@pairling/runtime-darwin-x64 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (159) hide show
  1. package/README.md +1 -1
  2. package/bin/pairling-connectd +0 -0
  3. package/manifest.json +4 -4
  4. package/package.json +3 -3
  5. package/python/bin/python3 +0 -0
  6. package/python/bin/python3.12 +0 -0
  7. package/python/lib/libpython3.12.dylib +0 -0
  8. package/python/lib/python3.12/lib-dynload/_crypt.cpython-312-darwin.so +0 -0
  9. package/python/lib/python3.12/lib-dynload/_dbm.cpython-312-darwin.so +0 -0
  10. package/python/lib/python3.12/site-packages/_cffi_backend.cpython-312-darwin.so +0 -0
  11. package/python/lib/python3.12/site-packages/cffi/__init__.py +14 -0
  12. package/python/lib/python3.12/site-packages/cffi/_cffi_errors.h +149 -0
  13. package/python/lib/python3.12/site-packages/cffi/_cffi_include.h +389 -0
  14. package/python/lib/python3.12/site-packages/cffi/_embedding.h +550 -0
  15. package/python/lib/python3.12/site-packages/cffi/_imp_emulation.py +83 -0
  16. package/python/lib/python3.12/site-packages/cffi/_shimmed_dist_utils.py +45 -0
  17. package/python/lib/python3.12/site-packages/cffi/api.py +967 -0
  18. package/python/lib/python3.12/site-packages/cffi/backend_ctypes.py +1121 -0
  19. package/python/lib/python3.12/site-packages/cffi/cffi_opcode.py +187 -0
  20. package/python/lib/python3.12/site-packages/cffi/commontypes.py +82 -0
  21. package/python/lib/python3.12/site-packages/cffi/cparser.py +1015 -0
  22. package/python/lib/python3.12/site-packages/cffi/error.py +31 -0
  23. package/python/lib/python3.12/site-packages/cffi/ffiplatform.py +113 -0
  24. package/python/lib/python3.12/site-packages/cffi/lock.py +30 -0
  25. package/python/lib/python3.12/site-packages/cffi/model.py +618 -0
  26. package/python/lib/python3.12/site-packages/cffi/parse_c_type.h +181 -0
  27. package/python/lib/python3.12/site-packages/cffi/pkgconfig.py +121 -0
  28. package/python/lib/python3.12/site-packages/cffi/recompiler.py +1598 -0
  29. package/python/lib/python3.12/site-packages/cffi/setuptools_ext.py +216 -0
  30. package/python/lib/python3.12/site-packages/cffi/vengine_cpy.py +1084 -0
  31. package/python/lib/python3.12/site-packages/cffi/vengine_gen.py +679 -0
  32. package/python/lib/python3.12/site-packages/cffi/verifier.py +306 -0
  33. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/INSTALLER +1 -0
  34. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/LICENSE +26 -0
  35. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/METADATA +40 -0
  36. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/RECORD +30 -0
  37. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/WHEEL +5 -0
  38. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/entry_points.txt +2 -0
  39. package/python/lib/python3.12/site-packages/cffi-1.17.1.dist-info/top_level.txt +2 -0
  40. package/python/lib/python3.12/site-packages/cryptography/__about__.py +17 -0
  41. package/python/lib/python3.12/site-packages/cryptography/__init__.py +26 -0
  42. package/python/lib/python3.12/site-packages/cryptography/exceptions.py +52 -0
  43. package/python/lib/python3.12/site-packages/cryptography/fernet.py +224 -0
  44. package/python/lib/python3.12/site-packages/cryptography/hazmat/__init__.py +13 -0
  45. package/python/lib/python3.12/site-packages/cryptography/hazmat/_oid.py +348 -0
  46. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/__init__.py +13 -0
  47. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/__init__.py +9 -0
  48. package/python/lib/python3.12/site-packages/cryptography/hazmat/backends/openssl/backend.py +308 -0
  49. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/__init__.py +3 -0
  50. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/__init__.pyi +37 -0
  51. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/_openssl.pyi +8 -0
  52. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/asn1.pyi +7 -0
  53. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/exceptions.pyi +17 -0
  54. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/ocsp.pyi +117 -0
  55. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/__init__.pyi +75 -0
  56. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/aead.pyi +107 -0
  57. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ciphers.pyi +38 -0
  58. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/cmac.pyi +18 -0
  59. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dh.pyi +51 -0
  60. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/dsa.pyi +41 -0
  61. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ec.pyi +52 -0
  62. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed25519.pyi +13 -0
  63. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/ed448.pyi +13 -0
  64. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hashes.pyi +28 -0
  65. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/hmac.pyi +22 -0
  66. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/kdf.pyi +49 -0
  67. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/keys.pyi +34 -0
  68. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/poly1305.pyi +15 -0
  69. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/rsa.pyi +55 -0
  70. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x25519.pyi +13 -0
  71. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/openssl/x448.pyi +13 -0
  72. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs12.pyi +52 -0
  73. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/pkcs7.pyi +50 -0
  74. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/test_support.pyi +23 -0
  75. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust/x509.pyi +313 -0
  76. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/_rust.abi3.so +0 -0
  77. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/__init__.py +3 -0
  78. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/_conditional.py +191 -0
  79. package/python/lib/python3.12/site-packages/cryptography/hazmat/bindings/openssl/binding.py +122 -0
  80. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/__init__.py +5 -0
  81. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/__init__.py +5 -0
  82. package/python/lib/python3.12/site-packages/cryptography/hazmat/decrepit/ciphers/algorithms.py +112 -0
  83. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/__init__.py +3 -0
