Home Explore Help
Register Sign In
sanoh
/
G01_0350
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 92685d12e3
Branches Tags
G01_0350
/
venv_win32
/
Lib
/
site-packages
/
cryptography
/
hazmat
/
primitives
/
serialization
/
pkcs12.py

pkcs12.py 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. # This file is dual licensed under the terms of the Apache License, Version
    2. 

  2. # 2.0, and the BSD License. See the LICENSE file in the root of this repository
    3. 

  3. # for complete details.
    4. 

  4. 

  5. import typing
    6. 

  6. 

  7. from cryptography import x509
    8. 

  8. from cryptography.hazmat.backends import _get_backend
    9. 

  9. from cryptography.hazmat.backends.interfaces import Backend
    10. 

  10. from cryptography.hazmat.primitives import serialization
    11. 

  11. from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
    12. 

  12. 

  13. 

  14. _ALLOWED_PKCS12_TYPES = typing.Union[
    15. 

  15.     rsa.RSAPrivateKey,
    16. 

  16.     dsa.DSAPrivateKey,
    17. 

  17.     ec.EllipticCurvePrivateKey,
    18. 

  18. ]
    19. 

  19. 

  20. 

  21. def load_key_and_certificates(
    22. 

  22.     data: bytes,
    23. 

  23.     password: typing.Optional[bytes],
    24. 

  24.     backend: typing.Optional[Backend] = None,
    25. 

  25. ) -> typing.Tuple[
    26. 

  26.     typing.Optional[_ALLOWED_PKCS12_TYPES],
    27. 

  27.     typing.Optional[x509.Certificate],
    28. 

  28.     typing.List[x509.Certificate],
    29. 

  29. ]:
    30. 

  30.     backend = _get_backend(backend)
    31. 

  31.     return backend.load_key_and_certificates_from_pkcs12(data, password)
    32. 

  32. 

  33. 

  34. def serialize_key_and_certificates(
    35. 

  35.     name: typing.Optional[bytes],
    36. 

  36.     key: typing.Optional[_ALLOWED_PKCS12_TYPES],
    37. 

  37.     cert: typing.Optional[x509.Certificate],
    38. 

  38.     cas: typing.Optional[typing.Iterable[x509.Certificate]],
    39. 

  39.     encryption_algorithm: serialization.KeySerializationEncryption,
    40. 

  40. ) -> bytes:
    41. 

  41.     if key is not None and not isinstance(
    42. 

  42.         key,
    43. 

  43.         (
    44. 

  44.             rsa.RSAPrivateKey,
    45. 

  45.             dsa.DSAPrivateKey,
    46. 

  46.             ec.EllipticCurvePrivateKey,
    47. 

  47.         ),
    48. 

  48.     ):
    49. 

  49.         raise TypeError("Key must be RSA, DSA, or EllipticCurve private key.")
    50. 

  50.     if cert is not None and not isinstance(cert, x509.Certificate):
    51. 

  51.         raise TypeError("cert must be a certificate")
    52. 

  52. 

  53.     if cas is not None:
    54. 

  54.         cas = list(cas)
    55. 

  55.         if not all(isinstance(val, x509.Certificate) for val in cas):
    56. 

  56.             raise TypeError("all values in cas must be certificates")
    57. 

  57. 

  58.     if not isinstance(
    59. 

  59.         encryption_algorithm, serialization.KeySerializationEncryption
    60. 

  60.     ):
    61. 

  61.         raise TypeError(
    62. 

  62.             "Key encryption algorithm must be a "
    63. 

  63.             "KeySerializationEncryption instance"
    64. 

  64.         )
    65. 

  65. 

  66.     if key is None and cert is None and not cas:
    67. 

  67.         raise ValueError("You must supply at least one of key, cert, or cas")
    68. 

  68. 

  69.     backend = _get_backend(None)
    70. 

  70.     return backend.serialize_key_and_certificates_to_pkcs12(
    71. 

  71.         name, key, cert, cas, encryption_algorithm
    72. 

  72.     )
    73.