U `[ @sdZddlmZmZddlZddlZddlmZmZddl Z ddl m Z ddl m Z ddlmZmZddlmZmZmZmZdd lmZmZdd lmZzdd lmZmZWn$ek rdd lmZm ZYnXdd l!m"Z"m#Z#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z+ddl)m,Z-ddl.m/Z/m0Z0ddl1m2Z2m3Z3ddl4m5Z5ddl6m7Z7m8Z8m9Z9m:Z:m;Z;mm?Z@ddlAmBZBmCZCeDeEeFdZGddddZHGdddeIZJGdddeIZKGd d!d!eIZLGd"d#d#eCZMGd$d%d%eNZOd)d'd(ZPdS)*z$ Handling of RSA, DSA, and EC keys. )absolute_importdivisionN)md5sha256)InvalidSignature)default_backend)hashes serialization)dsarsapaddingec)load_pem_private_keyload_ssh_public_key)utils)encode_dss_signaturedecode_dss_signature)encode_rfc6979_signaturedecode_rfc6979_signature)Cipher algorithmsmodes) PyAsn1Error)univ)decoder)encoder)commonsexpy)int_from_bytes int_to_bytes) randbytes) iterbyteslongizip nativeStringunicode_PY3_b64decodebytes_b64encodebytes) NamedConstantNames)secdsa-sha2-nistp256secdsa-sha2-nistp384secdsa-sha2-nistp521snistp256snistp384snistp521)s secp256r1s secp384r1s secp521r1c@seZdZdZdS) BadKeyErrorzj Raised when a key isn't what we expected from it. XXX: we really need to check for bad keys N__name__ __module__ __qualname____doc__r1r18/usr/lib/python3/dist-packages/twisted/conch/ssh/keys.pyr+Asr+c@seZdZdZdS)EncryptedKeyErrorzb Raised when an encrypted key is presented to fromString/fromFile without a password. Nr,r1r1r1r2r3Jsr3c@seZdZdZdS)BadFingerPrintFormatzS Raises when unsupported fingerprint formats are presented to fingerprint. Nr,r1r1r1r2r4Rsr4c@seZdZdZeZeZdS)FingerprintFormatsa Constants representing the supported formats of key fingerprints. @cvar MD5_HEX: Named constant representing fingerprint format generated using md5[RFC1321] algorithm in hexadecimal encoding. @type MD5_HEX: L{twisted.python.constants.NamedConstant} @cvar SHA256_BASE64: Named constant representing fingerprint format generated using sha256[RFC4634] algorithm in base64 encoding @type SHA256_BASE64: L{twisted.python.constants.NamedConstant} N)r-r.r/r0r)MD5_HEX SHA256_BASE64r1r1r1r2r5Ys r5c@sVeZdZdZedCddZedDddZeddZed d Zed d Z ed dZ eddZ eddZ eddZ eddZedEddZedFddZedGddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zejfd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Z dHd7d8Z!d9d:Z"d;d<Z#d=d>Z$d?d@Z%dAdBZ&dS)IKeyau An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString(). Nc Cs4t|d }||||W5QRSQRXdS)a Load a key from a file. @param filename: The path to load key data from. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. rbN)open fromStringread)clsfilenametype passphrasefr1r1r2fromFiless z Key.fromFilecCst|tr|d}t|tr(|d}|dkr:||}|dkrPtd|ft|d|fd}|dkr|td|f|jjdkr|rtd||S|||SdS)a Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key. @type data: L{bytes} @param data: The key data. @type type: L{str} or L{None} @param type: A string describing the format the key data is in, or L{None} to attempt detection of the type. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if there is no encryption. @rtype: L{Key} @return: The loaded key. utf-8Nzcannot guess the type of %rz_fromString_%szno _fromString method for %szkey not encrypted) isinstancer%encode_guessStringTyper+getattrupper__code__ co_argcount)r=datar?r@methodr1r1r2r;s       zKey.fromStringc Cst|\}}|dkr@t|d\}}}|t||tS|dkrt|d\}}}} }|tj| tj |||ddtS|t kr|t j t |t|ddtStd|fd S) a Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:: string 'ssh-rsa' integer e integer n The format of a DSA public key blob is:: string 'ssh-dss' integer p integer