  84. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_asymmetric.py +19 -0
  85. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_cipheralgorithm.py +60 -0
  86. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/_serialization.py +168 -0
  87. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/__init__.py +3 -0
  88. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dh.py +147 -0
  89. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/dsa.py +167 -0
  90. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ec.py +447 -0
  91. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed25519.py +129 -0
  92. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/ed448.py +131 -0
  93. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/padding.py +113 -0
  94. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/rsa.py +277 -0
  95. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/types.py +111 -0
  96. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/utils.py +24 -0
  97. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x25519.py +122 -0
  98. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/asymmetric/x448.py +125 -0
  99. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/__init__.py +27 -0
  100. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/aead.py +23 -0
  101. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/algorithms.py +183 -0
  102. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/base.py +146 -0
  103. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/ciphers/modes.py +268 -0
  104. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/cmac.py +10 -0
  105. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/constant_time.py +14 -0
  106. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hashes.py +246 -0
  107. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/hmac.py +13 -0
  108. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/__init__.py +23 -0
  109. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/argon2.py +13 -0
  110. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/concatkdf.py +125 -0
  111. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/hkdf.py +101 -0
  112. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/kbkdf.py +305 -0
  113. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/pbkdf2.py +62 -0
  114. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/scrypt.py +19 -0
  115. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/kdf/x963kdf.py +61 -0
  116. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/keywrap.py +177 -0
  117. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/padding.py +69 -0
  118. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/poly1305.py +11 -0
  119. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/__init__.py +65 -0
  120. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/base.py +14 -0
  121. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs12.py +176 -0
  122. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/pkcs7.py +411 -0
  123. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/serialization/ssh.py +1619 -0
  124. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/__init__.py +9 -0
  125. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/hotp.py +101 -0
  126. package/python/lib/python3.12/site-packages/cryptography/hazmat/primitives/twofactor/totp.py +56 -0
  127. package/python/lib/python3.12/site-packages/cryptography/py.typed +0 -0
  128. package/python/lib/python3.12/site-packages/cryptography/utils.py +139 -0
  129. package/python/lib/python3.12/site-packages/cryptography/x509/__init__.py +270 -0
  130. package/python/lib/python3.12/site-packages/cryptography/x509/base.py +848 -0
  131. package/python/lib/python3.12/site-packages/cryptography/x509/certificate_transparency.py +35 -0
  132. package/python/lib/python3.12/site-packages/cryptography/x509/extensions.py +2528 -0
  133. package/python/lib/python3.12/site-packages/cryptography/x509/general_name.py +281 -0
  134. package/python/lib/python3.12/site-packages/cryptography/x509/name.py +477 -0
  135. package/python/lib/python3.12/site-packages/cryptography/x509/ocsp.py +379 -0
  136. package/python/lib/python3.12/site-packages/cryptography/x509/oid.py +37 -0
  137. package/python/lib/python3.12/site-packages/cryptography/x509/verification.py +34 -0
  138. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/INSTALLER +1 -0
  139. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/METADATA +139 -0
  140. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/RECORD +106 -0
  141. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/REQUESTED +0 -0
  142. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/WHEEL +4 -0
  143. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE +3 -0
  144. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.APACHE +202 -0
  145. package/python/lib/python3.12/site-packages/cryptography-45.0.7.dist-info/licenses/LICENSE.BSD +27 -0
  146. package/python/lib/python3.12/site-packages/pycparser/__init__.py +99 -0
  147. package/python/lib/python3.12/site-packages/pycparser/_ast_gen.py +355 -0
  148. package/python/lib/python3.12/site-packages/pycparser/_c_ast.cfg +195 -0
  149. package/python/lib/python3.12/site-packages/pycparser/ast_transforms.py +174 -0
  150. package/python/lib/python3.12/site-packages/pycparser/c_ast.py +1341 -0
  151. package/python/lib/python3.12/site-packages/pycparser/c_generator.py +573 -0
  152. package/python/lib/python3.12/site-packages/pycparser/c_lexer.py +706 -0
  153. package/python/lib/python3.12/site-packages/pycparser/c_parser.py +2376 -0
  154. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/INSTALLER +1 -0
  155. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/METADATA +244 -0
  156. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/RECORD +14 -0
  157. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/WHEEL +5 -0
  158. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/licenses/LICENSE +27 -0
  159. package/python/lib/python3.12/site-packages/pycparser-3.0.dist-info/top_level.txt +1 -0
@@ -0,0 +1,411 @@
1
+ # This file is dual licensed under the terms of the Apache License, Version
2
+ # 2.0, and the BSD License. See the LICENSE file in the root of this repository
3
+ # for complete details.
