o n~b<@sddgZddlZddlmZmZmZmZddlmZddl m Z m Z ddl m Z mZmZddlmZdd lmZdd lmZmZdd dZd d ZdddZdS)encodedecodeN) a2b_base64 b2a_base64hexlify unhexlify)MD5)padunpad)DESDES3AES)PBKDF1)get_random_bytes)tobytestostrc s|durt}d|}|rB|d}t||ddt}|t|||ddt7}t|tj|}|dtt|7}| t |j n|durJt dfdd t d td D}|d |7}|d |7}|S)a4Encode a piece of binary data into PEM format. Args: data (byte string): The piece of binary data to encode. marker (string): The marker for the PEM block (e.g. "PUBLIC KEY"). Note that there is no official master list for all allowed markers. Still, you can refer to the OpenSSL_ source code. passphrase (byte string): If given, the PEM block will be encrypted. The key is derived from the passphrase. randfunc (callable): Random number generation function; it accepts an integer N and returns a byte string of random data, N bytes long. If not given, a new one is instantiated. Returns: The PEM block, as a string. .. _OpenSSL: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h Nz-----BEGIN %s----- z2Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,%s zEmpty passwordcs$g|]}tt||dqS)0)rr).0idataZszencode..rrz-----END %s-----)rrrr newMODE_CBCrrupperencryptr block_size ValueErrorrangelenjoin) rmarker passphraseZrandfuncoutsaltkeyZobjencchunksrrrr/s(  cCsVdg}|dd}t|D]}t|d||}||q d|d|S)Nr)r$rrdigestappendr&)rr*Zkey_lendm_ndrrr_EVP_BytesToKeyas    r6cCsPtd}||}|std|d}td}||}|r(|d|kr,td|dd}|ddr|sAtd |d d }t |d ksT|d d krXtd|dd\}}t t |}d} |dkr|t ||d} t | t j|} nz|dkrt ||d} t| tj|} ng|dkrt ||ddd} t| tj|} nP|dkrt ||ddd} t| tj|} n9|dkrt ||ddd} t| tj|} n"|dkrt ||ddd} tj| tj|d} d} ntd||d d}nd} td|dd} d} | r#| rt| | | j} n| | } d} | || fS) aDecode a PEM block into binary. Args: pem_data (string): The PEM block. passphrase (byte string): If given and the PEM block is encrypted, the key will be derived from the passphrase. Returns: A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed. Raises: ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect. z\s*-----BEGIN (.*)-----\s+zNot a valid PEM pre boundaryrz-----END (.*)-----\s*$zNot a valid PEM post boundary rzProc-Type:4,ENCRYPTEDz-PEM is encrypted, but no passphrase available:rzDEK-Infoz$PEM encryption format not supported.,TzDES-CBCrz DES-EDE3-CBCz AES-128-CBCNrz AES-192-CBCz AES-256-CBC z id-aes256-gcm)nonceFz(Unsupport PEM encryption algorithm (%s).r/)recompilematchr#groupsearchreplacesplit startswithr%rrr6r rrr r lowerZMODE_GCMrr&r decryptr")Zpem_datar(rr3r'linesZDEKalgor*paddingr+ZobjdecrZenc_flagrrrrjsb            )NN)N)__all__r>binasciirrrrZCryptodome.HashrZCryptodome.Util.Paddingr r ZCryptodome.Cipherr r r ZCryptodome.Protocol.KDFrZCryptodome.RandomrZCryptodome.Util.py3compatrrrr6rrrrrs!    2