ÿØÿà JFIF 

  
 
  ÿÛ „ 
 !.%+&8&+/1555$;@;4?.451
4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á
" 

ÿÄ   



           
 ÿÄ ? 
    
 !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ 
 

             
ÿÄ ! 
 
 
       
!1QAa‘2ÿÚ 
  ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô…
Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•
oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^   mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|
íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk
w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀ
Ê•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî
^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~•îëÔ©ª‹
{ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm
ºèËL9 ýè
Æð/¨’¥öo=nË.%Îì   ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È    ¦
øÄër¨q°ð
†nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y•ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@<u %Ü6ÓtIÌpÓr»söfeÁ0O…­´Kƒ&ñ™\©<+,~)‹
ºHÐ*×µ&†ž‘Æ÷ÚŸ
1ßjC5Oh´‡›

Ø×ë æâ“Þà

ÒT]§n{ºöB³ ¦ ̹Â8Êï¦MÉ<„¨s¹¶ì7Ì”æR$Ncà! /éþäRM÷Gƒ¿É$
¦oà>%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ  kÇR
]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ
{L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/
"uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ°.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ
Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû
|ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß
.W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø
Y­ˆÜŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„
·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ 
q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ  !±ù²Ápü²
ß6
0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾
ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„eS‡&õÏ
B!ŽhüÞ`yj}mªf×\¿
Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm°
c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼
ò|Sl”‹7 nPW

Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ß
ð
³ñ#Ï Ô$¶œ‰ÊE‹À;÷º
¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0
$íWV3Üì¬
—@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛæF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U
ÖéQå™—-r    wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’
;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô
J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´Ç•€’I0 É<mÆÈJoúáõóQâØòÙaÙt:  ·=|Ôaz]a1cÉŸ1
4˜à3΍}GFøí7/B«vεŕL=Ðr1ÕšnwH›óÞ¢ºö{)´4€æZç^ÿ yÑ:_([¿ipqQÊ^âÆe;»½“¦º|¢ÀTçèrú1”óTÃ’u¦CG¤ ¡
Š­7ë

·i“¿z»n
ö¼±ù^ö<‹çu7¸ÈlvZðÛAUXje•
dLÞH ÚosÇr`È™‡pÊeÇ4@x7´)ö†Ótœ~i‘Ï[x@äUÃæ­m·e´x
°t¸·²5'žªža   =ÖÌåzϘ'-´ˆpž3§ò‡k  Ý'‰ýÑï¦3ºdè“{eiÔõNkîšECEΠ¥ÃT9ãqÃâŸîɐ8z \?€    >JX` 
ñ¹õ%;µŸD‘«´€àwÒ™UûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞøƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC
p¢Ûúy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ
kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ
nFê{Ç€ü?º'ë
ø‹ì
Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ
¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC`  ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo
™`  
ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç—
‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò
}y-W}™üýVù—ú¢=Ù”c®‘< M ž
´Phr¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò
v  ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb)  kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE-j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–ø<K\%¦cÏÄ#N,Úú‘¤òÒÛõ ’¶§‰Ì
ú•dçb31Ð\7‡ëÚw82
‰KÝkÚñ'¢Ž…[&¼ÌAÔzHàP *اoßreÁY¥Ñ¾ãE|&QbKg]ã„þê*b;R³Öi‹  ±î$£ÈTm¶k÷ˆ
¦»Ù¹i¦¨6 h%Á'Ú
J   \F±â+‹b/Å9ñå5Àë­nˆRv«¯#„&î„$º’@:‘Ôrø+,àq‘秬*Úg´>µFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[
‡
uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù
--,ísòDØ€èk   ÞÀîÜò@â(  ËNˆë›4ô½•/¦o‡€Û7
ê•ÆêòðÜy
'Án½µ á˜ݦ  ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{
€\
ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ
û”
Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê†«À¼
¸e9­Æê_C]žƒ·ý·frÁN«,E=›Çq
-‰öŒ:aÏ¿±í&£Í:-}
84‘ÿ eƒQÑeëSsuiA
³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ]
F Ô—r.åä˜@ö¥ªZoÐýYL·¥S²G/‡ñ
<~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$  ‰"°   æµ8cXGjœˏ¡Aâý•ËÜ¢ûïe·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ>
S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º¢Æ'¥Ðx'e¬ç
]bÈÆV¢ó‹kýBO
ðÊâ$Ÿ!×T
3Mýמ
žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y;
M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg
î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO
EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@
&îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5;e­h<@
Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢|
óLšò¥Ä`
¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí
ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuYw³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À 
n
Ý
‡¼Ö8Fö   óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z    È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ<n^Àïe€Þgn¹”ÜiQê
9Ú±‡„è]ËA¿‚MJìiÓxŒn-ÄS6!ÓæÑû*jÎWøìšÇ뙦gj~+?\,Ö7ÁÕÊ”G™q6TF)óCç<ÓšÂUé†gW=àà“hóR³ÊQì<!÷ÇpR1¯u„De,è­vvâDß~žHå‰ú£Kìní¢ÐçÅÄÅ¥Ü÷
±ÃìÇžûƒz\þÞ¨-•‹
€

¸+¶n¿^
?†[ÖWóÒX¸,0Ø:l?‰Âý«ÿ ·Dc+fÔ[ƒ›ûªšx«kæž1KI…<#'nž¶\±íÎ8¤ìK@’@J¥v)º[Ž±Æå´¼
½Ý¡ç¯ÐO¥ø®è•Óȱ߿wša©“œt‡4îyªœ&+1ÏØ:‚æƒ=/ꎔ`hm
“=©‹]°g}ì€DgUƒ8¤qCˆãáÅ,‡Ô¬ñ10HÑDÂbáÂÿ Œ»v·:uòB6»áp‰>°<×EA!Å‚D™IúOÍ
¡>ôG}Â`ÍßkÜL™Ž  Þð™
{IøF²
¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€
77ˆÝ¼ÊëÜw   =cÕ
Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤
ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜
™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸
Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL
œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º
×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì 
ì&(ˆ¿­•ƒkï’:ðY¦W‘Å)“†‘˜³Åtcø˜ñTÂwÚÇ4
|üLÇªí–v-
qˆèU
qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž|ãw;ÀÁIJ»b`
{¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG   m¤
ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK`hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP
|PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @
G‰¬ s¸    ëÉücr ÞæѨÊ@>¤¢Ö±.Þ'¯°ÌME[YéïĵÂCå½
Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”
빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢
Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾
á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ]R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß
¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ 
àfPìð  .wFšir´þ’2_Y
*Æ€x\«
ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1    2Ž‰$€$I$#‰SÞ’H
ë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ�

�j��
���dd
lm
Z
mZmZmZ
ddlZddlZddlZddlZddl	m
ZmZm
Z
mZmZmZmZmZmZmZmZmZmZmZmZ
ddlmZmZmZmZmZm Z m!Z!m"Z"m#Z#
ddl$m%Z%
ddl&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6
ddl7m8Z8
dd	l9m:Z:
dd
l;m<Z<m=Z=m>Z>
ddl?m@Z@mAZAmBZBmCZC
ddlDmEZEmFZFmGZGmHZHmIZImJZJ
dd
lKmLZL
ej��ZNeNdeNdfZOe8�ZPePdk(rddlQmRZRmSZSmTZTmUZUmVZV
ddlWmXZYmZZ[m\Z\m]Z^m_Z`
nddlambZbmcZcmTZTmdZdmeZe
gd�
Zfgd�
ZgGd�d�ZhGd�dehe�ZiGd�dehe�ZjGd�dehe�Z
dJd�
Zkd�ZldKd�
Zmd �ZndJd!�
Zod"�Zpd#�Zqd$�Zrd%�Zsd&�Ztd'�Zud(�Zvd)�Zwd*�Zxd+�ZydLd,�
Zzd-�Z{dKd.�
Z|d/�Z}dKd0�
Z~dKd1�
Zd2�Z�d3�Z�d4�Z�d5�Z_dMd6�
Z�dMd7�
Z�dMd8�
Z�d9�Z�d:�Z�d;�Z�d<�Z]dMd=�
Z�dMd>�
Z�dMd?�
Z�dMd@�
Z�dMdA�
Z�dMdB�
Z�dMdC�
Z�dMdD�
Z�dMdE�
Z�dF�Z�dG�Z�dH�Z�dI�Z�y)N�)�unicode_literals�division�absolute_import�print_functionN�)�Certificate�DHParameters�	DSAParams�DSASignature�ECDomainParameters�ECPrivateKey�Integer�int_from_bytes�int_to_bytes�PrivateKeyAlgorithm�PrivateKeyInfo�PublicKeyAlgorithm�
PublicKeyInfo�
RSAPrivateKey�RSAPublicKey)	�_CertificateBase�_fingerprint�
_parse_pkcs12�_PrivateKeyBase�_PublicKeyBase�_unwrap_private_key_info�parse_certificate�
parse_private�parse_public)
�pretty_message)�buffer_from_bytes�buffer_from_unicode�
byte_array�bytes_from_buffer�cast�deref�native�new�null�pointer_set�sizeof�struct�struct_bytes�struct_from_buffer�unwrap�write_to_buffer)
�backend)
�
fill_width)�AsymmetricKeyError�IncompleteAsymmetricKeyError�SignatureError)�	type_name�str_cls�byte_cls�	int_types)�add_pkcs1v15_signature_padding�add_pss_padding�raw_rsa_private_crypt�raw_rsa_public_crypt�!remove_pkcs1v15_signature_padding�verify_pss_padding)
�constant_compare�
�	winlegacy)�advapi32�
Advapi32Const�handle_error�open_context_handle�close_context_handle)�ec_generate_pair�ec_compute_public_key_point�ec_public_key_info�
ecdsa_sign�ecdsa_verify)�bcrypt�BcryptConstrE�open_alg_handle�close_alg_handle)r�dsa_sign�
dsa_verifyrKrL�
generate_pair�load_certificate�load_pkcs12�load_private_key�load_public_key�parse_pkcs12�
PrivateKey�	PublicKey�rsa_oaep_decrypt�rsa_oaep_encrypt�rsa_pkcs1v15_decrypt�rsa_pkcs1v15_encrypt�rsa_pkcs1v15_sign�rsa_pkcs1v15_verify�rsa_pss_sign�rsa_pss_verify(r�����
������%�)�+�/�5�;�=�C�G�I�O�S�Y�a�e�g�k�m�q�����������������������������������i

i
i

i
i
i
i
i%
i3
i7
i9
i=
iK
iQ
i[
i]
ia
ig
io
iu
i{
i
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
�	iii#i-i3i9i;iAiKiQiWiYi_ieiiikiwi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i
iiii)i+i5i7i;i=iGiUiYi[i_imiqisiwi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�ii	iiii%i'i-i?iCiEiIiOiUi]iciiii�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�ii	iiiiii'i)i/iQiWi]ieiwi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�ii
iiii#i+i/i=iAiGiIiMiSiUi[ieiyii�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i	iii'i7iEiKiOiQiUiWiaimisiyi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iiii!i#i'i)i3i?iAiQiSiYi]i_iiiqi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i	i	i	i#	i%	i+	i/	i5	iC	iI	iM	iO	iU	iY	i_	ik	iq	iw	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i�	i
i
i!
i1
i9
i=
iI
iW
ia
ic
ig
io
iu
i{
i
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
iiiii#i)i-i?iGiQiWi]ieioi{i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iiii%i/i1iAi[i_iaimisiwi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i