4
+
5
+ from __future__ import annotations
6
+
7
+ import email.base64mime
8
+ import email.generator
9
+ import email.message
10
+ import email.policy
11
+ import io
12
+ import typing
13
+ from collections.abc import Iterable
14
+
15
+ from cryptography import utils, x509
16
+ from cryptography.exceptions import UnsupportedAlgorithm, _Reasons
17
+ from cryptography.hazmat.bindings._rust import pkcs7 as rust_pkcs7
18
+ from cryptography.hazmat.primitives import hashes, serialization
19
+ from cryptography.hazmat.primitives.asymmetric import ec, padding, rsa
20
+ from cryptography.hazmat.primitives.ciphers import (
21
+ algorithms,
22
+ )
23
+ from cryptography.utils import _check_byteslike
24
+
25
+ load_pem_pkcs7_certificates = rust_pkcs7.load_pem_pkcs7_certificates
26
+
27
+ load_der_pkcs7_certificates = rust_pkcs7.load_der_pkcs7_certificates
28
+
29
+ serialize_certificates = rust_pkcs7.serialize_certificates
30
+
31
+ PKCS7HashTypes = typing.Union[
32
+ hashes.SHA224,
33
+ hashes.SHA256,
34
+ hashes.SHA384,
35
+ hashes.SHA512,
36
+ ]
37
+
38
+ PKCS7PrivateKeyTypes = typing.Union[
39
+ rsa.RSAPrivateKey, ec.EllipticCurvePrivateKey
40
+ ]
41
+
42
+ ContentEncryptionAlgorithm = typing.Union[
43
+ typing.Type[algorithms.AES128], typing.Type[algorithms.AES256]
44
+ ]
45
+
46
+
47
+ class PKCS7Options(utils.Enum):
48
+ Text = "Add text/plain MIME type"
49
+ Binary = "Don't translate input data into canonical MIME format"
50
+ DetachedSignature = "Don't embed data in the PKCS7 structure"
51
+ NoCapabilities = "Don't embed SMIME capabilities"
52
+ NoAttributes = "Don't embed authenticatedAttributes"
53
+ NoCerts = "Don't embed signer certificate"
54
+
55
+
56
+ class PKCS7SignatureBuilder:
57
+ def __init__(
58
+ self,
59
+ data: utils.Buffer | None = None,
60
+ signers: list[
61
+ tuple[
62
+ x509.Certificate,
63
+ PKCS7PrivateKeyTypes,
64
+ PKCS7HashTypes,
65
+ padding.PSS | padding.PKCS1v15 | None,
66
+ ]
67
+ ] = [],
68
+ additional_certs: list[x509.Certificate] = [],
69
+ ):
70
+ self._data = data
71
+ self._signers = signers
72
+ self._additional_certs = additional_certs
73
+
74
+ def set_data(self, data: utils.Buffer) -> PKCS7SignatureBuilder:
75
+ _check_byteslike("data", data)
76
+ if self._data is not None:
77
+ raise ValueError("data may only be set once")
78
+
79
+ return PKCS7SignatureBuilder(data, self._signers)
80
+
81
+ def add_signer(
82
+ self,
83
+ certificate: x509.Certificate,
84
+ private_key: PKCS7PrivateKeyTypes,
85
+ hash_algorithm: PKCS7HashTypes,
86
+ *,
87
+ rsa_padding: padding.PSS | padding.PKCS1v15 | None = None,
88
+ ) -> PKCS7SignatureBuilder:
89
+ if not isinstance(
90
+ hash_algorithm,
91
+ (
92
+ hashes.SHA224,
93
+ hashes.SHA256,
94
+ hashes.SHA384,
95
+ hashes.SHA512,
96
+ ),
97
+ ):
98
+ raise TypeError(
99
+ "hash_algorithm must be one of hashes.SHA224, "
100
+ "SHA256, SHA384, or SHA512"
101
+ )
102
+ if not isinstance(certificate, x509.Certificate):
103
+ raise TypeError("certificate must be a x509.Certificate")
104
+
105
+ if not isinstance(
106
+ private_key, (rsa.RSAPrivateKey, ec.EllipticCurvePrivateKey)
107
+ ):
108
+ raise TypeError("Only RSA & EC keys are supported at this time.")
