B \Úæ`ÿxã@stddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z ddl mZddlmZmZmZGdd „d eƒZd d „Zd d „Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„ZGdd„deƒZdd„Zdd„Zd d!„Z d"d#„Z!d$d%„Z"d&d'„Z#d(d)„Z$d*d+„Z%d,d-„Z&d.d/„Z'd0d1„Z(d2d3„Z)d4d5„Z*d6d7„Z+dZ,d8Z-d9d:„Z.d;d<„Z/d=d>„Z0d?d@„Z1dAdB„Z2e j3j4e j3j5e j3j6e j3j7e j3j8e j3j9e j3j:e j3j;e j3je j3j4de j3j5d8e j3j6dDe j3j7dEe j3j8dFe j3j9dGe j3j:dHe j3j;dIe j3jKsz$_decode_x509_name..) rZX509_NAME_entry_countÚrangeZX509_NAME_get_entryr'Z Cryptography_X509_NAME_ENTRY_setÚappendÚsetÚaddrÚName) rZ x509_nameÚcountÚ attributesZ prev_set_idÚxÚentryZ attributeZset_idrrrÚ_decode_x509_name<s   r5cCsV|j |¡}g}x@t|ƒD]4}|j ||¡}| ||jjk¡| t||ƒ¡qW|S)N) rZsk_GENERAL_NAME_numr,Zsk_GENERAL_NAME_valuerrr r-Ú_decode_general_name)rÚgnsÚnumÚnamesÚiÚgnrrrÚ_decode_general_namesNs r<c Cs|j|jjkr.t||jjƒ d¡}tj  |¡S|j|jj kr\t||jj ƒ d¡}tj   |¡S|j|jj krˆt||jjƒ}t t |¡¡S|j|jjkrbt||jjƒ}t|ƒ}|dksÀ|dkrNt |d|d…¡}t ||dd…¡}tt|ƒƒdd…}| d¡}|dkrt|ƒ}d||d…kr6tdƒ‚t |jd  |¡¡} n t |¡} t | ¡S|j|jjkr†t  t!||jj"ƒ¡S|j|jj#kr¶t||jj$ƒ d¡}tj%  |¡S|j|jj&krøt||jj'j(ƒ} t)||jj'j*ƒ} t +t | ¡| ¡St ,d  tj- .|j|j¡¡|j¡‚dS) NÚutf8éé éÚ0r(Ú1zInvalid netmaskz/{0}z{0} is not a supported type)/r"rZGEN_DNSÚ_asn1_string_to_bytesÚdZdNSNamerrZDNSNameZ_init_without_validationZGEN_URIZuniformResourceIdentifierZUniformResourceIdentifierZGEN_RIDrZ registeredIDZ RegisteredIDr#Z GEN_IPADDZ iPAddressÚlenÚ ipaddressZ ip_addressÚbinÚintÚfindÚ ValueErrorZ ip_networkZexplodedÚformatZ IPAddressZ GEN_DIRNAMEZ DirectoryNamer5Z directoryNameZ GEN_EMAILZ rfc822NameZ RFC822NameZ GEN_OTHERNAMEZ otherNameÚtype_idÚ _asn1_to_derr%Z OtherNameZUnsupportedGeneralNameTypeZ_GENERAL_NAMESÚget) rr;r$r&Zdata_lenÚbaseZnetmaskÚbitsÚprefixZiprLr%rrrr6YsP        r6cCst ¡S)N)rZ OCSPNoCheck)rÚextrrrÚ_decode_ocsp_no_check§srScCs0|j d|¡}|j ||jj¡}t t||ƒ¡S)NzASN1_INTEGER *)rÚcastÚgcrÚASN1_INTEGER_freerZ CRLNumberÚ_asn1_integer_to_int)rrRÚasn1_intrrrÚ_decode_crl_number«srYcCs0|j d|¡}|j ||jj¡}t t||ƒ¡S)NzASN1_INTEGER *)rrTrUrrVrZDeltaCRLIndicatorrW)rrRrXrrrÚ_decode_delta_crl_indicator±srZc@seZdZdd„Zdd„ZdS)Ú_X509ExtensionParsercCs||_||_||_dS)N)Ú ext_countÚget_extÚhandlers)Úselfr\r]r^rrrÚ__init__¸sz_X509ExtensionParser.