@pairling/runtime-darwin-x64 0.2.0 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bin/pairling-connectd +0 -0
- package/manifest.json +4 -4
- package/package.json +3 -3
- package/python/bin/python3 +0 -0
- package/python/bin/python3.12 +0 -0
- package/python/lib/libpython3.12.dylib +0 -0
- package/python/lib/python3.12/lib-dynload/_crypt.cpython-312-darwin.so +0 -0
- package/python/lib/python3.12/lib-dynload/_dbm.cpython-312-darwin.so +0 -0
- package/python/lib/python3.12/site-packages/_cffi_backend.cpython-312-darwin.so +0 -0
- package/python/lib/python3.12/site-packages/cffi/__init__.py +14 -0
- package/python/lib/python3.12/site-packages/cffi/_cffi_errors.h +149 -0
- package/python/lib/python3.12/site-packages/cffi/_cffi_include.h +389 -0
- package/python/lib/python3.12/site-packages/cffi/_embedding.h +550 -0
- package/python/lib/python3.12/site-packages/cffi/_imp_emulation.py +83 -0
- package/python/lib/python3.12/site-packages/cffi/_shimmed_dist_utils.py +45 -0
- package/python/lib/python3.12/site-packages/cffi/api.py +967 -0
- package/python/lib/python3.12/site-packages/cffi/backend_ctypes.py +1121 -0
- package/python/lib/python3.12/site-packages/cffi/cffi_opcode.py +187 -0
- package/python/lib/python3.12/site-packages/cffi/commontypes.py +82 -0
- package/python/lib/python3.12/site-packages/cffi/cparser.py +1015 -0
- package/python/lib/python3.12/site-packages/cffi/error.py +31 -0
- package/python/lib/python3.12/site-packages/cffi/ffiplatform.py +113 -0
- package/python/lib/python3.12/site-packages/cffi/lock.py +30 -0
- package/python/lib/python3.12/site-packages/cffi/model.py +618 -0
- package/python/lib/python3.12/site-packages/cffi/parse_c_type.h +181 -0
- package/python/lib/python3.12/site-packages/cffi/pkgconfig.py +121 -0
- package/python/lib/python3.12/site-packages/cffi/recompiler.py +1598 -0
- package/python/lib/python3.12/site-packages/cffi/setuptools_ext.py +216 -0
- package/python/lib/python3.12/site-packages/cffi/vengine_cpy.py +1084 -0
- package/python/lib/python3.12/site-packages/cffi/vengine_gen.py +679 -0
- package/python/lib/python3.12/site-packages/cffi/verifier.py +306 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/INSTALLER +1 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/LICENSE +26 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/METADATA +40 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/RECORD +30 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/WHEEL +5 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/entry_points.txt +2 -0
- package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/top_level.txt +2 -0
- package/python/lib/python3.12/site-packages/cryptography/__about__.py +17 -0
- package/python/lib/python3.12/site-packages/cryptography/__init__.py +26 -0
- package/python/lib/python3.12/site-packages/cryptography/exceptions.py +52 -0
- package/python/lib/python3.12/site-packages/cryptography/fernet.py +224 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/__init__.py +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/_oid.py +348 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/__init__.py +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/__init__.py +9 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/backend.py +308 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/__init__.py +3 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi +37 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/_openssl.pyi +8 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi +7 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/exceptions.pyi +17 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi +117 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi +75 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/aead.pyi +107 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi +38 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi +18 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dh.pyi +51 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi +41 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ec.pyi +52 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi +28 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi +22 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi +49 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/keys.pyi +34 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi +15 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi +55 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x448.pyi +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs12.pyi +52 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs7.pyi +50 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/test_support.pyi +23 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi +313 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust.abi3.so +0 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/__init__.py +3 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py +191 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/binding.py +122 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/__init__.py +5 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/__init__.py +5 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/algorithms.py +112 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/__init__.py +3 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_asymmetric.py +19 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_cipheralgorithm.py +60 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_serialization.py +168 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/__init__.py +3 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dh.py +147 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py +167 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py +447 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py +129 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py +131 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py +113 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py +277 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/types.py +111 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py +24 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py +122 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py +125 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/__init__.py +27 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/aead.py +23 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/algorithms.py +183 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/base.py +146 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/modes.py +268 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/cmac.py +10 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/constant_time.py +14 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hashes.py +246 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hmac.py +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/__init__.py +23 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/argon2.py +13 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/concatkdf.py +125 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/hkdf.py +101 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/kbkdf.py +305 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/pbkdf2.py +62 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/scrypt.py +19 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/x963kdf.py +61 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/keywrap.py +177 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/padding.py +69 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/poly1305.py +11 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/__init__.py +65 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/base.py +14 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs12.py +176 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.py +411 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/ssh.py +1619 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py +9 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py +101 -0
- package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/totp.py +56 -0
- package/python/lib/python3.12/site-packages/cryptography/py.typed +0 -0
- package/python/lib/python3.12/site-packages/cryptography/utils.py +139 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/__init__.py +270 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/base.py +848 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/certificate_transparency.py +35 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/extensions.py +2528 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/general_name.py +281 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/name.py +477 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/ocsp.py +379 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/oid.py +37 -0
- package/python/lib/python3.12/site-packages/cryptography/x509/verification.py +34 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/INSTALLER +1 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/METADATA +139 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/RECORD +106 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/REQUESTED +0 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/WHEEL +4 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE +3 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.APACHE +202 -0
- package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.BSD +27 -0
- package/python/lib/python3.12/site-packages/pycparser/__init__.py +99 -0
- package/python/lib/python3.12/site-packages/pycparser/_ast_gen.py +355 -0
- package/python/lib/python3.12/site-packages/pycparser/_c_ast.cfg +195 -0
- package/python/lib/python3.12/site-packages/pycparser/ast_transforms.py +174 -0
- package/python/lib/python3.12/site-packages/pycparser/c_ast.py +1341 -0
- package/python/lib/python3.12/site-packages/pycparser/c_generator.py +573 -0
- package/python/lib/python3.12/site-packages/pycparser/c_lexer.py +706 -0
- package/python/lib/python3.12/site-packages/pycparser/c_parser.py +2376 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/INSTALLER +1 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/METADATA +244 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/RECORD +14 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/WHEEL +5 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/licenses/LICENSE +27 -0
- package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/top_level.txt +1 -0
