# h%SSKJr SSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSK J r SSK Jr SSKJr SSKJr SSKJrJrJrJrJr SSKJr SS KJrJrJrJr SS KJ r J!r!J"r"J#r#J$r$J%r% SS K&J'r( S r)Sr+Sr,Sr-Sr.Sr/Sr0Sr1Sr2Sr3Sr4Sr5\Rl"S5r7Sr8Sr9Sr:Sr;Sr\Rl"\9S"-\:-\R~5r@\A"\B"\C"S#S$555rD\ "S%S&55rE\E"\RS'\RS!S!SS S(9\E"\RS'\RS!S!SS S(9\E"\RS'\RS!S)S!S S(9S*.rJS+\KS,'\.\/\0S-.rLS^S.jrMS_S/jrN\9S0-\:S0-4S`S1jjrOSaS2jrPSbS3jrQScS4jrRSdS5jrSSdS6jrTSeS7jrUSdS8jrVSfS9jrW"S:S;5rX"S<S=5rY"S>S?5rZ"S@SA5r["SBSC5r\SgSDjr]"SESF5r^"SGSH5r_\,\Y"5\-\Z"5\+\\"5\.\["SI\R"55\/\["SJ\R"55\0\["SK\R"55\2\^"5\3\_"50rcShSLjrd\R\R\R\R\R4rjSiSjSMjjrkSkSNjrl\R\R\R\R\R4rq\R\R\R\R4rr"SOSP\R5rt"SQSR5ruSlSSjrvS\SmSTjjrwSmSUjrxSnSVjrySiSoSWjjrzSpSXjr{\R\R\R\R4r|SYr}"SZS[5r~g!\*a S r)S\S]Sjjr(GNcf=f)q) annotationsN) encodebytes) dataclass)utilsUnsupportedAlgorithm)hashes)dsaeced25519paddingrsa)AEADDecryptionContextCipher algorithmsmodes)EncodingKeySerializationEncryption NoEncryption PrivateFormat PublicFormat_KeySerializationEncryption)kdfTFc[S5e)NzNeed bcrypt moduler)passwordsaltdesired_key_bytesroundsignore_few_roundss b/var/www/html/env/lib/python3.13/site-packages/cryptography/hazmat/primitives/serialization/ssh.py _bcrypt_kdfr!1s##788s ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.comssk-ssh-ed25519@openssh.coms"sk-ecdsa-sha2-nistp256@openssh.coms rsa-sha2-256s rsa-sha2-512s\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnone aes256-ctrs(.*?)c\\rSrSr%S\S'S\S'S\S'S\S'S\S 'S \S 'S \S 'Srg) _SSHCipher\ztype[algorithms.AES]algintkey_lenz3type[modes.CTR] | type[modes.CBC] | type[modes.GCM]mode block_leniv_len int | Nonetag_lenboolis_aeadN)__name__ __module__ __qualname____firstlineno____annotations____static_attributes__r4r"r r(r(\s(  L ==N K  Mr"r( )r*r,r-r.r/r1r3 )r#s aes256-cbcsaes256-gcm@openssh.comzdict[bytes, _SSHCipher] _SSH_CIPHERS) secp256r1 secp384r1 secp521r1c.[U[R5(a[UR 55nU$[U[R 5(a [U5nU$[U[ R[ R45(a[nU$[U[R[R45(a[nU$[U[R[R 45(a["nU$[%S5e)NUnsupported key type) isinstancer EllipticCurvePrivateKey_ecdsa_key_type public_keyEllipticCurvePublicKeyr RSAPrivateKey RSAPublicKey_SSH_RSAr DSAPrivateKey DSAPublicKey_SSH_DSAr Ed25519PrivateKeyEd25519PublicKey _SSH_ED25519 ValueError)keykey_types r _get_ssh_key_typerTs#r1122"3>>#34 O C22 3 3"3' O C#++S-=-=> ? ? O C#++S-=-=> ? ? O  g'')A)A B    O/00r"cURnUR[;a[SUR<35e[UR$)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPErQ)rFrVs r rErEsE   E zz(5ejj^ D   5:: &&r" c<SRU[U5U/5$)Nr")join_base64_encode)dataprefixsuffixs r _ssh_pem_encoder`s 88V^D16: ;;r"cLU(a[U5U-S:wa [S5eg)zRequire data to be full blocksrzCorrupt data: missing paddingN)lenrQ)r]r.s r _check_block_sizercs& 3t9y(A-899.r"c(U(a [S5eg)z!All data should have been parsed.zCorrupt data: unparsed dataN)rQr]s r _check_emptyrfs 677 r"cU(d [S5e[Un[XURUR-US5n[ UR