h6UddlZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZmZmZmZmZddlm ZddlmZmZmZddlmZmZmZmZmZm Z  dd l!m"Z#d Z$n#e%$rd Z$ dcd e&d e&de'de'de(de&f dZ#YnwxYwdZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1ej2dZ3dZ4dZ5dZ6d Z7d!Z8d"Z9d#Z:ej2e5d$ze6zej;Z<e=e>e?d%d&Z@ejAd'ejBd#fejAd'ejCd#fd(ZDejEe&ejFejGejAe'ejHejGejBejGejCfe'ffeId)<e,e-e.d*ZJd+ejHd,de&fd-ZKd.ejLde&fd/ZMe5d0ze6d0zfd1e&d2e&d3e&de&fd4ZNd1e&d5e'ddfd6ZOd1e&ddfd7ZPd8e&d ejQe&d e&de'deejHejCejBff d9ZRd1e=dejFe'e=ffd:ZSd1e=dejFe'e=ffd;ZTd1e=dejFe=e=ffd<ZUd1e=dejFe'e=ffd=ZVd>e'de&fd?ZWGd@dAZXGdBdCZYGdDdEZZGdFdGZ[GdHdIZ\e*eYe+eZe)e\e,e[dJej]e-e[dKej^e.e[dLej_iZ`dMe&fdNZaejHejbejcejdejefZf ddd1e&d ejQe&dOejgdeffdPZhdQefd e&dRede&fdSZiejHejLejjejkejlfZmejHejLejjejlfZnGdTdUejoZpGdVdWZqdXejrdejsfdYZt dcd1e&dejHeqemffdZZud1e&dejHeqemffd[Zvd\e=dejEe&e&ffd]Zw ddd1e&dOejgdemfd^Zxd.emde&fd_ZyejHejbejcejefZzd`Z{GdadbZ|dS)eN) encodebytes)utilsUnsupportedAlgorithm)hashes)dsaeced25519paddingrsa)Cipher algorithmsmodes)EncodingKeySerializationEncryption NoEncryption PrivateFormat PublicFormat_KeySerializationEncryption)kdfTFpasswordsaltdesired_key_bytesroundsignore_few_roundsreturnc td)NzNeed bcrypt moduler)rrrrrs l/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdfr*s##7888s ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.coms rsa-sha2-256s rsa-sha2-512s\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrs(.*?) )r!s aes256-cbc _SSH_CIPHERS) secp256r1 secp384r1 secp521r1key)SSHPrivateKeyTypesSSHPublicKeyTypesct|tjr"t|}nt|tjrt|}nt|t jt jfrt}nkt|tj tj frt}n=t|tjtjfrt"}nt%d|S)NUnsupported key type) isinstancer EllipticCurvePrivateKey_ecdsa_key_type public_keyEllipticCurvePublicKeyr RSAPrivateKey RSAPublicKey_SSH_RSAr DSAPrivateKey DSAPublicKey_SSH_DSAr Ed25519PrivateKeyEd25519PublicKey _SSH_ED25519 ValueError)r*key_types r_get_ssh_key_typer?fs#r122 1"3>>#3#344 C2 3 3 1"3'' C#+S-=> ? ? 1 C#+S-=> ? ?1  g')A B  1 /000 Or r2c~|j}|jtvrtd|jt|jS)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPEr=)r2rAs rr1r1{sE  E z(( Dej D D    5: &&r  dataprefixsuffixcLd|t||gS)Nr )join_base64_encode)rErFrGs r_ssh_pem_encoderKs% 88V^D116: ; ;;r block_lencT|rt||zdkrtddS)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenr=)rErLs r_check_block_sizerOs6 :3t99y(A--8999.