U Nf@sddlZddlZddlmZmZmZddlZddlmZddl m Z ddl m Z ddl mZmZddlmZddlmZmZmZdd lmZd gZzddlZd ZWnek rdZd ZYnXd ZdZGdd d e ZedddZGdddZ dS)N)ContextManagerListOptional) CLIContext) CLIConfig)SigningCommandPlugin)logger readable_file)ConfigurationError)PKCS11PinEntryModePKCS11SignatureConfig TokenCriteria)Signer PKCS11PluginTFZPYHANKO_PKCS11_PINz7This subcommand requires python-pkcs11 to be installed.c@sNeZdZdZdZeZedddZe e j dddZ e eedd d Zd S) rpkcs11z"use generic PKCS#11 device to sign)returncCstSN)pkcs11_availableselfrK/tmp/pip-unpacked-wheel-fbovo6ns/pyhanko/cli/commands/signing/pkcs11_cli.py is_available(szPKCS11Plugin.is_availablecCstjddtddtjddtddtjddtddtjd d td dd tjd dtddtjdddtddtjdtd ddd ddtjdtdddtjdtddd dg S)N)z--libzpath to PKCS#11 moduleF)helptyperequired)z --token-labelzPKCS#11 token label)z --cert-labelzcertificate label)z--raw-mechanismzinvoke raw PKCS#11 mechanismT)rris_flagr)z --key-labelz key label)z --slot-nozspecify PKCS#11 slot to use)rrrdefault)z--skip-user-pinz7do not prompt for PIN (e.g. if the token has a PIN pad))rZ show_defaultrrrr)z --p11-setupzCname of preconfigured PKCS#11 profile (overrides all other options))rrr)z --other-certz3label of other cert to pull (multiple uses allowed))rrrmultiple)clickOptionr strboolintrrrr click_options+sz zPKCS11Plugin.click_options)contextrcKs t|f|Sr)_pkcs11_signer_context)rr%kwargsrrr create_signeriszPKCS11Plugin.create_signerN)__name__ __module__ __qualname__subcommand_nameZ help_summary UNAVAIL_MSGZunavailable_messager"rrrr r$rrrr(rrrrr#s?)ctxc  Csddlm} |r|j} | dkr(tdzt| |} Wqtk r~} z&d|}tj || dt|W5d} ~ XYqXn>|r|std|rt j nt j }t ||||t|||| d} | j}|dkrtjtd}|r|}| jt j kr |dkr tjdd }| j| |d S) Nr)rz4The --p11-setup option requires a configuration filez#Error while reading PKCS#11 config )exc_infoz3The parameters --lib and --cert-label are required.) module_path cert_label key_labelslot_noZtoken_criteria prompt_pin raw_mechanismZother_certs_to_pullzPKCS#11 user PIN: )prompt)user_pin) pyhanko.signrconfigrZClickExceptionModuleConfigWrapperget_pkcs11_configr rerrorr ZSKIPZPROMPTr r r7osenvirongetP11_PIN_ENV_VARstripr4getpassZPKCS11SigningContext)r.libZ token_labelr1r2r3Z skip_user_pinZ p11_setupr5Z other_certrZ cli_configZ pkcs11_configemsgZ pinentry_modeZpinZpin_envrrrr&osR    r&c@s"eZdZedddZddZdS)r:)r9cCs|j}|di|_dS)Nz pkcs11-setups)Z raw_configr? pkcs11_setups)rr9Z config_dictrrr__init__szModuleConfigWrapper.__init__cCs>z|j|}Wn$tk r2td|dYnXt|S)Nz There's no PKCS#11 setup named '')rFKeyErrorr r Z from_config)rnamesetuprrrr;s z%ModuleConfigWrapper.get_pkcs11_configN)r)r*r+rrGr;rrrrr:sr:)!rBr=typingrrrrZpyhanko.cli._ctxrZpyhanko.cli.configrZpyhanko.cli.plugin_apirZpyhanko.cli.utilsrr Zpyhanko.config.errorsr Zpyhanko.config.pkcs11r r r r8r__all__rr ImportErrorr@r-rr&r:rrrrs.      M A