__init__c CsÈg}tƒ}x°t| ||¡ƒD]š}| |||¡}| ||jjk¡|j |¡}|dk}t   t ||j  |¡ƒ¡} | |krŠt   d | ¡| ¡‚| tjkrä|j |¡} t t|| ƒ¡} t  dd„| Dƒ¡} | t  | || ¡¡| | ¡qy|j| } Wnntk r`|j |¡} | | |jjk¡|j | j| j¡dd…}t  | |¡}| t  | ||¡¡YnPX|j |¡}||jjkr’|  ¡t!d | ¡ƒ‚| ||ƒ} | t  | || ¡¡| | ¡qWt  "|¡S)NrzDuplicate {0} extension foundcSsg|]}t|j‘qSr)rZnative)r*r3rrrú Ôsz._X509ExtensionParser.parse..z0The {0} extension is invalid and can't be parsed)#r.r,r\r]rrr rZX509_EXTENSION_get_criticalrr#rZX509_EXTENSION_get_objectZDuplicateExtensionrKr Z TLS_FEATUREZX509_EXTENSION_get_datar ÚloadrCZ TLSFeaturer-Z Extensionr/r^ÚKeyErrorrr$ÚlengthZUnrecognizedExtensionZX509V3_EXT_d2iZ_consume_errorsrJZ Extensions)r_rZx509_objÚ extensionsZ seen_oidsr:rRZcritZcriticalr&r$Zparsedr%ZhandlerZderZ unrecognizedZext_datarrrÚparse½sN        z_X509ExtensionParser.parseN)rrrr`rfrrrrr[·sr[cCs.|j d|¡}|j ||jj¡}|j |¡}g}xòt|ƒD]æ}d}|j ||¡}t  t ||j ƒ¡}|j |jj kr|j |j ¡}g}xˆt|ƒD]|} |j |j | ¡} t  t || jƒ¡} | tjkrò|j | jjj| jjj¡dd… d¡} | | ¡qŽt|| jjƒ} | | ¡qŽW| t ||¡¡q:Wt |¡S)Nz"Cryptography_STACK_OF_POLICYINFO *Úascii)rrTrUrZCERTIFICATEPOLICIES_freeZsk_POLICYINFO_numr,Zsk_POLICYINFO_valuerr#rZpolicyidÚ qualifiersr Zsk_POLICYQUALINFO_numZsk_POLICYQUALINFO_valueÚpqualidr Z CPS_QUALIFIERrrDÚcpsurir$rdrr-Ú_decode_user_noticeZ usernoticeZPolicyInformationZCertificatePolicies)rZcpr8Zcertificate_policiesr:rhZpir&ZqnumÚjZpqirirjZ user_noticerrrÚ_decode_certificate_policiesös6     rmc Cs¢d}d}|j|jjkr"t||jƒ}|j|jjkr–t||jjƒ}|j |jj¡}g}x6t |ƒD]*}|j  |jj|¡}t ||ƒ} |  | ¡q\Wt  ||¡}t  ||¡S)N)Zexptextrr r!Z noticerefÚ organizationrZsk_ASN1_INTEGER_numZ noticenosr,Zsk_ASN1_INTEGER_valuerWr-rZNoticeReferenceZ UserNotice) rZunZ explicit_textZnotice_referencernr8Znotice_numbersr:rXZ notice_numrrrrks$     rkcCsB|j d|¡}|j ||jj¡}|jdk}t||jƒ}t  ||¡S)NzBASIC_CONSTRAINTS *éÿ) rrTrUrZBASIC_CONSTRAINTS_freeÚcaÚ_asn1_integer_to_int_or_noneZpathlenrZBasicConstraints)rZbc_stZbasic_constraintsrpZ path_lengthrrrÚ_decode_basic_constraints;s   rrcCs@|j d|¡}|j ||jj¡}t |j |j|j ¡dd…¡S)NzASN1_OCTET_STRING *) rrTrUrZASN1_OCTET_STRING_freerZSubjectKeyIdentifierrr$rd)rÚ asn1_stringrrrÚ_decode_subject_key_identifierKs  