109
+
110
+ if rsa_padding is not None:
111
+ if not isinstance(rsa_padding, (padding.PSS, padding.PKCS1v15)):
112
+ raise TypeError("Padding must be PSS or PKCS1v15")
113
+ if not isinstance(private_key, rsa.RSAPrivateKey):
114
+ raise TypeError("Padding is only supported for RSA keys")
115
+
116
+ return PKCS7SignatureBuilder(
117
+ self._data,
118
+ [
119
+ *self._signers,
120
+ (certificate, private_key, hash_algorithm, rsa_padding),
121
+ ],
122
+ )
123
+
124
+ def add_certificate(
125
+ self, certificate: x509.Certificate
126
+ ) -> PKCS7SignatureBuilder:
127
+ if not isinstance(certificate, x509.Certificate):
128
+ raise TypeError("certificate must be a x509.Certificate")
129
+
130
+ return PKCS7SignatureBuilder(
131
+ self._data, self._signers, [*self._additional_certs, certificate]
132
+ )
133
+
134
+ def sign(
135
+ self,
136
+ encoding: serialization.Encoding,
137
+ options: Iterable[PKCS7Options],
138
+ backend: typing.Any = None,
139
+ ) -> bytes:
140
+ if len(self._signers) == 0:
141
+ raise ValueError("Must have at least one signer")
142
+ if self._data is None:
143
+ raise ValueError("You must add data to sign")
144
+ options = list(options)
145
+ if not all(isinstance(x, PKCS7Options) for x in options):
146
+ raise ValueError("options must be from the PKCS7Options enum")
147
+ if encoding not in (
148
+ serialization.Encoding.PEM,
149
+ serialization.Encoding.DER,
150
+ serialization.Encoding.SMIME,
151
+ ):
152
+ raise ValueError(
153
+ "Must be PEM, DER, or SMIME from the Encoding enum"
154
+ )
155
+
156
+ # Text is a meaningless option unless it is accompanied by
157
+ # DetachedSignature
158
+ if (
159
+ PKCS7Options.Text in options
160
+ and PKCS7Options.DetachedSignature not in options
161
+ ):
162
+ raise ValueError(
163
+ "When passing the Text option you must also pass "
164
+ "DetachedSignature"
165
+ )
166
+
167
+ if PKCS7Options.Text in options and encoding in (
168
+ serialization.Encoding.DER,
169
+ serialization.Encoding.PEM,
170
+ ):
171
+ raise ValueError(
172
+ "The Text option is only available for SMIME serialization"
173
+ )
174
+
175
+ # No attributes implies no capabilities so we'll error if you try to
176
+ # pass both.
177
+ if (
178
+ PKCS7Options.NoAttributes in options
179
+ and PKCS7Options.NoCapabilities in options
180
+ ):
181
+ raise ValueError(
182
+ "NoAttributes is a superset of NoCapabilities. Do not pass "
183
+ "both values."
