U
    <ßôg€Ô  ã                   @   sb  d dl Z d dlZd dlZd dlZd dlZd dlZd dlmZ d dlm	Z	m
Z
 d dlmZmZmZmZmZmZ d dlmZmZmZmZ d dlmZ d dlmZmZ d dlmZmZmZ d d	l m!Z!m"Z"m#Z# d d
l$m%Z%m&Z&m'Z' d dl$m(Z) d dl*m+Z+m,Z,m-Z-m.Z. d dl/m0Z0m1Z1 d dl2m3Z3m4Z4 d dl5m6Z6m7Z7 d dl8m9Z9 d dl:m;Z; d dl<m=Z= ddl>m?Z?m@Z@ ddlAmBZBmCZCmDZD ddlEmFZFmGZGmHZHmIZImJZJmKZKmLZLmMZMmNZN ddlOmPZPmQZQ ddlRmSZSmTZTmUZU ddlVmWZW e XeY¡ZZeddG dd„ dƒƒZ[G dd „ d eHe j\ƒZ]G d!d"„ d"e]eSƒZ^G d#d$„ d$e]eTƒZ_G d%d&„ d&e]eUƒZ`e? ad'¡Zbe? ad(¡Zcdkd)d*„Zddld+d,„Zedmd-d.„ZfejgG d/d0„ d0ejhƒƒZidnejeWd1œd2d3„Zkeejlejd4œd5d6„Zmeejlejd4œd7d8„Znejlejejd9œd:d;„Zoeee!jpeef d<œd=d>„Zqeejrejd4œd?d@„ZsejreejejejdAœdBdC„Ztejejue[dDœdEdF„Zvdoeeju ejeWe[ejwdGœdHdI„ZxG dJdK„ dKeyƒZzG dLdM„ dMƒZ{G dNdO„ dOej|ƒZ}G dPdQ„ dQej|ƒZ~e dR¡Z€e!jpejeej e9dSœdTdU„ZG dVdW„ dWe{ePƒZ‚eP ƒe‚¡ ej„e{eej dXœdYdZ„Z…ejwe{eeej eeW f d[œd\d]„Z†e?j‡d^œd_d`„Zˆdadb„ Z‰dcdd„ ZŠdedf„ Z‹dgdh„ ZŒeLjƒG didj„ djeLƒƒZdS )pé    N)Ú	dataclass)Úsha1Úsha256)ÚDictÚListÚOptionalÚSetÚTupleÚUnion)ÚalgosÚcmsÚcoreÚx509)ÚRSAESOAEPParams)ÚKeyEncryptionAlgorithmÚKeyEncryptionAlgorithmId)ÚPrivateKeyInfoÚPublicKeyAlgorithmÚPublicKeyInfo)ÚhashesÚkeywrapÚserialization)ÚECDHÚEllipticCurvePrivateKeyÚEllipticCurvePublicKey)Úgenerate_private_key)ÚMGF1ÚOAEPÚAsymmetricPaddingÚPKCS1v15)ÚRSAPrivateKeyÚRSAPublicKey)ÚX448PrivateKeyÚX448PublicKey)ÚX25519PrivateKeyÚX25519PublicKey)ÚKeyDerivationFunction)ÚX963KDF)Úpkcs12é   )ÚgenericÚmiscé   )Úaes_cbc_decryptÚaes_cbc_encryptÚrc4_encrypt)	Ú
AuthResultÚ
AuthStatusÚCryptFilterÚCryptFilterBuilderÚCryptFilterConfigurationÚIdentityCryptFilterÚSecurityHandlerÚSecurityHandlerVersionÚbuild_crypt_filter)ÚSerialisableCredentialÚSerialisedCredential)ÚAESCryptFilterMixinÚAESGCMCryptFilterMixinÚRC4CryptFilterMixin)ÚPubKeyPermissionsT)Úfrozenc                   @   s&   e Zd ZU dZeed< dZeed< dS )ÚRecipientEncryptionPolicyFÚignore_key_usageÚprefer_oaepN)Ú__name__Ú
__module__Ú__qualname__rA   ÚboolÚ__annotations__rB   © rH   rH   úB/tmp/pip-unpacked-wheel-w101_d3s/pyhanko/pdf_utils/crypt/pubkey.pyr@   F   s   
r@   c                       s¢   e Zd ZU dZdZed ed< ddddœ‡ fdd	„
Zee	d
œdd„ƒZ
‡ fdd„Ze ¡ feej eedœdd„Zed
œdd„Zed
œdd„Z‡ fdd„Z‡  ZS )ÚPubKeyCryptFilteraÕ  
    Crypt filter for use with public key security handler.
    These are a little more independent than their counterparts for
    the standard security handlers, since different crypt filters
    can cater to different sets of recipients.

    :param recipients:
        List of CMS objects encoding recipient information for this crypt
        filters.
    :param acts_as_default:
        Indicates whether this filter is intended to be used in
        ``/StrF`` or ``/StmF``.
    :param encrypt_metadata:
        Whether this crypt filter should encrypt document-level metadata.

        .. warning::
            See :class:`.SecurityHandler` for some background on the
            way pyHanko interprets this value.
    NÚPubKeySecurityHandlerÚ_handlerFT)Ú
recipientsÚacts_as_defaultÚencrypt_metadatac                   s6   || _ || _|| _d| _d  | _| _tƒ jf |Ž d S )NF)rM   rN   rO   Ú_pubkey_auth_failedÚ_shared_keyÚ_recp_key_seedÚsuperÚ__init__)ÚselfrM   rN   rO   Úkwargs©Ú	__class__rH   rI   rT   m   s    zPubKeyCryptFilter.__init__©Úreturnc                 C   s   | j S ©N)rP   ©rU   rH   rH   rI   Ú_auth_failed|   s    zPubKeyCryptFilter._auth_failedc                    s*   t |tƒst‚tƒ  |¡ d  | _| _d S r[   )Ú
isinstancerK   Ú	TypeErrorrS   Ú_set_security_handlerrQ   rR   )rU   ÚhandlerrW   rH   rI   r`   €   s    
z'PubKeyCryptFilter._set_security_handler)ÚcertsÚpolicyÚpermsc                 C   sv   | j s| jrt d¡‚| jdkr2t d¡| _g | _| jdk	sF| jdkrPt d¡‚t|| j||| j d}| j 	|¡ dS )ay  
        Add recipients to this crypt filter.
        This always adds one full CMS object to the Recipients array

