&g&dZddlZddlmZddlmZddlmZddlm Z ddl Zddl m Z ddl mZd ZejZe jZejZGd d ejZGd d ejejZdS)zRSA verifier and signer that use the ``cryptography`` library. This is a much faster implementation than the default (in ``google.auth.crypt._python_rsa``), which depends on the pure-Python ``rsa`` library. N)backends)hashes) serialization)padding)_helpers)bases-----BEGIN CERTIFICATE-----cjeZdZdZdZejejdZ e dZ dS) RSAVerifierzVerifies RSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey): The public key used to verify signatures. c||_dSN)_pubkey)self public_keys U/var/www/api/venv/lib/python3.11/site-packages/google/auth/crypt/_cryptography_rsa.py__init__zRSAVerifier.__init__/s ! ctj|} |j||tt dS#t tjj f$rYdSwxYw)NTF) rto_bytesr verify_PADDING_SHA256 ValueError cryptography exceptionsInvalidSignature)rmessage signatures rrzRSAVerifier.verify2se#G,,  L   7Hg F F F4L3DE   55 s'?AActj|}t|vr:tj|t }|}ntj |t }||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. ) rr_CERTIFICATE_MARKERrx509load_pem_x509_certificate_BACKENDrrload_pem_public_key)clsrpublic_key_datacertpubkeys r from_stringzRSAVerifier.from_string;sq#+J77 / 1 1$>>D__&&FF#6QQFs6{{rN) __name__ __module__ __qualname____doc__rrcopy_docstringrVerifierr classmethodr(rrr r &ss"""XT]++,+[rr ceZdZdZd dZeejej dZ ejej dZ e d dZ dZdZdS) RSASigneraSigns messages with an RSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. Nc"||_||_dSr )_key_key_id)r private_keykey_ids rrzRSASigner.__init__ds  rc|jSr )r5)rs rr7zRSASigner.key_idhs |rcvtj|}|j|tt Sr )rrr4signrr)rrs rr:zRSASigner.signms*#G,,y~~gx999rc|tj|}tj|dt}|||S)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackend)r7)rrrload_pem_private_keyr")r$keyr7r6s rr(zRSASigner.from_stringrsI$$$#8 $   s;v....rc|j}|jtjjtjjt j |d<|S)z1Pickle helper that serializes the _key attribute.)encodingformatencryption_algorithmr4) __dict__copyr4 private_bytesrEncodingPEM PrivateFormatPKCS8 NoEncryptionrstates r __getstate__zRSASigner.__getstate__sZ ""$$ //"+/ .4!.!;!=!=0  f  rcvtj|dd|d<|j|dS)z3Pickle helper that deserializes the _key attribute.r4N)rr>rDupdaterLs r __setstate__zRSASigner.__setstate__s8%:5=$OOf  U#####rr )r)r*r+r,rpropertyrr-rSignerr7r:r/r(rNrQr0rrr2r2Xs  XT[))*)XXT[))::*):///[/.$$$$$rr2)r,cryptography.exceptionsrcryptography.hazmatrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrcryptography.x509 google.authrgoogle.auth.cryptrrdefault_backendr"PKCS1v15rSHA256rr.r rSFromServiceAccountMixinr2r0rrr_s0((((((111111888888====== """"""4 #8 # % % 7    &-///////$-///d?$?$?$?$?$ T9?$?$?$?$?$r