q integer g integer y The format of ECDSA-SHA2-* public key blob is:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name. @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. ssh-rsarDssh-dsspqgyparameter_numbersunknown blob type: %sN)rgetNSgetMPr RSAPublicNumbers public_keyrr DSAPublicNumbersDSAParameterNumbers _curveTabler EllipticCurvePublicNumbersZfrom_encoded_pointr+) r=blobkeyTyperestenrRrSrTrVr1r1r2_fromString_BLOBs< zKey._fromString_BLOBcCst|\}}|dkrDt|d\}}}}}} }|j||||| dS|dkrxt|d\}} } } } }|j| | || | dS|ddttDkrt|d \} } } }|j| | || d St d |fd S) aq Return a private key object corresponding to this private key blob. The blob formats are as follows: RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the standard NIST curve name. @type blob: L{bytes} @param blob: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown. rNrfredrRrSrOrVrTrRrSxcSsg|]}|qSr1r1).0curver1r1r2 sz0Key._fromString_PRIVATE_BLOB..)rmrVro privateValuerYN) rrZr[_fromRSAComponents_fromDSAComponentslistr`keys_fromECComponentsr+)r=rbrcrdrfrerjurRrSrTrVrmrrr1r1r2_fromString_PRIVATE_BLOBs' zKey._fromString_PRIVATE_BLOBcCs4|dr|t|tSt|d}||S)a Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the blob type is unknown. s ecdsa-sha2rX) startswithrr decodebytessplitrg)r=rLrbr1r1r2_fromString_PUBLIC_OPENSSH%s zKey._fromString_PUBLIC_OPENSSHc sZ|}|ddd}|ddr|s8tdz,|ddd\}}|d d\}Wn&tk rtd |dfYnX|d krtj }t t |d dd } t dkrtdn6|dkrtj }d} t dkrtdntd|ft tfddtdt dD} t|| dd } t| || dd } | | d| } td|dd}t|| t| td}|||}t|dd}|d| }nd|dd}t|}zt|d}Wn2tk r.}ztd|fW5d}~XYnX|dkrL|t||tS|dkrt |dkrl|d}t |dkrtd d!d|dd"D\}}}}}}}}|t j!||||||t j"||d#d$#tS|d%krHd&d|ddD\}}}}}t |dkrtd'|t$j%|t$j&|t$j'|||d(d)d*j#tdStd+|fdS),a Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. The format of an OpenSSH private key string is:: -----BEGIN PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,] ------END PRIVATE KEY------ The ASN.1 structure of a RSA key is:: (0, n, e, d, p, q) The ASN.1 structure of a DSA key is:: (0, p, q, g, y, x) The ASN.1 structure of a ECDSA key is:: (ECParameters, OID, NULL) @type data: L{bytes} @param data: The key data. @type passphrase: L{bytes} or L{None} @param passphrase: The passphrase the key is encrypted with, or L{None} if it is not encrypted. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect @raises EncryptedKeyError: if * a passphrase is not provided for an encrypted key r irXProc-Type: 4,ENCRYPTEDz0Passphrase must be provided for an encrypted keyrD ,zinvalid DEK-info %r)s AES-128-CBCs AES-256-CBC- zAES encrypted key with a bad IVs DES-EDE3-CBCzDES encrypted key with a bad IVzunknown encryption type %rcs"g|]}t||ddqS)rDr)intrniZivdatar1r2rp|sz3Key._fromString_PRIVATE_OPENSSH..Nrqbackendz*Failed to decode key (Bad Passphrase?): %ssECsRSArhz!RSA key failed to decode properlycSsg|] }t|qSr1r"rnvaluer1r1r2rps rerfrRrSrjdmp1dmq1iqmppublic_numberssDSAcSsg|] }t|qSr1rrr1r1r2rpsz!DSA key failed to decode properlyrQrUrmrunknown key type %s)(strip splitlinesrzr3r|rstrip ValueErrorr+rZAESrlen TripleDESbytes bytearrayrangerdigestr{joinrrCBCr decryptorupdatefinalizeord berDecoderdecoderrr RSAPrivateNumbersr\ private_keyr DSAPrivateNumbersr^r_)r=rLr@linesZkind_Z cipherIVInfoZcipherZalgorithmClasskeySizeivbabbZdecKeyb64DatarkeyDataZ removeLenZ decodedKeyrerfrjrRrSrrrrTrVrmr1rr2_fromString_PRIVATE_OPENSSH:s&               zKey._fromString_PRIVATE_OPENSSHcCstt|dd}|ddks&ti}|dddD] \}}tt|d||<q:|dddkr|j|d|d|d |d d S|ddd kr|j|d |ddSt d|ddfdS)a Return a public key corresponding to this LSH public key string. The LSH public key string format is:: , ()+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown rXrr public-keyNdsaygpqrVrTrRrSrsa-pkcs1-sha1nerfreunknown lsh key type %s) rparser{AssertionErrorrr[NSrtrsr+r=rLZsexpZkdnamer1r1r2_fromString_PUBLIC_LSHszKey._fromString_PUBLIC_LSHcCs6t|}|ddksti}|dddD] \}}tt|d||<q.