        :param certs:
            A list of recipient certificates.
        :param policy:
            Encryption policy choices for the chosen set of recipients.
        :param perms:
            The permission bits to assign to the listed recipients.
        zCA non-default crypt filter cannot have multiple sets of recipients.Né   zYAdding recipients after deriving the shared key or before authenticating is not possible.)rc   Úinclude_permissions)
rN   rM   r+   ÚPdfErrorÚsecretsÚtoken_bytesrR   rQ   Úconstruct_recipient_cmsÚappend)rU   rb   rc   rd   Znew_cmsrH   rH   rI   Úadd_recipients†   s&    ÿ
ÿûz PubKeyCryptFilter.add_recipientsc                 C   sB   | j D ]0}t||ƒ\}}|dk	r|| _ttj|ƒ  S qttjƒS )a‚  
        Authenticate to this crypt filter in particular.
        If used in ``/StmF`` or ``/StrF``, you don't need to worry about
        calling this method directly.

        :param credential:
            The :class:`.EnvelopeKeyDecrypter` to authenticate with.
        :return:
            An :class:`AuthResult` object indicating the level of access
            obtained.
        N)rM   Úread_seed_from_recipient_cmsrR   r0   r1   ÚUSERÚFAILED)rU   Ú
credentialÚrecpÚseedrd   rH   rH   rI   Úauthenticate±   s    
zPubKeyCryptFilter.authenticatec                 C   sŒ   | j d k	st‚| jd kr"t d¡‚| j jtjkr8tƒ }nt	ƒ }| 
| j¡ | jD ]}| 
| ¡ ¡ qP| jsz| jrz| 
d¡ | ¡ d | j… S )Nz&No seed available; authenticate first.s   ÿÿÿÿ)rL   ÚAssertionErrorrR   r+   rg   Úversionr7   ÚAES256r   r   ÚupdaterM   ÚdumprO   rN   ÚdigestÚkeylen)rU   Zmdrq   rH   rH   rI   Úderive_shared_encryption_keyÄ   s    



z.PubKeyCryptFilter.derive_shared_encryption_keyc                    sd   t ƒ  ¡ }t | jd ¡|d< t dd„ | jD ƒ¡}| jrD||d< n|d |d< t | j	¡|d< |S )Né   ú/Lengthc                 s   s   | ]}t  | ¡ ¡V  qd S r[   ©r*   ÚByteStringObjectrx   ©Ú.0rq   rH   rH   rI   Ú	<genexpr>Ö   s    z2PubKeyCryptFilter.as_pdf_object.<locals>.<genexpr>ú/Recipientsr   ú/EncryptMetadata)
rS   Úas_pdf_objectr*   ÚNumberObjectrz   ÚArrayObjectrM   rN   ÚBooleanObjectrO   )rU   ÚresultrM   rW   rH   rI   r…   Ó   s    

ÿ
ÿzPubKeyCryptFilter.as_pdf_object)rC   rD   rE   Ú__doc__rL   r   rG   rT   ÚpropertyrF   r]   r`   r>   Úallow_everythingr   r   ÚCertificater@   rl   r0   rs   Úbytesr{   r…   Ú__classcell__rH   rH   rW   rI   rJ   V   s$   
û
üü+rJ   c                   @   s   e Zd ZdZdS )ÚPubKeyAESCryptFilterz<
    AES crypt filter for public key security handlers.
    N©rC   rD   rE   rŠ   rH   rH   rH   rI   r   ä   s   r   c                   @   s   e Zd ZdZdS )ÚPubKeyAESGCMCryptFilterz@
    AES-GCM crypt filter for public key security handlers.
    Nr‘   rH   rH   rH   rI   r’   ì   s   r’   c                   @   s   e Zd ZdZdS )ÚPubKeyRC4CryptFilterz<
    RC4 crypt filter for public key security handlers.
    Nr‘   rH   rH   rH   rI   r“   ô   s   r“   z/DefaultCryptFilterz/DefEmbeddedFilec                 C   s   t tt| d||dittdS ©NT)rz   rN   rM   rO   ©Zdefault_stream_filterZdefault_string_filter)r4   ÚDEFAULT_CRYPT_FILTERr“   ©rz   rM   rO   rH   rH   rI   Ú_pubkey_rc4_config  s     üÿör˜   c                 C   s   t tt| d||dittdS r”   )r4   r–   r   r—   rH   rH   rI   Ú_pubkey_aes_config!  s     üÿör™   c                 C   s   t ttd| |dittdS )NT)rN   rM   rO   r•   )r4   r–   r’   ©rM   rO   rH   rH   rI   Ú_pubkey_gcm_config0  s     ýÿ÷r›   c                   @   s.   e Zd ZdZe d¡Ze d¡Ze d¡ZdS )ÚPubKeyAdbeSubFilterz{
    Enum describing the different subfilters that can be used for public key
    encryption in the PDF specification.
    z/adbe.pkcs7.s3z/adbe.pkcs7.s4z/adbe.pkcs7.s5N)	rC   rD   rE   rŠ   r*   Ú
NameObjectZS3ÚS4ÚS5rH   rH   rH   rI   rœ   >  s   