|
@@ -0,0 +1,224 @@
|
|
|
1
|
+
# This file is dual licensed under the terms of the Apache License, Version
|
|
2
|
+
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
3
|
+
# for complete details.
|
|
4
|
+
|
|
5
|
+
from __future__ import annotations
|
|
6
|
+
|
|
7
|
+
import base64
|
|
8
|
+
import binascii
|
|
9
|
+
import os
|
|
10
|
+
import time
|
|
11
|
+
import typing
|
|
12
|
+
from collections.abc import Iterable
|
|
13
|
+
|
|
14
|
+
from cryptography import utils
|
|
15
|
+
from cryptography.exceptions import InvalidSignature
|
|
16
|
+
from cryptography.hazmat.primitives import hashes, padding
|
|
17
|
+
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
|
|
18
|
+
from cryptography.hazmat.primitives.hmac import HMAC
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
class InvalidToken(Exception):
|
|
22
|
+
pass
|
|
23
|
+
|
|
24
|
+
|
|
25
|
+
_MAX_CLOCK_SKEW = 60
|
|
26
|
+
|
|
27
|
+
|
|
28
|
+
class Fernet:
|
|
29
|
+
def __init__(
|
|
30
|
+
self,
|
|
31
|
+
key: bytes | str,
|
|
32
|
+
backend: typing.Any = None,
|
|
33
|
+
) -> None:
|
|
34
|
+
try:
|
|
35
|
+
key = base64.urlsafe_b64decode(key)
|
|
36
|
+
except binascii.Error as exc:
|
|
37
|
+
raise ValueError(
|
|
38
|
+
"Fernet key must be 32 url-safe base64-encoded bytes."
|
|
39
|
+
) from exc
|
|
40
|
+
if len(key) != 32:
|
|
41
|
+
raise ValueError(
|
|
42
|
+
"Fernet key must be 32 url-safe base64-encoded bytes."
|
|
43
|
+
)
|
|
44
|
+
|
|
45
|
+
self._signing_key = key[:16]
|
|
46
|
+
self._encryption_key = key[16:]
|
|
47
|
+
|
|
48
|
+
@classmethod
|
|
49
|
+
def generate_key(cls) -> bytes:
|
|
50
|
+
return base64.urlsafe_b64encode(os.urandom(32))
|
|
51
|
+
|
|
52
|
+
def encrypt(self, data: bytes) -> bytes:
|
|
53
|
+
return self.encrypt_at_time(data, int(time.time()))
|
|
54
|
+
|
|
55
|
+
def encrypt_at_time(self, data: bytes, current_time: int) -> bytes:
|
|
56
|
+
iv = os.urandom(16)
|
|
57
|
+
return self._encrypt_from_parts(data, current_time, iv)
|
|
58
|
+
|
|
59
|
+
def _encrypt_from_parts(
|
|
60
|
+
self, data: bytes, current_time: int, iv: bytes
|
|
61
|
+
) -> bytes:
|
|
62
|
+
utils._check_bytes("data", data)
|
|
63
|
+
|
|
64
|
+
padder = padding.PKCS7(algorithms.AES.block_size).padder()
|
|
65
|
+
padded_data = padder.update(data) + padder.finalize()
|
|
66
|
+
encryptor = Cipher(
|
|
67
|
+
algorithms.AES(self._encryption_key),
|
|
68
|
+
modes.CBC(iv),
|
|
69
|
+
).encryptor()
|
|
70
|
+
ciphertext = encryptor.update(padded_data) + encryptor.finalize()
|
|
71
|
+
|
|
72
|
+
basic_parts = (
|
|
73
|
+
b"\x80"
|
|
74
|
+
+ current_time.to_bytes(length=8, byteorder="big")
|
|
75
|
+
+ iv
|
|
76
|
+
+ ciphertext
|
|
77
|
+
)
|
|
78
|
+
|
|
79
|
+
h = HMAC(self._signing_key, hashes.SHA256())
|
|
80
|
+
h.update(basic_parts)
|
|
81
|
+
hmac = h.finalize()
|
|
82
|
+
return base64.urlsafe_b64encode(basic_parts + hmac)
|
|
83
|
+
|
|
84
|
+
def decrypt(self, token: bytes | str, ttl: int | None = None) -> bytes:
|
|
85
|
+
timestamp, data = Fernet._get_unverified_token_data(token)
|
|
86
|
+
if ttl is None:
|
|
87
|
+
time_info = None
|
|
88
|
+
else:
|
|
89
|
+
time_info = (ttl, int(time.time()))
|
|
90
|
+
return self._decrypt_data(data, timestamp, time_info)
|
|
91
|
+
|
|
92
|
+
def decrypt_at_time(
|
|
93
|
+
self, token: bytes | str, ttl: int, current_time: int
|
|
94
|
+
) -> bytes:
|
|
95
|
+
if ttl is None:
|
|
96
|
+
raise ValueError(
|
|
97
|
+
"decrypt_at_time() can only be used with a non-None ttl"
|
|
98
|
+
)
|
|
99
|
+
timestamp, data = Fernet._get_unverified_token_data(token)
|
|
100
|
+
return self._decrypt_data(data, timestamp, (ttl, current_time))
|
|
101
|
+
|
|
102
|
+
def extract_timestamp(self, token: bytes | str) -> int:
|
|
103
|
+
timestamp, data = Fernet._get_unverified_token_data(token)
