+ ia0t$^RIHt^RIt^RIt^RIt^RIt^RIt^RIt^RI H t ^RI H t ^RIHt^RIHt^RIHt^RIHtHtHtHtHt^RIHt^R IHtHtHtHt^R I H!t!H"t"H#t#H$t$H%t%H&t&^R I'H(t)R t*Rt,Rt-Rt.Rt/Rt0Rt1Rt2Rt3Rt4Rt5Rt6]Pn!R4t8Rt9Rt:Rt;Rt^t?]Pn!]:R",];,]P4tA]B!]C!]D!^^444tE] !R#R$44tFR!]F!]P^ ]P^^RR R%7R&]F!]P^ ]P^^RR R%7R']F!]P^ ]P^^ ^R R%7/tKR(]LR)&R*]/R+]0R,]1/tMR-R.ltNR/R0ltO]:R1,];R1,3R2R3lltPR4R5ltQR6R7ltRR8R9ltSR:R;ltTR<R=ltUR>R?ltVR@RAltWRBRCltX!RDRE4tY!RFRG4tZ!RHRI4t[!RJRK4t\!RLRM4t]RNROlt^!RPRQ4t_!RRRS4t`]-]Z!4].][!4],]]!4]/]\!RT]P!44]0]\!RU]P!44]1]\!RV]P!44]3]_!4]4]`!4/tdRWRXlte]P]P]P]P]P3,tkRtRYR /RZR[llltlR\R]ltm]P]P]P]P]P3,tr]P]P]P]P3,ts!R^R_]P4tu!R`Ra4tvRbRcltwRsRdRelltxRfRgltyRhRiltzRjRklt{RtRlRmllt|RnRolt}]P]P]P]P3,t~Rpt!RqRr4tR# ]+dR t*RsRRllt)ELwi;i)u) annotationsN) encodebytes) dataclass)utilsUnsupportedAlgorithm)hashes)dsaeced25519paddingrsa)AEADDecryptionContextCipher algorithmsmodes)EncodingKeySerializationEncryption NoEncryption PrivateFormat PublicFormat_KeySerializationEncryption)kdfTFc 0V^8dQhRRRRRRRRRRR R/#) passwordbytessaltdesired_key_bytesintroundsignore_few_roundsboolreturn)formats"w/home/wkmabra/.openclaw/workspace/venv/lib/python3.14/site-packages/cryptography/hazmat/primitives/serialization/ssh.py __annotate__r(1sD99999 9  9  9c\R4h)zNeed bcrypt moduler)rrrr!r"s&&&&&r' _bcrypt_kdfr+1s##788r)s ssh-ed25519sssh-rsasssh-dsssecdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521s-cert-v01@openssh.comssk-ssh-ed25519@openssh.coms"sk-ecdsa-sha2-nistp256@openssh.coms rsa-sha2-256s rsa-sha2-512s\A(\S+)[ \t]+(\S+)sopenssh-key-v1s#-----BEGIN OPENSSH PRIVATE KEY-----s!-----END OPENSSH PRIVATE KEY-----sbcryptsnones aes256-ctrs(.*?)c^]tRt^\t$R]R&R]R&R]R&R]R&R]R&R ]R &R ]R &R tR#) _SSHCipherztype[algorithms.AES]algr key_lenz3type[modes.CTR] | type[modes.CBC] | type[modes.GCM]mode block_leniv_len int | Nonetag_lenr#is_aeadr%N)__name__ __module__ __qualname____firstlineno____annotations____static_attributes__r%r)r'r-r-\s(  L ==N K  Mr)r-)r.r/r0r1r2r4r5s aes256-cbcsaes256-gcm@openssh.comzdict[bytes, _SSHCipher] _SSH_CIPHERS secp256r1 secp384r1 secp521r1c V^8dQhRRRR/#)rkeyz&SSHPrivateKeyTypes | SSHPublicKeyTypesr$rr%)r&s"r'r(r(sAer)c8\V\P4'd\VP 44pV#\V\P 4'd\V4pV#\V\ P\ P34'd \pV#\V\P\P34'd \pV#\V\P\P 34'd \"pV#\%R4h)Unsupported key type) isinstancer EllipticCurvePrivateKey_ecdsa_key_type public_keyEllipticCurvePublicKeyr RSAPrivateKey RSAPublicKey_SSH_RSAr DSAPrivateKey DSAPublicKey_SSH_DSAr Ed25519PrivateKeyEd25519PublicKey _SSH_ED25519 ValueError)rAkey_types& r'_get_ssh_key_typerTs#r1122"3>>#34 O C22 3 3"3' O C#++S-=-=> ? ? O C#++S-=-=> ? ? O  g'')A)A B    O/00r)c V^8dQhRRRR/#)rrGec.EllipticCurvePublicKeyr$rr%)r&s"r'r(r(s'' 9'e'r)cVPpVP\9d\RVP: 24h\VP,#)z3Return SSH key_type and curve_name for private key.z'Unsupported curve for ssh private key: )curvename_ECDSA_KEY_TYPErR)rGrXs& r'rFrFsE   E zz(5ejj^ D   5:: &&r) c(V^8dQhRRRRRRRR/#)rdata utils.Bufferprefixrsuffixr$r%)r&s"r'r(r(s0<< < < < >$r(e> 4d2h >>r)c V^8dQhRRRR/#rwr%)r&s"r'r(r(ryr)c\V4^8d \R4h\PVR,RR7VR,3#)Uint64r|:NNr~r:rNNrrls&r'_get_u64rrr)c V^8dQhRRRR/#)rr]rxr$tuple[memoryview, memoryview]r%)r&s"r'r(r(sj%Br)cd\V4wrV\V48d \R4hVRVWR3#)zBytes with u32 length prefixr|N)rrhrR)r]ns& r' _get_sshstrrs8tnGA3t9}(( 8T"X r)c