-r c(|rtddS)z!All data should have been parsed.zCorrupt data: unparsed dataN)r=rEs r _check_emptyrRs# 8677788r ciphernamec|stdt|\}}}}t||||z|d}t||d||||dS)z$Generate key + iv and return cipher.zKey is password-protected.TN)r=r&rr ) rSrrralgokey_lenmodeiv_lenseeds r _init_cipherrZs| 75666".z":D'4 xw'7 F FD $$tHWH~&&T'((^(<(< = ==r ct|dkrtdt|ddd|ddfS)Uint32 Invalid dataNbig byteorderrNr=int from_bytesrQs r_get_u32reJ 4yy1}}((( >>$rr(e> 4 4d122h >>r ct|dkrtdt|ddd|ddfS)Uint64r^Nr_r`rbrQs r_get_u64rjrfr ct|\}}|t|krtd|d|||dfS)zBytes with u32 length prefixr^N)rerNr=)rEns r _get_sshstrrmsItnnGAt3t99}}((( 8T!""X r ct|\}}|r|ddkrtdt|d|fS)z Big integer.rr^r_)rmr=rcrd)rEvals r _get_mpintrqsND!!IC )s1v}}((( >>#u % %t ++r rpc|dkrtd|sdS|dzdz}tj||S)z!Storage format for signed bigint.rznegative mpint not allowedr ri)r= bit_lengthr int_to_bytes)rpnbytess r _to_mpintrvsS Qww5666 snn"q (F  c6 * **r c eZdZUdZejeed< ddejejeddfdZ deddfdZ de ddfd Z de ddfd Z dejedfddfd Zde ddfd Zde fd Zddede de fdZdefdZdS) _FragListz,Build recursive structure without data copy.flistNinitrcPg|_|r|j|dSdSN)ryextend)selfrzs r__init__z_FragList.__init__s9  $ J  d # # # # # $ $r rpc:|j|dS)zAdd plain bytesN)ryappendr~rps rput_rawz_FragList.put_raws #r cd|j|dddS)zBig-endian uint32r]r_lengthraNryrto_bytesrs rput_u32z_FragList.put_u32. #,,a5,AABBBBBr cd|j|dddS)zBig-endian uint64rir_rNrrs rput_u64z_FragList.put_u64rr cRt|tttfr>|t ||j|dS|||j |jdS)zBytes prefixed with u32 lengthN) r/bytes memoryview bytearrayrrNryrsizer}rs r put_sshstrz_FragList.put_sshstrs cE:y9 : : ) LLS " " " J  c " " " " " LL $ $ $ J  ci ( ( ( ( (r cJ|t|dS)z*Big-endian bigint prefixed with u32 lengthN)rrvrs r put_mpintz_FragList.put_mpints   #'''''r cPttt|jS)zCurrent number of bytes)summaprNryr~s rrz_FragList.sizes3sDJ''(((r rdstbufposcT|jD]}t|}|||z}}||||< |S)zWrite into bytearray)ryrN)r~rrfragflenstarts rrenderz_FragList.rendersAJ % %Dt99DcDj3E $F59   r ctt|}|||S)zReturn as bytes)rrrrtobytes)r~bufs rrz_FragList.tobytess?499;;//00 C{{}}r r|)r)__name__ __module__ __qualname____doc__typingListr__annotations__OptionalrrrcrrUnionrrrrrrr rrxrxs66 ;u ;?$$OFK$67$ $$$$5TC3C4CCCCC3C4CCCC)fl5++=>)4))))(S(T(((()c))))Zc#r rxceZdZdZdefdZdedejej effdZ dedejej effdZ dej de dd fd Zd ej d e dd fd Zd S) _SSHFormatRSAzhFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q rEcVt|\}}t|\}}||f|fS)zRSA public fieldsrq)r~rEerls r get_publicz_SSHFormatRSA.get_publics2T""4T""41vt|r rc||\\}}}tj||}|}||fS)zMake RSA public key from data.)rr RSAPublicNumbersr2)r~rErrlpublic_numbersr2s r load_publicz_SSHFormatRSA.load_publicsKt,, A-a33#..00 4r c t|\}}t|\}}t|\}}t|\}}t|\}}t|\}}||f|krtdtj||} tj||} tj||} tj|||| | || } | } | |fS)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rqr=r rsa_crt_dmp1 rsa_crt_dmq1rRSAPrivateNumbers private_key)r~rE pubfieldsrlrdiqmppqdmp1dmq1rprivate_numbersrs r load_privatez_SSHFormatRSA.load_private sT""4T""4T""4%% dT""4T""4 q6Y  ?