USUR5URXTRS55$)z$Generate key + iv and return cipher.zKey is password-protected.TN)rQr=r!r,r/rr*r-) ciphernamerrrciphseeds r _init_cipherrksx 566  #D  t{{2FD D  n %& $||~&' r"cn[U5S:a [S5e[RUSSSS9USS4$)Uint32 Invalid dataNbig byteorderrbrQr+ from_bytesres r _get_u32ru< 4y1}(( >>$r(e> 4d12h >>r"cn[U5S:a [S5e[RUSSSS9USS4$)Uint64roNrprqrsres r _get_u64rzrvr"cb[U5upU[U5:a [S5eUSUXS4$)zBytes with u32 length prefixroN)rurbrQ)r]ns r _get_sshstrr}s8tnGA3t9}(( 8T"X r"c[U5upU(aUSS:a [S5e[RUS5U4$)z Big integer.rrorp)r}rQr+rt)r]vals r _get_mpintrs<D!IC s1v}(( >>#u %t ++r"cUS:a [S5eU(dgUR5S-S-n[R"X5$)z!Storage format for signed bigint.rznegative mpint not allowedr"ry)rQ bit_lengthr int_to_bytes)rnbytess r _to_mpintrsB Qw566 nn"q (F   c **r"c\rSrSr%SrS\S'SSSjjrSSjrSSjrSS jr SS jr SS jr SS jr SSS jjr SSjrSrg) _FragListz,Build recursive structure without data copy. list[bytes]flistNcX/UlU(aURRU5 ggN)rextend)selfinits r __init___FragList.__init__s#  JJ  d # r"c:URRU5 g)zAdd plain bytesN)rappendrrs r put_raw_FragList.put_raws #r"cVURRURSSS95 g)zBig-endian uint32rnrplengthrrNrrto_bytesrs r put_u32_FragList.put_u32 ! #,,a5,ABr"cVURRURSSS95 g)zBig-endian uint64ryrprNrrs r put_u64_FragList.put_u64 rr"c8[U[[[45(a6UR [ U55 UR RU5 gUR UR55 UR RUR 5 g)zBytes prefixed with u32 lengthN) rCbytes memoryview bytearrayrrbrrsizerrs r put_sshstr_FragList.put_sshstrs` cE:y9 : : LLS " JJ  c " LL $ JJ  cii (r"c8UR[U55 g)z*Big-endian bigint prefixed with u32 lengthN)rrrs r put_mpint_FragList.put_mpints  #'r"cH[[[UR55$)zCurrent number of bytes)summaprbrrs r r_FragList.sizes3sDJJ'((r"cRURHn[U5nX"U-p%X1XR&M U$)zWrite into bytearray)rrb)rdstbufposfragflenstarts r render_FragList.render"s1JJDt9DDj3 $5  r"c[[UR555nURU5 UR 5$)zReturn as bytes)rrrrtobytes)rbufs r r_FragList.tobytes*s/499;/0 C{{}r")rr)rzlist[bytes] | NonereturnNone)rrrr)rr+rr)rzbytes | _FragListrrrr+)r)rrrr+rr+rr)r5r6r7r8__doc__r9rrrrrrrrrr:r4r"r rrs:6 $ CC)()r"rcz\rSrSrSrS SjrS SjrS SjrS SjrSSjr Sr g ) _SSHFormatRSAi1zTFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q c@[U5up![U5up1X#4U4$)zRSA public fieldsr)rr]er|s r get_public_SSHFormatRSA.get_public:s(T"T"vt|r"cURU5uup#n[R"X#5nUR5nXQ4$)zMake RSA public key from data.)rrRSAPublicNumbersrF)rr]rr|public_numbersrFs r load_public_SSHFormatRSA.load_publicBs?t, --a3#..0 r"c [U5up1[U5upA[U5upQ[U5upa[U5upq[U5upXC4U:wa [S5e[R"XW5n [R"XX5n [R "XC5n [R "XxXYXU 5n U R5n X4$)zMake RSA private key from data.z Corrupt data: rsa field mismatch)rrQr rsa_crt_dmp1 rsa_crt_dmq1rRSAPrivateNumbers private_key)rr] pubfieldsr|rdiqmppqdmp1dmq1rprivate_numbersrs r load_private_SSHFormatRSA.load_privateKsT"T"T"% T"T" 6Y ?@ @%%--a3// !4~ &113   r"cUR5nURUR5 URUR5 g)zWrite RSA public keyN)rrrr|)rrFf_pubpubns r encode_public_SSHFormatRSA.encode_publicas2((*  r"cUR5nURnURUR5 URUR5 URUR 5 URUR 5 URUR5 URUR5 g)zWrite RSA private keyN) rrrr|rrrrr)rrf_privrrs r encode_private_SSHFormatRSA.encode_privateis&557(77))*))***+--.