|
|
104
|
+
# Verify the token was not tampered with.
|
|
105
|
+
self._verify_signature(data)
|
|
106
|
+
return timestamp
|
|
107
|
+
|
|
108
|
+
@staticmethod
|
|
109
|
+
def _get_unverified_token_data(token: bytes | str) -> tuple[int, bytes]:
|
|
110
|
+
if not isinstance(token, (str, bytes)):
|
|
111
|
+
raise TypeError("token must be bytes or str")
|
|
112
|
+
|
|
113
|
+
try:
|
|
114
|
+
data = base64.urlsafe_b64decode(token)
|
|
115
|
+
except (TypeError, binascii.Error):
|
|
116
|
+
raise InvalidToken
|
|
117
|
+
|
|
118
|
+
if not data or data[0] != 0x80:
|
|
119
|
+
raise InvalidToken
|
|
120
|
+
|
|
121
|
+
if len(data) < 9:
|
|
122
|
+
raise InvalidToken
|
|
123
|
+
|
|
124
|
+
timestamp = int.from_bytes(data[1:9], byteorder="big")
|
|
125
|
+
return timestamp, data
|
|
126
|
+
|
|
127
|
+
def _verify_signature(self, data: bytes) -> None:
|
|
128
|
+
h = HMAC(self._signing_key, hashes.SHA256())
|
|
129
|
+
h.update(data[:-32])
|
|
130
|
+
try:
|
|
131
|
+
h.verify(data[-32:])
|
|
132
|
+
except InvalidSignature:
|
|
133
|
+
raise InvalidToken
|
|
134
|
+
|
|
135
|
+
def _decrypt_data(
|
|
136
|
+
self,
|
|
137
|
+
data: bytes,
|
|
138
|
+
timestamp: int,
|
|
139
|
+
time_info: tuple[int, int] | None,
|
|
140
|
+
) -> bytes:
|
|
141
|
+
if time_info is not None:
|
|
142
|
+
ttl, current_time = time_info
|
|
143
|
+
if timestamp + ttl < current_time:
|
|
144
|
+
raise InvalidToken
|
|
145
|
+
|
|
146
|
+
if current_time + _MAX_CLOCK_SKEW < timestamp:
|
|
147
|
+
raise InvalidToken
|
|
148
|
+
|
|
149
|
+
self._verify_signature(data)
|
|
150
|
+
|
|
151
|
+
iv = data[9:25]
|
|
152
|
+
ciphertext = data[25:-32]
|
|
153
|
+
decryptor = Cipher(
|
|
154
|
+
algorithms.AES(self._encryption_key), modes.CBC(iv)
|
|
155
|
+
).decryptor()
|
|
156
|
+
plaintext_padded = decryptor.update(ciphertext)
|
|
157
|
+
try:
|
|
158
|
+
plaintext_padded += decryptor.finalize()
|
|
159
|
+
except ValueError:
|
|
160
|
+
raise InvalidToken
|
|
161
|
+
unpadder = padding.PKCS7(algorithms.AES.block_size).unpadder()
|
|
162
|
+
|
|
163
|
+
unpadded = unpadder.update(plaintext_padded)
|
|
164
|
+
try:
|
|
165
|
+
unpadded += unpadder.finalize()
|
|
166
|
+
except ValueError:
|
|
167
|
+
raise InvalidToken
|
|
168
|
+
return unpadded
|
|
169
|
+
|
|
170
|
+
|
|
171
|
+
class MultiFernet:
|
|
172
|
+
def __init__(self, fernets: Iterable[Fernet]):
|
|
173
|
+
fernets = list(fernets)
|
|
174
|
+
if not fernets:
|
|
175
|
+
raise ValueError(
|
|
176
|
+
"MultiFernet requires at least one Fernet instance"
|
|
177
|
+
)
|
|
178
|
+
self._fernets = fernets
|
|
179
|
+
|
|
180
|
+
def encrypt(self, msg: bytes) -> bytes:
|
|
181
|
+
return self.encrypt_at_time(msg, int(time.time()))
|
|
182
|
+
|
|
183
|
+
def encrypt_at_time(self, msg: bytes, current_time: int) -> bytes:
|
|
184
|
+
return self._fernets[0].encrypt_at_time(msg, current_time)
|
|
185
|
+
|
|
186
|
+
def rotate(self, msg: bytes | str) -> bytes:
|
|
187
|
+
timestamp, data = Fernet._get_unverified_token_data(msg)
|
|
188
|
+
for f in self._fernets:
|
|
189
|
+
try:
|
|
190
|
+
p = f._decrypt_data(data, timestamp, None)
|
|
191
|
+
break
|
|
192
|
+
except InvalidToken:
|
|
193
|
+
pass
|
|
194
|
+
else:
|
|
195
|
+
raise InvalidToken
|
|
196
|
+
|
|
197
|
+
iv = os.urandom(16)
|
|
198
|
+
return self._fernets[0]._encrypt_from_parts(p, timestamp, iv)
|
|
199
|
+
|
|
200
|
+
def decrypt(self, msg: bytes | str, ttl: int | None = None) -> bytes:
|
|
201
|
+
for f in self._fernets:
|
|
202
|
+
try:
|
|
203
|
+
return f.decrypt(msg, ttl)
|
|
204
|
+
except InvalidToken:
|
|
205
|
+
pass
|
|
206
|
+
raise InvalidToken
|
|
207
|
+
|
|
208
|
+
def decrypt_at_time(
|
|
209
|
+
self, msg: bytes | str, ttl: int, current_time: int
|
|
210
|
+
) -> bytes:
|
|
211
|
+
for f in self._fernets:
|
|
212
|
+
try:
|
|
213
|
+
return f.decrypt_at_time(msg, ttl, current_time)
|
|
214
|
+
except InvalidToken:
|
|
215
|
+
pass
|
|
216
|
+
raise InvalidToken
|
|
217
|
+
|
|
218
|
+
def extract_timestamp(self, msg: bytes | str) -> int:
|
|
219
|
+
for f in self._fernets:
|
|
220
|
+
try:
|
|
221
|
+
return f.extract_timestamp(msg)
|
|
222
|
+
except InvalidToken:
|
|
223
|
+
pass
|
|
224
|
+
raise InvalidToken
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# This file is dual licensed under the terms of the Apache License, Version
|
|
2
|
+
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
3
|
+
# for complete details.
|
|
4
|
+
|
|
5
|
+
from __future__ import annotations
|
|
6
|
+
|
|
7
|
+
"""
|
|
8
|
+
Hazardous Materials
|
|
9
|
+
|
|
10
|
+
This is a "Hazardous Materials" module. You should ONLY use it if you're
|
|
11
|
+
100% absolutely sure that you know what you're doing because this module
|
|
12
|
+
is full of land mines, dragons, and dinosaurs with laser guns.