rœ   )rr   rd   c                 C   s$   t | ƒdkst‚| |r| ¡ nd S )Nre   ó    )Úlenrt   Úas_bytes)rr   rd   rf   rH   rH   rI   Úconstruct_envelope_contentJ  s    r£   )Úpub_key_infoÚridÚenvelope_keyc                 C   sR   t ƒ }t dt d¡i¡}t |  ¡ ¡}t|tƒs6t	‚|j
||d}t|||dS )NÚ	algorithmÚrsaes_pkcs1v15©Úpadding©r¥   ÚalgoÚencrypted_data)r   r   r   r   r   Úload_der_public_keyrx   r^   r!   rt   ÚencryptÚ_format_ktri)r¤   r¥   r¦   rª   r¬   Úpub_keyr­   rH   rH   rI   Ú_rsaes_pkcs1v15_recipientQ  s    ÿr²   c                 C   s    ddl m} ddlm} || ƒ}||ƒ}t t d¡td|idd|idœdœƒdœ¡}tt	|ƒ|d d	}t
 |  ¡ ¡}	t|	tƒs„t‚|	j||d
}
t|||
dS )Nr   ©Úget_pyca_cryptography_hash)Úselect_suitable_signing_mdÚ
rsaes_oaepr§   Úmgf1©r§   Ú
parameters)Úhash_algorithmÚmask_gen_algorithm©Úmgfr§   Úlabelr©   r«   )Úpyhanko.sign.generalr´   Zpyhanko.sign.signers.pdf_cmsrµ   r   r   r   r   r   r   r   r®   rx   r^   r!   rt   r¯   r°   )r¤   r¥   r¦   r´   rµ   Zdigest_function_nameÚdigest_specr¬   rª   r±   r­   rH   rH   rI   Ú_rsaes_oaep_recipientb  s(    þþÿþÿrÁ   r«   c              
   C   s   t  dt  d| ||dœ¡i¡S )NÚktrir   )ru   r¥   Úkey_encryption_algorithmÚencrypted_key)r   ÚRecipientInfoZKeyTransRecipientInfor«   rH   rH   rI   r°   ƒ  s     üÿÿÿr°   )r¤   rZ   c                 C   s‚   | j }|dkr| jd }n|dkr(d}nd}|dkrJt ¡ tdƒtdƒfS |dkrht ¡ td	ƒtd
ƒfS t ¡ tdƒtdƒfS d S )NÚecr)   Úx25519é€   é   Zaes128_wrapz1.3.132.1.11.1éÀ   Zaes192_wrapz1.3.132.1.11.2Zaes256_wrapz1.3.132.1.11.3)r§   Zbit_sizer   ÚSHA256r   ÚSHA384ÚSHA512)r¤   Ú	algo_nameZapprox_sec_levelrH   rH   rI   Ú_choose_ecdh_settings–  s(    ýýýrÏ   c                 C   sø   t | ƒ\}}}td|iƒ}t |  ¡ ¡}t|tƒrLt|jƒ}| 	t
ƒ |¡}	n@t|tƒrjt ¡ }| 	|¡}	n"t|tƒrˆt ¡ }| 	|¡}	nt‚t | ¡  tjjtjj¡¡}
t d¡}t|||d}| |	¡}tj||d}t||
t  ||dœ¡||dS )Nr§   é   ©Ú
kdf_digestÚkey_wrap_algoÚuser_keying_material)Úwrapping_keyZkey_to_wrapr¸   ©r¥   Úoriginator_keyr¬   Úukmr­   )!rÏ   r   r   r®   rx   r^   r   Úgenerate_ec_private_keyÚcurveÚexchanger   r%   r$   Úgenerater#   r"   ÚNotImplementedErrorr   ÚloadÚ
public_keyÚpublic_bytesÚEncodingÚDERÚPublicFormatÚSubjectPublicKeyInforh   ri   Ú_kdf_for_exchangeÚderiver   Zaes_key_wrapÚ_format_karir   )r¤   r¥   r¦   rÀ   Úkey_wrap_algo_idZkey_exch_algo_idrÓ   r±   r×   Ú
ecdh_valueZoriginator_key_inforØ   ÚkdfZkekr­   rH   rH   rI   Ú_ecdh_recipient·  sV    ÿ




þÿ
ý
 ÿþÿörë   rÖ   c                 C   s8   t jdt  dt jd|d||t  | |dœ¡gdœ¡dS )NÚkarié   r×   )ÚnameÚvalue)r¥   rÄ   )ru   Ú
originatorrØ   rÃ   Úrecipient_encrypted_keys)r   rÅ   ZKeyAgreeRecipientInfoÚOriginatorIdentifierOrKeyZRecipientEncryptedKeyrÖ   rH   rH   rI   rç   ñ  s"     ÿÿÿùÿþrç   )r¦   Úcertrc   c           
      C   sÜ   |j }|d }|d j}t| ƒdks(t‚|js\|j}|d ksFd|jkr\t d|jj	› d¡‚t
 |j|jdœ¡}|dkr¦t
 d|i¡}|jr˜t||| ƒS t||| ƒS n2|d	krÈt
 d|i¡}	t||	| ƒS td
|› dƒ‚d S )Nr§   é    Úkey_enciphermentzCertificate for subject z8 does not have the 'key_encipherment' key usage bit set.)ÚissuerÚserial_numberÚrsaZissuer_and_serial_number)rÆ   rÇ   Úx448zCannot encrypt for key type 'ú')rß   Únativer¡   rt   rA   Zkey_usage_valuer+   ZPdfWriteErrorÚsubjectZhuman_friendlyr   ÚIssuerAndSerialNumberrö   r÷   ÚRecipientIdentifierrB   rÁ   r²   ÚKeyAgreementRecipientIdentifierrë   rÝ   )
r¦   ró   rc   r¤   Zpubkey_algo_infoZalgorithm_nameZ	key_usageZiss_serial_ridr¥   Zka_ridrH   rH   rI   Ú_recipient_info  s8    
ÿÿÿÿ
ÿr   )Úcertificatesrr   rd   rc   rZ   c                    s”   t |||d}t d¡‰ tˆ |d d\}}‡ ‡fdd„| D ƒ}t t d¡|dœ¡}	t t 	d¡|	|d	œ¡}
t 
d
||
dœ¡}t t 	d¡|dœ¡S )N)rf   rô   )Úivc                    s   g | ]}t ˆ |ˆd ‘qS ))rc   )r   )r   ró   ©r¦   rc   rH   rI   Ú
<listcomp>X  s   ÿz+construct_recipient_cms.<locals>.<listcomp>Z
aes256_cbcr¸   Údata)Úcontent_typeÚcontent_encryption_algorithmÚencrypted_contentr   )ru   Úrecipient_infosÚencrypted_content_infoÚenveloped_data)r  Úcontent)r£   rh   ri   r.   r   ZEncryptionAlgorithmr   ZEncryptionAlgorithmIdZEncryptedContentInfoZContentTypeÚEnvelopedDataÚContentInfo)r  rr   rd   rc   rf   Zenvelope_contentr  Úencrypted_envelope_contentZ	rec_infosr¬   r
  r  rH   r  rI   rj   7  sH      ÿ
  ÿ
þþÿýÿ
ýÿ	þÿrj   c                   @   s   e Zd ZdS )ÚInappropriateCredentialErrorN)rC   rD   rE   rH   rH   rH   rI   r  ~  s   r  c                   @   sR   e Zd ZdZeejdœdd„ƒZee	j
edœdd„Zee	j
e	jeedœd	d
„ZdS )ÚEnvelopeKeyDecrypterz¦
    General credential class for use with public key security handlers.

    This allows the key decryption process to happen offline, e.g. on a smart
    card.
    rY   c                 C   s   t ‚dS )zI
        :return:
            Return the recipient's certificate
        N©rÝ   r\   rH   rH   rI   ró   ‹  s    zEnvelopeKeyDecrypter.cert©rÄ   Úalgo_paramsrZ   c                 C   s   t ‚dS )a¢  
        Invoke the actual key decryption algorithm.
        Used with key transport.

        :param encrypted_key:
            Payload to decrypt.
        :param algo_params:
            Specification of the encryption algorithm as a CMS object.
        :raises InappropriateCredentialError:
            if the credential cannot be used for key transport.
        :return:
            The decrypted payload.
        Nr  )rU   rÄ   r  rH   rH   rI   Údecrypt“  s    zEnvelopeKeyDecrypter.decrypt©rÄ   r  Úoriginator_identifierrÔ   rZ   c                 C   s   t ‚dS )a"  
        Decrypt an envelope key using a key derived from a key exchange.

        :param encrypted_key:
            Payload to decrypt.
        :param algo_params:
            Specification of the encryption algorithm as a CMS object.
        :param originator_identifier:
            Information about the originator necessary to complete the key
            exchange.
        :param user_keying_material:
            The user keying material that will be used in the key derivation.
        :return:
            The decrypted payload.
        Nr  )rU   rÄ   r  r  rÔ   rH   rH   rI   Údecrypt_with_exchange¥  s    z*EnvelopeKeyDecrypter.decrypt_with_exchangeN)rC   rD   rE   rŠ   r‹   r   r   ró   rŽ   r   r   r  rò   r  rH   rH   rH   rI   r  ƒ  s    þúr  c                   @   s   e Zd ZdefdejfgZdS )Ú_PrivKeyAndCertÚkeyró   N)rC   rD   rE   r   r   r   Ú_fieldsrH   rH   rH   rI   r  ¾  s   r  c                   @   s4   e Zd ZdefdejdddœfdejddifgZd	S )
ÚECCCMSSharedInfoÚkey_infoÚentityUInfor   T)ÚexplicitÚoptionalÚsuppPubInfor  r)   N)rC   rD   rE   r   r   ÚOctetStringr  rH   rH   rH   rI   r  Â  s   ýùr  zaes(\d+)_wrap(_pad)?)rÒ   rÓ   rÔ   rZ   c              
   C   s^   |d j }t |¡}|s&t|› dƒ‚t| d¡ƒ}t| |d t||t 	d|¡dœƒ 
¡ dS )Nr§   ú* is not a supported key wrapping algorithmr,   r|   z>I)r  r  r!  )r§   ÚlengthZ
sharedinfo)rû   ÚAES_WRAP_PATTERNÚ	fullmatchrÝ   ÚintÚgroupr'   r  ÚstructÚpackrx   )rÒ   rÓ   rÔ   rè   Z
wrap_matchZkek_bit_lenrH   rH   rI   rå   Ñ  s"    

ÿ
ýÿýrå   c                   @   sÀ   e Zd ZdZe d¡Zeedœdd„ƒZ	e
dœdd„Zee
dœd	d
„ƒZejedœdd„Zeejdœdd„ƒZeddd„ƒZeddd„ƒZe
eje
dœdd„Ze
ejejee
 e
dœdd„ZdS )ÚSimpleEnvelopeKeyDecrypterzñ
    Implementation of :class:`.EnvelopeKeyDecrypter` where the private key
    is an RSA or ECC key residing in memory.

    :param cert:
        The recipient's certificate.
    :param private_key:
        The recipient's private key.
    z1\.3\.132\.1\.11\.(\d+)rY   c                 C   s   dS )NZraw_privkeyrH   ©ÚclsrH   rH   rI   Úget_nameø  s    z#SimpleEnvelopeKeyDecrypter.get_namec                 C   s   | j | jdœ}t|ƒ ¡ S )N)r  ró   )Úprivate_keyró   r  rx   )rU   ÚvaluesrH   rH   rI   Ú
_ser_valueü  s    z%SimpleEnvelopeKeyDecrypter._ser_value)r  c              
   C   sZ   zt  |¡}|d }|d }W n. tk
rL } zt d¡|‚W 5 d }~X Y nX t||dS )Nr  ró   z-Failed to decode serialised pubkey credential©ró   r/  )r  rÞ   Ú
ValueErrorr+   ÚPdfReadErrorr+  )r-  r  Údecodedr  ró   ÚerH   rH   rI   Ú_deser_value   s    
ÿþz'SimpleEnvelopeKeyDecrypter._deser_valuer2  c                 C   s   || _ || _d S r[   )r/  Ú_cert)rU   ró   r/  rH   rH   rI   rT     s    z#SimpleEnvelopeKeyDecrypter.__init__c                 C   s   | j S r[   )r8  r\   rH   rH   rI   ró     s    zSimpleEnvelopeKeyDecrypter.certNc              
   C   sz   ddl m} z$|| |d}ddl m} ||ƒ}W n< tttfk
rl } ztjd|d W Y ¢dS d}~X Y nX t||dS )	aœ  
        Load a key decrypter using key material from files on disk.

        :param key_file:
            File containing the recipient's private key.
        :param cert_file:
            File containing the recipient's certificate.
        :param key_passphrase:
            Passphrase for the key file, if applicable.
        :return:
            An instance of :class:`.SimpleEnvelopeKeyDecrypter`.
        rí   )Úload_private_key_from_pemder)Ú
passphrase)Úload_cert_from_pemderz%Could not load cryptographic material©Úexc_infoNr2  )	Úkeysr9  r;  ÚIOErrorr3  r_   ÚloggerÚerrorr+  )Úkey_fileÚ	cert_fileZkey_passphraser9  r/  r;  ró   r6  rH   rH   rI   rÞ     s     ÿzSimpleEnvelopeKeyDecrypter.loadc              
   C   s¦   zTt |dƒ}| ¡ }W 5 Q R X t ||¡\}}}ddlm}m}	 ||ƒ}|	|ƒ}W nD ttt	fk
r˜ }
 z t
jd|› d|
d W Y ¢dS d}
~
X Y nX t||dS )	aZ  
        Load a key decrypter using key material from a PKCS#12 file on disk.

        :param pfx_file:
            Path to the PKCS#12 file containing the key material.
        :param passphrase:
            Passphrase for the private key, if applicable.
        :return:
            An instance of :class:`.SimpleEnvelopeKeyDecrypter`.
        Úrbrí   )Ú)_translate_pyca_cryptography_cert_to_asn1Ú(_translate_pyca_cryptography_key_to_asn1zCould not open PKCS#12 file Ú.r<  Nr2  )ÚopenÚreadr(   Úload_key_and_certificatesr>  rE  rF  r?  r3  r_   r@  rA  r+  )r-  Zpfx_filer:  ÚfZ	pfx_bytesr/  ró   Zother_certsrE  rF  r6  rH   rH   rI   Úload_pkcs120  s     ÿ
z&SimpleEnvelopeKeyDecrypter.load_pkcs12r  c           
      C   sÖ   |d j }|dkrtƒ }nˆ|dkr’ddlm} |d }|d }|d j }|dkr`td	|› d
ƒ‚tt||d d j ƒd||d d j ƒdd}ntd|› dƒ‚tj| j	 
¡ dd}	t|	tƒsÈtdƒ‚|	j||dS )a®  
        Decrypt the payload using RSA with PKCS#1 v1.5 padding or OAEP.
        Other schemes are not (currently) supported by this implementation.

        :param encrypted_key:
            Payload to decrypt.
        :param algo_params:
            Specification of the encryption algorithm as a CMS object.
            Must use ``rsaes_pkcs1v15`` or ``rsaes_oaep``.
        :return:
            The decrypted payload.
        r§   r¨   r¶   r   r³   r¹   r»   r·   z#Only MGF1 is implemented, but got 'rú   )r§   rº   Nr¼   zSOnly 'rsaes_pkcs1v15' and 'rsaes_oaep' are supported for envelope decryption, not 'z'.©Úpasswordz5The loaded key does not seem to be an RSA private keyr©   )rû   r   r¿   r´   rÝ   r   r   r   Úload_der_private_keyr/  rx   r^   r    r  r  )
rU   rÄ   r  rÎ   rª   r´   Zoaep_paramsr½   Zmgf_nameÚpriv_keyrH   rH   rI   r  Q  sF    


ÿÿÿÿ÷
ÿ ÿ
ÿz"SimpleEnvelopeKeyDecrypter.decryptr  c                 C   sª  |d }| j  |j¡}d}|rJt ¡ t ¡ t ¡ t ¡ dœ | 	d¡d¡}|sVt
dƒ‚tj |d  ¡ ¡}|d j}	t |	¡sŒt
|	› dƒ‚|	 d¡rœtjntj}
t|||d	}|jd
krÂt
dƒ‚|j ¡ }t | ¡ ¡}tj| j ¡ dd}d}t|tƒr4t|tƒr|j j|j jkr$t!|ƒ‚| "t#ƒ |¡}n`t|t$ƒr`t|t%ƒsTt!|ƒ‚| "|¡}n4t|t&ƒrŒt|t'ƒs€t!|ƒ‚| "|¡}nt(dƒ‚| )|¡}|
||dS )am  
        Decrypt the payload using a key agreed via ephemeral-static
        standard (non-cofactor) ECDH with X9.63 key derivation.
        Other schemes aer not supported at this time.


        :param encrypted_key:
            Payload to decrypt.
        :param algo_params:
            Specification of the encryption algorithm as a CMS object.
        :param originator_identifier:
            The originator info, which must be an EC key.
        :param user_keying_material:
            The user keying material that will be used in the key derivation.
        :return:
            The decrypted payload.
        r§   N)Ú0Ú1Ú2Ú3r,   zGOnly dhSinglePass-stdDH algorithms from SEC 1 / RFC 5753 are supported.r¹   r#  Z_padrÑ   r×   z Only originator_key is supportedrM  zCOriginator's public key is not compatible with selected private keyz4The loaded key does not seem to be an EC private key)rÕ   Zwrapped_key)*Údhsinglepass_stddh_arc_patternr&  Zdottedr   ÚSHA224rË   rÌ   rÍ   Úgetr(  rÝ   r   r   rÞ   rx   rû   r%  Úendswithr   Zaes_key_unwrap_with_paddingZaes_key_unwraprå   rî   ÚchosenZuntagr   r®   rO  r/  r^   r   r   rÚ   r3  rÛ   r   r$   r%   r"   r#   r  ræ   )rU   rÄ   r  r  rÔ   ÚoidÚmatchrÒ   rÓ   rè   Z
unwrap_keyrê   Zoriginator_pub_key_infoZoriginator_pub_keyrP  Zmismatch_msgré   Zderived_kekrH   rH   rI   r  ‡  s„    ü ûÿ
ÿ

ÿÿýý
ÿÿ ÿÿÿþÿ
z0SimpleEnvelopeKeyDecrypter.decrypt_with_exchange)N)N)rC   rD   rE   rŠ   ÚreÚcompilerU  ÚclassmethodÚstrr.  rŽ   r1  r7  r   r   r   rT   r‹   ró   ÚstaticmethodrÞ   rL  r   r   r  rò   r   r  rH   rH   rH   rI   r+  ë  s0   

! þ8úr+  )ÚedÚ	decrypterrZ   c           
      C   sÚ  | d D ]Ê}|j dkrØ|j}|d j}t|tjƒs<tdƒ‚|d }|d j}|jj|krÖ|jj	|krÖz| 
|d j|d ¡W   S  tk
r¨ } z|‚W 5 d }~X Y n. tk
rÔ } zt d	¡|‚W 5 d }~X Y nX q|j d
krÌ|j}|d D ]Ö}	|	d j}t|tjƒstdƒ‚|d }|d j}|jj|krò|jj	|kròz0|j|	d j|d |d |d jdW     S  tk
r˜ } z|‚W 5 d }~X Y qò tk
rÆ } zt d	¡|‚W 5 d }~X Y qòX qòqtdƒ‚qd S )Nr	  rÂ   r¥   z;Recipient identifier must be of type IssuerAndSerialNumber.rö   r÷   rÄ   rÃ   zFailed to decrypt envelope keyrì   rñ   rð   rØ   )r  rÔ   zLRecipientInfo must be of type KeyTransRecipientInfo or KeyAgreeRecipientInfo)rî   rY  r^   r   rý   rÝ   rû   ró   rö   r÷   r  r  Ú	Exceptionr+   r4  r  )
ra  rb  Zrec_inforÂ   Zissuer_and_serialrö   Úserialr6  rì   Zrecipient_enc_keyrH   rH   rI   Úread_envelope_keyó  sx    

ÿ

ÿ
þþ
ÿþ
ÿ

ÿ
þüÿþÿre  )Úrecipient_cmsrb  rZ   c              	   C   s  | d j }|dkr t d| ¡‚| d }|d }t||ƒ}|d krFdS |d }|d j }z
|j}W n" ttfk
r„   |d	 j }Y nX |d
kr–tdƒ‚|dkr¶t}	|j	}
|	|||
ƒ}n&|dkrÊt
||ƒ}nt d|› d¡‚|d d… }d }t|ƒdkrt |dd … ¡}||fS )Nr  r  z7Recipient CMS content type must be enveloped data, not r  r
  )NNr  r  r§   )ZdesZ	tripledesZrc2z@Support for DES, 3DES and RC2 has been dropped in pyHanko 0.26.0ZaesZrc4zCipher z is not allowed in PDF 2.0.re   é   )rû   r+   r4  re  Zencryption_cipherr3  ÚKeyErrorrÝ   r-   Zencryption_ivr/   r¡   r>   Ú
from_bytes)rf  rb  r  ra  r
  r¦   r¬   r  Zcipher_nameZdecryption_funr  r  rr   rd   rH   rH   rI   rm   5  sP    
ÿÿ
ÿÿ
ÿ
ÿrm   )Úcfdictc                 C   sb   z| d }W n t k
r*   t d¡‚Y nX t|tjƒr>|f}dd„ |D ƒ}|  dd¡}||dœS )Nrƒ   z.PubKey CF dictionary must have /Recipients keyc                 S   s   g | ]}t j |j¡‘qS rH   ©r   r  rÞ   Úoriginal_bytes©r   ÚxrH   rH   rI   r  w  s    z0_read_generic_pubkey_cf_info.<locals>.<listcomp>r„   Trš   )rh  r+   r4  r^   r*   r   rW  )rj  rM   Úrecipient_objsrO   rH   rH   rI   Ú_read_generic_pubkey_cf_infon  s    ÿ
ÿrp  c                 C   s(   |   dd¡}tf |d |dœt| ƒ—ŽS )Nr}   é(   r|   ©rz   rN   )rW  r“   rp  )rj  rN   Úkeylen_bitsrH   rH   rI   Ú_build_legacy_pubkey_cf~  s    þýrt  c                 C   s   t f d|dœt| ƒ—ŽS )NrÐ   rr  ©r   rp  ©rj  rN   rH   rH   rI   Ú_build_aes128_pubkey_cf‡  s    þýrw  c                 C   s   t f d|dœt| ƒ—ŽS )Nrô   rr  ru  rv  rH   rH   rI   Ú_build_aes256_pubkey_cf  s    þýrx  c                 C   s   t f d|it| ƒ—ŽS )NrN   )r’   rp  rv  rH   rH   rI   Ú_build_aesgcm_pubkey_cf—  s
    ÿÿry  c                       s²  e Zd ZU dZe d¡ee d¡ee d¡ee d¡e	e d¡dd„ iZ
eejef ed	< ed
ejdde ¡ deƒ dfeej eeed dœdd„ƒZd0eeed ee ee dœ‡ fdd„Zeedœdd„ƒZee e dœdd„ƒZ!eej"ee#dœdd„ƒZ$eej"ed dœ‡ fdd„ƒZ%eej"dœd d!„ƒZ&eej"dœd"d#„ƒZ'eej"dœd$d%„ƒZ(d&d'„ Z)e ¡ eƒ feej eed(œd)d*„Z*d1e+e,e-f e.d+œd,d-„Z/edœd.d/„Z0‡  Z1S )2rK   zÎ
    Security handler for public key encryption in PDF.

    As with the standard security handler, you essentially shouldn't ever
    have to instantiate these yourself (see :meth:`build_from_certs`).
    z/V2z/AESV2z/AESV3z/AESV4z	/Identityc                 C   s   t ƒ S r[   )r5   )Ú_Ú__rH   rH   rI   Ú<lambda>«  r    zPubKeySecurityHandler.<lambda>Ú_known_crypt_filtersrÐ   T)rb   rd   rc   Úpdf_macrZ   c
                 K   sœ   |r
t jnt j}d}|tjkr@|r2td|dd}nt|d|d}|	rf|tjkrf|tj	 M }t
 d¡}nd}| |||f||d|dœ|
—Ž}|j|||d |S )aO  
        Create a new public key security handler.

