| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- # This file is dual licensed under the terms of the Apache License, Version
- # 2.0, and the BSD License. See the LICENSE file in the root of this repository
- # for complete details.
- from __future__ import absolute_import, division, print_function
- from cryptography import x509
- from cryptography.hazmat.backends import _get_backend
- from cryptography.hazmat.primitives import serialization
- from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
- def load_key_and_certificates(data, password, backend=None):
- backend = _get_backend(backend)
- return backend.load_key_and_certificates_from_pkcs12(data, password)
- def serialize_key_and_certificates(name, key, cert, cas, encryption_algorithm):
- if key is not None and not isinstance(
- key,
- (
- rsa.RSAPrivateKeyWithSerialization,
- dsa.DSAPrivateKeyWithSerialization,
- ec.EllipticCurvePrivateKeyWithSerialization,
- ),
- ):
- raise TypeError("Key must be RSA, DSA, or EllipticCurve private key.")
- if cert is not None and not isinstance(cert, x509.Certificate):
- raise TypeError("cert must be a certificate")
- if cas is not None:
- cas = list(cas)
- if not all(isinstance(val, x509.Certificate) for val in cas):
- raise TypeError("all values in cas must be certificates")
- if not isinstance(
- encryption_algorithm, serialization.KeySerializationEncryption
- ):
- raise TypeError(
- "Key encryption algorithm must be a "
- "KeySerializationEncryption instance"
- )
- if key is None and cert is None and not cas:
- raise ValueError("You must supply at least one of key, cert, or cas")
- backend = _get_backend(None)
- return backend.serialize_key_and_certificates_to_pkcs12(
- name, key, cert, cas, encryption_algorithm
- )
|