**+**+r"r4N)r]rrz"tuple[tuple[int, int], memoryview])r]rrz#tuple[rsa.RSAPublicKey, memoryview])r]rrz$tuple[rsa.RSAPrivateKey, memoryview])rFzrsa.RSAPublicKeyrrrr)rzrsa.RSAPrivateKeyrrrr r5r6r7r8rrrrrrr:r4r"r rr1s +  , !! -!, * 3<   ,, ,6? ,  ,r"rc|\rSrSrSrS SjrS SjrS SjrSSjrSSjr SSjr S r g ) _SSHFormatDSAiyzTFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x cv[U5up![U5up1[U5upA[U5upQX#XE4U4$)zDSA public fieldsr)rr]rrgys r r_SSHFormatDSA.get_publicsAT"T"T"T"a|T!!r"cURU5uup#pEn[R"X#U5n[R"XV5nUR U5 UR 5nX4$)zMake DSA public key from data.)rr DSAParameterNumbersDSAPublicNumbers _validaterF) rr]rrrrparameter_numbersrrFs r r_SSHFormatDSA.load_publicsa"__T2 qd33A!<--aC ~&#..0 r"c>URU5uup4pVn[U5upqX4XV4U:wa [S5e[R"X4U5n[R "Xh5n UR U 5 [R"Xy5n U R5n X4$)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rrrQr rrrDSAPrivateNumbersr) rr]rrrrrxrrrrs r r_SSHFormatDSA.load_privates"__T2 qdT" !<9 $?@ @33A!<--aC ~&//B%113   r"c6UR5nURnURU5 URUR5 URUR 5 URUR 5 URUR5 g)zWrite DSA public keyN)rrrrrrrr)rrFrrrs r r_SSHFormatDSA.encode_publicsu$224*<< ~& )++, )++, )++, (()r"cURUR5U5 URUR5R5 g)zWrite DSA private keyN)rrFrrr)rrrs r r_SSHFormatDSA.encode_privates: ;113V<446889r"cnURnURR5S:wa [S5eg)Niz#SSH supports only 1024 bit DSA keys)rrrrQ)rrrs r r_SSHFormatDSA._validates6*<<    ) ) +t 3BC C 4r"r4N)r]rrztuple[tuple, memoryview])r]rrz#tuple[dsa.DSAPublicKey, memoryview])r]rrz$tuple[dsa.DSAPrivateKey, memoryview])rFzdsa.DSAPublicKeyrrrr)rzdsa.DSAPrivateKeyrrrr)rzdsa.DSAPublicNumbersrr) r5r6r7r8rrrrrrrr:r4r"r rrysv"    ,  !! -! ** *3< *  *:,:6?: :Dr"rc\rSrSrSrS SjrS SjrS SjrSSjrSSjr SSjr S r g )_SSHFormatECDSAizvFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret cXlX lgr)ssh_curve_namerV)rrrVs r r_SSHFormatECDSA.__init__s , r"c[U5up![U5up1X R:wa [S5eUSS:wa [S5eX#4U4$)zECDSA public fieldszCurve name mismatchrrnzNeed uncompressed point)r}rrQNotImplementedError)rr]rVpoints r r_SSHFormatECDSA.get_publicsX"$' !$'  '' '23 3 8q=%&?@ @~t##r"cURU5uup#n[RRURUR 55nXA4$z Make ECDSA public key from data.)rr rGfrom_encoded_pointrVr)rr]_rrFs r r_SSHFormatECDSA.load_publicsI ??40 D..AA JJ  r"cURU5uup4n[U5upQX44U:wa [S5e[R"XPR 5nXa4$)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rrrQr derive_private_keyrV)rr]r curve_namersecretrs r r_SSHFormatECDSA.load_privatesZ%)OOD$9!T!$'   ) +AB B++FJJ?   r"cUR[R[R5nUR UR 5 UR U5 g)zWrite ECDSA public keyN) public_bytesrX962rUncompressedPointrr)rrFrrs r r_SSHFormatECDSA.encode_publicsG'' MM<99  ,,- r"cUR5nUR5nURX25 URUR5 g)zWrite ECDSA private keyN)rFrrr private_value)rrrrFrs r r_SSHFormatECDSA.encode_privatesB!