|
|
13
|
+
"""
|
|
@@ -0,0 +1,348 @@
|
|
|
1
|
+
# This file is dual licensed under the terms of the Apache License, Version
|
|
2
|
+
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
3
|
+
# for complete details.
|
|
4
|
+
|
|
5
|
+
from __future__ import annotations
|
|
6
|
+
|
|
7
|
+
from cryptography.hazmat.bindings._rust import (
|
|
8
|
+
ObjectIdentifier as ObjectIdentifier,
|
|
9
|
+
)
|
|
10
|
+
from cryptography.hazmat.primitives import hashes
|
|
11
|
+
|
|
12
|
+
|
|
13
|
+
class ExtensionOID:
|
|
14
|
+
SUBJECT_DIRECTORY_ATTRIBUTES = ObjectIdentifier("2.5.29.9")
|
|
15
|
+
SUBJECT_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.14")
|
|
16
|
+
KEY_USAGE = ObjectIdentifier("2.5.29.15")
|
|
17
|
+
PRIVATE_KEY_USAGE_PERIOD = ObjectIdentifier("2.5.29.16")
|
|
18
|
+
SUBJECT_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.17")
|
|
19
|
+
ISSUER_ALTERNATIVE_NAME = ObjectIdentifier("2.5.29.18")
|
|
20
|
+
BASIC_CONSTRAINTS = ObjectIdentifier("2.5.29.19")
|
|
21
|
+
NAME_CONSTRAINTS = ObjectIdentifier("2.5.29.30")
|
|
22
|
+
CRL_DISTRIBUTION_POINTS = ObjectIdentifier("2.5.29.31")
|
|
23
|
+
CERTIFICATE_POLICIES = ObjectIdentifier("2.5.29.32")
|
|
24
|
+
POLICY_MAPPINGS = ObjectIdentifier("2.5.29.33")
|
|
25
|
+
AUTHORITY_KEY_IDENTIFIER = ObjectIdentifier("2.5.29.35")
|
|
26
|
+
POLICY_CONSTRAINTS = ObjectIdentifier("2.5.29.36")
|
|
27
|
+
EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37")
|
|
28
|
+
FRESHEST_CRL = ObjectIdentifier("2.5.29.46")
|
|
29
|
+
INHIBIT_ANY_POLICY = ObjectIdentifier("2.5.29.54")
|
|
30
|
+
ISSUING_DISTRIBUTION_POINT = ObjectIdentifier("2.5.29.28")
|
|
31
|
+
AUTHORITY_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.1")
|
|
32
|
+
SUBJECT_INFORMATION_ACCESS = ObjectIdentifier("1.3.6.1.5.5.7.1.11")
|
|
33
|
+
OCSP_NO_CHECK = ObjectIdentifier("1.3.6.1.5.5.7.48.1.5")
|
|
34
|
+
TLS_FEATURE = ObjectIdentifier("1.3.6.1.5.5.7.1.24")
|
|
35
|
+
CRL_NUMBER = ObjectIdentifier("2.5.29.20")
|
|
36
|
+
DELTA_CRL_INDICATOR = ObjectIdentifier("2.5.29.27")
|
|
37
|
+
PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = ObjectIdentifier(
|
|
38
|
+
"1.3.6.1.4.1.11129.2.4.2"
|
|
39
|
+
)
|
|
40
|
+
PRECERT_POISON = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.3")
|
|
41
|
+
SIGNED_CERTIFICATE_TIMESTAMPS = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.5")
|
|
42
|
+
MS_CERTIFICATE_TEMPLATE = ObjectIdentifier("1.3.6.1.4.1.311.21.7")
|
|
43
|
+
ADMISSIONS = ObjectIdentifier("1.3.36.8.3.3")
|
|
44
|
+
|
|
45
|
+
|
|
46
|
+
class OCSPExtensionOID:
|
|
47
|
+
NONCE = ObjectIdentifier("1.3.6.1.5.5.7.48.1.2")
|
|
48
|
+
ACCEPTABLE_RESPONSES = ObjectIdentifier("1.3.6.1.5.5.7.48.1.4")
|
|
49
|
+
|
|
50
|
+
|
|
51
|
+
class CRLEntryExtensionOID:
|
|
52
|
+
CERTIFICATE_ISSUER = ObjectIdentifier("2.5.29.29")
|
|
53
|
+
CRL_REASON = ObjectIdentifier("2.5.29.21")
|
|
54
|
+
INVALIDITY_DATE = ObjectIdentifier("2.5.29.24")
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
class NameOID:
|
|
58
|
+
COMMON_NAME = ObjectIdentifier("2.5.4.3")
|
|
59
|
+
COUNTRY_NAME = ObjectIdentifier("2.5.4.6")
|
|
60
|
+
LOCALITY_NAME = ObjectIdentifier("2.5.4.7")
|
|
61
|
+
STATE_OR_PROVINCE_NAME = ObjectIdentifier("2.5.4.8")
|
|
62
|
+
STREET_ADDRESS = ObjectIdentifier("2.5.4.9")
|
|
63
|
+
ORGANIZATION_IDENTIFIER = ObjectIdentifier("2.5.4.97")
|
|
64
|
+
ORGANIZATION_NAME = ObjectIdentifier("2.5.4.10")
|
|
65
|
+
ORGANIZATIONAL_UNIT_NAME = ObjectIdentifier("2.5.4.11")
|
|
66
|
+
SERIAL_NUMBER = ObjectIdentifier("2.5.4.5")
|
|
67
|
+
SURNAME = ObjectIdentifier("2.5.4.4")
|
|
68
|
+
GIVEN_NAME = ObjectIdentifier("2.5.4.42")
|
|
69
|
+
TITLE = ObjectIdentifier("2.5.4.12")
|
|
70
|
+
INITIALS = ObjectIdentifier("2.5.4.43")
|
|
71
|
+
GENERATION_QUALIFIER = ObjectIdentifier("2.5.4.44")
|
|
72
|
+
X500_UNIQUE_IDENTIFIER = ObjectIdentifier("2.5.4.45")
|
|
73
|
+
DN_QUALIFIER = ObjectIdentifier("2.5.4.46")
|
|
74
|
+
PSEUDONYM = ObjectIdentifier("2.5.4.65")
|
|
75
|
+
USER_ID = ObjectIdentifier("0.9.2342.19200300.100.1.1")
|
|
76
|
+
DOMAIN_COMPONENT = ObjectIdentifier("0.9.2342.19200300.100.1.25")
|
|
77
|
+
EMAIL_ADDRESS = ObjectIdentifier("1.2.840.113549.1.9.1")
|
|
78
|
+