@@ @1%%1%%-a33/ q!T4~  &1133 D  r r2f_pubNc|}||j||jdS)zWrite RSA public keyN)rrrrl)r~r2rpubns r encode_publicz_SSHFormatRSA.encode_public6sC((**  r rf_privct|}|j}||j||j||j||j||j||jdS)zWrite RSA private keyN) rrrrlrrrrr)r~rrrrs rencode_privatez_SSHFormatRSA.encode_private>s&5577(7)***)****+++-...*+++*+++++r )rrrrrrrTupler r5rr4rrxrrrr rrrsz   c& 2 3    !! c'3 4!!!!, * 3<      ,, ,6? ,  , , , , , ,r rceZdZdZdedejejeffdZdedejej effdZ dedejej effdZ dej de dd fd Zd ej d e dd fd Zdejdd fdZd S) _SSHFormatDSAzhFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x rErct|\}}t|\}}t|\}}t|\}}||||f|fS)zDSA public fieldsr)r~rErrgys rrz_SSHFormatDSA.get_publicWs[T""4T""4T""4T""41a|T!!r c||\\}}}}}tj|||}tj||}|||}||fS)zMake DSA public key from data.)rrDSAParameterNumbersDSAPublicNumbers _validater2) r~rErrrrparameter_numbersrr2s rrz_SSHFormatDSA.load_publicasx"__T22 Aq!d3Aq!<<-a1BCC ~&&&#..00 4r cl||\\}}}}}t|\}}||||f|krtdtj|||}tj||} || tj|| } | } | |fS)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rrqr=rrrrDSAPrivateNumbersr) r~rErrrrrxrrrrs rrz_SSHFormatDSA.load_privatels"__T22 Aq!dT""4 q!Q<9 $ $?@@ @3Aq!<<-a1BCC ~&&&/>BB%1133 D  r r2rNc6|}|j}||||j||j||j||jdS)zWrite DSA public keyN)rrrrrrrr)r~r2rrrs rrz_SSHFormatDSA.encode_public|s$2244*< ~&&& )+,,, )+,,, )+,,, ()))))r rrc|||||jdS)zWrite DSA private keyN)rr2rrr)r~rrs rrz_SSHFormatDSA.encode_privatesO ;1133V<<<4466899999r rcl|j}|jdkrtddS)Niz#SSH supports only 1024 bit DSA keys)rrrsr=)r~rrs rrz_SSHFormatDSA._validates<*<   ) ) + +t 3 3BCC C 4 3r )rrrrrrrrrr8rr7rrxrrrrrr rrrNsA"" flJ. /""""    c& 2 3     !! c'3 4!!!! ** *3< *  * * * *:,:6?: ::::D(<DDDDDDDr rceZdZdZdedejfdZdede j e j effdZ dede j ej effdZ dede j ejeffd Zd ej d edd fd Zdejdedd fdZd S)_SSHFormatECDSAzFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret ssh_curve_namerAc"||_||_dSr|)rrA)r~rrAs rrz_SSHFormatECDSA.__init__s, r rErct|\}}t|\}}||jkrtd|ddkrtd||f|fS)zECDSA public fieldszCurve name mismatchrr]zNeed uncompressed point)rmrr=NotImplementedError)r~rErApoints rrz_SSHFormatECDSA.get_publicsn"$'' t!$'' t D' ' '233 3 8q==%&?@@ @u~t##r c||\\}}}tj|j|}||fS)z Make ECDSA public key from data.)rr r3from_encoded_pointrAr)r~rE curve_namerr2s rrz_SSHFormatECDSA.load_publicsS%)OOD$9$9!UT.AA J   4r c||\\}}}t|\}}||f|krtdtj||j}||fS)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rrqr=r derive_private_keyrA)r~rErrrsecretrs rrz_SSHFormatECDSA.load_privatesn%)OOD$9$9!UT!$''   ) + +ABB B+FDJ?? D  r r2rNc|tjtj}||j||dS)zWrite ECDSA public keyN) public_bytesrX962rUncompressedPointrr)r~r2rrs rrz_SSHFormatECDSA.encode_publicsV'' M<9   ,--- r rrc|}|}|||||jdS)zWrite ECDSA private keyN)r2rrr private_value)r~rrr2rs rrz_SSHFormatECDSA.encode_privatesY!++-- %5577 :v...677777r )rrrrrr EllipticCurverrrrrr3rr0rrxrrrr rrrs9  uR5E $ $ flJ. / $ $ $ $  b/; <     ! ! b0*< = ! ! ! ! 3 G% %%%%%%r rsnistp256snistp384snistp521r>ct|ts!t|}|tvr t|St d|)z"Return valid format or throw errorzUnsupported key type: )r/rrr _KEY_FORMATSr)r>s r_lookup_kformatr*sZ h & &2h''//11<H%% DDD E EEr backendctjd||tjd|t|}|st d|d}|d}tj t|||}| tst dt|ttd}t|\}}t|\}}t|\}}t|\} }| dkrt dt|\} }t| \} } t!| } | | \} } t%| t|\}}t%|||ft&t&fkr|}|t*vrt-d||t.krt-d|t*|d }t1||t|\}}t|\}}t%|t3||||}t||}nd }t1||t|\}}t|\}}||krt d t|\}}|| krt d | || \}}t|\}}|t:dt|krt d t=|t>j r!tCj"dtj#d|S)z.Load private key from OpenSSH custom encoding.rENrzNot OpenSSH private key formatr#zOnly one key supportedzUnsupported cipher: zUnsupported KDF: rizCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid paddingDSSH DSA keys are deprecated and will be removed in a future release. stacklevel)$r_check_byteslike _check_bytes_PEM_RCsearchr=rendbinascii a2b_base64r startswith _SK_MAGICrNrmrerrrR_NONErr&r_BCRYPTrOrZ decryptorupdater_PADDINGr/rr7warningswarnDeprecatedIn40)rErrmp1p2rSkdfname kdfoptionsnkeyspubdata pub_key_typekformatredataciphername_bytesblklenrkbufrciphck1ck2r>rcomments rload_ssh_private_keyr-;s  64((( :x000tA ;9::: B qB  z$//26 7 7D ??9 % %;9::: d  C NN,, -D#4((J%%MGT"4((J4..KE4 zz1222 %%MGT'00L'l++G ++G44Iwd##KE4G..%--// < / /&;'7;;  g  &'F7'F'FGG G./2%((( ,, d~~ T,h OO4>>++22599::%(((%JC%JC czz8999"%((OHe<:;;; --eY??K ''NGU 3u::&&&8999+s011           r rencryption_algorithmctjd|t|tjr!t jdtjdt|}t|}t}|rt}t|d}t}t} t|tr|j|j} t#jd} || || t+||| | } n t,x}}d}d} d } t#jd} d }t}|||||t| | g}||||||||t6d|||zz t}|t:|||||||| |||||}|}t=t?||z}| |||z }| 8| !"|||||dtG|d|S) z3Serialize private key with OpenSSH custom encoding.rISSH DSA key support is deprecated and will be removed in a future releaser]r rNr"rir#r )$rr r/rr7rrrr?rrx_DEFAULT_CIPHERr&r_DEFAULT_ROUNDSr _kdf_roundsosurandomrrrZrrr2rrrrrrrr encryptor update_intorK)rrr.r>r$ f_kdfoptionsrSr'rrrr)r!checkvalr, f_public_key f_secretsf_mainslenmlenrofss r_serialize_ssh_private_keyr@s1  z8,,,+s011   *       !