++- %557 :.667r")rVrN)rrrVec.EllipticCurve)r]rrz0tuple[tuple[memoryview, memoryview], memoryview]r]rrz,tuple[ec.EllipticCurvePublicKey, memoryview])r]rrz-tuple[ec.EllipticCurvePrivateKey, memoryview])rFec.EllipticCurvePublicKeyrrrr)rzec.EllipticCurvePrivateKeyrrrr) r5r6r7r8rrrrrrrr:r4r"r rrs  $ $ 9 $  5  ! ! 6 ! 3 G% %r"rc[U5upUR5RS5(d[SUS35eX4$)z U2F application strings sssh:z4U2F application string does not start with b'ssh:' ())r}r startswithrQ)r] applications r load_applicationr7IsT$D)K    + +G 4 4 }A     r"c*\rSrSrSrSSjrSrg)_SSHFormatSKEd25519iVz The format of a sk-ssh-ed25519@openssh.com public key is: string "sk-ssh-ed25519@openssh.com" string public key string application (user-specified, but typically "ssh:") cb[[5RU5up![U5up1X!4$r!)_lookup_kformatrPrr7rr]rFr s r r_SSHFormatSKEd25519.load_public_s1+<8DDTJ "4(r"r4Nr2r5r6r7r8rrr:r4r"r r9r9Vs  4 r"r9c*\rSrSrSrSSjrSrg)_SSHFormatSKECDSAihz The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is: string "sk-ecdsa-sha2-nistp256@openssh.com" string curve name ec_point Q string application (user-specified, but typically "ssh:") cb[[5RU5up![U5up1X!4$r)r;_ECDSA_NISTP256rr7r<s r r_SSHFormatSKECDSA.load_publicrs1+?;GGM "4(r"r4Nrr>r4r"r r@r@hs  5 r"r@snistp256snistp384snistp521c[U[5(d[U5R5nU[;a [U$[ SU<35e)z"Return valid format or throw errorzUnsupported key type: )rCrrr _KEY_FORMATSr)rSs r r;r;sH h & &h'//1<H%% !7|D EEr"c[R"SU5 Ub[R"SU5 [R U5nU(d [ S5eUR S5nURS5n[R"[U5XE5nUR[5(d [ S5e[U5[[5Sn[U5up`[U5upp[U5up[U5upU S:wa [ S5e[U5up[U 5up[!U 5n U R#U 5up[%U 5 Xg4[&[&4:wGaUR)5nU[*;a[-SU<35eU[.:wa[-SU<35e[*UR0n[*UR2n[U5unn[*UR4(a&[7U5n[U5U:wa [ S 5eO [%U5 [9UU5 [U5unn[U5unn[%U5 [;XUR)5U5nUR=5n[UR?U55n[*UR4(a2[AU[B5(de[%UREW55 OA[%URG55 O'[U5unn[%U5 S n[9UU5 [U5unn[U5unnUU:wa [ S 5e[U5unnUU :wa [ S 5eU RIUU 5unn[U5unnU[JS[U5:wa [ S 5e[AURN5(a$[PRR"S[RTSS9 U$)z.Load private key from OpenSSH custom encoding.r]NrzNot OpenSSH private key formatr%zOnly one key supportedzUnsupported cipher: zUnsupported KDF: z+Corrupt data: invalid tag length for cipherryzCorrupt data: broken checksumzCorrupt data: key type mismatchzCorrupt data: invalid paddingDSSH DSA keys are deprecated and will be removed in a future release. stacklevel)+r_check_byteslike _check_bytes_PEM_RCsearchrQrendbinascii a2b_base64rr5 _SK_MAGICrbr}rur;rrf_NONErr=r_BCRYPTr.r1r3rrcrk decryptorupdaterCrfinalize_with_tagfinalizer_PADDINGr rKwarningswarnDeprecatedIn40)r]rbackendmp1p2rhkdfname kdfoptionsnkeyspubdata pub_key_typekformatrciphername_bytesblklenr1edatatagrkbufrridecck1ck2rSrr s r load_ssh_private_keyros  64( :x0tA 9:: B qB   z$/6 7D ??9 % %9:: d C N, -D#4(J%MG"4(J4.KE z122 %MG'0Ll+G ++G4I.%--/ < /&&'7&:;  g &):7+'FG G./99/088!$' t ( ) 1 1+C3x7" !NOO#  %( , d~ T, Onn3::e,- ( ) 1 1c#899 99 ..s3 4  ("$' tT%(%JC%JC cz899"%(OHe<:;; --eY?K5!HAu 3u:&&899+s0011       r"c[R"SU5 [U[R5(a$[ R "S[RSS9 [U5n[U5n[5nU(a[n[URn[n[n [U[ 5(aUR"b UR"n [$R&"S5n UR)U 5 UR+U 5 [-XaX5n O [.