# Copyright 2011 Sybren A. Stüvel # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. """Functions that load and write PEM-encoded files.""" import base64 import typing # Should either be ASCII strings or bytes. FlexiText = typing.Union[str, bytes] def _markers(pem_marker: FlexiText) -> typing.Tuple[bytes, bytes]: """ Returns the start and end PEM markers, as bytes. """ if not isinstance(pem_marker, bytes): pem_marker = pem_marker.encode("ascii") return ( b"-----BEGIN " + pem_marker + b"-----", b"-----END " + pem_marker + b"-----", ) def _pem_lines(contents: bytes, pem_start: bytes, pem_end: bytes) -> typing.Iterator[bytes]: """Generator over PEM lines between pem_start and pem_end.""" in_pem_part = False seen_pem_start = False for line in contents.splitlines(): line = line.strip() # Skip empty lines if not line: continue # Handle start marker if line == pem_start: if in_pem_part: raise ValueError('Seen start marker "%r" twice' % pem_start) in_pem_part = True seen_pem_start = True continue # Skip stuff before first marker if not in_pem_part: continue # Handle end marker if in_pem_part and line == pem_end: in_pem_part = False break # Load fields if b":" in line: continue yield line # Do some sanity checks if not seen_pem_start: raise ValueError('No PEM start marker "%r" found' % pem_start) if in_pem_part: raise ValueError('No PEM end marker "%r" found' % pem_end) def load_pem(contents: FlexiText, pem_marker: FlexiText) -> bytes: """Loads a PEM file. :param contents: the contents of the file to interpret :param pem_marker: the marker of the PEM content, such as 'RSA PRIVATE KEY' when your file has '-----BEGIN RSA PRIVATE KEY-----' and '-----END RSA PRIVATE KEY-----' markers. :return: the base64-decoded content between the start and end markers. @raise ValueError: when the content is invalid, for example when the start marker cannot be found. """ # We want bytes, not text. If it's text, it can be converted to ASCII bytes. if not isinstance(contents, bytes): contents = contents.encode("ascii") (pem_start, pem_end) = _markers(pem_marker) pem_lines = [line for line in _pem_lines(contents, pem_start, pem_end)] # Base64-decode the contents pem = b"".join(pem_lines) return base64.standard_b64decode(pem) def save_pem(contents: bytes, pem_marker: FlexiText) -> bytes: """Saves a PEM file. :param contents: the contents to encode in PEM format :param pem_marker: the marker of the PEM content, such as 'RSA PRIVATE KEY' when your file has '-----BEGIN RSA PRIVATE KEY-----' and '-----END RSA PRIVATE KEY-----' markers. :return: the base64-encoded content between the start and end markers, as bytes. """ (pem_start, pem_end) = _markers(pem_marker) b64 = base64.standard_b64encode(contents).replace(b"\n", b"") pem_lines = [pem_start] for block_start in range(0, len(b64), 64): block = b64[block_start : block_start + 64] pem_lines.append(block) pem_lines.append(pem_end) pem_lines.append(b"") return b"\n".join(pem_lines)