V^8dQhRRRR/#rwr%)r&s"r'r(r(s,,Z,$:,r)c\V4wrV'dV^,^8d \R4h\PVR4V3#)z Big integer.r|r~)rrRr r)r]vals& r' _get_mpintrs<D!IC s1v}(( >>#u %t ++r)c V^8dQhRRRR/#)rrr r$rr%)r&s"r'r(r(s++3+5+r)cV^8d \R4hV'gR#VP4^,^,p\P!W4#)z!Storage format for signed bigint.znegative mpint not allowedr))rR bit_lengthr int_to_bytes)rnbytess& r' _to_mpintrsB Qw566 nn"q (F   c **r)c]tRt^t$RtR]R&RRRlltRRltR R ltR R lt R Rlt RRlt RRlt RRRllt RRltRtR#) _FragListz,Build recursive structure without data copy.zlist[utils.Buffer]flistNc V^8dQhRRRR/#)rinitzlist[utils.Buffer] | Noner$rfr%)r&s"r'r(_FragList.__annotate__s$$6$$$r)c ^.VnV'dVPPV4R#R#N)rextend)selfrs&&r'__init___FragList.__init__s#  JJ  d # r)c V^8dQhRRRR/#)rrr^r$rfr%)r&s"r'r(rs<Dr)c <VPPV4R#)zAdd plain bytesN)rappendrrs&&r'put_raw_FragList.put_raws #r)c V^8dQhRRRR/#rrr r$rfr%)r&s"r'r(r CC3C4Cr)c ^VPPVP^RR74R#)zBig-endian uint32r~lengthrNrrto_bytesrs&&r'put_u32_FragList.put_u32 ! #,,a5,ABr)c V^8dQhRRRR/#rr%)r&s"r'r(rrr)c ^VPPVP^RR74R#)zBig-endian uint64r~rNrrs&&r'put_u64_FragList.put_u64rr)c V^8dQhRRRR/#)rrzbytes | _FragListr$rfr%)r&s"r'r(rs))/)D)r)c >\V\\\34'd8VP \ V44VP PV4R#VP VP44VP PVP 4R#)zBytes prefixed with u32 lengthN) rDrrx bytearrayrrhrrsizerrs&&r' put_sshstr_FragList.put_sshstrs` cE:y9 : : LLS " JJ  c " LL $ JJ  cii (r)c V^8dQhRRRR/#rr%)r&s"r'r(rs((S(T(r)c :VP\V44R#)z*Big-endian bigint prefixed with u32 lengthN)rrrs&&r' put_mpint_FragList.put_mpints  #'r)cV^8dQhRR/#rr$r r%)r&s"r'r(r s))c)r)c H\\\VP44#)zCurrent number of bytes)summaprhrrs&r'r_FragList.size s3sDJJ'((r)c$V^8dQhRRRRRR/#)rdstbufrxposr r$r%)r&s"r'r(r$s!Zc#r)c ZVPFp\V4pY"V,r%W1WR%K V#)zWrite into bytearray)rrh)rrrfragflenstarts&&& r'render_FragList.render$s1JJDt9DDj3 $5  r)cV^8dQhRR/#rr$rr%)r&s"r'r(r,sr)c \\VP444pVPV4VP 4#)zReturn as bytes)rxrrrtobytes)rbufs& r'r_FragList.tobytes,s/499;/0 C{{}r))rrr)r6r7r8r9__doc__r:rrrrrrrrrr;r%r)r'rrs?6 $ CC)()r)rcV]tRtRtRtRRltRRltRRltR R ltR R lt R t R#) _SSHFormatRSAi3zTFormat for RSA keys. Public: mpint e, n Private: mpint n, e, d, iqmp, p, q c V^8dQhRRRR/#)rr]rxr$z"tuple[tuple[int, int], memoryview]r%)r&s"r'r(_SSHFormatRSA.__annotate__<s +r)c @\V4wr!\V4wr1W#3V3#)zRSA public fieldsr)rr]ers&& r' get_public_SSHFormatRSA.get_public<s(T"T"vt|r)c V^8dQhRRRR/#)rr]rxr$z#tuple[rsa.RSAPublicKey, memoryview]r%)r&s"r'r(rDs   , r)c VPV4wwr#p\P!W#4pVP4pWQ3#)zMake RSA public key from data.)rrRSAPublicNumbersrG)rr]rrpublic_numbersrGs&& r' load_public_SSHFormatRSA.load_publicDs?t, --a3#..0 r)c$V^8dQhRRRRRR/#)rr]rxunsafe_skip_rsa_key_validationr#r$z$tuple[rsa.RSAPrivateKey, memoryview]r%)r&s"r'r(rMs$!!!KO! -!r)c  \V4wrA\V4wrQ\V4wra\V4wrq\V4wr\V4wrWT3V8wd \R4h\P!Wh4p \P!Wi4p \P !WT4p \P !WWjWV 4p V PVR7pW3#)zMake RSA private key from data.z Corrupt data: rsa field mismatchr)rrRr rsa_crt_dmp1 rsa_crt_dmq1rRSAPrivateNumbers private_key)rr] pubfieldsrrrdiqmppqdmp1dmq1rprivate_numbersrs&&&& r' load_private_SSHFormatRSA.load_privateMsT"T"T"% T"T" 6Y ?@ @%%--a3// !4~ &11+I2   r)c$V^8dQhRRRRRR/#)rrGzrsa.RSAPublicKeyf_pubrr$rfr%)r&s"r'r(res$  * 3<  r)c VP4pVPVP4VPVP4R#)zWrite RSA public keyN)rrrr)rrGrpubns&&& r' encode_public_SSHFormatRSA.encode_publices2((*  r)c$V^8dQhRRRRRR/#)rrzrsa.RSAPrivateKeyf_privrr$rfr%)r&s"r'r(rms$ , ,, ,6? ,  ,r)c VP4pVPpVPVP4VPVP4VPVP 4VPVP 4VPVP4VPVP4R#)zWrite RSA private keyN) rrrrrrrrr)rrrrrs&&& r'encode_private_SSHFormatRSA.encode_privatems&557(77))*))***+--.