--Hh''G;;L$ j)!,  +-H I I 6$0<)5Fz"~~%%%V$$$J$??$$ W Ez!}}HG;;LH%%% +0022LAAA8X.//I """ ; 222 !!! hE9>>+;+;f+D!EEFGGG[[F NN9 j!!! g l### NN5 l### i    >>  D ;;==D Ytf}-- . .C MM# +C  $$ST]CI>>> 3uu: & &&r ceZdZdZdZdS)SSHCertificateTyper#rN)rrrUSERHOSTrr rrBrBs D DDDr rBc"eZdZdedededededejededed ej eefd ej eefd ed ed ededededef"dZ e defdZ de fdZe defdZe defdZe defdZe dejefdZe defdZe defdZe dej eeffdZe dej eeffdZde fdZdefdZd"d!Zd S)#SSHCertificate_nonce _public_key_serial_cctype_key_id_valid_principals _valid_after _valid_before_critical_options _extensions _sig_type_sig_key_inner_sig_type _signature_tbs_cert_body_cert_key_type _cert_bodycL||_||_||_ t||_n#t $rt dwxYw||_||_||_||_ | |_ | |_ | |_ | |_ | |_||_||_||_||_dS)NzInvalid certificate type)rGrHrIrB_typer=rKrLrMrNrOrPrQrRrSrTrVrWrU)r~rGrHrIrJrKrLrMrNrOrPrQrRrSrTrUrVrWs rrzSSHCertificate.__init__s( &  9+G44DJJ 9 9 9788 8 9 !2(*!2&"  .$,$,s ,Arc*t|jSr|)rrGrs rnoncezSSHCertificate.noncesT[!!!r c@tjt|jSr|)rcastSSHCertPublicKeyTypesrHrs rr2zSSHCertificate.public_keys{0$2BCCCr c|jSr|)rIrs rserialzSSHCertificate.serial#s |r c|jSr|)rYrs rtypezSSHCertificate.type's zr c*t|jSr|)rrKrs rkey_idzSSHCertificate.key_id+sT\"""r c|jSr|)rLrs rvalid_principalszSSHCertificate.valid_principals/ %%r c|jSr|)rNrs r valid_beforezSSHCertificate.valid_before3s !!r c|jSr|)rMrs r valid_afterzSSHCertificate.valid_after7s   r c|jSr|)rOrs rcritical_optionszSSHCertificate.critical_options;rgr c|jSr|)rPrs r extensionszSSHCertificate.extensions?s r ct|j}||j\}}t ||Sr|)rrQrrRrR)r~ sigformat signature_key sigkey_rests rrrzSSHCertificate.signature_keyCs?#DN33 %.%:%:4=%I%I" {[!!!r ct|jdztjt|jdzS)N F)newline)rrVr b2a_base64rWrs rrzSSHCertificate.public_bytesIs@ $% & & !%"8"8%HHH I r Nc|}t|tjr<|t |jt |jdSt|tj rt|j\}}t|\}}t|tj ||}t|j}||t |jtj|dSt|t"jsJ|jt(krt+j}nI|jt.krt+j}n%|jt2ksJt+j}|t |jt |jt7j|dSr|)rrr/r r;verifyrrTrUr r3rqrR asym_utilsencode_dss_signature_get_ec_hash_algrAECDSAr r5rSr6rSHA1_SSH_RSA_SHA256SHA256_SSH_RSA_SHA512SHA512r PKCS1v15)r~rrrrEs computed_sighash_algs rverify_cert_signaturez$SSHCertificate.verify_cert_signaturePs**,, mW%= > >   do&&d.A(B(B      r'@ A A  11GAt &&GAt    %:1a@@L' (;<> > >>#x//!;==%88!=??+>>>>!=??  do&&d)** ""      r )rN)rrrrr,rcrrrDictrpropertyr[r^r2r`rBrbrdrfrirkrmrorrrrrr rrFrFs'-'-''- '-  '-  '-";u-'-'-'-";ue|4'-[.'-'-'-$'-'- #!'