rtcCsˆ|j d|¡}|j ||jj¡}d}d}|j|jjkrT|j |jj|jj ¡dd…}|j |jjkrnt ||j ƒ}t ||j ƒ}t |||¡S)NzAUTHORITY_KEYID *)rrTrUrZAUTHORITY_KEYID_freeZkeyidr rr$rdZissuerr<rqÚserialrZAuthorityKeyIdentifier)rZakidZkey_identifierZauthority_cert_issuerZauthority_cert_serial_numberrrrÚ _decode_authority_key_identifierUs  rvcCs²|j d|¡}|j ||jj¡}|j |¡}g}xvt|ƒD]j}|j ||¡}| |j |jj k¡t   t ||j ƒ¡}| |j|jj k¡t||jƒ}| t  ||¡¡q:Wt  |¡S)Nz*Cryptography_STACK_OF_ACCESS_DESCRIPTION *)rrTrUrZsk_ACCESS_DESCRIPTION_freeZsk_ACCESS_DESCRIPTION_numr,Zsk_ACCESS_DESCRIPTION_valuerÚmethodr rr#rÚlocationr6r-ZAccessDescriptionZAuthorityInformationAccess)rZaiar8Zaccess_descriptionsr:Zadr&r;rrrÚ$_decode_authority_information_accessns  ryc CsÀ|j d|¡}|j ||jj¡}|jj}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk} ||d ƒdk} ||d ƒdk} t ||||||| | | ¡ S) NzASN1_BIT_STRING *rrr@ééééér>)rrTrUrZASN1_BIT_STRING_freeÚASN1_BIT_STRING_get_bitrZKeyUsage) rZ bit_stringÚget_bitZdigital_signatureZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_onlyrrrÚ_decode_key_usage~s,rcCs.|j d|¡}|j ||jj¡}t||ƒ}|S)NzGENERAL_NAMES *)rrTrUrÚGENERAL_NAMES_freer<)rr7Ú general_namesrrrÚ_decode_general_names_extension˜s r„cCst t||ƒ¡S)N)rZSubjectAlternativeNamer„)rrRrrrÚ_decode_subject_alt_nameŸsr…cCst t||ƒ¡S)N)rZIssuerAlternativeNamer„)rrRrrrÚ_decode_issuer_alt_name¥sr†cCsF|j d|¡}|j ||jj¡}t||jƒ}t||jƒ}tj ||dS)NzNAME_CONSTRAINTS *)Zpermitted_subtreesZexcluded_subtrees) rrTrUrZNAME_CONSTRAINTS_freeÚ_decode_general_subtreesZpermittedSubtreesZexcludedSubtreesrZNameConstraints)rZncZ permittedZexcludedrrrÚ_decode_name_constraints«s   rˆcCsl||jjkrdS|j |¡}g}xFt|ƒD]:}|j ||¡}| ||jjk¡t||jƒ}|  |¡q*W|S)N) rr rZsk_GENERAL_SUBTREE_numr,Zsk_GENERAL_SUBTREE_valuerr6rOr-)rZstack_subtreesr8Zsubtreesr:rÚnamerrrr‡µs   r‡cCsD|j d|¡}|j ||jj¡}t||jƒ}t||jƒ}t  ||¡S)NzPOLICY_CONSTRAINTS *) rrTrUrZPOLICY_CONSTRAINTS_freerqZrequireExplicitPolicyZinhibitPolicyMappingrZPolicyConstraints)rZpcZrequire_explicit_policyZinhibit_policy_mappingrrrÚ_decode_policy_constraintsÅs  rŠcCs†|j d|¡}|j ||jj¡}|j |¡}g}xJt|ƒD]>}|j ||¡}| ||jj k¡t   t ||ƒ¡}|  |¡q:Wt  |¡S)Nz#Cryptography_STACK_OF_ASN1_OBJECT *)rrTrUrZsk_ASN1_OBJECT_freeZsk_ASN1_OBJECT_numr,Zsk_ASN1_OBJECT_valuerr rr#rr-ZExtendedKeyUsage)rZskr8Zekusr:rr&rrrÚ_decode_extended_key_usageÕs r‹rc Cs.