i
i
i
i
i!
i+
i-
i=
i?
iO
iU
ii
iy
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i�
i	iii!i'i/i5i;iKiWiYi]ikiqiui}i�i�i�i�i�i�i�i�i�i�i�i�i�i�iii
ii%i)i1iCiGiMiOiSiYi[igikii�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iiii!i%i+i9i=i?iQiiisiyi{i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iiii'i-i9iEiGiYi_iciiioi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i
iii#i)i+i1i7iAiGiSi_iqisiyi}i�i�i�i�i�i�i�i�i�i�i�i�ii
ii'i-i7iCiEiIiOiWi]igiiimi{i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�ii!i/i3i;iEiMiYikioiqiui�i�i�i�i�i�i�i�i�i�i�iiiiii%i)i+i7i=iAiCiIi_ieigiki}ii�i�i�i�i�i�i�i�i�i�i�i�ii	iiiiii%i3i9i=iEiOiUiiimioiui�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i	ii#i'i3iAi]iciwi{i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iiii5i7i;iCiIiMiUigiqiwi}ii�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�iii1i3iEiIiQi[iyi�i�i�i�i�i�i�i�i�i�i�i�i�i�iiiii!i#i-i/i5i?iMiQiiiki{i}i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�ii#i%i/i1i7i;iAiGiOiUiYieikisii�i�i�i�i�i�i�i�i�i�i�i	iii'i+i-i3i=iEiKiOiUisi�i�i�i�i�i�i�i�i�i�i�i�i	ii!i#i5i9i?iAiKiSi]iciiiqiui{i}i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i
iiiii%i+i/i=iIiMiOimiqi�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i
i
iii9iIiKiQigiui{i�i�i�i�i�i�i�i�i�i�i�i�i�i�i�i i i i' i) i- i3 iG iM iQ i_ ic ie ii iw i} i� i� i� i� i� i� i� i� i� i� i� i� i� i
!i!i5!iA!iI!iO!iY!i[!i_!is!i}!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i�!i"i	"i"i"i!"i%"i+"i1"i9"iK"iO"ic"ig"is"iu"i"i�"i�"i�"i�"i�"i�"i�"i�"i�"i�"i�"i�"i�"i#i	#i#i'#i)#i/#i3#i5#iE#iQ#iS#iY#ic#ik#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i�#i$i$i$i$i)$i=$iA$iC$iM$i_$ig$ik$iy$i}$i$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i�$i
%i%i%i%i'%i1%i=%iC%iK%iO%is%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i�%i&i&i&i&i'&i)&i5&i;&i?&iK&iS&iY&ie&ii&io&i{&i�&i�&i�&i�&i�&i�&i�&i�&i�&i�&i�&i�&i�&i�&i'i'i5'i7'iM'iS'iU'i_'ik'im'is'iw'i'i�'i�'i�'i�'i�'i�'i�'i�'i�'i�'i�'i�'i(i(i
(i(i(i(i!(i1(i=(i?(iI(iQ(i[(i](ia(ig(iu(i�(i�(i�(i�(i�(i�(i�(i�(i�(i�(i�(i�(i)i)i)i!)i#)i?)iG)i])ie)ii)io)iu)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i�)i
*i*i*i%*i/*iO*iU*i_*ie*ik*im*is*i�*i�*i�*i�*i�*i�*i�*i�*i�*i�*i�*i�*i�*i�*i+i'+i1+i3+i=+i?+iK+iO+iU+ii+im+io+i{+i�+i�+i�+i�+i�+i�+i�+i�+i�+i�+i�+i�+i�+i	,i,i,i#,i/,i5,i9,iA,iW,iY,ii,iw,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i�,i-i-i-i;-iC-iI-iM-ia-ie-iq-i�-i�-i�-i�-i�-i�-i�-i�-i�-i�-i
.i.i.i
.i.i.i%.i-.i3.i7.i9.i?.iW.i[.io.iy.i.i�.i�.i�.i�.i�.i�.i�.i�.i�.i�.i�.i�.i�.i�.i/i	/i/i/i'/i)/iA/iE/iK/iM/iQ/iW/io/iu/i}/i�/i�/i�/i�/i�/i�/i�/i�/i�/i�/i�/i�/i�/i�/i
0i
0i#0i)0i70i;0iU0iY0i[0ig0iq0iy0i}0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i�0i1i	1i1i!1i'1i-1i91iC1iE1iK1i]1ia1ig1im1is1i1i�1i�1i�1i�1i�1i�1i�1i�1i�1i�1i�1i�1i	2i2i2i2i)2i52iY2i]2ic2ik2io2iu2iw2i{2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i�2i3i%3i+3i/3i53iA3iG3i[3i_3ig3ik3is3iy3i3i�3i�3i�3i�3i�3i�3i�3i�3i�3i�3i�3i
4i4i4i4i4i74iE4iU4iW4ic4ii4im4i�4i�4i�4i�4i�4i�4i�4i�4i�4i�4i�4i�4i�4i	5i5i5i-5i35i;5iA5iQ5ie5io5iq5iw5i{5i}5i�5i�5i�5i�5i�5i�5i�5i�5i�5i�5i�5i�5i�5i�5i6i6i6i#6i16i56i76i;6iM6iO6iS6iY6ia6ik6im6i�6i�6i�6i�6i�6i�6i�6i�6i�6i�6i�6i
7i7i7i7i?7iE7iI7iO7i]7ia7iu7i7i�7i�7i�7i�7i�7i�7i�7i�7i�7i�7i8i8i!8i38i58iA8iG8iK8iS8iW8i_8ie8io8iq8i}8i�8i�8i�8i�8i�8i�8i�8i�8i�8i�8i�8i�8i�8i
9i9i#9i%9i)9i/9i=9iA9iM9i[9ik9iy9i}9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i�9i:i:i:i:i':i+:i1:iK:iQ:i[:ic:ig:im:iy:i�:i�:i�:i�:i�:i�:i�:i�:i�:i�:i�:i;i;i;i!;i#;i-;i9;iE;iS;iY;i_;iq;i{;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i�;i
<i
<i<i<i<i)<i5<iC<iO<iS<i[<ie<ik<iq<i�<i�<i�<i�<i�<i�<i�<i�<i�<i�<i�<i�<i=i
=i=i=i=i!=i-=i3=i7=i?=iC=io=is=iu=iy=i{=i�=i�=i�=i�=i�=i�=i�=i�=i�=i�=i�=i�=i>i	>i>i>i>i#>i)>i/>i3>iA>iW>ic>ie>iw>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i�>i?i
?i7?i;?i=?iA?iY?i_?ie?ig?iy?i}?i�?i�?i�?i�?i�?i�?i�?i�?i�?i�?i�?i@i!@i%@i+@i1@i?@iC@iE@i]@ia@ig@im@i�@i�@i�@i�@i�@i�@i�@i�@i�@i�@i�@i�@i	AiAiAiAi!Ai3Ai5Ai;Ai?AiYAieAikAiwAi{Ai�Ai�Ai�Ai�Ai�Ai�Ai�Ai�Ai�Ai�AiBiBiBiBi#Bi)Bi/BiCBiSBiUBi[BiaBisBi}Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�Bi�BiCiCiCi%Ci'Ci3Ci7Ci9CiOCiWCiiCi�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci�Ci	DiDiDi#Di)Di;Di?DiEDiKDiQDiSDiYDieDioDi�Di�Di�Di�Di�Di�Di�Di�Di�Di�Di�Di�Di�DiEiEiEi+Ei1EiAEiIEiSEiUEiaEiwEi}EiEi�Ei�Ei�Ei�Ei�Ei�Ec
�(�eZ
dZd
Zd
Zd
Zd
Zd�Zd�Zy
)�_WinKeyNc�`�|
|_||_
td
k(rt|_yt
|_y)z�
        :param key_handle:
            A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY
            (XP and 2003) from loading/importing the key

        :param asn1:
            An asn1crypto object for the concrete type
        rBN)�
key_handle�asn1�_backendrC�_librM��selfr�r�s   �I/opt/nydus/tmp/pip-target-mjwu0ny1/lib/python/oscrypto/_win/asymmetric.py�__init__z_WinKey.__init__�
s(��%�����	��{�"� �D�I��D�I�c
�X
�|jrftd
k(r&|jj|j�
}
n%|jj	|j�
}
t|
�

d|_|jr%td
k(rt|j�

d|_d|_y)NrB)r�r�r��CryptDestroyKey�BCryptDestroyKeyrE�context_handlerG)r��ress  r��__del__z_WinKey.__del__�
s}���?�?��;�&��i�i�/�/����@���i�i�0�0����A�����"�D�O����8�{�#:� ��!4�!4�5�"&�D����	r�)	�__name__�
__module__�__qualname__r�r��
ex_key_handler�r�r��r�r�r�r�v
s$���J��N��M��D��$r�r�c�:�eZ
dZd
ZdZd�Zed��Zed��Zy)rYzM
    Container for the OS crypto library representation of a private key
    Nc�2�tj||
|�
y
)z�
        :param key_handle:
            A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY
            (XP and 2003) from loading/importing the key

        :param asn1:
            An asn1crypto.keys.PrivateKeyInfo object
        N�r�r�r�s   r�r�zPrivateKey.__init__�
���	����z�4�0r�c
�`�td
k(�
r[|jdk(rFt|j�
}
t	dt|
|j��|_|jS|jdk(r�|jdd}ttd|d��
tt|dj|jd	jj|d
j��
d��
}t|�
|_|jS|jd	j}ttdd
i
�
t|d|dd��
d��
}t|�
|_|jSt!|j|j"|j$�\}}t|�
|_|jS)z\
        :return:
            A PublicKey object corresponding to this private key.
        rB�ecN�dsa�private_key_algorithm�
parameters��	algorithmr��
g�private_key�
p�r��
public_keyr��rsa�modulus�public_exponent�r�r�)r�r��(_pure_python_ec_compute_public_key_pointr�rZrJ�curve�_public_keyrrr�powr'�parsedrWr�_bcrypt_key_handle_to_asn1�bit_sizer�)r��	pub_point�params�pub_asn1r��
_s      r�r�zPrivateKey.public_key�
s�
���{�"��~�~��%�D�T�Y�Y�O�	�#,�T�3E�i�QU�Q[�Q[�3\�#]�� �J
����I
���5�(�
���#:�;�L�I��(�!3�%*�&,�5�"�#*�#��s��*�*��	�	�-�0�7�7�>�>��s��*�*�+�#�
*�
��$3�8�#<�� �&�������=�1�8�8��(�!3�#�U�5�"�#/�#)�)�#4�+1�2C�+D�0�#�	*���$3�8�#<�� �����5�T�^�^�T�]�]�TX�Tc�Tc�d�K�H�a�.�x�8�D�����r�c
�p�|j�t
|jt�|_|jS)
aY

        Creates a fingerprint that can be compared with a public key to see if
        the two form a pair.

        This fingerprint is not compatible with fingerprints generated by any
        other software.