-"#'-$%'-'-'-'-R"u"""X"D1DDDD X(X####X#&&+e"4&&&X&"c"""X"!S!!!X!&&+eUl";&&&X& FKu 5   X 4  e    r rFrAct|tjrtjSt|tjrtjSt|tjsJtjSr|) r/r SECP256R1rr SECP384R1SHA384 SECP521R1r)rAs rr|r|qsf%&&} E2< ( (}%.....}r c tjd|t|}|st d|dx}}|d}d}|trd}|dtt }|tkr|stdt|} ttj|}n)#ttjf$rt dwxYw|r|} t#|\} }| |krt d |rt#|\} }||\} }|rt'|\} }t)|\}}t#|\}}t#|\}}g}|r6t#|\}}|t-||6t'|\}}t'|\}}t#|\}}t/|}t#|\}}t/|}t#|\}}t#|\}}t#|\}}|tkr|std | dt| }t#|\}}t1|t#|\}} |t2kr|t4t6t2fvs|t2kr||krt d t#| \}!} t1| t9| | | |||||||||||!||| St1|| S) NrEzInvalid line formatr#rFTz-DSA keys aren't supported in SSH certificateszInvalid formatzInvalid key formatz3DSA signatures aren't supported in SSH certificatesz!Signature key type does not match)rr _SSH_PUBKEY_RCmatchr=groupendswith _CERT_SUFFIXrNr9rrrrr TypeErrorErrorrmrrjrerr_parse_exts_optsrRr6rrrF)"rE_legacy_dsa_allowedrr> orig_key_typekey_body with_certr$rest cert_bodyinner_key_typer[r2r`cctyperd principalsrf principalrkri crit_optionsrmextsro_ sig_key_rawsig_typesig_key tbs_cert_body signature_rawinner_sig_typesig_rest signatures" r_load_ssh_public_identityr{s 64(((T""A 0./// wwqzz)H}wwqzzHI&&2 0s<000018$7" ;   h''G+(-h7788 x~ &+++)***+ &t,,ND&&-...(!$'' t**400J:~~ ~~ "4(( &t,, D 6$/ $;$; !Iz  # #E)$4$4 5 5 5 6%TNN T%d^^ d(.. d+L99 && d%d++ d##4'-- T' 44' x  (; &E ",SYYJ,/ )$// tT#.}#=#=   #_h?@@(""~'A'A@AA A)(33 8X                 #   ( Ts !C66&Dc t|Sr|)rrQs rload_ssh_public_identityrs %T * **r exts_optsci}d}|rst|\}}t|}||vrtd|||krtdt|\}}t|||<|}|s|S)NzDuplicate namezFields not lexically sorted)rmrr=)rresult last_namerBbnamevalues rrrs(*FI  %i00iT{{ F??-.. .  UY%6%6:;; ;&y11ye u     Mr ct|d}t|tr|}n|}t|tjr!t jdtj d|S)NT)rrrr ) rr/rFr2rr8rrrr)rEr cert_or_keyr2s rload_ssh_public_keyrs,DdKKKK+~..! ++--  *c.//          r ct|tjr!tjdt jdt|}t|}t}| || ||tj |}d|d|gS)z&One-line public key format for OpenSSHr0r]r r ru)r/rr8rrrrr?rrxrrrrwrstriprI)r2r>r$rpubs rserialize_ssh_public_keyrs*c.//   *       !,,Hh''G KKE X *e,,,  emmoo . . 4 4 6 6C 88XtS) * **r cFeZdZddddgdddggf dejedejedejedejedej ede d ejed ejed ej ej eefd ej ej eeffd Z deddfdZ deddfdZdeddfdZdeddfdZdej eddfdZdZdejeefddfdZdejeefddfdZdededdfd Zdededdfd!Zd"edefd#ZdS)$SSHCertificateBuilderNFrHrIrYrKrL_valid_for_all_principalsrNrMrOrPc ||_||_||_||_||_||_||_||_| |_| |_ dSr| rHrIrYrKrLrrNrMrOrP) r~rHrIrYrKrLrrNrMrOrPs rrzSSHCertificateBuilder.