JURISDICTION_COUNTRY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.3")
|
|
79
|
+
JURISDICTION_LOCALITY_NAME = ObjectIdentifier("1.3.6.1.4.1.311.60.2.1.1")
|
|
80
|
+
JURISDICTION_STATE_OR_PROVINCE_NAME = ObjectIdentifier(
|
|
81
|
+
"1.3.6.1.4.1.311.60.2.1.2"
|
|
82
|
+
)
|
|
83
|
+
BUSINESS_CATEGORY = ObjectIdentifier("2.5.4.15")
|
|
84
|
+
POSTAL_ADDRESS = ObjectIdentifier("2.5.4.16")
|
|
85
|
+
POSTAL_CODE = ObjectIdentifier("2.5.4.17")
|
|
86
|
+
INN = ObjectIdentifier("1.2.643.3.131.1.1")
|
|
87
|
+
OGRN = ObjectIdentifier("1.2.643.100.1")
|
|
88
|
+
SNILS = ObjectIdentifier("1.2.643.100.3")
|
|
89
|
+
UNSTRUCTURED_NAME = ObjectIdentifier("1.2.840.113549.1.9.2")
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
class SignatureAlgorithmOID:
|
|
93
|
+
RSA_WITH_MD5 = ObjectIdentifier("1.2.840.113549.1.1.4")
|
|
94
|
+
RSA_WITH_SHA1 = ObjectIdentifier("1.2.840.113549.1.1.5")
|
|
95
|
+
# This is an alternate OID for RSA with SHA1 that is occasionally seen
|
|
96
|
+
_RSA_WITH_SHA1 = ObjectIdentifier("1.3.14.3.2.29")
|
|
97
|
+
RSA_WITH_SHA224 = ObjectIdentifier("1.2.840.113549.1.1.14")
|
|
98
|
+
RSA_WITH_SHA256 = ObjectIdentifier("1.2.840.113549.1.1.11")
|
|
99
|
+
RSA_WITH_SHA384 = ObjectIdentifier("1.2.840.113549.1.1.12")
|
|
100
|
+
RSA_WITH_SHA512 = ObjectIdentifier("1.2.840.113549.1.1.13")
|
|
101
|
+
RSA_WITH_SHA3_224 = ObjectIdentifier("2.16.840.1.101.3.4.3.13")
|
|
102
|
+
RSA_WITH_SHA3_256 = ObjectIdentifier("2.16.840.1.101.3.4.3.14")
|
|
103
|
+
RSA_WITH_SHA3_384 = ObjectIdentifier("2.16.840.1.101.3.4.3.15")
|
|
104
|
+
RSA_WITH_SHA3_512 = ObjectIdentifier("2.16.840.1.101.3.4.3.16")
|
|
105
|
+
RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10")
|
|
106
|
+
ECDSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10045.4.1")
|
|
107
|
+
ECDSA_WITH_SHA224 = ObjectIdentifier("1.2.840.10045.4.3.1")
|
|
108
|
+
ECDSA_WITH_SHA256 = ObjectIdentifier("1.2.840.10045.4.3.2")
|
|
109
|
+
ECDSA_WITH_SHA384 = ObjectIdentifier("1.2.840.10045.4.3.3")
|
|
110
|
+
ECDSA_WITH_SHA512 = ObjectIdentifier("1.2.840.10045.4.3.4")
|
|
111
|
+
ECDSA_WITH_SHA3_224 = ObjectIdentifier("2.16.840.1.101.3.4.3.9")
|
|
112
|
+
ECDSA_WITH_SHA3_256 = ObjectIdentifier("2.16.840.1.101.3.4.3.10")
|
|
113
|
+
ECDSA_WITH_SHA3_384 = ObjectIdentifier("2.16.840.1.101.3.4.3.11")
|
|
114
|
+
ECDSA_WITH_SHA3_512 = ObjectIdentifier("2.16.840.1.101.3.4.3.12")
|
|
115
|
+
DSA_WITH_SHA1 = ObjectIdentifier("1.2.840.10040.4.3")
|
|
116
|
+
DSA_WITH_SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.3.1")
|
|
117
|
+
DSA_WITH_SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.3.2")
|
|
118
|
+
DSA_WITH_SHA384 = ObjectIdentifier("2.16.840.1.101.3.4.3.3")
|
|
119
|
+
DSA_WITH_SHA512 = ObjectIdentifier("2.16.840.1.101.3.4.3.4")
|
|
120
|
+
ED25519 = ObjectIdentifier("1.3.101.112")
|
|
121
|
+
ED448 = ObjectIdentifier("1.3.101.113")
|
|
122
|
+
GOSTR3411_94_WITH_3410_2001 = ObjectIdentifier("1.2.643.2.2.3")
|
|
123
|
+
GOSTR3410_2012_WITH_3411_2012_256 = ObjectIdentifier("1.2.643.7.1.1.3.2")
|
|
124
|
+
GOSTR3410_2012_WITH_3411_2012_512 = ObjectIdentifier("1.2.643.7.1.1.3.3")
|
|
125
|
+
|
|
126
|
+
|
|
127
|
+
_SIG_OIDS_TO_HASH: dict[ObjectIdentifier, hashes.HashAlgorithm | None] = {
|
|
128
|
+
SignatureAlgorithmOID.RSA_WITH_MD5: hashes.MD5(),
|
|
129
|
+
SignatureAlgorithmOID.RSA_WITH_SHA1: hashes.SHA1(),
|
|
130
|
+
SignatureAlgorithmOID._RSA_WITH_SHA1: hashes.SHA1(),
|
|
131
|
+
SignatureAlgorithmOID.RSA_WITH_SHA224: hashes.SHA224(),
|
|
132
|
+
SignatureAlgorithmOID.RSA_WITH_SHA256: hashes.SHA256(),
|
|
133
|
+
SignatureAlgorithmOID.RSA_WITH_SHA384: hashes.SHA384(),
|
|
134
|
+
SignatureAlgorithmOID.RSA_WITH_SHA512: hashes.SHA512(),
|
|
135
|
+
SignatureAlgorithmOID.RSA_WITH_SHA3_224: hashes.SHA3_224(),
|
|
136
|
+
SignatureAlgorithmOID.RSA_WITH_SHA3_256: hashes.SHA3_256(),
|
|
137
|
+
SignatureAlgorithmOID.RSA_WITH_SHA3_384: hashes.SHA3_384(),
|
|
138
|
+
SignatureAlgorithmOID.RSA_WITH_SHA3_512: hashes.SHA3_512(),
|
|
139
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA1: hashes.SHA1(),
|
|
140
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA224: hashes.SHA224(),
|
|
141
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA256: hashes.SHA256(),
|
|
142
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA384: hashes.SHA384(),
|
|
143
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA512: hashes.SHA512(),
|
|
144
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA3_224: hashes.SHA3_224(),
|
|
145
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA3_256: hashes.SHA3_256(),
|
|
146
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA3_384: hashes.SHA3_384(),
|
|
147
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA3_512: hashes.SHA3_512(),
|
|
148
|
+
SignatureAlgorithmOID.DSA_WITH_SHA1: hashes.SHA1(),
|
|
149
|
+
SignatureAlgorithmOID.DSA_WITH_SHA224: hashes.SHA224(),
|
|
150
|
+
SignatureAlgorithmOID.DSA_WITH_SHA256: hashes.SHA256(),
|
|
151
|
+
SignatureAlgorithmOID.ED25519: None,
|
|
152
|
+
SignatureAlgorithmOID.ED448: None,
|
|
153
|
+
SignatureAlgorithmOID.GOSTR3411_94_WITH_3410_2001: None,
|
|
154
|
+
SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_256: None,
|
|
155
|
+
SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_512: None,
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
|
|
159
|
+
class HashAlgorithmOID:
|
|
160
|
+
SHA1 = ObjectIdentifier("1.3.14.3.2.26")
|
|
161
|
+
SHA224 = ObjectIdentifier("2.16.840.1.101.3.4.2.4")
|
|
162
|
+
SHA256 = ObjectIdentifier("2.16.840.1.101.3.4.2.1")
|
|
163
|
+
SHA384 = ObjectIdentifier("2.16.840.1.101.3.4.2.2")
|
|
164
|
+
SHA512 = ObjectIdentifier("2.16.840.1.101.3.4.2.3")
|
|
165
|
+
SHA3_224 = ObjectIdentifier("1.3.6.1.4.1.37476.3.2.1.99.7.224")
|
|
166
|
+
SHA3_256 = ObjectIdentifier("1.3.6.1.4.1.37476.3.2.1.99.7.256")
|
|
167
|
+
SHA3_384 = ObjectIdentifier("1.3.6.1.4.1.37476.3.2.1.99.7.384")
|
|
168
|
+
SHA3_512 = ObjectIdentifier("1.3.6.1.4.1.37476.3.2.1.99.7.512")
|
|
169
|
+
|
|
170
|
+
|
|
171
|
+
class PublicKeyAlgorithmOID:
|
|
172
|
+
DSA = ObjectIdentifier("1.2.840.10040.4.1")
|
|
173
|
+
EC_PUBLIC_KEY = ObjectIdentifier("1.2.840.10045.2.1")
|
|
174
|
+
RSAES_PKCS1_v1_5 = ObjectIdentifier("1.2.840.113549.1.1.1")
|
|
175
|
+
RSASSA_PSS = ObjectIdentifier("1.2.840.113549.1.1.10")
|
|
176
|
+
X25519 = ObjectIdentifier("1.3.101.110")
|
|
177
|
+
X448 = ObjectIdentifier("1.3.101.111")
|
|
178
|
+
ED25519 = ObjectIdentifier("1.3.101.112")
|
|
179
|
+
ED448 = ObjectIdentifier("1.3.101.113")
|
|
180
|
+
|
|
181
|
+
|
|
182
|
+
class ExtendedKeyUsageOID:
|
|
183
|
+
SERVER_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.1")
|
|
184
|
+
CLIENT_AUTH = ObjectIdentifier("1.3.6.1.5.5.7.3.2")
|
|
185
|
+
CODE_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.3")
|
|
186
|
+
EMAIL_PROTECTION = ObjectIdentifier("1.3.6.1.5.5.7.3.4")
|
|
187
|
+
TIME_STAMPING = ObjectIdentifier("1.3.6.1.5.5.7.3.8")
|
|
188
|
+
OCSP_SIGNING = ObjectIdentifier("1.3.6.1.5.5.7.3.9")
|
|
189
|
+
ANY_EXTENDED_KEY_USAGE = ObjectIdentifier("2.5.29.37.0")
|
|
190
|
+
SMARTCARD_LOGON = ObjectIdentifier("1.3.6.1.4.1.311.20.2.2")
|
|
191
|
+
KERBEROS_PKINIT_KDC = ObjectIdentifier("1.3.6.1.5.2.3.5")
|
|
192
|
+
IPSEC_IKE = ObjectIdentifier("1.3.6.1.5.5.7.3.17")
|
|
193
|
+
BUNDLE_SECURITY = ObjectIdentifier("1.3.6.1.5.5.7.3.35")
|
|
194
|
+
CERTIFICATE_TRANSPARENCY = ObjectIdentifier("1.3.6.1.4.1.11129.2.4.4")
|
|
195
|
+
|
|
196
|
+
|
|
197
|
+
class OtherNameFormOID:
|
|
198
|
+
PERMANENT_IDENTIFIER = ObjectIdentifier("1.3.6.1.5.5.7.8.3")
|
|
199
|
+
HW_MODULE_NAME = ObjectIdentifier("1.3.6.1.5.5.7.8.4")
|
|
200
|
+
DNS_SRV = ObjectIdentifier("1.3.6.1.5.5.7.8.7")
|
|
201
|
+
NAI_REALM = ObjectIdentifier("1.3.6.1.5.5.7.8.8")
|
|
202
|
+
SMTP_UTF8_MAILBOX = ObjectIdentifier("1.3.6.1.5.5.7.8.9")
|
|
203
|
+
ACP_NODE_NAME = ObjectIdentifier("1.3.6.1.5.5.7.8.10")
|
|
204
|
+
BUNDLE_EID = ObjectIdentifier("1.3.6.1.5.5.7.8.11")
|
|
205
|
+
|
|
206
|
+
|
|
207
|
+
class AuthorityInformationAccessOID:
|
|
208
|
+
CA_ISSUERS = ObjectIdentifier("1.3.6.1.5.5.7.48.2")
|
|
209
|
+
OCSP = ObjectIdentifier("1.3.6.1.5.5.7.48.1")
|
|
210
|
+
|
|
211
|
+
|
|
212
|
+
class SubjectInformationAccessOID:
|
|
213
|
+
CA_REPOSITORY = ObjectIdentifier("1.3.6.1.5.5.7.48.5")
|
|
214
|
+
|
|
215
|
+
|
|
216
|
+
class CertificatePoliciesOID:
|
|
217
|
+
CPS_QUALIFIER = ObjectIdentifier("1.3.6.1.5.5.7.2.1")
|