**+**+r)r%N r6r7r8r9rrrrrrr;r%r)r'rr3s% !0  , ,r)rcb]tRtRtRtRRltRRltRRltR R ltR R lt R Rlt Rt R#) _SSHFormatDSAi}zTFormat for DSA keys. Public: mpint p, q, g, y Private: mpint p, q, g, y, x c V^8dQhRRRR/#)rr]rxr$ztuple[tuple, memoryview]r%)r&s"r'r(_SSHFormatDSA.__annotate__s""z".F"r)c v\V4wr!\V4wr1\V4wrA\V4wrQW#WE3V3#)zDSA public fieldsr)rr]rrgys&& r'r_SSHFormatDSA.get_publicsAT"T"T"T"a|T!!r)c V^8dQhRRRR/#)rr]rxr$z#tuple[dsa.DSAPublicKey, memoryview]r%)r&s"r'r(r s     ,  r)c VPV4wwr#rEp\P!W#V4p\P!WV4pVP V4VP 4pW3#)zMake DSA public key from data.)rr DSAParameterNumbersDSAPublicNumbers _validaterG) rr]rrrrparameter_numbersrrGs && r'r_SSHFormatDSA.load_publicsa"__T2 qd33A!<--aC ~&#..0 r)c$V^8dQhRRRRRR/#)rr]rxrr#r$z$tuple[dsa.DSAPrivateKey, memoryview]r%)r&s"r'r(r s$!!!KO! -!r)c @VPV4wwrErgp\V4wrWEWg3V8wd \R4h\P!WEV4p \P !Wy4p VP V 4\P!W4p V P4p W3#)zMake DSA private key from data.z Corrupt data: dsa field mismatch) rrrRr rrrDSAPrivateNumbersr) rr]rrrrrrxrrrrs &&&& r'r_SSHFormatDSA.load_privates"__T2 qdT" !<9 $?@ @33A!<--aC ~&//B%113   r)c$V^8dQhRRRRRR/#)rrGzdsa.DSAPublicKeyrrr$rfr%)r&s"r'r(r s$ * ** *3< *  *r)c 8VP4pVPpVPV4VPVP4VPVP 4VPVP 4VPVP4R#)zWrite DSA public keyN)rrrrrrrr)rrGrrrs&&& r'r_SSHFormatDSA.encode_publicsu$224*<< ~& )++, )++, )++, (()r)c$V^8dQhRRRRRR/#)rrzdsa.DSAPrivateKeyrrr$rfr%)r&s"r'r(r s$::,:6?: :r)c VPVP4V4VPVP4P4R#)zWrite DSA private keyN)rrGrrr)rrrs&&&r'r_SSHFormatDSA.encode_privates: ;113V<446889r)c V^8dQhRRRR/#)rrzdsa.DSAPublicNumbersr$rfr%)r&s"r'r(r sDD(<DDr)c rVPpVPP4R8wd \R4hR#)iz#SSH supports only 1024 bit DSA keysN)rrrrR)rrrs&& r'r_SSHFormatDSA._validates6*<<    ) ) +t 3BC C 4r)r%N) r6r7r8r9rrrrrrrr;r%r)r'r r }s,"  ! *:DDr)r cb]tRtRtRtRRltRRltRRltR R ltR R lt R Rlt Rt R#)_SSHFormatECDSAizvFormat for ECDSA keys. Public: str curve bytes point Private: str curve bytes point mpint secret c V^8dQhRRRR/#)rssh_curve_namerrXec.EllipticCurver%)r&s"r'r(_SSHFormatECDSA.__annotate__su5Er)c WnW nR#r)r)rX)rr)rXs&&&r'r_SSHFormatECDSA.__init__s , r)c V^8dQhRRRR/#)rr]rxr$z0tuple[tuple[memoryview, memoryview], memoryview]r%)r&s"r'r(r+s $ $ $ 9 $r)c \V4wr!\V4wr1W P8wd \R4hV^,^8wd \R4hW#3V3#)zECDSA public fieldszCurve name mismatchzNeed uncompressed point)rr)rRNotImplementedError)rr]rXpoints&& r'r_SSHFormatECDSA.get_publicsX"$' !$'  '' '23 3 8q=%&?@ @~t##r)c V^8dQhRRRR/#rr]rxr$z,tuple[ec.EllipticCurvePublicKey, memoryview]r%)r&s"r'r(r+s   5 r)c VPV4wwr#p\PPVPVP 44pWA3#z Make ECDSA public key from data.)rr rHfrom_encoded_pointrXr)rr]_r1rGs&& r'r_SSHFormatECDSA.load_publicsI ??40 D..AA JJ  r)c$V^8dQhRRRRRR/#)rr]rxrr#r$z-tuple[ec.EllipticCurvePrivateKey, memoryview]r%)r&s"r'r(r+s$ ! ! !KO ! 6 !r)c VPV4wwrEp\V4wraWE3V8wd \R4h\P!W`P 4pWq3#)z!Make ECDSA private key from data.z"Corrupt data: ecdsa field mismatch)rrrRr derive_private_keyrX)rr]rr curve_namer1secretrs&&&& r'r_SSHFormatECDSA.load_privatesZ%)OOD$9!T!$'   ) +AB B++FJJ?   r)c$V^8dQhRRRRRR/#)rrGrVrrr$rfr%)r&s"r'r(r+s$  3 point2rs &&&& r'r_SSHFormatEd25519.load_private%sm.