__init__%sW'   !2)B&*(!2&r r2rc :t|tjtjt jfstd|jtdt||j |j |j |j|j|j|j|j|j S)Nr.zpublic_key already setr)r/r r3r r5r r;rrHr=rrIrYrKrLrrNrMrOrP)r~r2s rr2z SSHCertificateBuilder.public_key=s ) (    4233 3   '566 6$"L*L"4&*&D,*"4(    r r`c >t|tstdd|cxkrdksntd|jtdt |j||j|j|j |j |j |j |j |j S)Nzserial must be an integerrz"serial must be between 0 and 2**64zserial already setr)r/rcrr=rIrrHrYrKrLrrNrMrOrP)r~r`s rr`zSSHCertificateBuilder.serialYs&#&& 9788 8F""""U""""ABB B < #122 2$(*L"4&*&D,*"4(    r rbc t|tstd|jt dt |j|j||j|j |j |j |j |j |j S)Nz"type must be an SSHCertificateTypeztype already setr)r/rBrrYr=rrHrIrKrLrrNrMrOrP)r~rbs rrbzSSHCertificateBuilder.typens$ 233 B@AA A : !/00 0$(LL"4&*&D,*"4(    r rdc t|tstd|jt dt |j|j|j||j |j |j |j |j |j S)Nzkey_id must be byteszkey_id already setr)r/rrrKr=rrHrIrYrLrrNrMrOrP)r~rds rrdzSSHCertificateBuilder.key_ids&%(( 4233 3 < #122 2$(L*"4&*&D,*"4(    r rfc |jrtdtd|Dr|std|jrtdt |t krtdt|j|j |j |j ||j|j |j |j|j S)NzDPrincipals can't be set because the cert is valid for all principalsc3@K|]}t|tVdSr|)r/r).0rs r z9SSHCertificateBuilder.valid_principals..s,CCQJq%((CCCCCCr z5principals must be a list of bytes and can't be emptyzvalid_principals already setz:Reached or exceeded the maximum number of valid_principalsr)rr=allrrLrN_SSHKEY_CERT_MAX_PRINCIPALSrrHrIrYrKrNrMrOrP)r~rfs rrfz&SSHCertificateBuilder.valid_principalss  ) %  CC2BCCCCC # G   ! =;<< <  #> > >L %(L*L.&*&D,*"4(    r c |jrtd|jrtdt|j|j|j|j|jd|j|j |j |j  S)Nz@valid_principals already set, can't set valid_for_all_principalsz$valid_for_all_principals already setTr) rLr=rrrHrIrYrKrNrMrOrPrs rvalid_for_all_principalsz.SSHCertificateBuilder.valid_for_all_principalss  ! +   ) ECDD D$(L*L"4&*,*"4(    r ric dt|ttfstdt|}|dks|dkrt d|jt dt |j|j|j |j |j |j ||j |j|j S)Nz$valid_before must be an int or floatrrzvalid_before must [0, 2**64)zvalid_before already setr)r/rcfloatrr=rNrrHrIrYrKrLrrMrOrP)r~ris rriz"SSHCertificateBuilder.valid_befores,e 55 DBCC C<(( !  |u44;<< <   )788 8$(L*L"4&*&D&*"4(    r rkc dt|ttfstdt|}|dks|dkrt d|jt dt |j|j|j |j |j |j |j ||j|j S)Nz#valid_after must be an int or floatrrzvalid_after must [0, 2**64)zvalid_after already setr)r/rcrrr=rMrrHrIrYrKrLrrNrOrP)r~rks rrkz!SSHCertificateBuilder.valid_afters+U|44 CABB B+&& ??kU22:;; ;   (677 7$(L*L"4&*&D,$"4(    r rBrc Zt|trt|tstd|d|jDvrt dt |j|j|j|j |j |j |j |j |j||fgz|j S)Nname and value must be bytescg|]\}}|SrrrrBrs r z=SSHCertificateBuilder.add_critical_option..s???WT1D???r zDuplicate critical option namer)r/rrrOr=rrHrIrYrKrLrrNrMrPr~rBrs radd_critical_optionz)SSHCertificateBuilder.add_critical_options$&& ??? ? ?