B d@sdZddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZddlZdd lmZdd lmZd ZeZe ZGdddejZGdddejejZdS)zIECDSA (ES256) verifier and signer that use the ``cryptography`` library. )utilsN)backends)hashes) serialization)ec)padding)decode_dss_signature)encode_dss_signature)_helpers)bases-----BEGIN CERTIFICATE-----c@s8eZdZdZddZeejddZ e ddZ dS) ES256VerifierzVerifies ECDSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures. cCs ||_dS)N)_pubkey)self public_keyrI/var/www/html/venv/lib/python3.7/site-packages/google/auth/crypt/es256.py__init__/szES256Verifier.__init__c Cst|}t|dkrdStr8tj|ddddntj|dddd}trltj|ddddntj|dddd}t||}t|}y|j ||t t dSttjjfk rdSXdS)N@F big) byteorderT)r to_byteslen is_python_3int from_bytesrZint_from_bytesr r verifyrECDSArSHA256 ValueError cryptography exceptionsZInvalidSignature)rmessage signatureZ sig_bytesrsZasn1_sigrrrr2s    zES256Verifier.verifycCs>t|}t|kr*tj|t}|}n t |t}||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. ) r r_CERTIFICATE_MARKERr x509Zload_pem_x509_certificate_BACKENDrrZload_pem_public_key)clsrZpublic_key_datacertZpubkeyrrr from_stringKs   zES256Verifier.from_stringN) __name__ __module__ __qualname____doc__rr copy_docstringr Verifierr classmethodr+rrrrr &sr c@sTeZdZdZd ddZeeej ddZ eej ddZ e d d d Z dS) ES256SigneraSigns messages with an ECDSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. NcCs||_||_dS)N)_key_key_id)r private_keykey_idrrrrtszES256Signer.__init__cCs|jS)N)r5)rrrrr7xszES256Signer.key_idcCsjt|}|j|tt}t|\}}t rR|jddd|jdddSt |dt |dS)Nrr)r) r rr4signrrrrrrrZ int_to_bytes)rr"Zasn1_signaturer$r%rrrr8}s   $zES256Signer.signcCs&t|}tj|dtd}|||dS)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackend)r7)r rrZload_pem_private_keyr()r)keyr7r6rrrr+s  zES256Signer.from_string)N)N)r,r-r.r/rpropertyr r0r Signerr7r8r2r+rrrrr3hs   r3)r/r rZcryptography.exceptionsZcryptography.hazmatrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrZ/cryptography.hazmat.primitives.asymmetric.utilsrr Zcryptography.x509Z google.authr Zgoogle.auth.cryptr r&Zdefault_backendr(ZPKCS1v15Z_PADDINGr1r r=ZFromServiceAccountMixinr3rrrrs"          B