|j d|¡}|j ||jj¡}|j |¡}g}xöt|ƒD]è}d}d}d}d}|j ||¡} | j|jj krZg}|jj } | | jdƒr–|  t j j¡| | jdƒr°|  t j j¡| | jdƒrÊ|  t j j¡| | jdƒrä|  t j j¡| | jdƒrþ|  t j j¡| | jdƒr|  t j j¡| | jdƒr6|  t j j¡| | jd ƒrR|  t j j¡t|ƒ}| j|jj krvt|| jƒ}| j|jj kr| jjtkr¦t|| jjjƒ}nj| jjj} |j | ¡} t ƒ} xBt| ƒD]6}|j !| |¡}| "||jj k¡|  #t$||ƒ¡qÌWt  %| ¡}|  t  &||||¡¡q)'rrTrUrZCRL_DIST_POINTS_freeZsk_DIST_POINT_numr,Zsk_DIST_POINT_valueÚreasonsr rr-rÚ ReasonFlagsÚkey_compromiseÚ ca_compromiseÚaffiliation_changedÚ supersededÚcessation_of_operationÚcertificate_holdÚprivilege_withdrawnÚ aa_compromiseÚ frozensetZ CRLissuerr<Z distpointr"Ú_DISTPOINT_TYPE_FULLNAMEr‰ÚfullnameZ relativenameZsk_X509_NAME_ENTRY_numr.Zsk_X509_NAME_ENTRY_valuerr/r'r)ZDistributionPoint)rÚcdpsr8Ú dist_pointsr:Z full_nameZ relative_nameZ crl_issuerrŒZcdpr€ZrnsZrnumr2ZrnrrrÚ_decode_dist_pointsèsd           r›cCst||ƒ}t |¡S)N)r›rZCRLDistributionPoints)rr™ršrrrÚ_decode_crl_distribution_pointsFs rœcCst||ƒ}t |¡S)N)r›rZ FreshestCRL)rr™ršrrrÚ_decode_freshest_crlKs rcCs4|j d|¡}|j ||jj¡}t||ƒ}t |¡S)NzASN1_INTEGER *)rrTrUrrVrWrZInhibitAnyPolicy)rrXZ skip_certsrrrÚ_decode_inhibit_any_policyPs ržcCstddlm}|j d|¡}|j ||jj¡}g}x8t|j |¡ƒD]$}|j  ||¡}|  ||||ƒ¡qBWt   |¡S)Nr)Ú_SignedCertificateTimestampzCryptography_STACK_OF_SCT *) Z)cryptography.hazmat.backends.openssl.x509rŸrrTrUrZ SCT_LIST_freer,Z sk_SCT_numZ sk_SCT_valuer-rZ)PrecertificateSignedCertificateTimestamps)rZ asn1_sctsrŸZsctsr:ZsctrrrÚ-_decode_precert_signed_certificate_timestampsWs r ) rrr@rzr{r|r}r>é é r@rzr{r|r}r>r¡r¢cCsb|j d|¡}|j ||jj¡}|j |¡}yt t|¡St k r\t d  |¡ƒ‚YnXdS)NzASN1_ENUMERATED *zUnsupported reason code: {0}) rrTrUrZASN1_ENUMERATED_freeZASN1_ENUMERATED_getrZ CRLReasonÚ_CRL_ENTRY_REASON_CODE_TO_ENUMrcrJrK)rÚenumÚcoderrrÚ_decode_crl_reasonŽs r¦cCs0|j d|¡}|j ||jj¡}t t||ƒ¡S)NzASN1_GENERALIZEDTIME *)rrTrUrÚASN1_GENERALIZEDTIME_freerZInvalidityDateÚ_parse_asn1_generalized_time)rZinv_dateÚgeneralized_timerrrÚ_decode_invalidity_date™s  rªcCs4|j d|¡}|j ||jj¡}t||ƒ}t |¡S)NzGENERAL_NAMES *)rrTrUrr‚r<rZCertificateIssuer)rr7rƒrrrÚ_decode_cert_issuer¥s r«csnