o

�N�g<�@s�dd
gZddl
Z
ddlmZmZmZmZ
ddlmZ
ddl	m
Z
mZ
ddlm
Z
mZmZ
ddlmZ
dd	lmZ
dd
lmZmZ
ddd�
Zdd
�Zddd
�
ZdS)�encode�decode�N)�
a2b_base64�
b2a_base64�hexlify�	unhexlify)
�MD5)�pad�unpad)�DES�DES3�AES)
�PBKDF1)
�get_random_bytes)�tobytes�tostrc	s�|d
urt}d|
}|rB|d�
}t
||ddt�}|t
|||ddt�7}t�|tj|�}|dtt|�
���
7}|�	t
�|j��
�n|d
u
rJtd�
�
�f
dd	�t
d
t��
d�D�
}|d�|�
7}|d
|
7}|S)a4Encode a piece of binary data into PEM format.

    Args:
      data (byte string):
        The piece of binary data to encode.
      marker (string):
        The marker for the PEM block (e.g. "PUBLIC KEY").
        Note that there is no official master list for all allowed markers.
        Still, you can refer to the OpenSSL_ source code.
      passphrase (byte string):
        If given, the PEM block will be encrypted. The key is derived from
        the passphrase.
      randfunc (callable):
        Random number generation function; it accepts an integer N and returns
        a byte string of random data, N bytes long. If not given, a new one is
        instantiated.

    Returns:
      The PEM block, as a string.

    .. _OpenSSL: https://github.com/openssl/openssl/blob/master/include/openssl/pem.h
    Nz-----BEGIN %s-----
���
z2Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,%s

zEmpty passwordc
s$g|]}
tt
�|
|
d��
�
�qS)
�0)rr)�.0�
i�
�data��E/opt/saltstack/salt/lib/python3.10/site-packages/Cryptodome/IO/PEM.py�
<listcomp>Zs
�zencode.<locals>.<listcomp>rr�z-----END %s-----)rrrr�new�MODE_CBCrr�upperZencryptr	�
block_size�
ValueError�range�len�join)	r�marker�
passphraseZrandfunc�out�salt�keyZobjenc�chunksrrrr
/s(






�



�

cCsVd
g
}|dd}t|�
D]}t
�|d||
�
��}|�|�

q
d
�|�
d|�S)N��r���)r#rr�digest�appendr%)rr)Zkey_len�
d�
m�
_Zndrrr�_EVP_BytesToKeyas





r4cCsPt�
d
�
}|�|�
}|std�
�
|�d�
}t�
d�
}|�|�
}|r(|�d�
|kr,td�
�
|�dd���}|d�d�
r�|
sAtd	�
�
|d
�d�
}t	|�
d
ksT|dd
krXtd�
�
|d�d�
\}}t
t|�
�
}d}	|dkr|t|
|d�}
t
�|
t
j|�}nz|dkr�t|
|d�}
t�|
tj|�}ng|dkr�t|
|dd�d�}
t�|
tj|�}nP|dkr�t|
|dd�d�}
t�|
tj|�}n9|dkr�t|
|dd�d�}
t�|
tj|�}n"|��dkr�t|
|dd�d�}
tj|
tj|d�}d}	ntd|�
�
|d
d�}nd}td�|dd��
�
}d}
|�
r#|	�
rt|�|�
|j�}n|�|�
}d}
|||
fS) aDecode a PEM block into binary.

    Args:
      pem_data (string):
        The PEM block.
      passphrase (byte string):
        If given and the PEM block is encrypted,
        the key will be derived from the passphrase.

    Returns:
      A tuple with the binary data, the marker string, and a boolean to
      indicate if decryption was performed.

    Raises:
      ValueError: if decoding fails, if the PEM file is encrypted and no passphrase has
                  been provided or if the passphrase is incorrect.
    z\s*-----BEGIN (.*)-----\s+zNot a valid PEM pre boundaryrz-----END (.*)-----\s*$zNot a valid PEM post boundary�
 rzProc-Type:4,ENCRYPTEDz-PEM is encrypted, but no passphrase available��
:rzDEK-Infoz$PEM encryption format not supported.�
,TzDES-CBCrzDES-EDE3-CBC�zAES-128-CBCNrzAES-192-CBCzAES-256-CBC� z
id-aes256-gcm)
ZnonceFz(Unsupport PEM encryption algorithm (%s).r.)�re�compile�matchr"�group�search�replace�split�
startswithr$rrr4rrrrr
�lowerZMODE_GCMrr%r
Zdecryptr!)Zpem_datar'�
rr2r&�linesZDEKZalgor)�paddingr*ZobjdecrZenc_flagrrrrjsb












































)NN)
N)�__all__r;�binasciirrrrZCryptodome.HashrZCryptodome.Util.Paddingr	r
ZCryptodome.Cipherrrr
ZCryptodome.Protocol.KDFrZCryptodome.RandomrZCryptodome.Util.py3compatrrr
r4rrrrr�<module>
s!






2