o c@s.ddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z mZddlmZmZddlmZdedejejfd d Zdedejejfd d Zd ejejdejdefddZeje je je je jfZ ejej!ej"fZ#Gdddej$Z%GdddZ&dedede'defddZ(dS)N)utilsx509)pkcs7)hashes serialization)ecrsa)_check_byteslikedatareturncCddlm}||SNr)backend),cryptography.hazmat.backends.openssl.backendrload_pem_pkcs7_certificatesr rr_/opt/certbot/lib/python3.10/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.pyr  rcCr r )rrload_der_pkcs7_certificatesrrrrrrrcertsencodingcCs t||SN) rust_pkcs7serialize_certificates)rrrrrrs rc@s$eZdZdZdZdZdZdZdZdS) PKCS7OptionszAdd text/plain MIME typez5Don't translate input data into canonical MIME formatz'Don't embed data in the PKCS7 structurezDon't embed SMIME capabilitiesz#Don't embed authenticatedAttributeszDon't embed signer certificateN) __name__ __module__ __qualname__TextBinaryDetachedSignatureNoCapabilities NoAttributesNoCertsrrrrr1src @seZdZdggfdejedejejej e e fdejej fddZ deddfdd Z d ej d e d e ddfd dZd ej ddfddZ ddejdejedejdefddZdS)PKCS7SignatureBuilderNr signersadditional_certscCs||_||_||_dSr)_data_signers_additional_certs)selfr r&r'rrr__init__;s  zPKCS7SignatureBuilder.__init__r cCs,td||jdurtdtt||jS)Nr zdata may only be set once)r r( ValueErrorr%bytesr))r+r rrrset_dataKs  zPKCS7SignatureBuilder.set_data certificate private_keyhash_algorithmcCsnt|tjtjtjtjtjfstdt|tj stdt|t j t j fs*tdt|j|j|||fgS)NzLhash_algorithm must be one of hashes.SHA1, SHA224, SHA256, SHA384, or SHA512&certificate must be a x509.Certificatez.Only RSA & EC keys are supported at this time.) isinstancerSHA1SHA224SHA256SHA384SHA512 TypeErrorr Certificater RSAPrivateKeyrEllipticCurvePrivateKeyr%r(r))r+r0r1r2rrr add_signerRs,   z PKCS7SignatureBuilder.add_signercCs,t|tjs tdt|j|j|j|gS)Nr3)r4rr;r:r%r(r)r*)r+r0rrradd_certificatess z%PKCS7SignatureBuilder.add_certificateroptionsrcCst|jdkr td|jdurtdt|}tdd|Ds%td|tjjtjj tjj fvr6tdt j |vrDt j |vrDtdt j |vrW|tjj tjjfvrWtd t j|vret j|vretd t|||S) NrzMust have at least one signerzYou must add data to signcss|]}t|tVqdSr)r4r).0xrrr sz-PKCS7SignatureBuilder.sign..z*options must be from the PKCS7Options enumz1Must be PEM, DER, or SMIME from the Encoding enumzAWhen passing the Text option you must also pass DetachedSignaturez9The Text option is only available for SMIME serializationzFNoAttributes is a superset of NoCapabilities. Do not pass both values.)lenr)r-r(listallrEncodingPEMDERSMIMErrr!r#r"rsign_and_serialize)r+rr@rrrrsign}sJ  zPKCS7SignatureBuilder.signr)rrrtypingOptionalr.ListTuplerr;_ALLOWED_PRIVATE_KEY_TYPES_ALLOWED_PKCS7_HASH_TYPESr,r/r>r?rrGIterablerAnyrLrrrrr%:sV  ! r% signaturemicalgcCstj}|dd|jddd|dd|_tj}|||dd||tj}|jddd d |d d |jd dd d|tjj |dd|d=||t }tj j |dd|jd}|||S)Nz MIME-Versionz1.0z Content-Typezmultipart/signedzapplication/x-pkcs7-signature)protocolrVz!This is an S/MIME signed message z text/plainz smime.p7s)namezContent-Transfer-Encodingbase64zContent-Disposition attachment)filenameA) maxlinelenrF) maxheaderlen mangle_from_policy)emailmessageMessage add_headerpreambleMIMEPart set_payloadattach base64mime body_encodeioBytesIO generatorBytesGeneratorr`flattengetvalue)r rUrVmmsg_partsig_partfpgrrr _smime_encodes@           rv))email.base64mimeraemail.generator email.messagerkrM cryptographyrr"cryptography.hazmat.bindings._rustrrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrrcryptography.utilsr r.rOr;rrrGrUnionr6r7r8r9rRr<r=rQEnumrr%strrvrrrrs@      z