=phSnSn Sn [$R&"S5n S n[5nUR)U5 UR1UR35U5 [X/5nUR)U5 UR5UU5 UR)U5 UR7[8SUUR;5U-- 5 [5nUR7[<5 UR)U5 UR)U5 UR)U5 UR+U 5 UR)U5 UR)U5 UR;5nUR;5n[?[AUU-55nURCU5 UU- nU b&U RE5RGUUUUUS5 [IUSU5$) z3Serialize private key with OpenSSH custom encoding.rISSH DSA key support is deprecated and will be removed in a future releasernrINr$ryr%r")%rrLrCr rKrZr[r\rTr;r_DEFAULT_CIPHERr=r.rT_DEFAULT_ROUNDSr _kdf_roundsosurandomrrrkrSrrFrrrYrrRrrr encryptor update_intor`)rrencryption_algorithmrSrf f_kdfoptionsrhrhrarrrirccheckvalcomment f_public_key f_secretsf_mainslenmlenrofss r _serialize_ssh_private_keyrs}  z8,+s0011  *    !-Hh'G;L$ j)33  +-H I I$00<)55Fzz"~%V$J$?$$  Ezz!}HG;LH% +002LA8./I " ; 2 ! hE9>>+;f+D!EFG[F NN9 j! g l# NN5 l# i  >> D ;;=D Ytf}- .C MM# +C  $$ST]CI> 3u: &&r"c\rSrSrSrSrSrg)SSHCertificateTypei[r%rHr4N)r5r6r7r8USERHOSTr:r4r"r rr[s D Dr"rc>\rSrSrSSjr\SSj5rSSjr\SSj5r\SSj5r \SSj5r \SSj5r \SS j5r \SS j5r \SS j5r\SS j5rSS jrSSjrSSjrSrg)SSHCertificatei`cXlX lX0l[U5UlXPlX`lXplXl Xl Xl Xl Xl XlXlUUlUUlXlg![ a [ S5ef=f)NzInvalid certificate type)_nonce _public_key_serialr_typerQ_key_id_valid_principals _valid_after _valid_before_critical_options _extensions _sig_type_sig_key_inner_sig_type _signature_cert_key_type _cert_body_tbs_cert_body)rrrr_cctyperrrrrrrrrrrrrs r rSSHCertificate.__init__as( &  9+G4DJ !2(*!2&" .$,$, 978 8 9s A55B c,[UR5$r)rrrs r nonceSSHCertificate.noncesT[[!!r"cL[R"[UR5$r)typingcastSSHCertPublicKeyTypesrrs r rFSSHCertificate.public_keys{{0$2B2BCCr"cUR$r)rrs r serialSSHCertificate.serials ||r"cUR$r)rrs r typeSSHCertificate.types zzr"c,[UR5$r)rrrs r key_idSSHCertificate.key_idsT\\""r"cUR$r)rrs r valid_principalsSSHCertificate.valid_principals%%%r"cUR$r)rrs r valid_beforeSSHCertificate.valid_befores!!!r"cUR$r)rrs r valid_afterSSHCertificate.valid_afters   r"cUR$r)rrs r critical_optionsSSHCertificate.critical_optionsrr"cUR$r)rrs r extensionsSSHCertificate.extensionssr"c[UR5nURUR5up#[ U5 U$r)r;rrrrf)r sigformat signature_key sigkey_rests r rSSHCertificate.signature_keys5#DNN3 %.%:%:4==%I" [!r"c[UR5S-[R"[UR5SS9-$)N F)newline)rrrP b2a_base64rrs r rSSHCertificate.public_bytess< $%% & !!%"8%H I r"cUR5n[U[R5(a9UR [ UR 5[ UR55 g[U[R5(a[UR 5up#[U5upC[U5 [R"X$5n[UR5nUR U[ UR5[R "U55 g[U["R$5(deUR&[(:Xa[*R,"5nOUUR&[.:Xa[*R0"5nO+UR&[2:Xde[*R4"5nUR [ UR 5[ UR5[6R8"5U5 gr)rrCr rOverifyrrrr rGrrf asym_utilsencode_dss_signature_get_ec_hash_algrVECDSArrIrrJr SHA1_SSH_RSA_SHA256SHA256_SSH_RSA_SHA512SHA512r PKCS1v15)rrrr]s computed_sighash_algs r verify_cert_signature$SSHCertificate.verify_cert_signatureso**, mW%=%= > >  doo&d.A.A(B  r'@'@ A A 1GA &GA  %::1@L' (;(;> >>##x/!;;=%%8!==?++>>>!==?  doo&d))*  "  r")rrrrrrrrrrrrrrrrrN)"rrrSSHPublicKeyTypesrr+rr+rrrrrr+rr+rdict[bytes, bytes]rrrrrrrrrrrrrrrrr)rrr)rr)rr)rr)rr)r5r6r7r8rpropertyrrFrrrrrrrrrrrr:r4r"r rr`sy'-'-''- '-  '-  '-''-'-'-.'