&gk*dZddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZddlZdd lmZdd lmZd ZejZe jZGddejZGddejejZdS)zIECDSA (ES256) verifier and signer that use the ``cryptography`` library. )utilsN)backends)hashes) serialization)ec)padding)decode_dss_signature)encode_dss_signature)_helpers)bases-----BEGIN CERTIFICATE-----cjeZdZdZdZejejdZ e dZ dS) ES256VerifierzVerifies ECDSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures. c||_dSN)_pubkey)self public_keys I/var/www/api/venv/lib/python3.11/site-packages/google/auth/crypt/es256.py__init__zES256Verifier.__init__/s ! ctj|}t|dkrdStjr$t|dddnt j|ddd}tjr$t|dddnt j|ddd}t||}tj|} |j ||tj tjdS#tt jjf$rYdSwxYw)N@F big byteorderT)r to_byteslen is_python_3int from_bytesrint_from_bytesr rverifyrECDSArSHA256 ValueError cryptography exceptionsInvalidSignature)rmessage signature sig_bytesrsasn1_sigs rr#zES256Verifier.verify2sN%i00 y>>R  5#%% GCNN9SbS>UN ; ; ;%inFFF #%% GCNN9RSS>UN ; ; ;%inFFF (1--#G,,  L  '28FMOO3L3L M M M4L3DE   55 s9?D::EEctj|}t|vr:tj|t }|}ntj |t }||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. ) r r_CERTIFICATE_MARKERr'x509load_pem_x509_certificate_BACKENDrrload_pem_public_key)clsrpublic_key_datacertpubkeys r from_stringzES256Verifier.from_stringKsq#+J77 / 1 1$>>D__&&FF#6QQFs6{{rN) __name__ __module__ __qualname____doc__rr copy_docstringr Verifierr# classmethodr:rrrr&ss"""XT]++,+0[rrceZdZdZd dZeejej dZ ejej dZ e d dZ dZdZdS) ES256SigneraSigns messages with an ECDSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. Nc"||_||_dSr)_key_key_id)r private_keykey_ids rrzES256Signer.__init__ts  rc|jSr)rG)rs rrIzES256Signer.key_idxs |rctj|}|j|t jt j}t|\}}tj r/|dd|ddzn*tj |dtj |dzS)Nrrr) r rrFsignrr$rr%r rr int_to_bytes)rr*asn1_signaturer-r.s rrLzES256Signer.sign}s#G,,&-//1J1JKK&n55A#%% IQZZeZ , ,qzz"z/N/N N N$Q++e.@B.G.GG rc|tj|}tj|dt}|||S)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackend)rI)r rrload_pem_private_keyr4)r6keyrIrHs rr:zES256Signer.from_stringsI$$$#8 $   s;v....rc|j}|jtjjtjjt j |d<|S)z1Pickle helper that serializes the _key attribute.)encodingformatencryption_algorithmrF) __dict__copyrF private_bytesrEncodingPEM PrivateFormatPKCS8 NoEncryptionrstates r __getstate__zES256Signer.__getstate__sZ ""$$ //"+/ .4!.!;!=!=0  f  rcvtj|dd|d<|j|dS)z3Pickle helper that deserializes the _key attribute.rFN)rrRrXupdater`s r __setstate__zES256Signer.__setstate__s8%:5=$OOf  U#####rr)r;r<r=r>rpropertyr r?r SignerrIrLrAr:rbrerBrrrDrDhs  XT[))*)XXT[))   *)  ///[/.$$$$$rrD)r>r'rcryptography.exceptionscryptography.hazmatrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrr/cryptography.hazmat.primitives.asymmetric.utilsr r cryptography.x509 google.authr google.auth.cryptr r1default_backendr4PKCS1v15_PADDINGr@rrgFromServiceAccountMixinrDrBrrrtsw((((((111111888888888888======PPPPPPPPPPPP """"""5 #8 # % % 7   ?????DM???DG$G$G$G$G$$+t;G$G$G$G$G$r