        This method takes many parameters, but only ``certs`` is mandatory.
        The default behaviour is to create a public key encryption handler
        where the underlying symmetric encryption is provided by AES-256.
        Any remaining keyword arguments will be passed to the constructor.

        :param certs:
            The recipients' certificates.
        :param keylen_bytes:
            The key length (in bytes). This is only relevant for legacy
            security handlers.
        :param version:
            The security handler version to use.
        :param use_aes:
            Use AES-128 instead of RC4 (only meaningful if the ``version``
            parameter is :attr:`~.SecurityHandlerVersion.RC4_OR_AES128`).
        :param use_crypt_filters:
            Whether to use crypt filters. This is mandatory for security
            handlers of version :attr:`~.SecurityHandlerVersion.RC4_OR_AES128`
            or higher.
        :param perms:
            Permission flags.
        :param encrypt_metadata:
            Whether to encrypt document metadata.

            .. warning::
                See :class:`.SecurityHandler` for some background on the
                way pyHanko interprets this value.
        :param pdf_mac:
            Include an ISO 32004 MAC.

            .. warning::
                Only works for PDF 2.0 security handlers.
        :param policy:
            Encryption policy choices for the chosen set of recipients.
        :return:
            An instance of :class:`.PubKeySecurityHandler`.
        NrÐ   )rO   rM   rš   rô   )rO   Úcrypt_filter_configro  Úkdf_salt©rd   rc   )rœ   rŸ   rž   r7   ÚRC4_OR_AES128r™   r˜   rv   r>   ZTOLERATE_MISSING_PDF_MACrh   ri   rl   )r-  rb   Zkeylen_bytesru   Zuse_aesZuse_crypt_filtersrd   rO   rc   r~  rV   Ú	subfilterÚcfcr€  ÚshrH   rH   rI   Úbuild_from_certs®  sF    8ÿý
  ÿýýùø
z&PubKeySecurityHandler.build_from_certsNr4   )ru   Úpubkey_handler_subfilterr  ro  r€  c	           	         sÄ   |t jkr|tjkrt d¡‚|d kr–|t jkr@td||d}nV|t jkrZt|||d}n<|t j	krrt
||d}n$|t jkrŒtd||d}n
t d¡‚tƒ j||||||d || _|| _d | _d S )NzESubfilter /adbe.pkcs7.s5 is required for security handlers beyond V4.é   )rz   rO   rM   rš   rô   z1Failed to impute a reasonable crypt filter config)rO   Úcompat_entriesr€  )r7   r‚  rœ   rŸ   r+   rg   ZRC4_40r˜   ÚRC4_LONGER_KEYSZAES_GCMr›   rv   r™   rS   rT   rƒ  rO   rQ   )	rU   ru   r‡  Úlegacy_keylenrO   r  ro  r‰  r€  rW   rH   rI   rT   
  sZ    ÿþÿ
ý
ý
 ÿ
ýÿúzPubKeySecurityHandler.__init__rY   c                 C   s
   t  d¡S )Nz/Adobe.PubSec)r*   r   r,  rH   rH   rI   r.  M  s    zPubKeySecurityHandler.get_namec                 C   s   dd„ t D ƒS )Nc                 S   s   h | ]
}|j ’qS rH   )rï   rm  rH   rH   rI   Ú	<setcomp>S  s     zCPubKeySecurityHandler.support_generic_subfilters.<locals>.<setcomp>)rœ   r,  rH   rH   rI   Úsupport_generic_subfiltersQ  s    z0PubKeySecurityHandler.support_generic_subfilters)rj  rN   rZ   c                 C   s$   t | j||ƒ}|d kr t d¡‚|S )NzJAn absent CFM or CFM of /None doesn't make sense in a PubSec CF dictionary)r8   r}  r+   r4  )r-  rj  rN   ÚcfrH   rH   rI   Úread_cf_dictionaryU  s      ÿÿz(PubKeySecurityHandler.read_cf_dictionary)Úencrypt_dictrZ   c                    sT   t ƒ  |¡}|  |¡}|d k	r4|tjkr4t d¡‚n|d krP|tjkrPt d¡‚|S )Nz=Crypt filters require /adbe.pkcs7.s5 as the declared handler.z./adbe.pkcs7.s5 handler requires crypt filters.)rS   Úprocess_crypt_filtersÚ_determine_subfilterrœ   rŸ   r+   r4  )r-  r  r„  rƒ  rW   rH   rI   r‘  c  s    
ÿÿz+PubKeySecurityHandler.process_crypt_filters)r  c              	   C   sh   |  dd¡}|d dkr"t d¡‚|d }t |ddd„ ¡}|jd	td
d}t|||| ddd„ ¡dS )Nr}   rÈ   r|   r   z"Key length must be a multiple of 8rƒ   c                 S   s   dd„ | D ƒS )Nc                 S   s   g | ]}t j |j¡‘qS rH   rk  rm  rH   rH   rI   r    s     zSPubKeySecurityHandler.gather_pub_key_metadata.<locals>.<lambda>.<locals>.<listcomp>rH   )ÚlstrH   rH   rI   r|    r    z?PubKeySecurityHandler.gather_pub_key_metadata.<locals>.<lambda>r„   T©Údefaultú/KDFSaltc                 S   s   t | tjtjfƒr| jS d S r[   )r^   r*   ZTextStringObjectr   rl  )rn  rH   rH   rI   r|    s     
ÿÿ)r‹  ro  rO   r€  )rW  r+   rg   Úget_and_applyrF   Údict)r-  r  rs  rz   rM   rO   rH   rH   rI   Úgather_pub_key_metadatau  s.    
ý  ÿþüz-PubKeySecurityHandler.gather_pub_key_metadatac                 C   sP   z$t j|dtd|krtjntjdW S  tk
rJ   t  d|d  ¡‚Y nX d S )Nú
/SubFilterz/CFr”  z8Invalid /SubFilter in public key encryption dictionary: )r+   r—  rœ   rŸ   rž   r3  r4  )r-  r  rH   rH   rI   r’  —  s    ÿù
ÿÿz*PubKeySecurityHandler._determine_subfilterc                 C   s6   t  |d ¡}tf ||  |¡|  |¡dœ|  |¡—ŽS )Nú/V)ru   r‡  r  )r7   Zfrom_numberrK   r’  r‘  r™  )r-  r  ÚvrH   rH   rI   Úinstantiate_from_pdf_objectª  s    ýüz1PubKeySecurityHandler.instantiate_from_pdf_objectc                 C   sÞ   t  ¡ }t  |  ¡ ¡|d< | jj|d< | j ¡ |d< | jrJt  	| j¡|d< | j
s\| jtjkrpt  | jd ¡|d< | jtjkrŒt  | j¡|d< | jtjkrª| | j ¡ ¡ n0|  ¡ }t|tƒsÀt‚t  dd	„ |jD ƒ¡|d
< |S )Nz/Filterrš  r›  r–  r|   r}   r„   c                 s   s   | ]}t  | ¡ ¡V  qd S r[   r~   r€   rH   rH   rI   r‚   Ï  s   ÿz6PubKeySecurityHandler.as_pdf_object.<locals>.<genexpr>rƒ   )r*   ÚDictionaryObjectr   r.  rƒ  rï   ru   r…   Z	_kdf_saltr   Z_compat_entriesr7   rŠ  r†   rz   rˆ   rO   rœ   rŸ   rw   r  Zget_stream_filterr^   rJ   r_   r‡   rM   )rU   r‰   Z
default_cfrH   rH   rI   r…   ·  s0    ÿ
þÿ