#D)  ?uh)3CD D//BB6J   r)c$V^8dQhRRRRRR/#)rrGzed25519.Ed25519PublicKeyrrr$rfr%)r&s"r'r(rM3s$))2);D) )r)c VP\P\P4pVP V4R#)zWrite Ed25519 public keyN)rBrRawrr)rrGrraw_public_keys&&& r'r_SSHFormatEd25519.encode_public3s3$00 LL,**  (r)c$V^8dQhRRRRRR/#)rrzed25519.Ed25519PrivateKeyrrr$rfr%)r&s"r'r(rM<s$%%4%>G% %r)c LVP4pVP\P\P\ 44pVP \P\P4p\WE.4pVPW24VPV4R#)zWrite Ed25519 private keyN) rG private_bytesrr_rrrBrrrr)rrrrGraw_private_keyr` f_keypairs&&& r'r _SSHFormatEd25519.encode_private<s!++- %33 LL-++\^ $00 LL,** ?@  :.)$r)r%Nrr%r)r'rKrK s%  !)%%r)rKcV^8dQhRR/#)rr$rr%)r&s"r'r(r(Ms  ; r)c\V4wrVP4PR4'g\RV R24hW3#)z U2F application strings sssh:z4U2F application string does not start with b'ssh:' ())rr startswithrR)r] applications& r'load_applicationrmMsT$D)K    + +G 4 4 }A     r)c2]tRtRtRtRRltRRltRtR#) _SSHFormatSKEd25519iZz The format of a sk-ssh-ed25519@openssh.com public key is: string "sk-ssh-ed25519@openssh.com" string public key string application (user-specified, but typically "ssh:") c V^8dQhRRRR/#rQr%)r&s"r'r( _SSHFormatSKEd25519.__annotate__cs   4 r)c b\\4PV4wr!\V4wr1W!3#rS)_lookup_kformatrQrrmrr]rGr8s&& r'r_SSHFormatSKEd25519.load_publiccs1+<8DDTJ "4(r)c V^8dQhRRRR/#rr]rxr$ztyping.NoReturnr%)r&s"r'r(rqk  z o r)c \R4h)z,sk-ssh-ed25519 private keys cannot be loadedrrr]s&&r'r_SSHFormatSKEd25519.get_publicks# :  r)r%Nr6r7r8r9rrrr;r%r)r'roroZs   r)roc2]tRtRtRtRRltRRltRtR#) _SSHFormatSKECDSAisz The format of a sk-ecdsa-sha2-nistp256@openssh.com public key is: string "sk-ecdsa-sha2-nistp256@openssh.com" string curve name ec_point Q string application (user-specified, but typically "ssh:") c V^8dQhRRRR/#r4r%)r&s"r'r(_SSHFormatSKECDSA.__annotate__}s   5 r)c b\\4PV4wr!\V4wr1W!3#r6)rs_ECDSA_NISTP256rrmrts&& r'r_SSHFormatSKECDSA.load_public}s1+?;GGM "4(r)c V^8dQhRRRR/#rwr%)r&s"r'r(rrxr)c \R4h)z4sk-ecdsa-sha2-nistp256 private keys cannot be loadedrrzs&&r'r_SSHFormatSKECDSA.get_publics# B  r)r%Nr|r%r)r'r~r~ss   r)r~snistp256snistp384snistp521cV^8dQhRR/#)rrSr^r%)r&s"r'r(r(sFFlFr)c\V\4'g\V4P4pV\9d\V,#\ RV: 24h)z"Return valid format or throw errorzUnsupported key type: )rDrrxr _KEY_FORMATSr)rSs&r'rsrssH h & &h'//1<H%% !7|D EEr)rc ,V^8dQhRRRRRRRRR R /#) rr]r^rrpbackend typing.Anyrr#r$SSHPrivateKeyTypesr%)r&s"r'r(r(sAoo ooo %) o  or)c\P!RV4Ve\P!RV4\P V4pV'g \ R4hVP ^4pVP^4p\P!\V4WV4pVP\4'g \ R4h\V4\\4Rp\V4wrp\V4wr\V4wr\V4wrV ^8wd \ R4h\V4wr\V 4wr\!V 4p V P#V 4wr\%V 4V\&8wg V\&8wEdVP)4pV\*9d\-RV: 24hV\.8wd\-RV: 24h\*V,P0p\*V,P2p\V4wpp\*V,P4'd(\7V4p\V4V8wd \ R4hM \%V4\9VV4\V 4wpp\V4wpp\%V4\;WVP)4V4pVP=4p\VP?V44p\*V,P4'd4\AV\B4'gQh\%VPEX44MT\%VPG44M:V'd \IR 4h\V4wpp\%V4^p\9VV4\V4wpp\V4wppVV8wd \ R 4h\V4wppVV 8wd \ R 4hV PKVVVR 7wpp\V4wppV\LR\V48wd \ R 4h\AV\NPP4'd(\RPT!R\PV^R7V#)z.Load private key from OpenSSH custom encoding.r]NrzNot OpenSSH private key formatzOnly one key supportedzUnsupported cipher: zUnsupported KDF: z+Corrupt data: invalid tag length for cipherz4Password was given but private key is not encrypted.zCorrupt data: broken checksumzCorrupt data: key type mismatchrzCorrupt data: invalid paddingDSSH DSA keys are deprecated and will be removed in a future release. stacklevel),r_check_byteslike _check_bytes_PEM_RCsearchrRrendbinascii a2b_base64rxrk _SK_MAGICrhrrrsrrm_NONErr<r_BCRYPTr1r4r5rriru decryptorupdaterDrfinalize_with_tagfinalizerrr_PADDINGr rLwarningswarnDeprecatedIn40)r]rrrmp1p2rokdfname kdfoptionsnkeyspubdata pub_key_typekformatrciphername_bytesblklenr4edatatagrkbufr!rsdecck1ck2rSrr8s&&&$ r'load_ssh_private_keyrs 64( :x0tA 9:: B qB   z$/6 7D ??9 % %9:: d C N, -D#4(J%MG"4(J4.KE z122 %MG'0Ll+G ++G4IUg.%--/ < /&&'7&:;  g &):7+'FG G./99/088!$' t ( ) 1 1 1+C3x7" !NOO#  %( , d~ T, Onn3::e,- ( ) 1 1 1c#899 99 ..s3 4  ( F "$' tT%(%JC%JC cz899"%(OHe<:;; -- 'E.K 5!HAu 3u:&&899+s0011       r)c(V^8dQhRRRRRRRR/#)rrrrrencryption_algorithmrr$r%)r&s"r'r(r(s6J'J'#J'J'5J' J'r)c\P!RV4\V\P4'd(\ P !R\P^R7\V4p\V4p\4pV'd\p\V,Pp\p\p \V\ 4'dVP"e VP"p \$P&!^4p VP)V 4VP+V 4\-WaW4p M \.;rh^pRp ^p \$P&!^4p Rp\4pVP)V4VP1VP34V4\W.4pVP)V4VP5VV4VP)V4VP7\8RVVP;4V,, 4\4pVP7\<4VP)V4VP)V4VP)V4VP+V 4VP)V4VP)V4VP;4pVP;4p\?\AVV,44pVPCV4VV, pV e'V PE4PGVVVVVR4\IVRV4#)z3Serialize private key with OpenSSH custom encoding.rISSH DSA key support is deprecated and will be removed in a future releaserNr))%rrrDr rLrrrrTrsr_DEFAULT_CIPHERr<r1r_DEFAULT_ROUNDSr _kdf_roundsosurandomrrrurrrGrrrrrrxrr encryptor update_intord)rrrrSr f_kdfoptionsrorrr!rrsrcheckvalcomment f_public_key f_secretsf_mainslenmlenrofss&&& r'_serialize_ssh_private_keyrs}  z8,+s0011  *    !-Hh'G;L$ j)33  +-H I I$00<)55Fzz"~%V$J$?$$  Ezz!}HG;LH% +002LA8./I " ; 2 ! hE9>>+;f+D!EFG[F NN9 j! g l# NN5 l# i  >> D ;;=D Ytf}- .C MM# +C  $$ST]CI> 3u: &&r)c]tRtRt^t^tRtR#)SSHCertificateTypeiwr%N)r6r7r8r9USERHOSTr;r%r)r'rrws D Dr)rc]tRtRtRRlt]RRl4tRRlt]RR l4t]R R l4t ]R R l4t ]RRl4t ]RRl4t ]RRl4t ]RRl4t]RRl4tRRltRRltRRltRtR#) SSHCertificatei|c"\V^8dQhRRRRRRRRRRR R R RR RR RRRRRRRRRRRRRRRRR/#)r_noncerx _public_keySSHPublicKeyTypes_serialr _cctype_key_id_valid_principals list[bytes] _valid_after _valid_before_critical_optionsdict[bytes, bytes] _extensions _sig_type_sig_key_inner_sig_type _signature_tbs_cert_body_cert_key_typer _cert_bodyr%)r&s"r'r(SSHCertificate.__annotate__}s'-'-'-''- '-  '-  '-''-'-'-.'-('-'-'-$'-'- #!'-"#'-$%'-r)c WnW nW0n\V4VnYPnY`nYpnYn Yn Yn Yn Yn YnYnTTnTTnYnR# \ d \ R4hi;i)zInvalid certificate typeN)rrrr_typerRrrrrrrrrrrrrr)rrrrrrrrrrrrrrrrrrs&&&&&&&&&&&&&&&&&&r'rSSHCertificate.__init__}s( &  9+G4DJ !2(*!2&" .$,$, 978 8 9s A66B cV^8dQhRR/#rr%)r&s"r'r(rs""u"r)c ,\VP4#r)rrrs&r'nonceSSHCertificate.noncesT[[!!r)cV^8dQhRR/#rr$SSHCertPublicKeyTypesr%)r&s"r'r(rsDD1Dr)c L\P!\VP4#r)typingcastrrrs&r'rGSSHCertificate.public_keys{{0$2B2BCCr)cV^8dQhRR/#rr%)r&s"r'r(rsr)c VP#r)rrs&r'serialSSHCertificate.serials ||r)cV^8dQhRR/#)rr$rr%)r&s"r'r(rs(r)c VP#r)rrs&r'typeSSHCertificate.types zzr)cV^8dQhRR/#rr%)r&s"r'r(rs###r)c ,\VP4#r)rrrs&r'key_idSSHCertificate.key_idsT\\""r)cV^8dQhRR/#)rr$rr%)r&s"r'r(rs&&+&r)c VP#r)rrs&r'valid_principalsSSHCertificate.valid_principals%%%r)cV^8dQhRR/#rr%)r&s"r'r(rs""c"r)c VP#r)rrs&r' valid_beforeSSHCertificate.valid_befores!!!r)cV^8dQhRR/#rr%)r&s"r'r(rs!!S!r)c VP#r)rrs&r' valid_afterSSHCertificate.valid_afters   r)cV^8dQhRR/#rr$rr%)r&s"r'r(rs&&"4&r)c VP#r)rrs&r'critical_optionsSSHCertificate.critical_optionsrr)cV^8dQhRR/#rr%)r&s"r'r(rs  . r)c VP#r)rrs&r' extensionsSSHCertificate.extensionssr)cV^8dQhRR/#rr%)r&s"r'r(rs4r)c \VP4pVPVP4wr#\ V4V#r)rsrrrrm)r sigformat signature_key sigkey_rests& r'rSSHCertificate.signature_keys5#DNN3 %.%:%:4==%I" [!r)cV^8dQhRR/#rr%)r&s"r'r(rs  e r)c \VP4R,\P!