        :return:
            A byte string that is a sha256 hash of selected components (based
            on the key type)
        )rr�rV�
r�s
 r��fingerprintzPrivateKey.fingerprint�
s0�����$� ,�T�Y�Y�8H� I�D��� � � r�)	r�r�r��__doc__r�r��propertyr�r�r�r�r�rYrY�
s<����K�
1��. ��. �`
�!��!r�rYc
��eZ
dZd
Zd�Zy)rZzL
    Container for the OS crypto library representation of a public key
    c�2�tj||
|�
y
)z�
        :param key_handle:
            A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY
            (XP and 2003) from loading/importing the key

        :param asn1:
            An asn1crypto.keys.PublicKeyInfo object
        Nr�r�s   r�r�zPublicKey.__init__�
r�r�N)r�r�r�r�r�r�r�r�rZrZ�
s���
1r�rZc�>�eZ
dZd
ZdZdZd�Zed��Zed��Z	y)rzM
    Container for the OS crypto library representation of a certificate
    Nc�2�tj||
|�
y
)z�
        :param key_handle:
            A CNG BCRYPT_KEY_HANDLE value (Vista and newer) or an HCRYPTKEY
            (XP and 2003) from loading/importing the certificate

        :param asn1:
            An asn1crypto.x509.Certificate object
        Nr�r�s   r�r�zCertificate.__init__r�r�c
�r�|j� t|jd
d�
|_|jS)zh
        :return:
            The PublicKey object for the public key this certificate contains
        �tbs_certificate�subject_public_key_info)r�rWr�r�s
 r�r�zCertificate.public_keys9�����#�.�t�y�y�9J�/K�Le�/f�g�D�����r�c
�J�|j��d
|_|jjtddg�
vr�|jdj}
|jdj
}|
dk(rt}n9|
dk(rt}n-|
dk(rt}n!|
dk(rt}nttd	|
��
�
	|||jd
j|jdj�|�
d|_|jS|jS#t$r
Y|jSwxYw
)
zT
        :return:
            A boolean - if the certificate is self-signed
        F�yes�maybe�signature_algorithm�rsassa_pkcs1v15�
rsassa_pssr��ecdsaz�
                        Unable to verify the signature of the certificate since
                        it uses the unsupported algorithm %s
                        �signature_valuer�T)�_self_signedr��self_signed�set�signature_algo�	hash_algor`rbrRrL�OSErrorr r'�dumpr5)r�r�r��verify_funcs    r�r�zCertificate.self_signed*s0
�����$� %�D���y�y�$�$��U�G�,<�(=�=�!%���+@�!A�!P�!P�� �I�I�&;�<�F�F�	�!�%6�6�"5�K�#�|�3�"0�K�#�u�,�",�K�#�w�.�".�K�!�.��'�#���	����	�	�"3�4�;�;��	�	�"3�4�9�9�;�!�	�)-�D�%�� � � �t� � � ��'�
��� � � �
�s�/AD�	D"�!
D")
r�r�r�r�r�r�r�r�r�r�r�r�r�rrs@����K��L�
1�� �� ��)!��)!r�rc��|t
gd
�
�
v
rttdt|�
��
�
|dk(r-|
t
gd�
�
v
r�ttdt|
�
��
�
|dk(rbtdks	t
dk(r#|
d	k7r}ttd
t|
�
��
�
|
t
gd�
�
v
rPttdt|
�
��
�
|d
k(r-|t
gd�
�
v
rttdt|�
��
�
t
dk(r7|d
k(r&t
|�
\}}td|�td|�fSt||
�St||
|�S)aB
    Generates a public/private key pair

    :param algorithm:
        The key algorithm - "rsa", "dsa" or "ec"

    :param bit_size:
        An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024,
        2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072
        if on Windows 8 or newer.

    :param curve:
        A unicode string - used for "ec" keys. Valid values include "secp256r1",
        "secp384r1" and "secp521r1".

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A 2-element tuple of (PublicKey, PrivateKey). The contents of each key
        may be saved by calling .asn1.dump().
    )r�r�r�zM
            algorithm must be one of "rsa", "dsa", "ec", not %s
            r�)����zX
                bit_size must be one of 1024, 2048, 3072, 4096, not %s
                r���rrBr�zG
                    bit_size must be 1024, not %s
                    )r�r�r�zZ
                    bit_size must be one of 1024, 2048, 3072, not %s
                    r���	secp256r1�	secp384r1�	secp521r1zd
                curve must be one of "secp256r1", "secp384r1", "secp521r1", not %s
                N)r��
ValueErrorr �repr�_win_version_infor��_pure_python_ec_generate_pairrZrY�_advapi32_generate_pair�_bcrypt_generate_pair)r�r�r��pub_info�	priv_infos     r�rSrSWss
��4��0�1�1���
�
��O�	
��	��E���3�7�8�8��^���X��	��
�
�e�	��v�%��[�)@��4�� �����N�	"����s�#5�6�6� �����N�	"���
�d�	���C�D�D��^���U��	��
��;�����"?��"F��H�i��d�H�-�z�$�	�/J�K�K�&�y�(�;�;�$�Y��%�@�@r�c��|d
k(rd}nd}t
td�}tj|t�tj
dt�|�}t
|�

t|�
}t|�
}tj|t�tj
d||�}t
|�

tt||�}t|�
}	tt|	�}
t||�|
d}|d
k(rt|
|	|�\}}
||
fSt
td�}tj|t�tjdt�|�}t
|�

t|�
}t|�
}tj|t�tjd||�}t
|�

t||�|
d}t|
||�\}}
||
fS)ao

    Accepts an key handle and exports it to ASN.1

    :param algorithm:
        The key algorithm - "rsa" or "dsa"

    :param bit_size:
        An integer - only used when algorithm is "rsa"

    :param key_handle:
        The handle to export

    :return:
        A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and
        asn1crypto.keys.PublicKeyInfo
    r��
RSABLOBHEADER�
DSSBLOBHEADER�DWORD *rN)r(rC�CryptExportKeyr)rD�PRIVATEKEYBLOBrEr&r!r.r/r+r$� _advapi32_interpret_rsa_key_blob�
PUBLICKEYBLOB� _advapi32_interpret_dsa_key_blob)r�r�r��struct_type�out_lenr��
buffer_length�buffer_�blob_struct_pointer�blob_struct�struct_size�private_blob�public_info�private_info�public_out_len�public_buffer_length�
public_buffer�public_blobs                  r��_advapi32_key_handle_to_asn1r
�s�
��$�E��%��%���(�I�&�G�
�
!�
!�����$�$�	����
�C�����'�N�M��
�.�G�
�
!�
!�����$�$�	���
�C����,�X�{�G�L���,�-�K���;�/�K�$�W�m�<�[�\�J�L��E��$D�X�{�\h�$i�!��\�@

��&�&�7�X�y�1���%�%���F��'�'�
��F��

��	�S��$�^�4��)�*>�?�
��%�%���F��'�'�
���

��	�S��'�
�7K�L�[�\�Z��$D�X�{�\h�$i�!��\���&�&r�c�D�|d
k(r!tj}tj}n tj}tj}d}d}	t|d��}t
td�}|
dztjz}tj||||�}t|�

t|�
}t||
|�\}	}
t|	�
t|
�
f|rt|�

|rtj |�

SS#|rt|�

|rtj |�

wwxYw
)a�
    Generates a public/private key pair using CryptoAPI

    :param algorithm:
        The key algorithm - "rsa" or "dsa"

    :param bit_size:
        An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024,
        2048, 3072 or 4096. For "dsa" the value may be 1024.

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A 2-element tuple of (PublicKey, PrivateKey). The contents of each key
        may be saved by calling .asn1.dump().
    r�NF�
�verify_only�HCRYPTKEY *�)rD�MS_ENH_RSA_AES_PROV�
CALG_RSA_SIGN�MS_ENH_DSS_DH_PROV�
CALG_DSS_SIGNrFr(rC�CRYPT_EXPORTABLE�CryptGenKeyrEr/r
rWrVrGr�)r�r��provider�algorithm_idr�r��key_handle_pointer�flagsr�r
r
s           r�r�r��s

��*�E�� �4�4��$�2�2�� �3�3��$�2�2���N��J�1�,�X�5�I�� ��=�9���R��=�#A�#A�A���"�"�>�<��HZ�[���S���.�/�
�$@��H�V`�$a�!��\���,�.>�|�.L�M�� ��0���$�$�Z�0���� ��0���$�$�Z�0��s
�BC8�8'Dc	�D�|d
k(r#d}tj}tj}nR|dk(r+|
dkDrd}nd}tj}tj}n"d}tj
}tj}ttd�}tj|t�|t�d	|d	�}t|�

t|�
}t|�
}	tj|t�||	||d	�}t|�

tt||	�}
t|
�
}t!t|�}t#|	|�|d
}
|d
k(rt%d||
�}n5|dk(r#|
dkDrt'dd||
�}nt'dd
||
�}n
t)d||
�}ttd�}tj|t�|t�d	|d	�}t|�

t|�
}t|�
}tj|t�||||d	�}t|�

tt||�}t|�
}t!t|�}t#||�|d
}|d
k(rt%d||�}||fS|dk(r)|
dkDrt'dd||�}||fSt'dd
||�}||fSt)d||�}||fS)au

    Accepts an key handle and exports it to ASN.1

    :param algorithm:
        The key algorithm - "rsa", "dsa" or "ec"

    :param bit_size:
        An integer - only used when algorithm is "dsa"

    :param key_handle:
        The handle to export

    :return:
        A 2-element tuple of asn1crypto.keys.PrivateKeyInfo and
        asn1crypto.keys.PublicKeyInfo
    r��BCRYPT_RSAKEY_BLOBr�r��BCRYPT_DSA_KEY_BLOB_V2�BCRYPT_DSA_KEY_BLOB�BCRYPT_ECCKEY_BLOB�ULONG *rN�privaterrA�public)rN�BCRYPT_RSAFULLPRIVATE_BLOB�BCRYPT_RSAPUBLIC_BLOB�BCRYPT_DSA_PRIVATE_BLOB�BCRYPT_DSA_PUBLIC_BLOB�BCRYPT_ECCPRIVATE_BLOB�BCRYPT_ECCPUBLIC_BLOBr(rM�BCryptExportKeyr)rEr&r!r.r/r+r$�_bcrypt_interpret_rsa_key_blob�_bcrypt_interpret_dsa_key_blob�_bcrypt_interpret_ec_key_blob)r�r�r�r
�private_blob_type�public_blob_type�private_out_lenr��private_buffer_length�private_buffer�private_blob_struct_pointer�private_blob_structr

r
r�r
r
r
�public_blob_struct_pointer�public_blob_structr
r�s                      r�r�r�3s���$�E��*��'�B�B��&�<�<��	�e�	��d�?�2�K�/�K�'�?�?��&�=�=��+��'�>�>��&�<�<���&�)�,�O�
�
 �
 ��T�V�5F���PQ�Sb�de�
f�C����!�/�2��&�'<�=�N�
�
 �
 ��������	��C����"4�V�[�.�"Y�� �!<�=����!4�5�K�$�^�5J�K�K�L�Y�L��E��4�Y�@S�Ua�b��	�e�	��d�?�8��A�GZ�\h�i�K�8��A�GZ�\h�i�K�3�I�?R�T`�a�����+�N�
�
 �
 ��T�V�5E�t�v�q�R`�bc�
d�C���� ��0��%�&:�;�M�
�
 �
 ��������	��C����!3�F�K��!W��� :�;����!3�4�K�#�M�3G�H���V�K��E��3�H�>P�R]�^�
�
��$�$�
�e�	��d�?�7��!�EW�Yd�e�J�
��$�$�	8��!�EW�Yd�e�J�
��$�$�3�8�=O�Q\�]�
���$�$r�c�b�|d
k(rtj}nR|dk(rtj}n<tjtjtj
d�|}dddd�|}
d}	t
|�
}ttd�}tj|||
d	�}t|�

t|�
}tj|d	�}t|�

t||
|�\}}	|rtj|�

	t|�
t!|	�
fS#|rtj|�

wwxYw
)
aL
    Generates a public/private key pair using CNG

    :param algorithm:
        The key algorithm - "rsa", "dsa" or "ec"

    :param bit_size:
        An integer - used for "rsa" and "dsa". For "rsa" the value maye be 1024,
        2048, 3072 or 4096. For "dsa" the value may be 1024, plus 2048 or 3072
        if on Windows 8 or newer.

    :param curve:
        A unicode string - used for "ec" keys. Valid values include "secp256r1",
        "secp384r1" and "secp521r1".