þz#PubKeySecurityHandler.as_pdf_object)rb   rd   rc   c                 C   s0   | j  ¡ D ] }t|tƒsq
|j|||d q
d S )Nr  )r  Ústandard_filtersr^   rJ   rl   )rU   rb   rd   rc   rŽ  rH   rH   rI   rl   Õ  s    

z$PubKeySecurityHandler.add_recipients)rp   rZ   c           	      C   sÀ   t |tƒr:t |¡}t |tƒs4t dt|ƒ› d¡‚|}n|}t 	¡ }| j
 ¡ D ]R}t |tƒs`qP| |¡}|jtjkr~|  S |j}|dk	rPt |tƒsšt‚||M }qPt |tƒr´|| _ttj|ƒS )a²  
        Authenticate a user to this security handler.

        :param credential:
            The credential to use (an instance of :class:`.EnvelopeKeyDecrypter`
            in this case).
        :param id1:
            First part of the document ID.
            Public key encryption handlers ignore this key.
        :return:
            An :class:`AuthResult` object indicating the level of access
            obtained.
        zRPubkey authentication credential must be an instance of EnvelopeKeyDecrypter, not rG  N)r^   r:   r9   Zdeserialiser  r+   r4  Útyper>   rŒ   r  rŸ  rJ   rs   Ústatusr1   ro   Zpermission_flagsrt   Z_credentialr0   rn   )	rU   rp   Zid1Zdeser_credentialZactual_credentialrd   rŽ  r‰   Zcf_flagsrH   rH   rI   rs   ä  s,    


ÿ



z"PubKeySecurityHandler.authenticatec                 C   s   | j  ¡ jS r[   )r  Zget_for_streamZ
shared_keyr\   rH   rH   rI   Úget_file_encryption_key  s    z-PubKeySecurityHandler.get_file_encryption_key)TNNTN)N)2rC   rD   rE   rŠ   r*   r   rt  rw  rx  ry  r}  r   r3   rG   r^  r7   rv   r>   rŒ   r@   r   r   r   rF   r†  rœ   r   ÚlistrŽ   rT   r_  r.  r   r  rž  r2   r  r‘  r™  r’  r  r…   rl   r
   r  r:   r0   rs   r¢  r   rH   rH   rW   rI   rK     s”   
     ûöô`     ÷÷C þþ!ÿ!üü ý
ü2rK   )NT)NT)NT)T)T)ŽÚabcÚenumÚloggingr\  rh   r)  Údataclassesr   Úhashlibr   r   Útypingr   r   r   r   r	   r
   Z
asn1cryptor   r   r   r   Zasn1crypto.algosr   Zasn1crypto.cmsr   r   Zasn1crypto.keysr   r   r   Zcryptography.hazmat.primitivesr   r   r   Z,cryptography.hazmat.primitives.asymmetric.ecr   r   r   r   rÙ   Z1cryptography.hazmat.primitives.asymmetric.paddingr   r   r   r   Z-cryptography.hazmat.primitives.asymmetric.rsar    r!   Z.cryptography.hazmat.primitives.asymmetric.x448r"   r#   Z0cryptography.hazmat.primitives.asymmetric.x25519r$   r%   Z"cryptography.hazmat.primitives.kdfr&   Z*cryptography.hazmat.primitives.kdf.x963kdfr'   Ú,cryptography.hazmat.primitives.serializationr(   Ú r*   r+   Ú_utilr-   r.   r/   Úapir0   r1   r2   r3   r4   r5   r6   r7   r8   Zcred_serr9   r:   Zfilter_mixinsr;   r<   r=   Úpermissionsr>   Ú	getLoggerrC   r@  r@   ÚABCrJ   r   r’   r“   r   r–   ZDEF_EMBEDDED_FILEr˜   r™   r›   ÚuniqueÚEnumrœ   rŽ   r£   rþ   r²   rÁ   r°   ÚHashAlgorithmrÏ   rÿ   rë   rç   r   r   r  rj   r_   r  r  ÚSequencer  r  r]  r%  rå   r+  Úregisterr  re  rm   rž  rp  rt  rw  rx  ry  rK   rH   rH   rH   rI   Ú<module>   sè    ,
 




 ÿ ÿýý"ý
ÿþ"ý;ûý0 ûúG;
û  
 þC þ9	