\VP4RR7,#) F)newline)rrr b2a_base64rrs&r'rBSSHCertificate.public_bytess< $%% & !!%"8%H I r)cV^8dQhRR/#)rr$rfr%)r&s"r'r(rstr)c (VP4p\V\P4'd;VP \ VP 4\ VP44R#\V\P4'd\VP 4wr#\V4wrC\V4\P!W$4p\VP4pVP V\ VP4\P !V44R#\V\"P$4'gQhVP&\(8Xd\*P,!4pMWVP&\.8Xd\*P0!4pM,VP&\28XgQh\*P4!4pVP \ VP 4\ VP4\6P8!4V4R#r)rrDr rPverifyrrrr rHrrm asym_utilsencode_dss_signature_get_ec_hash_algrXECDSArrJrrKr SHA1_SSH_RSA_SHA256SHA256_SSH_RSA_SHA512SHA512r PKCS1v15)rrrr]s computed_sighash_algs& r'verify_cert_signature$SSHCertificate.verify_cert_signatureso**, mW%=%= > >  doo&d.A.A(B  r'@'@ A A 1GA &GA  %::1@L' (;(;> >>##x/!;;=%%8!==?++>>>!==?  doo&d))*  "  r))rrrrrrrrrrrrrrrrrN)r6r7r8r9rpropertyrrGrrrrrr rrrrBr4r;r%r)r'rr|s'-R""D ##&&""!!&&    r)rc V^8dQhRRRR/#)rrXr*r$zhashes.HashAlgorithmr%)r&s"r'r(r(s,1Er)cD\V\P4'd\P!4#\V\P 4'd\P !4#\V\P4'gQh\P!4#r) rDr SECP256R1r r, SECP384R1SHA384 SECP521R1r.)rXs&r'r(r(s_%&&}} E2<< ( (}}%....}}r)c V^8dQhRRRR/#rr]r^r$z"SSHCertificate | SSHPublicKeyTypesr%)r&s"r'r(r(s"\\ \(\r)c*\P!RV4\PV4pV'g \ R4hVP ^4;r4VP ^4pRpVP \4'dRpVR\\4)pV\8XdV'g \R4h\V4p\\P!V44pT'dTp \#T4wrY8wd \ R4hT'd\#T4wrTP%T4wrT'Ed\'T4wr\)T4wr\#T4wr\#T4wpp.pT'd+\#T4wppTP+\-T44K2\'T4wpp\'T4wpp\#T4wpp\/T4p\#T4wpp\/T4p\#T4wpp\#T4wpp\#T4wppT\8XdT'g \R4hX R\T4)p\#T4wpp\1T4\#T4wpp T\28XdT\4\6\239gT\28wdTT8wd \ R 4h\#T 4wp!p \1T 4\9X T T TTTTTTTTTTT!TTT 4#\1T4T # \\P 3d \ R4hi;i) r]zInvalid line formatFTNz-DSA keys aren't supported in SSH certificateszInvalid formatzInvalid key formatz3DSA signatures aren't supported in SSH certificatesz!Signature key type does not match)rr_SSH_PUBKEY_RCmatchrRgroupendswith _CERT_SUFFIXrhrNrrsrxrrrrErrorrrrrrr_parse_exts_optsrmrKr+r-r)"r]_legacy_dsa_allowedrrS orig_key_typekey_body with_certrrest cert_bodyinner_key_typerrGrcctyper principalsr principalr r crit_optionsrextsrr8 sig_key_rawsig_typesig_key tbs_cert_body signature_rawinner_sig_typesig_rest signatures"&& r'_load_ssh_public_identityr[s 64(T"A .// wwqz)HwwqzHI&& 0s<0018$7" ;  h'G+(--h78 &t,N&-..!$' **40Jy~ ~ "4( &t, D$/ $; !Iz  # #E)$4 5$TN T%d^ d(. d+L9 & d%d+ d#4'- T' 4' x (;&E ",SYJ/ )$/ tT#.}#=   #_h?@("~'A@A A)(3 8X                 #  ( TK x~~ &+)**+s ?K++'Lc V^8dQhRRRR/#r>r%)r&s"r'r(r(fs++ +'+r)c\V4#r)r[rls&r'load_ssh_public_identityr^fs %T **r)c V^8dQhRRRR/#)r exts_optsrxr$rr%)r&s"r'r(r(ls /Ar)cF/pRpV'd\V4wr0\V4pWA9d \R4hVeWB8d \R4h\V4wrP\V4^8d)\V4wrV\V4^8d \R4h\V4W&TpKV#)NzDuplicate namezFields not lexically sortedz!Unexpected extra data after value)rrrRrh)r`result last_namerYbnamevalueextras& r'rFrFls!#FI %i0T{ ?-. .  U%6:; ;&y1 u:>&u-LE5zA~ !DEEe   Mr)c$V^8dQhRRRRRR/#)rrArhash_algorithmzhashes.MD5 | hashes.SHA256r$rr%)r&s"r'r(r(s& . r)c\V\P\P34'g \ R4h\ V4p\ V4p\4pVPV4VPW4VP4p\P!V4pVPV4VP4#)z+hash_algorithm must be either MD5 or SHA256)rDr MD5r,rrrTrsrrrrHashrr)rArhrSrrssh_binary_datahash_objs&& r'ssh_key_fingerprintrns nvzz6==&A B BEFF %Hh'G KE X #%mmoO{{>*H OOO$    r)c$V^8dQhRRRRRR/#)rr]r^rrr$rr%)r&s"r'r(r(s$ !+r)c\VRR7p\V\4'dVP4pMTp\V\P 4'd(\ P!R\P^R7V#)T)rGrr) r[rDrrGr rMrrrr)r]r cert_or_keyrGs&& r'load_ssh_public_keyrrsh,DdKK+~.. ++-  *c..//      r)c V^8dQhRRRR/#)rrGrr$rr%)r&s"r'r(r(s++):+u+r)c\V\P4'd(\P!R\ P ^R7\V4p\V4p\4pVPV4VPW4\P!VP44P4pRP!VRV.4#)z&One-line public key format for OpenSSHrrr)r)rDr rMrrrrrTrsrrrrr!rstriprb)rGrSrrpubs& r'serialize_ssh_public_keyrws*c..