184
+ )
185
+
186
+ return rust_pkcs7.sign_and_serialize(self, encoding, options)
187
+
188
+
189
+ class PKCS7EnvelopeBuilder:
190
+ def __init__(
191
+ self,
192
+ *,
193
+ _data: bytes | None = None,
194
+ _recipients: list[x509.Certificate] | None = None,
195
+ _content_encryption_algorithm: ContentEncryptionAlgorithm
196
+ | None = None,
197
+ ):
198
+ from cryptography.hazmat.backends.openssl.backend import (
199
+ backend as ossl,
200
+ )
201
+
202
+ if not ossl.rsa_encryption_supported(padding=padding.PKCS1v15()):
203
+ raise UnsupportedAlgorithm(
204
+ "RSA with PKCS1 v1.5 padding is not supported by this version"
205
+ " of OpenSSL.",
206
+ _Reasons.UNSUPPORTED_PADDING,
207
+ )
208
+ self._data = _data
209
+ self._recipients = _recipients if _recipients is not None else []
210
+ self._content_encryption_algorithm = _content_encryption_algorithm
211
+
212
+ def set_data(self, data: bytes) -> PKCS7EnvelopeBuilder:
213
+ _check_byteslike("data", data)
214
+ if self._data is not None:
215
+ raise ValueError("data may only be set once")
216
+
217
+ return PKCS7EnvelopeBuilder(
218
+ _data=data,
219
+ _recipients=self._recipients,
220
+ _content_encryption_algorithm=self._content_encryption_algorithm,
221
+ )
222
+
223
+ def add_recipient(
224
+ self,
225
+ certificate: x509.Certificate,
226
+ ) -> PKCS7EnvelopeBuilder:
227
+ if not isinstance(certificate, x509.Certificate):
228
+ raise TypeError("certificate must be a x509.Certificate")
229
+
230
+ if not isinstance(certificate.public_key(), rsa.RSAPublicKey):
231
+ raise TypeError("Only RSA keys are supported at this time.")
232
+
233
+ return PKCS7EnvelopeBuilder(
234
+ _data=self._data,
235
+ _recipients=[
236
+ *self._recipients,
237
+ certificate,
238
+ ],
239
+ _content_encryption_algorithm=self._content_encryption_algorithm,
240
+ )
241
+
242
+ def set_content_encryption_algorithm(
243
+ self, content_encryption_algorithm: ContentEncryptionAlgorithm
244
+ ) -> PKCS7EnvelopeBuilder:
245
+ if self._content_encryption_algorithm is not None:
246
+ raise ValueError("Content encryption algo may only be set once")
247
+ if content_encryption_algorithm not in {
248
+ algorithms.AES128,
249
+ algorithms.AES256,
250
+ }:
251
+ raise TypeError("Only AES128 and AES256 are supported")
252
+
253
+ return PKCS7EnvelopeBuilder(
254
+ _data=self._data,
255
+ _recipients=self._recipients,
256
+ _content_encryption_algorithm=content_encryption_algorithm,
257
+ )
258
+
259
+ def encrypt(
260
+ self,
261
+ encoding: serialization.Encoding,
262
+ options: Iterable[PKCS7Options],
263
+ ) -> bytes:
264
+ if len(self._recipients) == 0:
265
+ raise ValueError("Must have at least one recipient")
266
+ if self._data is None:
267
+ raise ValueError("You must add data to encrypt")
268
+
269
+ # The default content encryption algorithm is AES-128, which the S/MIME
270
+ # v3.2 RFC specifies as MUST support (https://datatracker.ietf.org/doc/html/rfc5751#section-2.7)
271
+ content_encryption_algorithm = (
272
+ self._content_encryption_algorithm or algorithms.AES128
273
+ )
274
+
275
+ options = list(options)
276
+ if not all(isinstance(x, PKCS7Options) for x in options):
277
+ raise ValueError("options must be from the PKCS7Options enum")
278
+ if encoding not in (
279
+ serialization.Encoding.PEM,
280
+ serialization.Encoding.DER,
281
+ serialization.Encoding.SMIME,
282
+ ):
283
+ raise ValueError(
284
+ "Must be PEM, DER, or SMIME from the Encoding enum"
285
+ )
286
+
287
+ # Only allow options that make sense for encryption
288
+ if any(
289
+ opt not in [PKCS7Options.Text, PKCS7Options.Binary]
290
+ for opt in options
291
+ ):
292
+ raise ValueError(
293
+ "Only the following options are supported for encryption: "
294
+ "Text, Binary"
295
+ )
296
+ elif PKCS7Options.Text in options and PKCS7Options.Binary in options:
297
+ # OpenSSL accepts both options at the same time, but ignores Text.
298
+ # We fail defensively to avoid unexpected outputs.
299
+ raise ValueError(
300
+ "Cannot use Binary and Text options at the same time"
301
+ )
302
+
303
+ return rust_pkcs7.encrypt_and_serialize(
304
+ self, content_encryption_algorithm, encoding, options
305
+ )
306
+
307
+
308
+ pkcs7_decrypt_der = rust_pkcs7.decrypt_der
309
+ pkcs7_decrypt_pem = rust_pkcs7.decrypt_pem
310
+ pkcs7_decrypt_smime = rust_pkcs7.decrypt_smime
311
+
312
+
313
+ def _smime_signed_encode(
314
+ data: bytes, signature: bytes, micalg: str, text_mode: bool
315
+ ) -> bytes:
316
+ # This function works pretty hard to replicate what OpenSSL does
317
+ # precisely. For good and for ill.
318
+
319
+ m = email.message.Message()
320
+ m.add_header("MIME-Version", "1.0")
321
+ m.add_header(
322
+ "Content-Type",
323
+ "multipart/signed",
324
+ protocol="application/x-pkcs7-signature",
325
+ micalg=micalg,
326
+ )
327
+
328
+ m.preamble = "This is an S/MIME signed message\n"
329
+
330
+ msg_part = OpenSSLMimePart()
331
+ msg_part.set_payload(data)
332
+ if text_mode:
333
+ msg_part.add_header("Content-Type", "text/plain")
334
+ m.attach(msg_part)
335
+
336
+ sig_part = email.message.MIMEPart()
337
+ sig_part.add_header(
338
+ "Content-Type", "application/x-pkcs7-signature", name="smime.p7s"
339
+ )
340
+ sig_part.add_header("Content-Transfer-Encoding", "base64")
341
+ sig_part.add_header(
342
+ "Content-Disposition", "attachment", filename="smime.p7s"
343
+ )
344
+ sig_part.set_payload(
345
+ email.base64mime.body_encode(signature, maxlinelen=65)
346
+ )
347
+ del sig_part["MIME-Version"]
348
+ m.attach(sig_part)
349
+
350
+ fp = io.BytesIO()
351
+ g = email.generator.BytesGenerator(
352
+ fp,
353
+ maxheaderlen=0,
354
+ mangle_from_=False,
355
+ policy=m.policy.clone(linesep="\r\n"),
356
+ )
357
+ g.flatten(m)
358
+ return fp.getvalue()
359
+
360
+
361
+ def _smime_enveloped_encode(data: bytes) -> bytes:
362
+ m = email.message.Message()
363
+ m.add_header("MIME-Version", "1.0")
364
+ m.add_header("Content-Disposition", "attachment", filename="smime.p7m")
365
+ m.add_header(
366
+ "Content-Type",
367
+ "application/pkcs7-mime",
368
+ smime_type="enveloped-data",
369
+ name="smime.p7m",
370
+ )
371
+ m.add_header("Content-Transfer-Encoding", "base64")
372
+
373
+ m.set_payload(email.base64mime.body_encode(data, maxlinelen=65))
374
+
375
+ return m.as_bytes(policy=m.policy.clone(linesep="\n", max_line_length=0))
376
+
377
+
378
+ def _smime_enveloped_decode(data: bytes) -> bytes:
379
+ m = email.message_from_bytes(data)
380
+ if m.get_content_type() not in {
381
+ "application/x-pkcs7-mime",
382
+ "application/pkcs7-mime",
383
+ }:
384
+ raise ValueError("Not an S/MIME enveloped message")
385
+ return bytes(m.get_payload(decode=True))
386
+
387
+
388
+ def _smime_remove_text_headers(data: bytes) -> bytes:
389
+ m = email.message_from_bytes(data)
390
+ # Using get() instead of get_content_type() since it has None as default,
391
+ # where the latter has "text/plain". Both methods are case-insensitive.
392
+ content_type = m.get("content-type")
393
+ if content_type is None:
394
+ raise ValueError(
395
+ "Decrypted MIME data has no 'Content-Type' header. "
396
+ "Please remove the 'Text' option to parse it manually."
397
+ )
398
+ if "text/plain" not in content_type:
399
+ raise ValueError(
400
+ f"Decrypted MIME data content type is '{content_type}', not "
401
+ "'text/plain'. Remove the 'Text' option to parse it manually."
402
+ )
403
+ return bytes(m.get_payload(decode=True))
404
+
405
+
406
+ class OpenSSLMimePart(email.message.MIMEPart):
407
+ # A MIMEPart subclass that replicates OpenSSL's behavior of not including
408
+ # a newline if there are no headers.
409
+ def _write_headers(self, generator) -> None:
410
+ if list(self.raw_items()):
411
+ generator._write_headers(self)