additional_certs)rr5rr6rrrrMs.   z!PKCS12KeyAndCertificates.__init__rcCrr)rArrrrr5or zPKCS12KeyAndCertificates.keycCrrr!rrrrrsr zPKCS12KeyAndCertificates.certcCrr)rBrrrrr6wr z)PKCS12KeyAndCertificates.additional_certsr#cCs2t|tstS|j|jko|j|jko|j|jkSr)rr r$r5rr6r%rrrr&{s    zPKCS12KeyAndCertificates.__eq__cCst|j|jt|jfSr)r'r5rtupler6rrrrr(sz!PKCS12KeyAndCertificates.__hash__cCsd}||j|j|jS)Nz@)r)r5rr6)rfmtrrrr*sz!PKCS12KeyAndCertificates.__repr__N)r+r,r-r.r/r r Listrr0r5rr6r1r2r&r3r(r4r*rrrrr Ls" " r datapasswordbackendrcCddlm}|||SNrrH),cryptography.hazmat.backends.openssl.backendrH%load_key_and_certificates_from_pkcs12rFrGrHosslrrrr s r cCrIrJ)rLrHrrNrrrrs  rnamer5rcasencryption_algorithmcCs|durt|tjtjtjtjt j fst d|dur%t|t j s%t d|dur:t|}tdd|Ds:t dt|tjsDt d|durR|durR|sRtddd lm}||||||S) Nr7z"cert must be a certificate or Nonecss |] }t|tjtfVqdSr)rrrr )r8valrrrr:s z1serialize_key_and_certificates..z&all values in cas must be certificateszFKey encryption algorithm must be a KeySerializationEncryption instancez1You must supply at least one of key, cert, or casrrK)rr r;rr<rr=rr>rr?rrrlistr@rKeySerializationEncryption ValueErrorrLrH(serialize_key_and_certificates_to_pkcs12)rPr5rrQrRrHrrrrs@     rr)%r. cryptographyrcryptography.hazmat.primitivesr-cryptography.hazmat.primitives._serializationr)cryptography.hazmat.primitives.asymmetricrrrrr /cryptography.hazmat.primitives.asymmetric.typesr __all__Unionr;r<r=r>r?_ALLOWED_PKCS12_TYPESr r rr/AnyTuplerrEr r_PKCS12_CAS_TYPESIterablerUrrrrrsx      'F