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A 2-element tuple of (PublicKey, PrivateKey). The contents of each key
        may be saved by calling .asn1.dump().
    r�r�r��
i�
r�N�BCRYPT_KEY_HANDLE *r)rN�BCRYPT_RSA_ALGORITHM�BCRYPT_DSA_ALGORITHM�BCRYPT_ECDSA_P256_ALGORITHM�BCRYPT_ECDSA_P384_ALGORITHM�BCRYPT_ECDSA_P521_ALGORITHMrOr(rM�BCryptGenerateKeyPairrEr/�BCryptFinalizeKeyPairr�r�rWrV)
r�r�r��alg_constantr��
alg_handler#
r�r�r�s
          r�r�r��s4
��4�E��"�7�7��	�e�	�"�7�7��%�@�@�$�@�@�$�@�@�
��	�����
��	���J�0�$�\�2�
� ��)>�?���*�*�:�7I�8�UV�W���S���.�/�
��*�*�:�q�9���S��"<�Y��R\�"]��
�K���#�#�J�/��J�'�)9�+�)F�G�G����#�#�J�/��s
�,A:D�D.c
��t
|t�sttd
t	|�
��
�
|dkrtd�
�
|dkDrtd�
�
|dzdk7rtd�
�
d	}
d
}	|dz}tdk(r$ttj�
}
t|�
}	tdk(rtj|�
}n.tj|
|d�}t|�

t!|�
}t#|�
}|d
zdk(r
�b|d
k(r	|dzdk7r�p|dk(r|dz}|dk7r|dk7r
��d}	t$D]}
||
zdk(s
�d
}	
n
|	s9t'||�r-|d
z}t'||�rt)||d��
|
rt+|
�

SS��#|
rt+|
�

wwxYw
)a`
    Generates DH parameters for use with Diffie-Hellman key exchange. Returns
    a structure in the format of DHParameter defined in PKCS#3, which is also
    used by the OpenSSL dhparam tool.

    THIS CAN BE VERY TIME CONSUMING!

    :param bit_size:
        The integer bit size of the parameters to generate. Must be between 512
        and 4096, and divisible by 64. Recommended secure value as of early 2016
        is 2048, with an absolute minimum of 1024.

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        An asn1crypto.algos.DHParameters object. Use
        oscrypto.asymmetric.dump_dh_parameters() to save to disk for usage with
        web servers.
    z=
            bit_size must be an integer, not %s
            iz-bit_size must be greater than or equal to 512r�z+bit_size must be less than or equal to 4096�@rz!bit_size must be a multiple of 64Nr��winTrB�rfrd�
rcreF)r�r�)�
isinstancer9�	TypeErrorr r6r�r�rOrN�BCRYPT_RNG_ALGORITHMr!�os�urandomrM�BCryptGenRandomrEr$r�
_SMALL_PRIMES�	_is_primer	rP)r�rK
r��	byte_size�buffer�rbr�r��rem�	divisible�prime�
qs            r��generate_dh_parametersra
�s�
��0�h�	�*���
�
�h��	
��	��#�~��H�I�I��$���F�G�G��"�}�
���<�=�=��J�	
�A�-)��
�M�	��u��(��)I�)I�J�J�&�y�1�F���;�&��Z�Z�	�*���,�,�Z���A�N���S�!�&�v�.���r�"�A��1�u�
�z���A�v��r�6�R�<���a���"�f���!�8��q����I�&���u�9�
�>� $�I��'���8�Q�!7���F�
��X�q�)�'�a�a�(8�9���Z�(��M
��L
��Z�(��s�'C
E3�21E3�2
E3�3Fc�t
�d
}|
dz
}|dzd
k(r|dz
}|dz}|dzd
k(r
�|dk\rd}n|dk\rd}n|dk\rd}n|d	k\rd
}n|dk\rd}t
�
D]a}tjd|
dz
�}t|||
�}|dk(s||
dz
k(r
�7t
|dz
�
D]}t|d|
�}||
dz
k(s
�
�`
y
y)u�
    An implementation of Miller–Rabin for checking if a number is prime.

    :param bit_size:
        An integer of the number of bits in the prime number

    :param n:
        An integer, the prime number

    :return:
        A boolean
    rrAriiRrci��i&rdi�
r�FT)�range�random�	randranger�)r��
n�
r�
s�
kr��
a�
xs        r�rY
rY
<s���	
�A�	�A��A�
�a�%�1�*�	�Q��
�	�a��
��a�%�1�*��4��
�
�	�S��
�
�	�S��
�
�	�S��
�
�	�S��
�
�
�1�X�
����Q�
�A��&�
��
�1�a�L�
��
�6�Q�!�a�%�Z���q�1�u��A��A�q�!��A��A�
�E�z���
��r�c�F�|d
z}|dz}|}||z}||z}||z}||z}	|	|z}
|
jj}t|d|ddd��
}t|||ddd��
}
t|||ddd��
}t|||ddd��
}t|||	ddd��
}t||	|
ddd��
}t||
|
|zddd��
}tt	ddi
�
t||d��
d	��
}t
d
||||
||||d�	�
}tdtddi
�
|d��
}||fS)
a�

    Takes a CryptoAPI RSA private key blob and converts it into the ASN.1
    structures for the public and private keys

    :param bit_size:
        The integer bit size of the key

    :param blob_struct:
        An instance of the advapi32.RSAPUBKEY struct

    :param blob:
        A byte string of the binary data after the header

    :return:
        A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
        asn1crypto.keys.PrivateKeyInfo)
    rN
r
rN�����r�r�r�r��	two-prime�	�versionr�r��private_exponent�prime1�prime2�	exponent1�	exponent2�coefficient�rq
r�r�)	�	rsapubkey�pubexprrrrrrr)r�r
�blob�len1�len2�
prime1_offset�
prime2_offset�exponent1_offset�exponent2_offset�coefficient_offset�private_exponent_offsetr�r�rs
rt
ru
rv
rw
rr
�public_key_info�rsa_private_key�private_key_infos                      r�r
r
js�
��&�q�=�D��r�>�D��M�!�D�(�M�$�t�+��'�$�.��)�D�0��0�4�7��!�+�+�2�2�O��T�!�M�2�4�R�4�8�9�G�
�D��}�=�d��d�C�
D�F�
�D��/?�@��2��F�
G�F��t�$4�5E�F�t��t�L�M�I��t�$4�5G�H��2��N�O�I� ��&8�9P�!Q�RV�TV�RV�!W�X�K�%�d�+B�CZ�]a�Ca�&b�cg�eg�cg�&h�i��#�'���)
��#��.�$
��	%��O�$���*�,�����"�
%�
�O�&��!4���6
�"�'�'���
�-�.�.r�c��
�d
}|dz}|}||z}||z}|}t
|d|ddd��
}	t
|||ddd��
}
t
|||ddd��
}t
||||zddd��
}t
|
|||zddd��
}
ttdt|	|
|d��
d��
t	|
�
d	��
}tdt
dt|	|
|d��
d��
t	|�
d
��
}||fS)a�

    Takes a CryptoAPI DSS private key blob and converts it into the ASN.1
    structures for the public and private keys

    :param bit_size:
        The integer bit size of the key

    :param public_blob:
        A byte string of the binary data after the public key header

    :param private_blob:
        A byte string of the binary data after the private key header

    :return:
        A 2-element tuple of (asn1crypto.keys.PublicKeyInfo,
        asn1crypto.keys.PrivateKeyInfo)
    �rN
rNrn
r��r�r`
r�r�r�rx
)rrrr
rrr)r�r
r
r|
r}
�q_offset�g_offset�x_offset�y_offsetr�r`
r�rl
�
yr�
r�
s                r�r
r
�sH
��&�D��q�=�D��H��$��H��$��H��H��|�A�h�/��"��5�6�A��|�H�X�6�t��t�<�=�A��|�H�X�6�t��t�<�=�A��|�H�X��_�=�d��d�C�D�A��{�8�H�t�O�<�T�r�T�B�C�A�#�'��#����%��)
���a�j�
%�
�O�&��!4��#����%��6
�"��q�z�'���
�-�.�.r�c���t
t|
j�}t
t|
j�}|}t	|d
|�
}t	||||z�
}|dk(r%tt
ddi
�
t||d��
d��
S|dk(r�t
t|
j�}t
t|
j�}	||z}
|
|z}||	z}||	z}
|
|	z}||z}t	||
|�
}t	|||�
}t	|||
�
}t	||
|�
}t	|||�
}t	||||z�
}td||||||||d	�	�
}td
tddi
�
|d
��
Sttdt|�
��
�
)a�

    Take a CNG BCRYPT_RSAFULLPRIVATE_BLOB and converts it into an ASN.1
    structure

    :param key_type:
        A unicode string of "private" or "public"

    :param blob_struct:
        An instance of BCRYPT_RSAKEY_BLOB

    :param blob:
        A byte string of the binary data contained after the struct

    :return:
        An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo
        object, based on the key_type param
    rr,
r�r�r�r�r+
ro
rp
rx
�M
            key_type must be one of "public", "private", not %s
            )r'�int�cbPublicExp�	cbModulusrrrr�cbPrime1�cbPrime2rrrr�r r�)�key_typer
r{
�public_exponent_byte_length�modulus_byte_length�modulus_offsetr�r��prime1_byte_length�prime2_byte_lengthr~
r
r�
r�
r�
r�
rs
rt
ru
rv
rw
rr
r�
s                       r�r4
r4
�s��&#)��k�.E�.E�"F�� ��k�&;�&;�<��0�N�$�T�!�N�%;�<�O��T�.��BU�1U�V�W�G��8���+��U�-��'�"�#2�(��	
��	�
�Y�	�#�C��)=�)=�>��#�C��)=�)=�>��&�)<�<�
�%�(:�:�
�(�+=�=��+�.@�@��-�0B�B��"4�7I�"I����]�=� A�B����]�3C� D�E��"�4�(8�9I�#J�K�	�"�4�(8�9K�#L�M�	�$�T�*<�=T�%U�V��)�$�/F�G^�at�Gt�*u�v��'�"��.� 0���"�"�&�
)
�
����%8��U�:�&�+�
��	���
�
��N�	
��	r�c�J�t
t|j�}|
d
k(rLtt
t|j
��
}|}||z}||z}t|d|�
}	t|||�
}
n�|
dk(rut
t|j�}t
t|j�}|}
|
|z}||z}||z}||z}t||
|�
}t|||�
}	t|||�
}
ntdt|
�
z�
�
|dk(r>t|||�
}ttdt|	||
d��
d��
t|�
d	��
S|d
k(rBt||||z�
}tdtdt|	||
d��
d��
t|�
d��
Stt!dt|�
��
�
)
an
    Take a CNG BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2 and converts it
    into an ASN.1 structure

    :param key_type:
        A unicode string of "private" or "public"

    :param version:
        An integer - 1 or 2, indicating the blob is BCRYPT_DSA_KEY_BLOB or
        BCRYPT_DSA_KEY_BLOB_V2

    :param blob_struct:
        An instance of BCRYPT_DSA_KEY_BLOB or BCRYPT_DSA_KEY_BLOB_V2

    :param blob:
        A byte string of the binary data contained after the struct

    :return:
        An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo
        object, based on the key_type param
    rArrzversion must be 1 or 2, not %sr,
r�r�
r�r�r+
rx
r�
)r'r�
�cbKeyrr8r`
�cbSeedLength�cbGroupSizer�r�rrr
rrrr )r�
rq
r
r{
�key_byte_lengthr`
r�
�
public_offset�private_offsetr�r��seed_byte_length�group_byte_lengthr�
�p_offsetr,
r+
s                 r�r5
r5
Cs�
��.�S�+�"3�"3�4�O��!�|��6�(�K�M�M�:�;�
�"�� �?�2�
�&��8���4�
�(�+�,�
��4���7�8�
�	�A��!�#�{�'?�'?�@��"�3��(?�(?�@��#���/�/���o�-�� �?�2�
�&��8��
�4���2�3�
��4���2�3�
��4���7�8�
��9�D��M�I�J�J��8����]�>� B�C���+�"�'����)��-��"�&�/�

�
�
	�
�Y�	� ��n�^�o�5U�!V�W����%8�"�'����)��:�&�#�7�+�
��	���
�
��N�	
��	r�c�r�t
t|
j�}t
t|
j�}tj
d
tjdtjdtjd
tjdtjdi|}d|d|dzz}|dk(r%ttdtd	|�
�d��
|d��
S|d
k(rGt||dz|dz�
}tdt!dtd	|�
�d��
t#d||d��
d��
St%t'dt)|�
��
�
)a�

    Take a CNG BCRYPT_ECCKEY_BLOB and converts it into an ASN.1 structure

    :param key_type:
        A unicode string of "private" or "public"

    :param blob_struct:
        An instance of BCRYPT_ECCKEY_BLOB

    :param blob:
        A byte string of the binary data contained after the struct

    :return:
        An asn1crypto.keys.PrivateKeyInfo or asn1crypto.keys.PublicKeyInfo
        object, based on the key_type param
    r�r�r��
rrr,
r��named)�name�valuer�r�r+
rc�
ecPrivkeyVer1)rq
r�r�rx
r�
)r'r�
�dwMagicr�
rN�BCRYPT_ECDSA_PRIVATE_P256_MAGIC�BCRYPT_ECDSA_PRIVATE_P384_MAGIC�BCRYPT_ECDSA_PRIVATE_P521_MAGIC�BCRYPT_ECDSA_PUBLIC_P256_MAGIC�BCRYPT_ECDSA_PUBLIC_P384_MAGIC�BCRYPT_ECDSA_PUBLIC_P521_MAGICrrrrrrr
r�r r�)r�
r
r{
�magicr�
r�r,
r+
s        r�r6
r6
�sf
��$
�3��+�+�,�E��S�+�"3�"3�4�O�	�3�3�[��3�3�[��3�3�[��2�2�K��2�2�K��2�2�K�

��

�E��t�A�o�
�1�2�
2�F��8���+�!�0� ���-��!�	
�	�		�
�Y�	� ��o�
�&9�/�A�:M�!N�O����%8�!�0� ���:�&�(�*�&�$�)��
��	�"��
�
��N�	
��	r�c
�R
�t
|t�r|}
nyt
|t�rt|�
}
n]t
|t�r/t|d
�5}t|j
��
}
ddd�
nttdt|�
��
�
t
t�S#1s
w
Y

�xYw
)a�

    Loads an x509 certificate into a Certificate object

    :param source:
        A byte string of file contents or a unicode string filename

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A Certificate object
    r\
Nz�
            source must be a byte string, unicode string or
            asn1crypto.x509.Certificate object, not %s
            )rR
�Asn1Certificater8rr7�open�readrS
r r6�	_load_keyr)�source�certificate�
fs   r�rTrT�s��� �&�/�*���	�F�H�	%�'��/��	�F�G�	$�
�&�$�
�1�+�A�F�F�H�5�K� �
���
�
�f��
��	��[�+�.�.� �
���B�B&c��|}t
|t�r|d
d}|j}d}|dk(rK|j\}}|dk7rt	td�
�
�
|t
gd�
�
v
r�t	td�
�
�
|d	k(r�|j�ttd
�
�
�
|jdkDrJtdks	td
k(r8t	td|jj�|j��
�
|jdk(r#|jdk(rt	td�
�
�
td
k(r|dk(r	|
d|�St|||
�St|||
|�S)a�
    Loads a certificate, public key or private key into a Certificate,
    PublicKey or PrivateKey object

    :param key_object:
        An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or
        asn1crypto.keys.PrivateKeyInfo object

    :param container:
        The class of the object to hold the key_handle

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A PrivateKey, PublicKey or Certificate object, based on container
    r�r�Nr�r�
zR
                Windows only supports EC keys using named curves
                r�z�
                Windows only supports EC keys using the named curves
                secp256r1, secp384r1 and secp521r1
                r�z�
                The DSA key does not contain the necessary p, q and g
                parameters and can not be used
                r�r�rBz�
                Windows XP, 2003, Vista, 7 and Server 2008 only support DSA
                keys based on SHA1 (1024 bits or less) - this key is based
                on %s and is %s bits
                r��sha1a

                Windows only supports 2048 bit DSA keys based on SHA2 - this
                key is 2048 bits and based on SHA1, a non-standard
                combination that is usually generated by old versions
                of OpenSSL
                )rR
r�
r�r�r3r r�r�r4r�r�r��upper�_advapi32_load_key�_bcrypt_load_key)�
key_object�	container�key_info�algo�
curve_name�
curve_types      r�r�
r�
s�
��,�H��*�o�.��/�0�1J�K�����D��J��t�|�!)����
�J��� �$�^��&��
�
�S�!H�I�I�$�^��&��
�
������%�.�~��0��
��
�
��
%�+<�v�+E��U`�I`�$�^��
�"�"�(�(�*��!�!�&��
��
�
�$�
&�8�+=�+=��+G�$�^��&��
��;���4�<��T�:�.�.�!�*�h�	�B�B��J��)�Z�H�Hr�c��t
|
t�rd
n
d}|
j}|dk(rd}|dk(s|dk(rtj}ntj
}d}d}	t
||d
k(��}t|
||�}t|�
}	ttd�}
tj||	t|�
t�d|
�}t|�

t|
�
}|||�}||_|dk(rpt|
||d	�
�}
t|
�
}ttd�}tj||t|
�
t�d|�}t|�

t|�
|_|S#t$$r&
|rtj&|�

|rt)|�

�wxYw
)ah
    Loads a certificate, public key or private key into a Certificate,
    PublicKey or PrivateKey object via CryptoAPI

    :param key_object:
        An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or
        asn1crypto.keys.PrivateKeyInfo object

    :param key_info:
        An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo
        object

    :param container:
        The class of the object to hold the key_handle

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A PrivateKey, PublicKey or Certificate object, based on container
    r,
r+
r�r�Nr
r
rF)
�signing)rR
rr�rDr
r
rF�_advapi32_create_blobr!r(rC�CryptImportKey�lenr)rEr/r�r��	Exceptionr�rG)r�
r�
r�
r�
r�
r!
r�r�r{
r

r#
r��output�ex_blob�	ex_buffer�ex_key_handle_pointers                r�r�
r�
[s�
��4&�h�
�>�x�I�H����D��|�����u�}���,� �4�4�� �3�3���N��J�-�,�X�8�x�CW�X��$�X�x��>��#�D�)�� ��=�9���%�%�����I��F�
��

��	�S���.�/�
��:�z�2�� .����5�=�+�H�h��e�T�G�)�'�2�I�$'��-�$@�!��)�)����G�����%�
�C�
���#)�*?�#@�F� ��
������$�$�Z�0�� ��0�
��s
�C?E�/Fc��|
d
k(rtj}ntj}|dk(r&d}|rtj}n#tj}nd}tj
}t
td�}t|�
}||_	tj|_d|_||_
t
t|�}	t|	�
}
||
_|j}|dz}|dz}
|dk(�
r�t
td	�}t|�
}||_|
d
k(r[|d
j"}tj$|_|dj(|_t-|dj(d
|��ddd�}�
n1|dj"}tj.|_|dj(|_t-|dj(d
|��ddd�}|t-|dj(d
|
��ddd�z
}|t-|dj(d
|
��ddd�z
}|t-|dj(d
|
��ddd�z
}|t-|dj(d
|
��ddd�z
}|t-|dj(d
|
��ddd�z
}|t-|dj(d
|��ddd�z
}||
_�
nSt
td�}t|�
}||_|
d
k(rStj2|_|ddj(}t-|d
j"j(d
|��ddd�}nRtj4|_|ddj(}t-|dj"j(d
d��ddd�}||
_t-|dd
|��ddd�}|t-|dd
d��ddd�z
}|t-|dd
|��ddd�z
}||z
}t
td �}t|�
}d!|_|t;|�
z
}t;|	�
|zS)"a�

    Generates a blob for importing a key to CryptoAPI

    :param key_info:
        An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo
        object

    :param key_type:
        A unicode string of "public" or "private"

    :param algo:
        A unicode string of "rsa" or "dsa"

    :param signing:
        If the key handle is for signing - may only be False for rsa keys

    :return:
        A byte string of a blob to pass to advapi32.CryptImportKey()
    r,
r�r�r
�
BLOBHEADERrrN
r
�	RSAPUBKEYr�r�r�F)�signed�widthNrn
r�rs
rt
ru
rv
rw
rr
�	DSSPUBKEYr�r�r�r�
r�r`
r��DSSSEEDl��)rDr
r
r
�
CALG_RSA_KEYXr
r,rCr/�bType�CUR_BLOB_VERSION�bVersion�reserved�aiKeyAlg�publickeystrucr��bitlenr��RSA1r�
r'rz
r�RSA2ry
�DSS1�DSS2�	dsspubkey�counterr-)r�
r�
r�
r�
�	blob_typer
r"
�blob_header_pointer�blob_headerr
r
r�r|
r}
�pubkey_pointer�pubkey�parsed_key_info�	blob_datar��key_data�dssseed_pointer�dssseeds                      r�r�
r�
�s)��*�8��!�/�/�	�!�0�0�	��u�}�%���(�6�6�L�(�6�6�L�%��$�2�2�� ��<�8���,�-�K�!�K��(�9�9�K���K��'�K�� ��;�7���,�-�K�!,�K��� � �H��q�=�D��r�>�D��u�}���+�6����'�� ��
��x��&�|�4�;�;�O�(�-�-�F�L�+�,=�>�E�E�F�M�$�_�Y�%?�%F�%F�u�\`�a�bf�df�bf�g�I�&�}�5�<�<�O�(�-�-�F�L�+�,=�>�E�E�F�M�$�_�Y�%?�%F�%F�u�\`�a�bf�df�bf�g�I���o�h�&?�&F�&F�u�\`�a�bf�df�bf�g�g�I���o�h�&?�&F�&F�u�\`�a�bf�df�bf�g�g�I���o�k�&B�&I�&I�RW�_c�d�ei�gi�ei�j�j�I���o�k�&B�&I�&I�RW�_c�d�ei�gi�ei�j�j�I���o�m�&D�&K�&K�TY�ae�f�gk�ik�gk�l�l�I���o�6H�&I�&P�&P�Y^�fj�k�lp�np�lp�q�q�I� &��� ��+�6����'�� ��
��x��(�-�-�F�L��k�*�<�8�?�?�F�#�H�\�$:�$A�$A�$H�$H�QV�^b�c�dh�fh�dh�i�H�(�-�-�F�L��5�6�|�D�K�K�F�#�H�]�$;�$B�$B�$I�$I�RW�_a�b�cg�eg�cg�h�H� &��� ����U�$�G��"��M�	��\�&��+�e�2�F�t��t�L�L�	��\�&��+�e�4�H��2��N�N�	��X��	� ��9�5����)��$����\�/�2�2�	��+�,�y�8�8r�c
��d
}d
}t
|
t�rdn
d}|
j}|dk(rd}	|dk(r|
jdn
|}tj
tjtjtjtjd�|}	t|	�
}|dk(�r|dk(r4tj}
tj}|
d	j}d
}
d
}n�tj}
tj}|
dj}t!|dj"�
}t!|d
j"�
}t!|dj"�
}t!|dj"�
}t!|dj"�
}t!|dj"�
}t%|�
}
t%|�
}t!|dj"�
}t!|dj"�
}t't(d�}t+|�
}||_|
j.|_t%|�
|_t%|�
|_|
|_||_t;|�
|z|z}|dk(�r�|zz
}|t=|
�z
}|t=|�z
}|t=|
�z
}|t=t%|�
�z
}�n[|dk(�r�|dk(r2tj>}
|
d	jj"}|
dd}nRtj@}
tC|
�
d	j"}t!|
djj"�
}|
dd}t!|�
}t!|dj"�
}t!|dj"�
}t!|dj"�
} |
j.dkDrt%| �
}!nd}!tEt%|�
t%|�
t%|�
�}"t=||"�}t=||"�}t=||"�}t=| |!�} d}#d|!z}$|
j.dkDr�|dk(rtjF}ntjH}t't(d �}t+|�
}||_%|"|_&tjN|_(tjR|_*|!|_+|!|_,t[|#�
|_.t;|�
}||$| z|z|z|zz
}|dk(�r5|t=|!�z
}�n$|dk(rtj^}ntj`}t't(d!�}t+|�
}||_%|"|_&t[|#�
|_.t[|$�
|_1t[| �
|_2t;|�
|z|z|z}|dk(�
r�|t=|!�z
}�
nz|dk(�
rt|dk(r'tjf}
|
d	ji�\}%}&natjj}
|
djd	}|r|ji�\}%}&nd
}%d
}&t!|
djdj"�
}t't(d"�}t+|�
}tjltjntjptjrtjttjvd#�||f}d$d%d&d'�|}"t!|%�
}'t!|&�
}(t=|'|"�}'t=|(|"�}(||_%|"|_&t;|�
|'z|(z}|dk(r|t=|"�z
}tyt(d(�})t)jz|t}�
|)t%|�
tj~�}*t�|*�

t+|)�
}|||�|rt�|�

SS#|rt�|�

wwxYw
))a�
    Loads a certificate, public key or private key into a Certificate,
    PublicKey or PrivateKey object via CNG

