U Tc@sdZddlmZddlmZddlmZddlmZddl m Z ddl Z ddl Z ddl mZdd lmZd Zd Zd Zd Ze ZddZGdddejZGdddejejZdS)zPure-Python RSA cryptography implementation. Uses the ``rsa``, ``pyasn1`` and ``pyasn1_modules`` packages to parse PEM files storing PKCS#1 or PKCS#8 keys as well as certificates. There is no support for p12 files. )absolute_import)decoder)pem) Certificate)PrivateKeyInfoN)_helpers)base)@ s-----BEGIN CERTIFICATE-----)z-----BEGIN RSA PRIVATE KEY-----z-----END RSA PRIVATE KEY-----)z-----BEGIN PRIVATE KEY-----z-----END PRIVATE KEY-----cCsbt|}t}tjd|dD]:}|||d}tddtjt|D}||qt |S)zConverts an iterable of 1s and 0s to bytes. Combines the list 8 at a time, treating each group of 8 bits as a single byte. Args: bit_list (Sequence): Sequence of 1s and 0s. Returns: bytes: The decoded bytes. rr css|]\}}||VqdSN).0valdigitrrA/tmp/pip-unpacked-wheel-hwewmx0w/google/auth/crypt/_python_rsa.py 9sz%_bit_list_to_bytes..) len bytearraysixmovesxrangesumzip_POW2appendbytes)Zbit_listZnum_bitsZ byte_valsstartZ curr_bitschar_valrrr_bit_list_to_bytes)s  r$c@s8eZdZdZddZeejddZ e ddZ dS) RSAVerifierzVerifies RSA cryptographic signatures using public keys. Args: public_key (rsa.key.PublicKey): The public key used to verify signatures. cCs ||_dSr)_pubkey)self public_keyrrr__init__FszRSAVerifier.__init__c CsBt|}ztj|||jWSttjjfk r<YdSXdS)NF)rto_bytesrsapkcs1verifyr& ValueErrorZVerificationError)r'message signaturerrrr-Is  zRSAVerifier.verifyc Cst|}t|k}|rrtj|d}tj|td\}}|dkrJt d||dd}t |d}tj |d}ntj |d }||S) aConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: google.auth.crypt._python_rsa.RSAVerifier: The constructed verifier. Raises: ValueError: If the public_key can't be parsed. CERTIFICATEZasn1Spec Unused bytesZtbsCertificateZsubjectPublicKeyInfoZsubjectPublicKeyDERZPEM) rr*_CERTIFICATE_MARKERr+rZload_pemrdecoderr.r$Z PublicKey load_pkcs1) clsr(Z is_x509_certZderZ asn1_cert remainingZ cert_info key_bytesZpubkeyrrr from_stringQs    zRSAVerifier.from_stringN) __name__ __module__ __qualname____doc__r)rcopy_docstringrVerifierr- classmethodr<rrrrr%>s   r%c@sTeZdZdZd ddZeeej ddZ eej ddZ e d d d Z dS) RSASignera?Signs messages with an RSA private key. Args: private_key (rsa.key.PrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. NcCs||_||_dSr)_key_key_id)r' private_keykey_idrrrr)|szRSASigner.__init__cCs|jSr)rF)r'rrrrHszRSASigner.key_idcCst|}tj||jdS)NzSHA-256)rr*r+r,signrE)r'r/rrrrIs zRSASigner.signc Cst|}tt|tt\}}|dkr>tj j j |dd}nV|dkrt j |td\}}|dkrjtd||d}tj j j |dd}ntd |||d S) aConstruct an Signer instance from a private key in PEM format. Args: key (str): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt.Signer: The constructed signer. Raises: ValueError: If the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format. rr5)formatrr2r3r4Z privateKeyzNo key could be detected.)rH)r from_bytesrZreadPemBlocksFromFilerStringIO _PKCS1_MARKER _PKCS8_MARKERr+keyZ PrivateKeyr8rr7 _PKCS8_SPECr.ZgetComponentByNameZasOctets) r9rOrHZ marker_idr;rGZkey_infor:Zprivate_key_inforrrr<s&   zRSASigner.from_string)N)N)r=r>r?r@r)propertyrrArSignerrHrIrCr<rrrrrDrs     rD)r@ __future__rZpyasn1.codec.derrZpyasn1_modulesrZpyasn1_modules.rfc2459rZpyasn1_modules.rfc5208rr+rZ google.authrZgoogle.auth.cryptrrr6rMrNrPr$rBr%rRZFromServiceAccountMixinrDrrrrs"       4