|dddkrt|dksxtt||j|d|d|d |d |d d S|ddd krt|dkstt||d |d kr|d |d |d <|d <|j|d|d|d|d |d dSt d|ddfdS)a+ Return a private key corresponding to this LSH private key string. The LSH private key string format is:: , (, )+))> The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x. @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type is unknown r private-keyrXNrrkrrrrxrl rsa-pkcs1rrrdrir) rrrrr[rrrtrsr+rr1r1r2_fromString_PRIVATE_LSHs4 zKey._fromString_PRIVATE_LSHc Cst|\}}|dkrpt|\}}t|\}}t|\}}t|\}}t|\}}|j|||||dS|dkrt|\}}t|\} }t|\} }t|\} }t|\}}t|\}}|j| || ||| dStd|fdS)a Return a private key object corresponsing to the Secure Shell Key Agent v3 format. The SSH Key Agent v3 format for a RSA key is:: string 'ssh-rsa' integer e integer d integer n integer u integer p integer q The SSH Key Agent v3 format for a DSA key is:: string 'ssh-dss' integer p integer q integer g integer y integer x @type data: L{bytes} @param data: The key data. @return: A new key. @rtype: L{twisted.conch.ssh.keys.Key} @raises BadKeyError: if the key type (the first string) is unknown rOrlrNrfrerjrRrSrxrN)rrZr[rtrsr+) r=rLrcrRrSrTrVrmrerjrfrxr1r1r2_fromString_AGENTV3s"zKey._fromString_AGENTV3cCs|ds|drdS|dr&dS|dr4dS|drBd S|d sV|d rt|\}}d }|r|d 7}t|\}}qh|dkrdSdSdS)z Guess the type of key in data. The types map to _fromString_* methods. @type data: L{bytes} @param data: The key data. sssh- ecdsa-sha2-Zpublic_opensshs -----BEGINZprivate_openssh{Z public_lsh(Z private_lshsssh-s ecdsa-rrXrPZagentv3rbN)rzrrZr[)r=rLZignoredrdcountr1r1r2rG6s"    zKey._guessStringTypec Cshtj||d}|dkr$|t}nd|ddf}nd|ddf}t|D]4\}}tr|dkr|d|f7}q\|d ||f7}q\|d Sd t||rd pd |jj fg}t|D]\}}| d|ft |dd}|r|dd}|dd}d} t |D]} | dt| f} q$t|dkrX| dd} | d| qq|dd|d<d|SdS)z@ Return a pretty representation of this object. ECrorCz$ z<%s %s (%s bits)z Public Keyz Private Keyzattr %s:rPz%02x:r > )r?rLrisPublicsorteditemsr&r$rkey_sizeappendrMPr!rrr) rrLroutkvrZbymocr1r1r2__repr__s>       z Key.__repr__cCst|jtjtjtjfS)zl Check if this instance is a public key. @return: C{True} if this is a public key. )rErr RSAPublicKeyr DSAPublicKeyr EllipticCurvePublicKeyrr1r1r2rsz Key.isPubliccCs|r |St|jSdS)z Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. @rtype: L{Key} @return: A public key. N)rr8rr]rr1r1r2publics z Key.publiccCsh|tjkr$ttt|S|tjkrVtd ddt t |DSt d|fdS)aO The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include L{FingerprintFormats.MD5_HEX} and L{FingerprintFormats.SHA256_BASE64} The input to the algorithm is the public key data as specified by [RFC4253]. The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: C{US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=} The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: C{c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87} @param format: Format for fingerprint generation. Consists hash function and representation format. Default is L{FingerprintFormats.MD5_HEX} @since: 8.2 @return: the user presentation of this