U
    <ßôg
  ã                   @   s‚  d dl Z d dlZd dlmZ d dlmZ d dlmZmZ d dl	m
Z
 d dlmZ d dlmZ d dlmZ d d	lmZ d d
lmZ ddgZejdddejdedejdejddddejdddedejddddejdddddd„ ƒƒƒƒƒZejddddd„ ƒZejd d!deddd"Zejd#d$dejdedejdejddddejdd%deded&d'„ ƒƒƒƒƒZ ejd(d)dejdedejdejddddejd*edd+d,ejd-d.edd/ejd0de !d1¡d2d3d4ejd5d6edddd7ed8d9„ ƒƒƒƒƒƒƒƒZ"ej#d:œd;d<„Z$ejd=d>dejdedejdejddddejd?edejd0de !d@¡dAd3d4edBdC„ ƒƒƒƒƒƒZ%dS )Dé    N)Úcli_root)Úpyhanko_exception_manager)Ú_warn_empty_passphraseÚreadable_file)Úload_certs_from_pemder)Úcrypt)ÚStandardSecurityHandler)ÚPubKeyPermissions)ÚPdfFileReader)Úcopy_into_new_writerÚdecryptÚencrypt_filez encrypt PDF files (AES-256 only)Úencrypt)ÚhelpÚnameÚinfile)ÚtypeÚoutfileTF)ÚwritableÚdir_okayz
--passwordz!password to encrypt the file with)r   Úrequiredr   z--recipientzIcertificate(s) corresponding to entities that can decrypt the output file)Úreadabler   )r   Úmultipler   r   c           	      C   s¶   |r|rt  d¡‚n|s(|s(tjdd}d }|r>tt|dƒ}tƒ h t| dƒR}t|ƒ}t|ƒ}|rr| 	|¡ n|j
|d t|dƒ}| |¡ W 5 Q R X W 5 Q R X W 5 Q R X d S )Nz2Specify either a password or a list of recipients.zOutput file password: ©Úprompt)Z
cert_filesÚrb)Z
owner_passÚwb)ÚclickÚClickExceptionÚgetpassÚlistr   r   Úopenr
   r   Zencrypt_pubkeyr   Úwrite)	r   r   ÚpasswordZ	recipientZrecipient_certsÚinfÚrÚwÚoutf© r(   ú>/tmp/pip-unpacked-wheel-w101_d3s/pyhanko/cli/commands/crypt.pyr      s$    ÿz6decrypt PDF files (any standard PDF encryption scheme)c                   C   s   d S )Nr(   r(   r(   r(   r)   r   =   s    z--forcez1ignore access restrictions (use at your own risk))r   r   r   Úis_flagÚdefaultzdecrypt using passwordr#   z!password to decrypt the file withc           	      C   sØ   t ƒ È t| dƒ²}t|ƒ}|jd kr2t d¡‚nt|jtƒsHt d¡‚|sXtjdd}| 	|¡}|j
tjjkr€|s€t d¡‚n|j
tjjkr˜t d¡‚t|ƒ}t|dƒ}| |¡ W 5 Q R X W 5 Q R X W 5 Q R X d S )	Nr   úFile is not encrypted.zIFile is not encrypted with the standard (password-based) security handlerzFile password: r   zjPassword specified was the user password, not the owner password. Pass --force to decrypt the file anyway.zPassword didn't match.r   )r   r!   r
   Úsecurity_handlerr   r   Ú
isinstancer   r   r   Ústatusr   Ú
AuthStatusÚUSERÚFAILEDr   r"   )	r   r   r#   Úforcer$   r%   Úauth_resultr&   r'   r(   r(   r)   Údecrypt_with_passwordO   s*    
ÿ
ÿ
r5   z#decrypt using private key (PEM/DER)Zpemderz--keyz5file containing the recipient's private key (PEM/DER))r   r   r   z--certz5file containing the recipient's certificate (PEM/DER))r   r   r   z
--passfiler   z2file containing the passphrase for the private keyÚstdin)r   r   r   Úshow_defaultz	--no-passz*assume the private key file is unencrypted)r   r   r*   r+   r7   c           	      C   sh   |d k	r|  ¡ }| ¡  n*|s@tjdd d¡}|sDtƒ  d }nd }tjj|||d}t|| ||ƒ d S )NúKey passphrase: r   úutf-8)Zkey_passphrase)	ÚreadÚcloser   Úencoder   r   ÚSimpleEnvelopeKeyDecrypterÚloadÚ_decrypt_pubkey)	r   r   ÚkeyÚcertÚpassfiler3   Zno_passÚ
passphraseÚsedkr(   r(   r)   Údecrypt_with_pemders   s     
  ÿrE   )rD   c           	      C   sÚ   t ƒ Ê t|dƒ´}t|ƒ}|jd kr0t d¡‚t|jtjƒsHt d¡‚| 	| ¡}|j
tjjkr‚|sš|jrštj|jkršt d¡‚n|j
tjjkršt d¡‚t|ƒ}t|dƒ}| |¡ W 5 Q R X W 5 Q R X W 5 Q R X d S )Nr   r,   z:File was not encrypted with a public-key security handler.zhChange of encryption is typically not allowed with user access. Pass --force to decrypt the file anyway.zFailed to decrypt the file.r   )r   r!   r
   r-   r   r   r.   r   ZPubKeySecurityHandlerZdecrypt_pubkeyr/   r0   r1   Zpermission_flagsr	   ZALLOW_ENCRYPTION_CHANGEr2   r   r"   )	rD   r   r   r3   r$   r%   r4   r&   r'   r(   r(   r)   r?   ¥   s6    

ÿ
ÿþÿüÿ
r?   z#decrypt using private key (PKCS#12)Úpkcs12Úpfxr%   z3file containing the passphrase for the PKCS#12 filec                 C   sX   |d krt j dd d¡}n| ¡  ¡  d¡}| ¡  tjj||d}t|| ||ƒ d S )Nr8   r   r9   )rC   )	r   r<   ÚreadlineÚstripr;   r   r=   Úload_pkcs12r?   )r   r   rG   rB   r3   rC   rD   r(   r(   r)   Údecrypt_with_pkcs12Æ   s     ÿrK   )&r   r   Zpyhanko.cli._rootr   Zpyhanko.cli.runtimer   Zpyhanko.cli.utilsr   r   Zpyhanko.keysr   Zpyhanko.pdf_utilsr   Zpyhanko.pdf_utils.cryptr   Z#pyhanko.pdf_utils.crypt.permissionsr	   Zpyhanko.pdf_utils.readerr
   Zpyhanko.pdf_utils.writerr   Ú__all__ÚcommandÚargumentÚPathÚoptionÚstrr   Úgroupr   ÚboolZdecrypt_force_flagr5   ZFilerE   r=   r?   rK   r(   r(   r(   r)   Ú<module>   sÆ   üúþ
ú
üüüûúÿ!û