# This file is dual licensed under the terms of the Apache License, Version
# 2.0, and the BSD License. See the LICENSE file in the root of this repository
# for complete details.
from __future__ import absolute_import, division, print_function
from cryptography import x509
from cryptography.hazmat.backends import _get_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import dsa, ec, rsa
def load_key_and_certificates(data, password, backend=None):
backend = _get_backend(backend)
return backend.load_key_and_certificates_from_pkcs12(data, password)
def serialize_key_and_certificates(name, key, cert, cas, encryption_algorithm):
if key is not None and not isinstance(
key,
(
rsa.RSAPrivateKeyWithSerialization,
dsa.DSAPrivateKeyWithSerialization,
ec.EllipticCurvePrivateKeyWithSerialization,
),
):
raise TypeError("Key must be RSA, DSA, or EllipticCurve private key.")
if cert is not None and not isinstance(cert, x509.Certificate):
raise TypeError("cert must be a certificate")
if cas is not None:
cas = list(cas)
if not all(isinstance(val, x509.Certificate) for val in cas):
raise TypeError("all values in cas must be certificates")
if not isinstance(
encryption_algorithm, serialization.KeySerializationEncryption
):
raise TypeError(
"Key encryption algorithm must be a "
"KeySerializationEncryption instance"
)
if key is None and cert is None and not cas:
raise ValueError("You must supply at least one of key, cert, or cas")
backend = _get_backend(None)
return backend.serialize_key_and_certificates_to_pkcs12(
name, key, cert, cas, encryption_algorithm
)