-('-'-'-$'-'- #!'-"#'-$%'-R""D ##&&""!!&&    r"rc>[U[R5(a[R"5$[U[R 5(a[R "5$[U[R5(de[R"5$r) rCr SECP256R1r r SECP384R1SHA384 SECP521R1r)rVs r rrs_%&&}} E2<< ( (}}%....}}r"c[R"SU5 [RU5nU(d [ S5eUR S5=p4UR S5nSnUR [5(aSnUS[[5*nU[:XaU(d [S5e[U5n[[R"U55nU(aUn [#U5upX:wa [ S 5eU(a [#U5upUR%U5upU(Ga['U5up[)U5up[#U5up[#U5unn/nU(a1[#U5unnUR+[-U55 U(aM1['U5unn['U5unn[#U5unn[/U5n[#U5unn[/U5n[#U5unn[#U5unn[#U5unnU[:XaU(d [S 5eW S[U5*n[#U5unn[1U5 [#U5unn U[2:XaU[4[6[24;dU[2:waUU:wa [ S 5e[#U 5un!n [1U 5 [9W U U UUUUUUUUUUU!UUU 5$[1U5 U $![[R 4a [ S5ef=f) Nr]zInvalid line formatr%rHFTz-DSA keys aren't supported in SSH certificateszInvalid formatzInvalid key formatz3DSA signatures aren't supported in SSH certificatesz!Signature key type does not match)rrK_SSH_PUBKEY_RCmatchrQgroupendswith _CERT_SUFFIXrbrMrr;rrPrQ TypeErrorErrorr}rrzrurr_parse_exts_optsrfrJrrr)"r]_legacy_dsa_allowedr^rS orig_key_typekey_body with_certrfrest cert_bodyinner_key_typerrFrcctyper principalsr principalrr crit_optionsrextsrr  sig_key_rawsig_typesig_key tbs_cert_body signature_rawinner_sig_typesig_rest signatures" r _load_ssh_public_identityrs  64(T"A .// wwqz)HwwqzHI&& 0s<0018$7" ;  h'G+(--h78 &t,N&-..!$' **40J~ ~ "4( &t, D$/ $; !Iz  # #E)$4 5j%TN T%d^ d(. d+L9 & d%d+ d#4'- T' 4' x (;&E ",SYJ/ )$/ tT#.}#=   #_h?@("~'A@A A)(3 8X                 #  ( TK x~~ &+)**+s ;K##&L c[U5$r)rres r load_ssh_public_identityrJs %T **r"cH0nSnU(a[U5up0[U5nXA;a [S5eUbXB:a [S5e[U5upP[U5S:a'[U5upV[U5S:a [S5e[U5X'UnU(aMU$)NzDuplicate namezFields not lexically sortedrz!Unexpected extra data after value)r}rrQrb) exts_optsresult last_namerWbnamevalueextras r rrPs!#FI %i0T{ ?-. .  U%6:; ;&y1 u:>&u-LE5zA~ !DEEe    ) Mr"c[USS9n[U[5(aUR5nOUn[U[R 5(a$[ R"S[RSS9 U$)NT)rrGrHrI) rrCrrFr rLrZr[rr\)r]r] cert_or_keyrFs r load_ssh_public_keyr dsh,DdKK+~.. ++-  *c..//      r"c[U[R5(a$[R"S[ R SS9 [U5n[U5n[5nURU5 URX5 [R"UR55R5nSR!USU/5$)z&One-line public key format for OpenSSHrqrnrIr"r)rCr rLrZr[rr\rTr;rrrrPrrstripr[)rFrSrfrpubs r serialize_ssh_public_keyrxs*c..//  *    !,Hh'G KE X *,   emmo . 4 4 6C 88XtS) **r"c \rSrSrSSSS/SSS//4 SSjjrSSjrSSjrSSjrSSjrSS jr S r SS jr SS jr SS jr SSjrSSjrSrg)SSHCertificateBuilderiNFc |XlX lX0lX@lXPlX`lXplXlXlXl gr rrrrr_valid_for_all_principalsrrrr) rrrrrrrrrrrs r rSSHCertificateBuilder.__init__s='   !2)B&*(!2&r"c [U[R[R[ R 45(d [S5eURb [S5e[UURURURURURUR UR"UR$UR&S9 $)NrBzpublic_key already setr)rCr rGrrIr rOrrrQrrrrrrrrrr)rrFs r rF SSHCertificateBuilder.public_keys ))  ((   23 3    '56 6$"LL**LL"44&*&D&D,,**"44((  r"c ~[U[5(d [S5eSUs=::aS:d O [S5eURb [S5e[ UR UURURURURURURURURS9 $)Nzserial must be an integerrz"serial must be between 0 and 2**64zserial already setr)rCr+rrQrrrrrrrrrrr)rrs r rSSHCertificateBuilder.serials&#&&78 8F"U"AB B << #12 2$((**LL"44&*&D&D,,**"44((  r"c J[U[5(d [S5eURb [ S5e[ UR URUURURURURURURURS9 $)Nz"type must be an SSHCertificateTypeztype already setr)rCrrrrQrrrrrrrrrr)rrs r rSSHCertificateBuilder.types$ 233@A A :: !