|
218
|
+
CPS_USER_NOTICE = ObjectIdentifier("1.3.6.1.5.5.7.2.2")
|
|
219
|
+
ANY_POLICY = ObjectIdentifier("2.5.29.32.0")
|
|
220
|
+
|
|
221
|
+
|
|
222
|
+
class AttributeOID:
|
|
223
|
+
CHALLENGE_PASSWORD = ObjectIdentifier("1.2.840.113549.1.9.7")
|
|
224
|
+
UNSTRUCTURED_NAME = ObjectIdentifier("1.2.840.113549.1.9.2")
|
|
225
|
+
|
|
226
|
+
|
|
227
|
+
_OID_NAMES = {
|
|
228
|
+
NameOID.COMMON_NAME: "commonName",
|
|
229
|
+
NameOID.COUNTRY_NAME: "countryName",
|
|
230
|
+
NameOID.LOCALITY_NAME: "localityName",
|
|
231
|
+
NameOID.STATE_OR_PROVINCE_NAME: "stateOrProvinceName",
|
|
232
|
+
NameOID.STREET_ADDRESS: "streetAddress",
|
|
233
|
+
NameOID.ORGANIZATION_NAME: "organizationName",
|
|
234
|
+
NameOID.ORGANIZATIONAL_UNIT_NAME: "organizationalUnitName",
|
|
235
|
+
NameOID.SERIAL_NUMBER: "serialNumber",
|
|
236
|
+
NameOID.SURNAME: "surname",
|
|
237
|
+
NameOID.GIVEN_NAME: "givenName",
|
|
238
|
+
NameOID.TITLE: "title",
|
|
239
|
+
NameOID.GENERATION_QUALIFIER: "generationQualifier",
|
|
240
|
+
NameOID.X500_UNIQUE_IDENTIFIER: "x500UniqueIdentifier",
|
|
241
|
+
NameOID.DN_QUALIFIER: "dnQualifier",
|
|
242
|
+
NameOID.PSEUDONYM: "pseudonym",
|
|
243
|
+
NameOID.USER_ID: "userID",
|
|
244
|
+
NameOID.DOMAIN_COMPONENT: "domainComponent",
|
|
245
|
+
NameOID.EMAIL_ADDRESS: "emailAddress",
|
|
246
|
+
NameOID.JURISDICTION_COUNTRY_NAME: "jurisdictionCountryName",
|
|
247
|
+
NameOID.JURISDICTION_LOCALITY_NAME: "jurisdictionLocalityName",
|
|
248
|
+
NameOID.JURISDICTION_STATE_OR_PROVINCE_NAME: (
|
|
249
|
+
"jurisdictionStateOrProvinceName"
|
|
250
|
+
),
|
|
251
|
+
NameOID.BUSINESS_CATEGORY: "businessCategory",
|
|
252
|
+
NameOID.POSTAL_ADDRESS: "postalAddress",
|
|
253
|
+
NameOID.POSTAL_CODE: "postalCode",
|
|
254
|
+
NameOID.INN: "INN",
|
|
255
|
+
NameOID.OGRN: "OGRN",
|
|
256
|
+
NameOID.SNILS: "SNILS",
|
|
257
|
+
NameOID.UNSTRUCTURED_NAME: "unstructuredName",
|
|
258
|
+
SignatureAlgorithmOID.RSA_WITH_MD5: "md5WithRSAEncryption",
|
|
259
|
+
SignatureAlgorithmOID.RSA_WITH_SHA1: "sha1WithRSAEncryption",
|
|
260
|
+
SignatureAlgorithmOID.RSA_WITH_SHA224: "sha224WithRSAEncryption",
|
|
261
|
+
SignatureAlgorithmOID.RSA_WITH_SHA256: "sha256WithRSAEncryption",
|
|
262
|
+
SignatureAlgorithmOID.RSA_WITH_SHA384: "sha384WithRSAEncryption",
|
|
263
|
+
SignatureAlgorithmOID.RSA_WITH_SHA512: "sha512WithRSAEncryption",
|
|
264
|
+
SignatureAlgorithmOID.RSASSA_PSS: "rsassaPss",
|
|
265
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA1: "ecdsa-with-SHA1",
|
|
266
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA224: "ecdsa-with-SHA224",
|
|
267
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA256: "ecdsa-with-SHA256",
|
|
268
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA384: "ecdsa-with-SHA384",
|
|
269
|
+
SignatureAlgorithmOID.ECDSA_WITH_SHA512: "ecdsa-with-SHA512",
|
|
270
|
+
SignatureAlgorithmOID.DSA_WITH_SHA1: "dsa-with-sha1",
|
|
271
|
+
SignatureAlgorithmOID.DSA_WITH_SHA224: "dsa-with-sha224",
|
|
272
|
+
SignatureAlgorithmOID.DSA_WITH_SHA256: "dsa-with-sha256",
|
|
273
|
+
SignatureAlgorithmOID.ED25519: "ed25519",
|
|
274
|
+
SignatureAlgorithmOID.ED448: "ed448",
|
|
275
|
+
SignatureAlgorithmOID.GOSTR3411_94_WITH_3410_2001: (
|
|
276
|
+
"GOST R 34.11-94 with GOST R 34.10-2001"
|
|
277
|
+
),
|
|
278
|
+
SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_256: (
|
|
279
|
+
"GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
|
|
280
|
+
),
|
|
281
|
+
SignatureAlgorithmOID.GOSTR3410_2012_WITH_3411_2012_512: (
|
|
282
|
+
"GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
|
|
283
|
+
),
|
|
284
|
+
HashAlgorithmOID.SHA1: "sha1",
|
|
285
|
+
HashAlgorithmOID.SHA224: "sha224",
|
|
286
|
+
HashAlgorithmOID.SHA256: "sha256",
|
|
287
|
+
HashAlgorithmOID.SHA384: "sha384",
|
|
288
|
+
HashAlgorithmOID.SHA512: "sha512",
|
|
289
|
+
HashAlgorithmOID.SHA3_224: "sha3_224",
|
|
290
|
+
HashAlgorithmOID.SHA3_256: "sha3_256",
|
|
291
|
+
HashAlgorithmOID.SHA3_384: "sha3_384",
|
|
292
|
+
HashAlgorithmOID.SHA3_512: "sha3_512",
|
|
293
|
+
PublicKeyAlgorithmOID.DSA: "dsaEncryption",
|
|
294
|
+
PublicKeyAlgorithmOID.EC_PUBLIC_KEY: "id-ecPublicKey",
|
|
295
|
+