//  *    !,Hh'G KE X *,   emmo . 4 4 6C 88XtS) **r)c ]tRtRtRRRR.RRR..3 RRlltRRltRR ltR R ltR R ltRRlt Rt RRlt RRlt RRlt RRltRRltRtR#)SSHCertificateBuilderiNFc@V^8dQhRRRRRRRRR R R R R RRRRRRR/ #)rrzSSHCertPublicKeyTypes | Nonerr3rzSSHCertificateType | Nonerrprr_valid_for_all_principalsr#rrrzlist[tuple[bytes, bytes]]rr%)r&s"r'r("SSHCertificateBuilder.__annotate__sn''1'') '  ' ' '$('"'!'5'/'r)c  ~WnW nW0nW@nWPnW`nWpnWnWnWn R#r rrrrrr|rrrr) rrrrrrr|rrrrs &&&&&&&&&&&r'rSSHCertificateBuilder.__init__s='   !2)B&*(!2&r)c V^8dQhRRRR/#)rrGrr$rzr%)r&s"r'r(r}s  /  r)c  \V\P\P\ P 34'g \R4hVPe \R4h\VVPVPVPVPVPVP VP"VP$VP&R7 #)rCzpublic_key already setr)rDr rHrrJr rPrrrrRrzrrrrr|rrrr)rrGs&&r'rG SSHCertificateBuilder.public_keys ))  ((   23 3    '56 6$"LL**LL"44&*&D&D,,**"44((  r)c V^8dQhRRRR/#)rrr r$rzr%)r&s"r'r(r}s  S %: r)c  \V\4'g \R4h^Tu;8:dR8gM\R4hVPe \R4h\ VP VVPVPVPVPVPVPVPVPR7 #)zserial must be an integerz"serial must be between 0 and 2**64zserial already setr)rDr rrrRrrzrrrrr|rrrr)rrs&&r'rSSHCertificateBuilder.serials&#&&78 8F"U"AB B << #12 2$((**LL"44&*&D&D,,**"44((  r)c V^8dQhRRRR/#)rrrr$rzr%)r&s"r'r(r}s  + 0E r)c  T\V\4'g \R4hVPe \ R4h\ VP VPVVPVPVPVPVPVPVPR7 #)z"type must be an SSHCertificateTypeztype already setr)rDrrrrrRrzrrrrr|rrrr)rrs&&r'rSSHCertificateBuilder.types$ 233@A A :: !/0 0$((LLLL"44&*&D&D,,**"44((  r)c V^8dQhRRRR/#)rrrr$rzr%)r&s"r'r(r}'s  U '< r)c  T\V\4'g \R4hVPe \ R4h\ VP VPVPVVPVPVPVPVPVPR7 #)zkey_id must be byteszkey_id already setr)rDrrrrrRrzrrrrr|rrrr)rrs&&r'rSSHCertificateBuilder.key_id's&%((23 3 << #12 2$((LL**"44&*&D&D,,**"44((  r)c V^8dQhRRRR/#)rrrr$rzr%)r&s"r'r(r}:s" " +" " r)c  ,VP'd \R4h\;QJdRV4F 'dK RM RM !RV44'd V'g \R4hVP'd \R4h\ V4\ 8d \R4h\VPVPVPVPVVPVPVPVPVPR7 #)zDPrincipals can't be set because the cert is valid for all principalsc3B"TFp\V\4xK R#5ir)rDr).0rs& r' 9SSHCertificateBuilder.valid_principals..CsC2BQJq%((2BsFTz5principals must be a list of bytes and can't be emptyzvalid_principals already setz:Reached or exceeded the maximum number of valid_principalsr)r|rRallrrrrh_SSHKEY_CERT_MAX_PRINCIPALSrzrrrrrrrr)rrs&&r'r&SSHCertificateBuilder.valid_principals:s  ) ) )%  C2BCC2BCCC#G   ! ! !;< <  #> >L %((LL**LL.&*&D&D,,**"44((  r)c  TVP'd \R4hVP'd \R4h\VPVP VP VPVPRVPVPVPVPR7 #)z@valid_principals already set, can't set valid_for_all_principalsz$valid_for_all_principals already setTr) rrRr|rzrrrrrrrrrs&r'valid_for_all_principals.SSHCertificateBuilder.valid_for_all_principals^s  ! ! !+   ) ) )CD D$((LL**LL"44&*,,**"44((  r)c V^8dQhRRRR/#)rr int | floatr$rzr%)r&s"r'r(r}ts   9N r)c  \V\\34'g \R4h\V4pV^8gVR8d \ R4hVP e \ R4h\ VPVPVPVPVPVPVVPVPVPR7 #)z$valid_before must be an int or floatzvalid_before must [0, 2**64)zvalid_before already setrr)rDr floatrrrRrrzrrrrrr|rrr)rrs&&r'r"SSHCertificateBuilder.valid_beforets,e 55BC C<( ! |u4;< <    )78 8$((LL**LL"44&*&D&D&**"44((  r)c V^8dQhRRRR/#)rr rr$rzr%)r&s"r'r(r}s  { 7L r)c  \V\\34'g \R4h\V4pV^8gVR8d \ R4hVP e \ R4h\ VPVPVPVPVPVPVPVVPVPR7 #)z#valid_after must be an int or floatzvalid_after must [0, 2**64)zvalid_after already setrr)rDr rrrrRrrzrrrrrr|rrr)rr s&&r'r !SSHCertificateBuilder.valid_afters+U|44AB B+& ?kU2:; ;    (67 7$((LL**LL"44&*&D&D,,$"44((  r)c$V^8dQhRRRRRR/#rrYrrer$rzr%)r&s"r'r(r}$   "'  r)c  \V\4'd\V\4'g \R4hYPUUu.uFwrVNK upp9d \ R4h\ VP VPVPVPVPVPVPVP.VPOXV3NVPR7 #uuppi)name and value must be byteszDuplicate critical option namer)rDrrrrrRrzrrrrrr|rrrrrYrer8s&&& r'add_critical_option)SSHCertificateBuilder.add_critical_options$&&j.F.F:; ; (>(>?