    :param key_object:
        An asn1crypto.x509.Certificate, asn1crypto.keys.PublicKeyInfo or
        asn1crypto.keys.PrivateKeyInfo object

    :param key_info:
        An asn1crypto.keys.PublicKeyInfo or asn1crypto.keys.PrivateKeyInfo
        object

    :param container:
        The class of the object to hold the key_handle

    :param curve_name:
        None or a unicode string of the curve name for an EC key

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when the key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A PrivateKey, PublicKey or Certificate object, based on container
    Nr,
r+
r�r�r�rA)r�r�r�r�r�r�rr�rs
rt
ru
rv
rw
rr
r�r�r&
r�r�r�r�r�r�r`
r�r�
s�����
�r'
r(
r)
))r,
r�)r,
r�)r,
r�)r+
r�)r+
r�)r+
r�� �0�Br�rB
)BrR
rr�r�rNrC
rD
rE
rF
rG
rOr.
�BCRYPT_RSAPUBLIC_MAGICr�r-
�BCRYPT_RSAFULLPRIVATE_MAGICrr'r�
r,rMr/�Magicr��	BitLengthr�
r�
r�
r�
r-r2r0
r/
r�max�BCRYPT_DSA_PUBLIC_MAGIC_V2�BCRYPT_DSA_PRIVATE_MAGIC_V2r�
r�
�DSA_HASH_ALGORITHM_SHA256�
hashAlgorithm�
DSA_FIPS186_3�standardVersionr�
r�
r#�Count�BCRYPT_DSA_PUBLIC_MAGIC�BCRYPT_DSA_PRIVATE_MAGIC�Seedr`
r2
�	to_coordsr1
r�
r�
r�
r�
r�
r�
r(�BCryptImportKeyPairr)�BCRYPT_NO_KEY_VALIDATIONrErP)+r�
r�
r�
r�
rK
r�r�
r�
�alg_selectorrJ
r�
r�
�
parsed_key�prime1_size�prime2_sizers
rt
ru
rv
rw
rr
r�r�r
r
r{
r�r��
private_bytes�public_bytesr�r�r`
�q_len�	key_width�count�seedrl
r�
�x_bytes�y_bytesr#
r�s+                                           r�r�
r�
sB��:�J��J�%�h�
�>�x�I�H����D��|����@)�,0�D�L�x�~�~�a�(�d���3�3��3�3�$�@�@�$�@�@�$�@�@�
��
��%�\�2�
��5�=��8�#�'�=�=�	�#�:�:��%�l�3�:�:�
�����'�B�B�	�#�?�?��%�m�4�;�;�
�%�j��&:�&A�&A�B��%�j��&:�&A�&A�B��(��K�)@�)G�)G�H�	�(��K�)@�)G�)G�H�	�*�:�m�+D�+K�+K�L��#/�
�;M�0N�0U�0U�#V� �!�&�k��!�&�k��*�:�6G�+H�+O�+O�P�O�"�:�i�#8�#?�#?�@�G�"(��1E�"F�� �!4�5�K� %�K��$,�$5�$5�K�!�&)�/�&:�K�#�$'��L�K�!�#.�K� �#.�K� �� 3�4��F��P�D��9�$�����'���
�9�k�:�:���
�9�k�:�:���
�;��<�<���
�#3�S��\�B�B��
�U�]��8�#�'�>�>�	�%�l�3�:�:�A�A�
�!�+�.�|�<��'�?�?�	�5�h�?��M�T�T�
� ,�X�m�-D�-K�-K�-R�-R� S�
�!�"9�:�<�H��'�
�3�L��V�C�[�/�/�0�A��V�C�[�/�/�0�A��V�C�[�/�/�0�A�� � �4�'��A������C��-�s�1�v�s�1�v�>�I�%�l�I�>�L��1�i�(�A��1�i�(�A��1�e�$�A� �E��U�?�D�� � �4�'��x�'�'�B�B�E�'�C�C�E�&,�V�5M�&N�#�$�%8�9��&+��#�$-��!�-8�,Q�,Q��)�.9�.G�.G��+�+0��(�*/��'�$.�u�$5��!�#�$7�8����q��1��q�(�<�7�7���y�(��J�}�e�<�<�D��x�'�'�?�?�E�'�@�@�E�&,�V�5J�&K�#�$�%8�9��&+��#�$-��!�$.�u�$5��!�#-�d�#3�� � *�1�
��
�#�$7�8�1�<�q�@�<�O���y�(��J�}�e�<�<�D�
�T�\��8�#�'�=�=�	���-�7�7�9��
�1�'�>�>�	�%�m�4�;�;�L�I�
��%�/�/�1�D�A�q��A��A� ,�X�m�-D�-K�-K�M�-Z�-a�-a� b�
�"(��1E�"F�� �!4�5�K�*5�)S�)S�)4�)S�)S�)4�)S�)S�*5�*U�*U�*5�*U�*U�*5�*U�*U�
���$�&�E� �����	�I�#�1�o�G�"�1�o�G� ��)�4�G� ��)�4�G�"'�K�� )�K��� 3�4�w�>��H�D��9�$��
�=�)�<�<�� ��)>�?���(�(���F������I��0�0�
��	�S���.�/�
���Z�0���Z�(���:��Z�(��s�]]<�<^c��
�t
|t�r|}n�|
�Ot
|
t�r|
jd�
}
t
|
t�stt
dt|
�
��
�
t
|t�r&t|d�5}|j�}d
d
d
�
n.t
|t�stt
dt|�
��
�
t||
�}t|t�S#1s
w
Y

�%xYw
)a
    Loads a private key into a PrivateKey object

    :param source:
        A byte string of file contents, a unicode string filename or an
        asn1crypto.keys.PrivateKeyInfo object

    :param password:
        A byte or unicode string to decrypt the private key file. Unicode
        strings will be encoded using UTF-8. Not used is the source is a
        PrivateKeyInfo object.

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when the private key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A PrivateKey object
    N�utf-8zP
                    password must be a byte string, not %s
                    r\
z�
                source must be a byte string, unicode string or
                asn1crypto.keys.PrivateKeyInfo object, not %s
                )
rR
rr7�encoder8rS
r r6r�
r�
rr�
rY)r�
�password�private_objectr�
s    r�rVrV
s���.�&�.�)������(�G�,�#�?�?�7�3���h��1�����h�'�	!����f�g�&��f�d�#�q������$�#��F�H�-��N���&�!���
�'�v�x�8���^�Z�0�0�$�#�s�
C%�%C.c
�R
�t
|t�r|}
nyt
|t�rt|�
}
n]t
|t�r/t|d
�5}t|j
��
}
ddd�
nttdt
�
��
�
t
t�S#1s
w
Y

�xYw
)a3
    Loads a public key into a PublicKey object

    :param source:
        A byte string of file contents, a unicode string filename or an
        asn1crypto.keys.PublicKeyInfo object

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when the public key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A PublicKey object
    r\
Nz�
            source must be a byte string, unicode string or
            asn1crypto.keys.PublicKeyInfo object, not %s
            )rR
rr8rr7r�
r�
rS
r r6r�
rZ)r�
r�r�
s   r�rWrW9s���$�&�-�(��
�	�F�H�	%�!�&�)�
�	�F�G�	$�
�&�$�
�1�%�a�f�f�h�/�J� �
���
�
�j�!�
��	��Z��+�+� �
�r�
c�$�t
||
t�S)
a�
    Parses a PKCS#12 ANS.1 DER-encoded structure and extracts certs and keys

    :param data:
        A byte string of a DER-encoded PKCS#12 file

    :param password:
        A byte string of the password to any encrypted data

    :raises:
        ValueError - when any of the parameters are of the wrong type or value
        OSError - when an error is returned by one of the OS decryption functions

    :return:
        A three-element tuple of:
         1. An asn1crypto.keys.PrivateKeyInfo object
         2. An asn1crypto.x509.Certificate object
         3. A list of zero or more asn1crypto.x509.Certificate objects that are
            "extra" certificates, possibly intermediates from the cert chain
    )rrV)�datars  r�rXrXas��,��x�)9�:�:r�c�j�|
�Ot
|
t�r|
jd�
}
t
|
t�st	tdt
|
�
��
�
t
|t�r&t|d�5}|j�}d
d
d
�
n.t
|t�st	tdt
|�
��
�
t||
�\}}}d
}d
}|rt|t�}|rt|jt�}|D�cgc]}t|jt���}	}|||	fS#1s
w
Y

�wxYw
c
c}w)a�
    Loads a .p12 or .pfx file into a PrivateKey object and one or more
    Certificates objects

    :param source:
        A byte string of file contents or a unicode string filename

    :param password:
        A byte or unicode string to decrypt the PKCS12 file. Unicode strings
        will be encoded using UTF-8.

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        oscrypto.errors.AsymmetricKeyError - when a contained key is incompatible with the OS crypto library
        OSError - when an error is returned by the OS crypto library

    :return:
        A three-element tuple containing (PrivateKey, Certificate, [Certificate, ...])
    NrzH
                password must be a byte string, not %s
                r\
zR
            source must be a byte string or a unicode string, not %s
            )rR
r7rr8rS
r r6r�
r�
rXr�
rYr�r)
r�
rr�
r�
�	cert_info�extra_certs_info�key�cert�info�extra_certss
          r�rUrUzs)
��,���h��(����w�/�H��(�H�-��N���(�#�	��
��&�'�"�
�&�$�
�1��V�V�X�F� �
����
)���
�
�f��	
��	�-9���,J�)�H�i�)�
�C��D����*�-�����-�-�{�;��GW�X�GW�t�9�T�_�_�k�:�GW�K�X���{�#�#�1 �
��,Y
s�.D$�<!D0�$D-c�R�|jd
k7rtd�
�
t||
||�S)a�
    Verifies an RSASSA-PKCS-v1.5 signature.

    When the hash_algorithm is "raw", the operation is identical to RSA
    public key decryption. That is: the data is not hashed and no ASN.1
    structure with an algorithm identifier of the hash algorithm is placed in
    the encrypted byte string.

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r��*The key specified is not an RSA public key�r�r��_verify��certificate_or_public_key�	signaturer�hash_algorithms    r�r`r`�s0��8!�*�*�e�3��E�F�F��,�i��~�N�Nr�c�d�|j}|d
k7r|dk7rtd�
�
t||
||d��S)a�
    Verifies an RSASSA-PSS signature. For the PSS padding the mask gen algorithm
    will be mgf1 using the same hash algorithm as the signature. The salt length
    with be the length of the hash algorithm, and the trailer field with be the
    standard 0xBC byte.