=>> >$(L*L"4&*&D,*"4u F(    r cZt|trt|tstd|d|jDvrt dt |j|j|j|j |j |j |j |j |j|j||fgz S)Nrcg|]\}}|Srrrs rrz7SSHCertificateBuilder.add_extension..s999WT1D999r zDuplicate extension namer)r/rrrPr=rrHrIrYrKrLrrNrMrOrs r add_extensionz#SSHCertificateBuilder.add_extensions$&& z,SSHCertificateBuilder.sign..Us !A$r )r*c|dSrrrs rrz,SSHCertificateBuilder.sign..Vs AaDr r%ru)5r/r r0r r4r r:rrHr=rIrYrKrLrrNrMrOsortrPr?rr4r5rrxrrrrrrr2signr|rAr}rzdecode_dss_signaturerrr rrrrrwrrr]rFrrI)r~rr`rdr> cert_prefixr[r$f fprincipalsrfcritrBrfextca_typecaformatcafrfsigrrrfsigblob cert_datas rrzSSHCertificateBuilder.sign*s *!)    <:;; ;   #566 6l*  : /00 0 ,$, % d.L     %788 8   $677 7  t1 1 1LMM M ###777 ..111$T%566-  2!(++ KK [!!! Ud.222 & $*"### Vkk ' & &A  " "1 % % % % [((**+++ $#$$$ $$%%% 1 $ $KD%   T " " "   U # # # # U]]__%%%{{+ # #KD% OOD ! ! ! OOE " " " " T\\^^$$$ S#K00"7++kk w{5577=== S[[]]### k7#< = = )#((55I;;D OOG $ $ $ OOI & & & LL ( ( ( (  R%? @ @ )' (9::H#((bhx6H6HIII29==DAq;;D OOG $ $ $ {{H   q ! ! !   q ! ! ! OOH,,.. / / / LL ( ( ( (k3+<== = == ;;D OOO , , ,#(( W-//I OOI & & & LL ( ( (' 44::<< {  $SXX{D).L%M%M N N   r )rrrrrr^rcrBrrboolrrr2r`rbrdrfrrrrirkrrSSHCertPrivateKeyTypesrFrrr rrr$s?C(,59*.02*/.2-1EG?A''_%:;'%'12 ' ' ' ";u- '$('s+'oc*'";v|E5L'AB'[eUl!;<''''0 /     8 S %<    * + 0G    & U '>    &" & E 2" " " " " H   , "Le4     0 !<U 3     0  "'     ,  "'     ,} 6} >} } } } } } r r)Fr|)}renumr4rerrbase64rrJ cryptographyrcryptography.exceptionsrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricrr r r r rz&cryptography.hazmat.primitives.ciphersr rr,cryptography.hazmat.primitives.serializationrrrrrrbcryptrr_bcrypt_supported ImportErrorrrcrr<r6r9_ECDSA_NISTP256_ECDSA_NISTP384_ECDSA_NISTP521rrrcompilerr _SK_START_SK_ENDrrr1r2DOTALLr rrrangerAESCTRCBCr&rrTyperrrCr?r3r1rKrOrRrrZrerjrmrqrvrxrrrrrrrrrr0r4r7r:r+Anyr-r@r5r8r;r,r^EnumrBrFr HashAlgorithmr|rrrrrrrrrr rrs   000000888888111111JIIIIILLLLLLLLLL9)))))) 9 9 9#( 99999 9  9  999999 9  (((' "!233  2 .  "*Y)G3RY ? ? :iia 0 011 2 2NB 26NB 26 fk  L JN#  V[+V[-CCD     !   ? @ *' 9'e''''%eO<< < < < <<<<:E:c:d:::: 8u88888 > >oe$ >  >  >  FLEI- ./ > > > >?:?&,sJ"??????:?&,sJ"?????jV\*j2H%I,Z,FLj$A,,,,+3+5++++55555555pC,C,C,C,C,C,C,C,LEDEDEDEDEDEDEDEDPD8D8D8D8D8D8D8D8N@%@%@%@%@%@%@%@%H mmoo mmoo##%%__[,",..AA__[,",..AA__[,",..AA  FeFFFF\ RR Roe$RZR RRRRjJ'#J'J'5J' J'J'J'J'ZL           ~~~~~~~~BB,1E\\ \ \."334\\\\~+ + \."334++++  v{5%