(>WTD(>? ?=> >$((LL**LL"44&*&D&D,,**F 6 6Fu F((  @ C&c$V^8dQhRRRRRR/#rr%)r&s"r'r(r}rr)c \V\4'd\V\4'g \R4hYPUUu.uFwrVNK upp9d \ R4h\ VP VPVPVPVPVPVPVPVP.VPOXV3NR7 #uuppi)rzDuplicate extension namer)rDrrrrrRrzrrrrrr|rrrrs&&& r' add_extension#SSHCertificateBuilder.add_extensions$&&j.F.F:; ; (8(89(8WTD(89 978 8$((LL**LL"44&*&D&D,,**"44:$**:T5M:  :rc V^8dQhRRRR/#)rrSSHCertPrivateKeyTypesr$rr%)r&s"r'r(r}sG G 6G >G r)c  \V\P\P\ P 34'g \R4hVPf \R4hVPf^M VPpVPf \R4hVPfRM VPpVP'gVP'g \R4hVPf \R4hVP f \R4hVP VP8d \R4hVP"P%RR 7VP&P%R R 7\)VP4pV\*,p\,P.!^ 4p\1V4p\34pVP5V4VP5V4VP7VPV4VP9V4VP;VPP<4VP5V4\34p VPFp V P5V 4K VP5V P?44VP9VP 4VP9VP4\34p VP"FswrV P5V 4\AV 4^8d=\34pVP5V 4V P5VP?44KbV P5V 4Ku VP5V P?44\34pVP&FswrVP5V 4\AV 4^8d=\34pVP5V 4VP5VP?44KbVP5V 4Ku VP5VP?44VP5R4\)V4p\1V4p\34pVP5V4VP7VPC4V4VP5VP?44\V\ P 4'dmVPEVP?44p\34pVP5V4VP5V4VP5VP?44EM\V\P4'd\GVPH4pVPEVP?4\PJ!V44p\LPN!V4wpp\34pVP5V4\34pVPQV4VPQV4VP5VP?44VP5VP?44M\V\P4'gQh\34pVP5\R4VPEVP?4\TPV!4\XPZ!44pVP5V4VP5VP?44\\P^!VP?44Pa4p\bPd!\f\iRPkVR V.444#) zUnsupported private key typezpublic_key must be setztype must be setr)zAvalid_principals must be set if valid_for_all_principals is Falsezvalid_before must be setzvalid_after must be setz-valid_after must be earlier than valid_beforecV^,#rr%rs&r',SSHCertificateBuilder.sign..s!A$r))rAcV^,#rr%rs&r'rrsAaDr)r)6rDr rErrIr rOrrrrRrrrrr|rrrsortrrTrDrrrsrrrrrrerrhrGsignr(rXr)r&decode_dss_signaturerr-r r/r r.rr!rurrrr^rb)rrrrrS cert_prefixrrf fprincipalsrfcritrYrefoptvalfextfextvalca_typecaformatcafrZfsigr3r0r1fsigblob cert_datas&& r'rSSHCertificateBuilder.signsi **!!))   :; ;    #56 6ll*  :: /0 0 ,$,, %%%d.L.L.L     %78 8    $67 7   t11 1LM M ###7 .1$T%5%56-  2!(+ K [! Ud..2 & $**""# Vk ''A  " "1 %( [((*+ $##$ $$$% 11KD   T "5zA~#+""5)  !23  '2 U]]_%{++KD OOD !5zA~#+""5) 12&, T\\^$ S#K0"7+k w{557= S[[]# k7#<#< = =#((5I;D OOG $ OOI & LL (  R%?%? @ @' (9(9:H#((bhhx6HII229=DAq;D OOG $ {H   q !   q ! OOH,,. / LL (k3+<+<== == ;D OOO ,#(( W--/I OOI & LL ('' 4::< {{  $SXX{D).L%M N  r)) rrrrrrrrr|r)r6r7r8r9rrGrrrrrrr rrrr;r%r)r'rzrzsf59"+/ $)+*/$(#'7913'0 8 * & &" H , , , , ,G G r)rz)Fr)__conditional_annotations__ __future__rrenumrrerrbase64rrc dataclassesr cryptographyrcryptography.exceptionsrcryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr r r r rr&&cryptography.hazmat.primitives.ciphersrrrr,cryptography.hazmat.primitives.serializationrrrrrrbcryptrr+_bcrypt_supported ImportErrorrQrKrNr_ECDSA_NISTP384_ECDSA_NISTP521rD_SK_SSH_ED25519_SK_SSH_ECDSA_NISTP256r+r-compiler@r _SK_START_SK_ENDrrrrDOTALLrrxrrangerr-AESCTRCBCGCMr<r:rZrTrFrdrirmrurrrrrrrr r'rKrmror~r9r:r<rrsUnionrErIrLrOrrrrHrJrMrPrrEnumrrr(r[r^rFrnrrrwrrrz)rs@r'rsB #" 0!81J 9)  (((' 0>"!23  2 .  **Y)G3RYY ? ia 01 2  : NN YY: NN YYz NN YY ') %@&'%eO<: 8 ,??,+33lG,G,TCDCDLD8D8N@%@%F   2  6 mo mo#%_[",,.A_[",,.A_[",,.A(*-/  F\\ o ,1 oodJ'ZLL     ~~B\~+ (,(+(  "I I y$ 999 9s2OO21O2