o Mfk@sdZddlmZddlZddlmZddlmZddlmZddl m Z ddl m Z dd l m Z dd l mZddlZdd lmZdd lmZd ZeZe ZGdddejZGdddejejZdS)zIECDSA (ES256) verifier and signer that use the ``cryptography`` library. )utilsN)backends)hashes) serialization)ec)padding)decode_dss_signature)encode_dss_signature)_helpers)bases-----BEGIN CERTIFICATE-----c@s8eZdZdZddZeejddZ e ddZ dS) ES256VerifierzVerifies ECDSA cryptographic signatures using public keys. Args: public_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures. cCs ||_dSN)_pubkey)self public_keyrY/var/www/html/analyze/labelStudio/lib/python3.10/site-packages/google/auth/crypt/es256.py__init__/s zES256Verifier.__init__c Cst|}t|dkr dStrtj|ddddn tj|dddd}tr6tj|ddddn tj|dddd}t||}t|}z|j ||t t WdSttjjfyiYdSw)N@F big byteorderT)r to_byteslen is_python_3int from_bytesrint_from_bytesr rverifyrECDSArSHA256 ValueError cryptography exceptionsInvalidSignature)rmessage signature sig_bytesrsasn1_sigrrrr2s&    zES256Verifier.verifycCsDt|}t|vrtj|t}|}||St |t}||S)ayConstruct an Verifier instance from a public key or public certificate string. Args: public_key (Union[str, bytes]): The public key in PEM format or the x509 public key certificate. Returns: Verifier: The constructed verifier. Raises: ValueError: If the public key can't be parsed. ) r r_CERTIFICATE_MARKERr#x509load_pem_x509_certificate_BACKENDrrload_pem_public_key)clsrpublic_key_datacertpubkeyrrr from_stringKs  zES256Verifier.from_stringN) __name__ __module__ __qualname____doc__rr copy_docstringr Verifierr classmethodr5rrrrr &s  r c@sdeZdZdZdddZeeej ddZ eej ddZ e dd d Z d d Zd dZdS) ES256SigneraSigns messages with an ECDSA private key. Args: private_key ( cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with. key_id (str): Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate. NcCs||_||_dSr )_key_key_id)r private_keykey_idrrrrts zES256Signer.__init__cCs|jSr )r?)rrrrrAxszES256Signer.key_idcCsjt|}|j|tt}t|\}}t r)|jddd|jdddSt |dt |dS)Nrrr) r rr>signrr rr!rrr int_to_bytes)rr&asn1_signaturer)r*rrrrB}s  zES256Signer.signcCs&t|}tj|dtd}|||dS)alConstruct a RSASigner from a private key in PEM format. Args: key (Union[bytes, str]): Private key in PEM format. key_id (str): An optional key id used to identify the private key. Returns: google.auth.crypt._cryptography_rsa.RSASigner: The constructed signer. Raises: ValueError: If ``key`` is not ``bytes`` or ``str`` (unicode). UnicodeDecodeError: If ``key`` is ``bytes`` but cannot be decoded into a UTF-8 ``str``. ValueError: If ``cryptography`` "Could not deserialize key data." N)passwordbackend)rA)r rrload_pem_private_keyr/)r1keyrAr@rrrr5s  zES256Signer.from_stringcCs0|j}|jjtjjtjjt d|d<|S)z1Pickle helper that serializes the _key attribute.)encodingformatencryption_algorithmr>) __dict__copyr> private_bytesrEncodingPEM PrivateFormatPKCS8 NoEncryptionrstaterrr __getstate__s  zES256Signer.__getstate__cCs$t|dd|d<|j|dS)z3Pickle helper that deserializes the _key attribute.r>N)rrGrLupdaterTrrr __setstate__szES256Signer.__setstate__r )r6r7r8r9rpropertyr r:r SignerrArBr<r5rVrXrrrrr=hs       r=)r9r#rcryptography.exceptionscryptography.hazmatrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrr/cryptography.hazmat.primitives.asymmetric.utilsrr cryptography.x509 google.authr google.auth.cryptr r,default_backendr/PKCS1v15_PADDINGr;r rZFromServiceAccountMixinr=rrrrs$          B