L{Key}'s fingerprint, as a string. @rtype: L{str} :cSsg|]}t|qSr1)binasciiZhexlifyrnrmr1r1r2rp?sz#Key.fingerprint..z"Unsupported fingerprint format: %sN) r5r7r$base64Z b64encoderrbrr6rr!rr4)rformatr1r1r2 fingerprints   zKey.fingerprintcCs\t|jtjtjfrdSt|jtjtjfr0dSt|jtj tj frHdSt d|jfdS)z Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'. @rtype: L{str} @raises RuntimeError: If the object type is unknown. RSADSArzunknown type of object: %rN) rErr r RSAPrivateKeyr r DSAPrivateKeyr rEllipticCurvePrivateKey RuntimeErrorrr1r1r2r?Es$    zKey.typecCs:|dkr$dt|jjjdSddd|SdS)aK Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'. identifier is the standard NIST curve name @return: The key type format. @rtype: L{bytes} rrasciirNrO)rrN)r? _secToNistrrorrFrr1r1r2sshTypeZs z Key.sshTypecCs,|jdkrdS|dkr$|jjjS|jjS)zv Return the size of the object we wrap. @return: The size of the key. @rtype: L{int} Nrr)rr?rorrr1r1r2sizejs    zKey.sizec CsVt|jtjr&|j}|j|jdSt|jtjrj|j}|jj|jj|j |j |j t |j |j dSt|jt jr|j}|j|jj|jj |jj dSt|jt jr|j}|j|jj|jjj|jjj |jjj dSt|jtjr |j}|j|j|dSt|jtjrB|j}|jj|jj|j|dStd|jfdS) z_ Return the values of the public key as a dictionary. @rtype: L{dict} rrr)rmrVrTrRrSr)rmrVrrrozUnexpected key type: %sN)rErr rrrfrerZprivate_numbersrjrRrSrr rrVrWrTrrmr rr rrr)rZnumbersr1r1r2rLwsV       zKey.datacCs|}|}|dkr>tdt|dt|dS|dkrtdt|dt|dt|d t|d S|jjjd d }t|d t|d ddtdt |d|t |d |SdS)aG Return the public key blob for this key. The blob is the over-the-wire format for public keys. SECSH-TRANS RFC 4253 Section 6.6. RSA keys:: string 'ssh-rsa' integer e integer n DSA keys:: string 'ssh-dss' integer p integer q integer g integer y EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name @rtype: L{bytes} rrNrerfrrOrRrSrTrVrroiNrm) r?rLrrrrrorrr)rr?rLZ byteLengthr1r1r2rbs(    "zKey.blobcCs |}|}|dkrvtdt|dt|dt|dt|dt|dt|dS|d krtd t|dt|dt|d t|d t|d St|dt|d t|d t|dSdS)a Return the private key blob for this key. The blob is the over-the-wire format for private keys: Specification in OpenSSH PROTOCOL.agent RSA keys:: string 'ssh-rsa' integer n integer e integer d integer u integer p integer q DSA keys:: string 'ssh-dss' integer p integer q integer g integer y integer x EC keys:: string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name. rrNrfrerjrxrRrSrrOrTrVrmrorrN)r?rLrrr)rr?rLr1r1r2 privateBlobs:            zKey.privateBlobcCs^t|tr|d}t|d|fd}|dkr@td|f|jjdkrT||S|SdS)a Create a string representation of this key. If the key is a private key and you want the representation of its public key, use C{key.public().toString()}. type maps to a _toString_* method. @param type: The type of string to emit. Currently supported values are C{'OPENSSH'}, C{'LSH'}, and C{'AGENTV3'}. @type type: L{str} @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. @type extra: L{bytes} or L{unicode} or L{None} @rtype: L{bytes} rCz _toString_%sNzunknown key type: %srD)rEr%rFrHrIr+rJrK)rr?extrarMr1r1r2toString s   z Key.toStringc s|}|r~|dkrF|s$d}|jtjjtjjd| St |  dd|sbd}| dd| S|dkr|st}n t|}|jtjjtjj|Sdd|ddfg}|dkr6|d |d }}d |d |d |d|||d|d|d|d|df }n$d |d |d |d|d|df}t}tt|D]\} } || t| qpt|} |rrtd} dddt | D} | d} |!d|!d| dt"|| #}t"||| #}||dd}dt$| d}| t%||d7} t&t'(|t)*| t+d,}|-| |.