PublicKeyAlgorithmOID.RSAES_PKCS1_v1_5: "rsaEncryption",
|
|
296
|
+
PublicKeyAlgorithmOID.X25519: "X25519",
|
|
297
|
+
PublicKeyAlgorithmOID.X448: "X448",
|
|
298
|
+
ExtendedKeyUsageOID.SERVER_AUTH: "serverAuth",
|
|
299
|
+
ExtendedKeyUsageOID.CLIENT_AUTH: "clientAuth",
|
|
300
|
+
ExtendedKeyUsageOID.CODE_SIGNING: "codeSigning",
|
|
301
|
+
ExtendedKeyUsageOID.EMAIL_PROTECTION: "emailProtection",
|
|
302
|
+
ExtendedKeyUsageOID.TIME_STAMPING: "timeStamping",
|
|
303
|
+
ExtendedKeyUsageOID.OCSP_SIGNING: "OCSPSigning",
|
|
304
|
+
ExtendedKeyUsageOID.SMARTCARD_LOGON: "msSmartcardLogin",
|
|
305
|
+
ExtendedKeyUsageOID.KERBEROS_PKINIT_KDC: "pkInitKDC",
|
|
306
|
+
ExtensionOID.SUBJECT_DIRECTORY_ATTRIBUTES: "subjectDirectoryAttributes",
|
|
307
|
+
ExtensionOID.SUBJECT_KEY_IDENTIFIER: "subjectKeyIdentifier",
|
|
308
|
+
ExtensionOID.KEY_USAGE: "keyUsage",
|
|
309
|
+
ExtensionOID.PRIVATE_KEY_USAGE_PERIOD: "privateKeyUsagePeriod",
|
|
310
|
+
ExtensionOID.SUBJECT_ALTERNATIVE_NAME: "subjectAltName",
|
|
311
|
+
ExtensionOID.ISSUER_ALTERNATIVE_NAME: "issuerAltName",
|
|
312
|
+
ExtensionOID.BASIC_CONSTRAINTS: "basicConstraints",
|
|
313
|
+
ExtensionOID.PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: (
|
|
314
|
+
"signedCertificateTimestampList"
|
|
315
|
+
),
|
|
316
|
+
ExtensionOID.SIGNED_CERTIFICATE_TIMESTAMPS: (
|
|
317
|
+
"signedCertificateTimestampList"
|
|
318
|
+
),
|
|
319
|
+
ExtensionOID.PRECERT_POISON: "ctPoison",
|
|
320
|
+
ExtensionOID.MS_CERTIFICATE_TEMPLATE: "msCertificateTemplate",
|
|
321
|
+
ExtensionOID.ADMISSIONS: "Admissions",
|
|
322
|
+
CRLEntryExtensionOID.CRL_REASON: "cRLReason",
|
|
323
|
+
CRLEntryExtensionOID.INVALIDITY_DATE: "invalidityDate",
|
|
324
|
+
CRLEntryExtensionOID.CERTIFICATE_ISSUER: "certificateIssuer",
|
|
325
|
+
ExtensionOID.NAME_CONSTRAINTS: "nameConstraints",
|
|
326
|
+
ExtensionOID.CRL_DISTRIBUTION_POINTS: "cRLDistributionPoints",
|
|
327
|
+
ExtensionOID.CERTIFICATE_POLICIES: "certificatePolicies",
|
|
328
|
+
ExtensionOID.POLICY_MAPPINGS: "policyMappings",
|
|
329
|
+
ExtensionOID.AUTHORITY_KEY_IDENTIFIER: "authorityKeyIdentifier",
|
|
330
|
+
ExtensionOID.POLICY_CONSTRAINTS: "policyConstraints",
|
|
331
|
+
ExtensionOID.EXTENDED_KEY_USAGE: "extendedKeyUsage",
|
|
332
|
+
ExtensionOID.FRESHEST_CRL: "freshestCRL",
|
|
333
|
+
ExtensionOID.INHIBIT_ANY_POLICY: "inhibitAnyPolicy",
|
|
334
|
+
ExtensionOID.ISSUING_DISTRIBUTION_POINT: "issuingDistributionPoint",
|
|
335
|
+
ExtensionOID.AUTHORITY_INFORMATION_ACCESS: "authorityInfoAccess",
|
|
336
|
+
ExtensionOID.SUBJECT_INFORMATION_ACCESS: "subjectInfoAccess",
|
|
337
|
+
ExtensionOID.OCSP_NO_CHECK: "OCSPNoCheck",
|
|
338
|
+
ExtensionOID.CRL_NUMBER: "cRLNumber",
|
|
339
|
+
ExtensionOID.DELTA_CRL_INDICATOR: "deltaCRLIndicator",
|
|
340
|
+
ExtensionOID.TLS_FEATURE: "TLSFeature",
|
|
341
|
+
AuthorityInformationAccessOID.OCSP: "OCSP",
|
|
342
|
+
AuthorityInformationAccessOID.CA_ISSUERS: "caIssuers",
|
|
343
|
+
SubjectInformationAccessOID.CA_REPOSITORY: "caRepository",
|
|
344
|
+
CertificatePoliciesOID.CPS_QUALIFIER: "id-qt-cps",
|
|
345
|
+
CertificatePoliciesOID.CPS_USER_NOTICE: "id-qt-unotice",
|
|
346
|
+
OCSPExtensionOID.NONCE: "OCSPNonce",
|
|
347
|
+
AttributeOID.CHALLENGE_PASSWORD: "challengePassword",
|
|
348
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# This file is dual licensed under the terms of the Apache License, Version
|
|
2
|
+
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
3
|
+
# for complete details.
|
|
4
|
+
|
|
5
|
+
from __future__ import annotations
|
|
6
|
+
|
|
7
|
+
from typing import Any
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
def default_backend() -> Any:
|
|
11
|
+
from cryptography.hazmat.backends.openssl.backend import backend
|
|
12
|
+
|
|
13
|
+
return backend
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# This file is dual licensed under the terms of the Apache License, Version
|
|
2
|
+
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
|
|
3
|
+
# for complete details.
|
|
4
|
+
|
|
5
|
+
from __future__ import annotations
|
|
6
|
+
|
|
7
|
+
from cryptography.hazmat.backends.openssl.backend import backend
|
|
8
|
+
|
|
9
|
+
__all__ = ["backend"]
|