Avoid module-level imports of oscrypt

minikerberos/pkinit.py

@@ -19,9 +19,6 @@
 from asn1crypto import x509
 from asn1crypto import keys
 
-from oscrypto.keys import parse_pkcs12
-from oscrypto.asymmetric import rsa_pkcs1v15_sign, load_private_key
-
 from minikerberos.protocol.constants import NAME_TYPE, MESSAGE_TYPE, PaDataType
 from minikerberos.protocol.encryption import Enctype, _checksum_table, _enctype_table, Key
 from minikerberos.protocol.structures import AuthenticatorChecksum
@@ -113,6 +110,8 @@ def from_windows_certstore(username, certstore_name = 'MY', cert_serial = None,
 
 	@staticmethod
 	def from_pfx(pfxfile, pfxpass, dh_params = None):
+		from oscrypto.keys import parse_pkcs12
+		from oscrypto.asymmetric import load_private_key
 		pkinit = PKINIT()
 		#print('Loading pfx12')		
 		if isinstance(pfxpass, str):
@@ -330,6 +329,8 @@ def sign_authpack_native(self, data, wrap_signed = False):
 		2. the certificate used to sign the data blob
 		3. the singed 'signed_attrs' structure (ASN1) which points to the "data" structure (in point 1)
 		"""
+
+		from oscrypto.asymmetric import rsa_pkcs1v15_sign
 
 		da = {}
 		da['algorithm'] = algos.DigestAlgorithmId('1.3.14.3.2.26') # for sha1
@@ -456,4 +457,4 @@ def get_metadata(self, target = None):
 		md['Info'] = Info(info)
 		md['1'] = [CertIssuer({'data' : ci.dump()})]
 
-		return MetaData(md).dump()
+		return MetaData(md).dump()