} t |  dd|fddt/d t$dD7}|!dd|ddfd|SdS) a Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromString_PRIVATE_OPENSSH for the string formats. If extra is present, it represents a comment for a public key, or a passphrase for a private key. @param extra: Comment for a public key or passphrase for a private key @type extra: L{bytes} @rtype: L{bytes} rrr s -----BEGIN r s PRIVATE KEY-----rrRrSrrfrerjrXrxrTrVrmrrcSsg|]}dt|fqS)z%02X)rrr1r1r2rpcsz)Key._toString_OPENSSH..rsDEK-Info: DES-EDE3-CBC,Nrrcsg|]}||dqS)@r1rrr1r2rpvsrs -----END )0rLrr?rZ public_bytesr EncodingZOpenSSHZ PublicFormatr encodebytesrbreplacer  NoEncryptionZBestAvailableEncryption private_bytesPEM PrivateFormatTraditionalOpenSSLrrFrSequencer# itertoolsrZsetComponentByPositionZInteger berEncoderr Z secureRandomr!rrrrchrrrrrrr encryptorrrr)rrrLr!rrRrSZobjDataZ asn1SequenceindexrZasn1DatarZhexivrrZencKeyZpadLenr1rr2_toString_OPENSSH)s          "zKey._toString_OPENSSHcCs|}|}|r|dkrftdddt|dddgdt|d ddgggg}n|d krtdd d t|d ddgdt|dddgdt|dddgdt|dddgggg}ntd|fdt| dddS|dkr|d |d}}tdddt|dddgdt|d ddgdt|dddgd t|ddgdt|ddgdt|d|dddgdt|d|dddgd t|d!ddgg ggS|d krtdd d t|d ddgdt|dddgdt|dddgdt|dddgd"t|d#ddggggStd$|fdS)%z Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. @rtype: L{bytes} rrrrrfrPNrrerrrrRrrSrrTrrVrrrr}rrrrjarXbcrxrrmzunknown key type %s') rLr?rrZpackrrr+rr)rrLr?rrRrSr1r1r2 _toString_LSH{sp     zKey._toString_LSHcCs|}|s|dkrF|d|d|d|d|d|df}n.|dkrt|d|d|d |d |d f}t|d ttj|Sd S)z Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. @rtype: L{bytes} rrerjrfrxrRrSrrTrVrmrN) rLrr?rrr rmapr)rrLvaluesr1r1r2_toString_AGENTV3s  zKey._toString_AGENTV3cCs|}|dkr6|j|tt}t|}n>|dkrx|j|t}t |\}}tt |dt |d}n|dkrt| }|dkrt }n|dkrt }nt}|j|t|} t | \}}t |} t |} t| dtkrt| d} n| d} | d@r d | } t| dtkr@t| d} n| d} | d@rZd | } tt| t| }t||S) z Sign some data with this key. SECSH-TRANS RFC 4253 Section 6.6. @type data: L{bytes} @param data: The data to sign. @rtype: L{bytes} @return: A signature for the given data. rrrr)r?rsignr PKCS1v15rSHA1rrrrr SHA256SHA384SHA512r ECDSAstrrr )rrLrcZsigZretrsrhashSize signaturer9ZsbZrcompZscompr1r1r2r1s>        zKey.signcCst|dkrdt|}}nt|\}}||krsZ             z Key.verify)NN)NN)NNNN)N)N)N)'r-r.r/r0 classmethodrBr;rgryr}rrrrrGrsrtrwrrrrrrr5r6rr?r r rLrbrrr#r(r+r1r>r1r1r1r2r8js^  ) : 6    # 0  , "    ) ( ;,/ R4?r8c Cs|jdd|sPtjd|td}|jtjj tj j t d}| ||d,}tj|dtd}t|W5QRSQRXdS) a This function returns a persistent L{Key}. The key is loaded from a PEM file in C{location}. If it does not exist, a key with the key size of C{keySize} is generated and saved. @param location: Where the key is stored. @type location: L{twisted.python.filepath.FilePath} @param keySize: The size of the key, if it needs to be generated. @type keySize: L{int} @returns: A persistent key. @rtype: L{Key} T)ZignoreExistingDirectoryi)Zpublic_exponentrr)encodingrZencryption_algorithmr9N)Zpasswordr)parentmakedirsexistsr Zgenerate_private_keyrrr rrrrrZ setContentr:rr<r8)locationrZ privateKeyZpemZkeyFiler1r1r2_getPersistentRSAKeyFs(  rG)rA)Qr0Z __future__rrrrZhashlibrrrZcryptography.exceptionsrZcryptography.hazmat.backendsrZcryptography.hazmat.primitivesrr Z)cryptography.hazmat.primitives.asymmetricr r r r Z,cryptography.hazmat.primitives.serializationrrZ cryptographyrZ/cryptography.hazmat.primitives.asymmetric.utilsrr ImportErrorrrZ&cryptography.hazmat.primitives.ciphersrrrZ pyasn1.errorrZ pyasn1.typerZpyasn1.codec.berrrrrZtwisted.conch.sshrrZtwisted.conch.ssh.commonrrZtwisted.pythonr Ztwisted.python.compatr!r"r#r$r%r&r'r{r(rZtwisted.python.constantsr)r*Z SECP256R1Z SECP384R1Z SECP521R1r`r  Exceptionr+r3r4r5objectr8rGr1r1r1r2s`        (  e