/0 0$((LLLL"44&*&D&D,,**"44((  r"c J[U[5(d [S5eURb [ S5e[ UR URURUURURURURURURS9 $)Nzkey_id must be byteszkey_id already setr)rCrrrrQrrrrrrrrrr)rrs r rSSHCertificateBuilder.key_ids&%((23 3 << #12 2$((LL**"44&*&D&D,,**"44((  r"c UR(a [S5e[SU55(aU(d [S5eUR(a [S5e[ U5[ :a [S5e[URURURURUURURURURURS9 $)NzDPrincipals can't be set because the cert is valid for all principalsc3B# UHn[U[5v M g7fr)rCr).0rs r 9SSHCertificateBuilder.valid_principals..sC2BQJq%((2Bsz5principals must be a list of bytes and can't be emptyzvalid_principals already setz:Reached or exceeded the maximum number of valid_principalsr)rrQallrrrb_SSHKEY_CERT_MAX_PRINCIPALSrrrrrrrrr)rrs r r&SSHCertificateBuilder.valid_principalss  ) )%  C2BCCC#G   ! !;< <  #> >L %((LL**LL.&*&D&D,,**"44((  r"c JUR(a [S5eUR(a [S5e[URUR UR URURSURURURURS9 $)Nz@valid_principals already set, can't set valid_for_all_principalsz$valid_for_all_principals already setTr) rrQrrrrrrrrrrrs r valid_for_all_principals.SSHCertificateBuilder.valid_for_all_principals,s  ! !+   ) )CD D$((LL**LL"44&*,,**"44((  r"c [U[[45(d [S5e[U5nUS:dUS:a [ S5eUR b [ S5e[ URURURURURURUURURURS9 $)Nz$valid_before must be an int or floatrrzvalid_before must [0, 2**64)zvalid_before already setr)rCr+floatrrQrrrrrrrrrrr)rrs r r"SSHCertificateBuilder.valid_beforeBs,e 55BC C<( ! |u4;< <    )78 8$((LL**LL"44&*&D&D&**"44((  r"c [U[[45(d [S5e[U5nUS:dUS:a [ S5eUR b [ S5e[ URURURURURURURUURURS9 $)Nz#valid_after must be an int or floatrrzvalid_after must [0, 2**64)zvalid_after already setr)rCr+r-rrQrrrrrrrrrrr)rrs r r!SSHCertificateBuilder.valid_afterXs+U|44AB B+& ?kU2:; ;    (67 7$((LL**LL"44&*&D&D,,$"44((  r"c [U[5(a[U[5(d [S5eXRVVs/sHupUPM snn;a [ S5e[ UR URURURURURURUR/URQWU4PURS9 $s snnf)Nname and value must be byteszDuplicate critical option namer)rCrrrrQrrrrrrrrrrrrWrr s r add_critical_option)SSHCertificateBuilder.add_critical_optionns$&&j.F.F:; ; (>(>?(>WTD(>? ?=> >$((LL**LL"44&*&D&D,,**F 6 6Fu F((  @C!c[U[5(a[U[5(d [S5eXRVVs/sHupUPM snn;a [ S5e[ UR URURURURURURURUR/URQWU4PS9 $s snnf)Nr2zDuplicate extension namer)rCrrrrQrrrrrrrrrrr3s r add_extension#SSHCertificateBuilder.add_extensions$&&j.F.F:; ; (8(89(8WTD(89 978 8$((LL**LL"44&*&D&D,,**"44:$**:T5M:  :r6c ~[U[R[R[ R 45(d [S5eURc [S5eURcSO URnURc [S5eURcSO URnUR(dUR(d [S5eURc [S5eUR c [S5eUR UR:a [S 5eUR"R%S S 9 UR&R%S S 9 [)UR5nU[*-n[,R."S 5n[1U5n[35nUR5U5 UR5U5 UR7URU5 UR9U5 UR;URR<5 UR5U5 [35n URHn U R5U 5 M UR5U R?55 UR9UR 5 UR9UR5 [35n UR"HrupU R5U 5 [AU 5S:a<[35nUR5U 5 U R5UR?55 MaU R5U 5 Mt UR5U R?55 [35nUR&HrupUR5U 5 [AU 