U g@sddgZddlZddlmZmZmZmZddlmZddl m Z m Z ddl m Z mZmZddlmZdd lmZdd lmZmZdd dZd d ZdddZdS)encodedecodeN) a2b_base64 b2a_base64hexlify unhexlify)MD5)padunpad)DESDES3AES)PBKDF1)get_random_bytes)tobytestostrc s|dkr t}d|}|r|d}t||ddt}|t|||ddt7}t|tj|}|dtt|7}| t |j n|dk rt dfdd t d td D}|d |7}|d |7}|S)a4Encode a piece of binary data into PEM format. Args: data (byte string): The piece of binary data to encode. marker (string): The marker for the PEM block (e.g. "PUBLIC KEY"). Note that there is no official master list for all allowed markers. Still, you can refer to the OpenSSL_ source code. passphrase (byte string): If given, the PEM block will be encrypted. The key is derived from the passphrase. randfunc (callable): Random number generation function; it accepts an integer N and returns a byte string of random data, N bytes long. If not given, a new one is instantiated. Returns: The PEM block, as a string. .. _OpenSSL: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h Nz-----BEGIN %s----- z2Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,%s zEmpty passwordcs$g|]}tt||dqS)0)rr).0idata5/tmp/pip-unpacked-wheel-_q8s9isk/Cryptodome/IO/PEM.py Zszencode..rrz-----END %s-----)rrrr newMODE_CBCrrupperZencryptr block_size ValueErrorrangelenjoin) rmarker passphraseZrandfuncoutsaltkeyZobjencchunksrrrr/s(  cCsVdg}|dd}t|D](}t|d||}||qd|d|S)Nr)r#rrdigestappendr%)rr)Zkey_lendm_Zndrrr_EVP_BytesToKeyas    r4cCsrtd}||}|s td|d}td}||}|rP|d|krXtd|dd}t|dkr|td |d d r|std |d d }t|d ks|ddkrtd|dd\}}t t |}d} |dkrt ||d} t | t j|} n|dkr8t ||d} t| tj|} n|dkrht ||ddd} t| tj|} n|dkrt ||ddd} t| tj|} nv|dkrt ||ddd} t| tj|} nF|dkrt ||ddd} tj| tj|d} d} n td ||d d}nd} td|dd!} d} | rh| rZt| | | j} n | | } d} | || fS)"aDecode a PEM block into binary. Args: pem_data (string): The PEM block. passphrase (byte string): If given and the PEM block is encrypted, the key will be derived from the passphrase. Returns: A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed. Raises: ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect. z\s*-----BEGIN (.*)-----\s+zNot a valid PEM pre boundaryrz-----END (.*)-----\s*$zNot a valid PEM post boundary rz%A PEM file must have at least 3 lineszProc-Type:4,ENCRYPTEDz-PEM is encrypted, but no passphrase available:rzDEK-Infoz$PEM encryption format not supported.,TzDES-CBCrz DES-EDE3-CBCz AES-128-CBCNrz AES-192-CBCz AES-256-CBC z id-aes256-gcm)nonceFz(Unsupport PEM encryption algorithm (%s).r.)recompilematchr"groupsearchreplacesplitr$ startswithrrr4r rrr r lowerZMODE_GCMrr%r Zdecryptr!)Zpem_datar'rr2r&linesZDEKalgor)paddingr*ZobjdecrZenc_flagrrrrjsf                )NN)N)__all__r=binasciirrrrZCryptodome.HashrZCryptodome.Util.Paddingr r ZCryptodome.Cipherr r r ZCryptodome.Protocol.KDFrZCryptodome.RandomrZCryptodome.Util.py3compatrrrr4rrrrr"s    2