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r�r�r$T�
�rsa_pss_paddingr%)r(r)rr*�cp_algs     r�rbrb�s>��4'�
0�
0�F�
���6�\�1��E�F�F��,�i��~�_c�d�dr�c�R�|jd
k7rtd�
�
t||
||�S)a�
    Verifies a DSA signature

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r�z)The key specified is not a DSA public keyr%r's    r�rRrR�s0��.!�*�*�e�3��D�E�E��,�i��~�N�Nr�c�R�|jd
k7rtd�
�
t||
||�S)a�
    Verifies an ECDSA signature

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r�z)The key specified is not an EC public keyr%r's    r�rLrL	s0��.!�*�*�d�2��D�E�E��,�i��~�N�Nr�c	�Z�t
|ttf�stt	d
t|�
��
�
t
|
t�stt	dt|
�
��
�
t
|t�stt	dt|�
��
�
|j}|dk(x
s
|dk(}tgd�
�
}|r|s|tdg
�
z}||v
r*d}|r|s|d	z
}tt	d
|t|�
��
�
|s'|du
r#tt	d|j���
�
|dk(rDt|�
|jd
z
kDr)tt	d|jt|�
��
�
tdk(r,|jdk(rt||
||�St!||
|||�St#||
|||�S)a(
    Verifies an RSA, DSA or ECDSA signature

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    ��
            certificate_or_public_key must be an instance of the Certificate or
            PublicKey class, not %s
            zA
            signature must be a byte string, not %s
            �<
            data must be a byte string, not %s
            r�r���md5r�
�sha256�sha384�sha512�raw�+"md5", "sha1", "sha256", "sha384", "sha512"�, "raw"�B
            hash_algorithm must be one of %s, not %s
            F�u
            PSS padding may only be used with RSA keys - signing via a %s key
            was requested
            rfz�
                data must be 11 bytes shorter than the key size when
                hash_algorithm is "raw" - key size is %s bytes, but
                data is %s bytes long
                rBr�)rR
rrZrS
r r6r8r�r�r�r�r�
r�
rZ
r��_pure_python_ecdsa_verify�_advapi32_verify�_bcrypt_verify)	r(r)rr*r-r.�	cp_is_rsa�valid_hash_algorithms�valid_hash_algorithms_errors	         r�r&r&5	s�
��4�/�+�y�1I�J���
�
�/�0�
��	��i��*���
�
�i� �	
��	��d�H�%���
�
�d�O�	
��	�'�
0�
0�F��%��9�6�\�#9�I�� M�N������e�W��-���2�2�&S�#��_�'�9�4�'���
�
(��� �
��	����5���
�
�L�L�N�
��	�����t�9�0�:�:�R�?�?��^��
*�3�3��D�	���
��;��$�.�.�$�6�,�-F�	�SW�Yg�h�h�� 9�9�d�N�\k�l�l��3�Y��n�Ve�f�fr�c���|j}|d
k(x
s
|dk(}|rM|rKdddddd�j|d	�}t||
�}|j}	t	|||	||�std
�
�
y|r@|dk(r;t||
�}
	t
|j|
�}t||�s
t��
	yd}	tjtjtjtjtjd
�|}
t!t"d�}t#j$|j&|
t)�d	|�}t+|�

t-|�
}t#j.||t1|�
d	�}t+|�

|dk(r=	t3j4|
�
j7�}
t1|
�
dz}|
|d|
d|z}
|
ddd�}t#j<||t1|
�
|j>t)�d	�}t+|�

|rt#j@|�

yy#t$r
td
�
�
wxYw
#tt8t:f$r
td
�
�
wxYw
#|rt#j@|�

wwxYw
)a6
    Verifies an RSA, DSA or ECDSA signature via CryptoAPI

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r�r�r�
�r�
r�
rM
�r�
�sha224r6r7r8r�Signature is invalidNr9r4�HCRYPTHASH *r�rrn
)!r��getr=r�r?r5r>rZ
r@r�rD�CALG_MD5�	CALG_SHA1�CALG_SHA_256�CALG_SHA_384�CALG_SHA_512r(rC�CryptCreateHashr�r)rEr/�
CryptHashDatar�
r�load�to_p1363�
OverflowErrorrS
�CryptVerifySignatureWr��CryptDestroyHash)r(r)rr*r-r�
�algo_is_rsa�hash_length�decrypted_signature�key_size�padded_plaintext�	plaintext�hash_handle�alg_id�hash_handle_pointerr��half_len�reversed_signatures                  r�r?r?�	s���4%�.�.�D��%�-�7�4�<�#7�K��������
��#�n�a�
 �
	�3�3L�i�X��,�5�5��!�.�+�x��Ob�c� �!7�8�8���~��.�/�0I�9�U��	9�9�:S�:]�:]�_o�p�I�#�I�t�4� �l�"�5�	��K�43� �)�)�!�+�+�#�0�0�#�0�0�#�0�0�
��
��"�(�N�;���&�&�%�4�4���F�
��
��	�S���0�1���$�$�[�$��D�	�1�E���S���5�=�
=�(�-�-�i�8�A�A�C�	��y�>�Q�.��%�h�i�0�9�Y�h�3G�G�	�'�t��t�_���,�,����	�N�%�0�0��F�
�

��	�S����%�%�k�2���s
�
	9� �!7�8�8�
	9��N
�
�y�9�

=�$�%;�<�<�

=��$��%�%�k�2��s2�<,H�-CI�
<H6�=AI�H3�6 I�I�I3c
�n�|d
k(r|}nutjtjtjtjtj
d�|}t
t|�|�
j�}t�}d}|j}	|	dk(x
s
|	dk(}
|
r�|r]tj}ttd�}t|�
}t�
}
t!td|
�|_t%|�
|_natj(}ttd�}t|�
}|d
k(rt�|_n!t�
}
t!td|
�|_t!td	|�}n$	t+j,|
�
j/�}
tj8|j:||t%|�
|
t%|
�
|�}|tj<k(}|x
s
|tj>k(}|rt7d
�
�
tA|�

y#t0t2t4f$r
t7d
�
�
wxYw
)a0
    Verifies an RSA, DSA or ECDSA signature via CNG

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to verify the signature with

    :param signature:
        A byte string of the signature to verify

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        oscrypto.errors.SignatureError - when the signature is determined to be invalid
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library
    r9r4rr�r��BCRYPT_PSS_PADDING_INFO�	wchar_t *�BCRYPT_PKCS1_PADDING_INFO�void *rHN)!rN�BCRYPT_MD5_ALGORITHM�BCRYPT_SHA1_ALGORITHM�BCRYPT_SHA256_ALGORITHM�BCRYPT_SHA384_ALGORITHM�BCRYPT_SHA512_ALGORITHM�getattr�hashlib�digestr)r��BCRYPT_PAD_PSSr,rMr/r"r%�pszAlgIdr�
�cbSalt�BCRYPT_PAD_PKCS1rrRrSr�rTrS
r5�BCryptVerifySignaturer��STATUS_INVALID_SIGNATURE�STATUS_INVALID_PARAMETERrE)r(r)rr*r-rn�
hash_constant�padding_infor$
r.rA�padding_info_struct_pointer�padding_info_struct�hash_bufferr��failures                r�r@r@
s��4������3�3��5�5�!�9�9�!�9�9�!�9�9�
��
�
�2���.�1�$�7�>�>�@���6�L�
�E�
&�
0�
0�F��%��9�6�\�#9�I����.�.�E�*0��9R�*S�'�"(�)D�"E��-�m�<�K�+/���[�+Q��(�),�V���&��0�0�E�*0��9T�*U�'�"(�)D�"E����&�/3�v�#�,�1�-�@��/3�F�K��/U�#�,��F�H�.I�J��	9�$�)�)�)�4�=�=�?�I��
&�
&�!�,�,����F����I��
��C��[�9�9�9�G��D��� D� D�D�G���3�4�4�����#�M�9�5�
	9� �!7�8�8�
	9�s�7#H� H4c�P�|jd
k7rtd�
�
t||
|�S)aL
    Generates an RSASSA-PKCS-v1.5 signature.

    When the hash_algorithm is "raw", the operation is identical to RSA
    private key encryption. That is: the data is not hashed and no ASN.1
    structure with an algorithm identifier of the hash algorithm is placed in
    the encrypted byte string.

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r��+The key specified is not an RSA private key�r�r��_sign�r�rr*s   r�r_r_^
s-��6����%��F�G�G���d�N�3�3r�c�b�|j}|d
k7r|dk7rtd�
�
t||
|d��S)a$
    Generates an RSASSA-PSS signature. For the PSS padding the mask gen
    algorithm will be mgf1 using the same hash algorithm as the signature. The
    salt length with be the length of the hash algorithm, and the trailer field
    with be the standard 0xBC byte.

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r�r�r}Tr,r~)r�rr*�pkey_algs    r�rara
s;��2�$�$�H��5��X��5��F�G�G���d�N�D�I�Ir�c�P�|jd
k7rtd�
�
t||
|�S)a7
    Generates a DSA signature

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r�z*The key specified is not a DSA private keyr~r�s   r�rQrQ�
s-��,����%��E�F�F���d�N�3�3r�c�P�|jd
k7rtd�
�
t||
|�S)a:
    Generates an ECDSA signature

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384" or "sha512"

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r�z*The key specified is not an EC private keyr~r�s   r�rKrK�
s-��,����$��E�F�F���d�N�3�3r�c	��t
|t�sttd
t	|�
��
�
t
|
t
�sttdt	|
�
��
�
|j}|dk(x
s
|dk(}tgd�
�
}|jdk(r|s|tdg
�
z}||v
r*d}|r|s|dz
}ttd	|t|�
��
�
|s'|d
u
r#ttd|j���
�
|dk(rDt|
�
|jdz
kDr)ttd
|jt|
�
��
�
tdk(r*|jdk(r
t||
|�St||
||�St!||
||�S)a�
    Generates an RSA, DSA or ECDSA signature

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    zO
            private_key must be an instance of PrivateKey, not %s
            r3r�r�r4r9r:r;r<Fr=rfz�
                data must be 11 bytes shorter than the key size when
                hash_algorithm is "raw" - key size is %s bytes, but data
                is %s bytes long
                rBr�)rR
rYrS
r r6r8r�r�r�r�r�
r�
rZ
r��_pure_python_ecdsa_sign�_advapi32_sign�_bcrypt_sign)r�rr*r-r��pkey_is_rsarBrCs        r�rr�
s�
��2�k�:�.���
�
�k�"�	
��	��d�H�%���
�
�d�O�	
��	��$�$�H��e�#�?�x�<�'?�K�� M�N������%�o���e�W��-���2�2�&S�#���'�9�4�'���
�
(��� �
��	��?�%�7���
�
�N�N��
��	�����t�9�{�,�,�r�1�1��^��
�%�%��D�	���
��;��� � �D�(�*�;��n�M�M��k�4���Q�Q���T�>�?�K�Kr�c�h�|j}|d
k(x
s
|dk(}|r'|dk(r"t|j|
�}t||�S|r>|r<dddddd	�j	|d
�}t|||j|
�}t||�S|jdk(r|dk(rttd
�
�
�
d}	tjtjtjtjtjd�|}	tt d�}
t!j"|j$|	t'�d
|
�}t)|�

t+|
�
}t!j,||
t/|
�
d
�}t)|�

tt d�}t!j0|tj2t'�d
t'�|�}t)|�

t5|�
}
t7|
�
}t!j0|tj2t'�d
||�}t)|�

t9|t5|�
�}|ddd�}|dk(r<t/|�
dz}||d|d|z}t;j<|�
j?�}||rt!j@|�

SS#|rt!j@|�

wwxYw
)a�
    Generates an RSA, DSA or ECDSA signature via CryptoAPI

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r�r�r9r�
rEr�
r�
rM
rFrr�r5zO
            Windows does not support md5 signatures with DSA keys
            Nr4rIr

rn
r)!r�r:rZ
r<rJr;r�r�r rDrKrLrMrNrOr(rCrPr�r)rEr/rQr�
�CryptSignHashW�AT_SIGNATUREr&r!r$r�
from_p1363r�rV)r�rr*r-r�
rW�padded_datarXr]r^r_r�r
r	
r

r�
r`s                 r�r�r�0s���2� � �D��%�-�7�4�<�#7�K��~��.�4�[�5J�5J�D�Q��$�[�+�>�>��������
��#�n�a�
 �
	�&�n�k�;�CW�CW�Y]�^��$�[�+�>�>�����%�.�E�*A���
�
��	��K�C
3� �)�)�!�+�+�#�0�0�#�0�0�#�0�0�
��
��"�(�N�;���&�&��&�&���F�
��
��	�S���0�1���$�$�[�$��D�	�1�E���S���h�	�*���%�%���&�&��F�
��F��

��	�S���g��
�#�M�2���%�%���&�&��F�
���

��	�S��"�7�E�'�N�;����"�����5�=��6�{�a�'�H��H�I�&��	��):�:�F�"�,�,�V�4�9�9�;�F����%�%�k�2���;��%�%�k�2��s
�-GJ�J1c
�>�|d
k(r|
}nutjtjtjtjtj
d�|}t
t|�|
�
j�}t�}d}|j}|dk(x
s
|dk(}	|	r�|r_dddd	d
d�|}
tj}ttd�}t|�
}t�
}
t!td|
�|_|
|_natj&}ttd
�}t|�
}|d
k(rt�|_n!t�
}
t!td|
�|_t!td|�}|dk(r2|j(dkDr#|t+ddg�
vrt-t/d�
�
�
t1td�}tj2|j4||t7|�
t�d||�}t9|�

t;|�
}t=|�
}|	rt!td�}tj2|j4||t7|�
||||�}t9|�

t?|t;|�
�}|	s#tAjB|�
jE�}|S)a�
    Generates an RSA, DSA or ECDSA signature via CNG

    :param private_key:
        The PrivateKey to generate the signature with

    :param data:
        A byte string of the data the signature is for

    :param hash_algorithm:
        A unicode string of "md5", "sha1", "sha256", "sha384", "sha512" or "raw"

    :param rsa_pss_padding:
        If PSS padding should be used for RSA keys

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the signature
    r9r4rr�r�r
r�
r�
r�
rM
rcrdrerfr�r�r5r�
z~
            Windows does not support sha1 signatures with DSA keys based on
            sha224, sha256 or sha512
            r

)#rNrgrhrirjrkrlrmrnr)r�ror,rMr/r"r%rprqrrr�r�r�r r(�BCryptSignHashr�r�
rEr&r!r$rr�r�)r�rr*r-rnrvrwr$
r�r�rXrxryrzr
r��
buffer_lenr[
r)s                   r�r�r��s���2������3�3��5�5�!�9�9�!�9�9�!�9�9�
��
�
�2���.�1�$�7�>�>�@���6�L�
�E��$�$�H��e�#�?�x�<�'?�K����������
�K� �.�.�E�*0��9R�*S�'�"(�)D�"E��-�m�<�K�+/���[�+Q��(�)4��&��0�0�E�*0��9T�*U�'�"(�)D�"E����&�/3�v�#�,�1�-�@��/3�F�K��/U�#�,��F�H�.I�J���5��[�1�1�D�8�^�s�TY�[a�Sb�Oc�=c���
�
��	��&�)�$�G�
�
�
�������F����	��
�	�C�����w��J�
�z�
*�F���F�H�.I�J��
�
�
�������F�����
�	�C����!�&�%��.�9�I��!�+�+�I�6�;�;�=�	��r�c�h
�t
|ttf�stt	d
t|�
��
�
t
|
t�stt	dt|
�
��
�
t
|t�stt	dt|�
��
�
tdk(r
t||
|�St||
|�S)aG
    Encrypts a value using an RSA public key

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to encrypt with

    :param data:
        A byte string of the data to encrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the ciphertext
    r2r3�A
            rsa_oaep_padding must be a bool, not %s
            rB)rR
rrZrS
r r6r8�boolr��_advapi32_encrypt�_bcrypt_encrypt)r(r�rsa_oaep_paddings   r��_encryptr�#s���,�/�+�y�1I�J���
�
�/�0�
��	��d�H�%���
�
�d�O�	
��	��&��-���
�
�&�'�	
��	��;�� �!:�D�BR�S�S��4�d�<L�M�Mr�c	��
�d
}|rtj}ttdt	|
�
�}tj
|jt�d|t�|d
�}t|�

t|�
}t|�
}t||
�
t|t	|
�
�
tj
|jt�d||||�}t|�

t|t|�
�ddd�S)aU
    Encrypts a value using an RSA public key via CryptoAPI

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to encrypt with

    :param data:
        A byte string of the data to encrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the ciphertext
    rr

TNrn
)rD�
CRYPT_OAEPr(rCr�
�CryptEncryptr�r)rEr&r!r0r*r$)r(rr�r$
r
r�r�r[
s        r�r�r�Ws���,
�E���(�(���(�I�s�4�y�1�G�
�
�
�!�/�/����
����	��C�����w��J�
�z�
*�F��F�D�!����T��#�
�
�
�!�/�/����
�����C�����V�U�7�^�4�T�r�T�:�:r�c���tj}|d
ur�tj}ttd�}t|�
}t
tj�
}ttd|�|_	t�|_d|_ttd|�}n
t�}ttd�}t	j|j|
t!|
�
|t�dt�d||�
}	t#|	�

t%|�
}
t'|
�
}t	j|j|
t!|
�
|t�d||
||�
}	t#|	�

t)|t%|�
�S)aO
    Encrypts a value using an RSA public key via CNG

    :param certificate_or_public_key:
        A Certificate or PublicKey instance to encrypt with

    :param data:
        A byte string of the data to encrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the ciphertext
    T�BCRYPT_OAEP_PADDING_INFOrdrrfr*
)rNrr�BCRYPT_PAD_OAEPr,rMr/r"rhr%rpr)�pbLabel�cbLabelr(�
BCryptEncryptr�r�
rEr&r!r$)r(rr�r$
rxryrzrwr
r�r�r[
s            r�r�r��sB
��,
�(�(�E��4���+�+��&,�V�5O�&P�#�$�%@�A��)�+�*K�*K�L��'+�F�K��'M��$�&*�f��#�&'��#��F�H�.I�J���v���&�)�$�G�
�
�
�!�,�,���D�	����	���	��
��C�����w��J�
�z�
*�F�
�
�
�!�,�,���D�	����	����
��C�����V�U�7�^�4�4r�c�\
�t
|t�sttd
t	|�
��
�
t
|
t
�sttdt	|
�
��
�
t
|t�sttdt	|�
��
�
tdk(r
t||
|�St||
|�S)a1
    Encrypts a value using an RSA private key

    :param private_key:
        A PrivateKey instance to decrypt with

    :param ciphertext:
        A byte string of the data to decrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the plaintext
    zY
            private_key must be an instance of the PrivateKey class, not %s
            zB
            ciphertext must be a byte string, not %s
            r�rB)
rR
rYrS
r r6r8r�r��_advapi32_decrypt�_bcrypt_decrypt)r��
ciphertextr�s   r��_decryptr��s���,�k�:�.���
�
�k�"�	
��	��j�(�+���
�
�j�!�	
��	��&��-���
�
�&�'�	
��	��;�� ��j�:J�K�K��;�
�4D�E�Er�c�
�d
}|rtj}|
ddd�}
t|
�
}ttdt|
�
�}t	j|jt�d|||�}t|�

t|t|�
�S)a?
    Encrypts a value using an RSA private key via CryptoAPI

    :param private_key:
        A PrivateKey instance to decrypt with

    :param ciphertext:
        A byte string of the data to decrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the plaintext
    rNrn
r

T)rDr�r!r(rCr�
�CryptDecryptr�r)rEr$r&)r�r�r�r$
r[
r
r�s       r�r�r�
s���,
�E���(�(���D�b�D�!�J�
�z�
*�F��(�I�s�:��7�G�
�
�
��!�!����
���
�C�����V�U�7�^�4�4r�c���tj}|d
ur�tj}ttd�}t|�
}t
tj�
}ttd|�|_	t�|_d|_ttd|�}n
t�}ttd�}t	j|j|
t!|
�
|t�dt�d||�
}	t#|	�

t%|�
}
t'|
�
}t	j|j|
t!|
�
|t�d||
||�
}	t#|	�

t)|t%|�
�S)a9
    Encrypts a value using an RSA private key via CNG

    :param private_key:
        A PrivateKey instance to decrypt with

    :param ciphertext:
        A byte string of the data to decrypt

    :param rsa_oaep_padding:
        If OAEP padding should be used instead of PKCS#1 v1.5

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the plaintext
    Tr�rdrrfr*
)rNrrr�r,rMr/r"rhr%rpr)r�r�r(�
BCryptDecryptr�r�
rEr&r!r$)r�r�r�r$
rxryrzrwr
r�r�r[
s            r�r�r�6
sB
��,
�(�(�E��4���+�+��&,�V�5O�&P�#�$�%@�A��)�+�*K�*K�L��'+�F�K��'M��$�&*�f��#�&'��#��F�H�.I�J���v���&�)�$�G�
�
�
������J�����	���	��
��C�����w��J�
�z�
*�F�
�
�
������J�����	����
��C�����V�U�7�^�4�4r�c��t
||
�S)
aF
    Encrypts a byte string using an RSA public key or certificate. Uses PKCS#1
    v1.5 padding.

    :param certificate_or_public_key:
        A PublicKey or Certificate object

    :param data:
        A byte string, with a maximum length 11 bytes less than the key length
        (in bytes)

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the encrypted data
    �
r��r(rs  r�r^r^~
s��*�-�t�4�4r�c��t
||
�S)
a�

    Decrypts a byte string using an RSA private key. Uses PKCS#1 v1.5 padding.

    :param private_key:
        A PrivateKey object

    :param ciphertext:
        A byte string of the encrypted data

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the original plaintext
    �
r��r�r�s  r�r]r]�
s��&�K��,�,r�c��t
||
d
��S)aZ
    Encrypts a byte string using an RSA public key or certificate. Uses PKCS#1
    OAEP padding with SHA1.

    :param certificate_or_public_key:
        A PublicKey or Certificate object

    :param data:
        A byte string, with a maximum length 41 bytes (or more) less than the
        key length (in bytes)

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the encrypted data
    T�
r�r�r�s  r�r\r\�
s��*�-�t�d�K�Kr�c��t
||
d
��S)a�

    Decrypts a byte string using an RSA private key. Uses PKCS#1 OAEP padding
    with SHA1.

    :param private_key:
        A PrivateKey object

    :param ciphertext:
        A byte string of the encrypted data

    :raises:
        ValueError - when any of the parameters contain an invalid value
        TypeError - when any of the parameters are of the wrong type
        OSError - when an error is returned by the OS crypto library

    :return:
        A byte string of the original plaintext
    Tr�r�r�s  r�r[r[�
s��(�K��d�C�Cr�)NN)
N)
T)
F)��
__future__rrrrrU
�sysrmre
�_asn1rr�
r	r
rrr
rrrrrrrrr�_asymmetricrrrrrrrrr�_errorsr �_ffir!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0�r1�_intr2�errorsr3r4r5�_typesr6r7r8r9�_pkcs1r:r;r<r=r>r?�utilr@�getwindowsversion�_gwvr�r��	_advapi32rCrDrErFrG�_ecdsarHr�rIr�rJrKr�rLr>�_cngrMrNrOrP�__all__rX
r�rYrZrSr
r�r�r�ra
rY
r
r
r4
r5
r6
rTr�
r�
r�
r�
rVrWrXrUr`rbrRr&r?r@r_rarQrr�r�r�r�r�r�r�r�r^r]r\r[r�r�r��<module>r�
s>�


�R�R�	�
��
�
�
�
�
�
�"

�

�

�
%�
�
�
�
�
�$
��U�U�<�<�
�
�
$��s������!�W�d�1�g�&���9���{��k�k���[
�Z���6A�
�H)
�)
�X
T

!��/�T

!�n
1���
1�$I

!�'�+�I

!�XM

A
�`U

'�p1
1�h
b

%�J=
H
�@a

)�H+
�\
D

/�N:
/�z
R

�jX

�vD

�N#
/�L
M

I
�`T

�nd

9�Ne
)�P5
1�p
%
,�P

;�2:
$�z

O
�D

e
�D

O
�:
O
�:_

g
�Dk

3�\V

�r
4�B

J
�B

4�8
4�8U

L
�pw

3�tv

�r1
N
�h
6
;�r
E

5�P0
F
�f
(
5�V
E

5�P
5�0
-�,
L
�0
D
r