5S:a<[35nUR5U 5 UR5UR?55 MaUR5U 5 Mt UR5UR?55 UR5S5 [)U5n[1U5n[35nUR5U5 UR7URC5U5 UR5UR?55 [U[ R 5(alUREUR?55n[35nUR5U5 UR5U5 UR5UR?55 GO[U[R5(a[GURH5nUREUR?5[RJ"U55n[LRN"U5unn[35nUR5U5 [35nURQU5 URQU5 UR5UR?55 UR5UR?55 O[U[R5(de[35nUR5[R5 UREUR?5[TRV"5[XRZ"55nUR5U5 UR5UR?55 [\R^"UR?55Ra5n[bRd"[f[iSRkUSU/555$)NzUnsupported private key typezpublic_key must be setrztype must be setr"zAvalid_principals must be set if valid_for_all_principals is Falsezvalid_before must be setzvalid_after must be setz-valid_after must be earlier than valid_beforec US$Nrr4rs r ,SSHCertificateBuilder.sign..s!A$r")rRc US$r<r4r=s r r>r?sAaDr"r;r)6rCr rDrrHr rNrrrQrrrrrrrrsortrrTrrurvr;rrrrrrrrbrFsignrrVrrdecode_dss_signaturerrr rr rrPrrrrrrr[)rrrrrS cert_prefixrrff fprincipalsrfcritrWrfoptvalfextfextvalca_typecaformatcafrfsigrrrfsigblob cert_datas r rBSSHCertificateBuilder.signsc **!!))   :; ;    #56 6ll*  :: /0 0 ,$,, %%d.L.L     %78 8    $67 7   t11 1LM M ###7 .1$T%5%56-  2!(+ K [! Ud..2 & $**""# Vk ''A  " "1 %( [((*+ $##$ $$$% 11KD   T "5zA~#+""5)  !23  '2 U]]_%{++KD OOD !5zA~#+""5) 12&, T\\^$ S#K0"7+k w{557= S[[]# k7#<#< = =#((5I;D OOG $ OOI & LL (  R%?%? @ @' (9(9:H#((bhhx6HII229=DAq;D OOG $ {H   q !   q ! OOH,,. / LL (k3+<+<== == ;D OOO ,#(( W--/I OOI & LL ('' 4::< {{  $SXX{D).L%M N  r") rrrrrrrrrr)rzSSHCertPublicKeyTypes | Nonerr0rzSSHCertificateType | Noner bytes | Nonerrrr2rr0rr0rlist[tuple[bytes, bytes]]rrS)rFrrr)rr+rr)rrrr)rrrr)rrrr)r int | floatrr)rrTrr)rWrrrrr)rSSHCertPrivateKeyTypesrr)r5r6r7r8rrFrrrrr*rrr4r8rBr:r4r"r rrs59"+/ $)+*/$(#'7913'1'') '  ' ' '$('"'!'5'/'0 /  8 * & &" +" " H , , ,  "'  ,  "'  ,G r"r)F) rrrrrr+rr+rr2rr)rRz&SSHPrivateKeyTypes | SSHPublicKeyTypesrr)rFrrr)r]rr^rr_rrr)r]rr.r+rr)r]rrr) rhrrrRrrrr+rz)Cipher[modes.CBC | modes.CTR | modes.GCM])r]rrztuple[int, memoryview])r]rrtuple[memoryview, memoryview])rr+rr)rrV)rSrr)r]rrrRr] typing.AnyrSSHPrivateKeyTypes)rrXrrryrrr)rVrrzhashes.HashAlgorithm)r]rrz"SSHCertificate | SSHPublicKeyTypes)rrrr)r]rr]rWrr)rFrrr) __future__rrPenumrurerrZbase64rr\ dataclassesr cryptographyrcryptography.exceptionsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr r r r rr&cryptography.hazmat.primitives.ciphersrrrr,cryptography.hazmat.primitives.serializationrrrrrrbcryptrr!_bcrypt_supported ImportErrorrPrJrMrB_ECDSA_NISTP384_ECDSA_NISTP521r_SK_SSH_ED25519_SK_SSH_ECDSA_NISTP256rrcompilerrR _SK_START_SK_ENDrTrSrrrsDOTALLrMrrrangerYr(AESCTRCBCGCMr=r9rXrTrEr`rcrfrkrurzr}rrrrrrrr7r9r@rrrrEr;UnionrDrHrKrNrXrorrGrIrLrOrrEnumrrrrrrr rrUr'rr4r"r rvsF # 0!81J 9)  (((' 0>"!23  2 .  **Y)G3RYY ? ia 01 2   NN YY NN YY * NN YY ') %@!  &'%eO< < < < <: 8     / (??,+33lE,E,PCDCDLD8D8N@%@%F   $  ( mo mo#%_[",,.A_[",,.A_[",,.A(*-/  F\\ e eee ePJ'#J'J'5J' J'ZLL     ~~B\ \(\~+ +'+ *(, $(+(  "I I U# 9#( 9999 9  9  99 9s/N<<OO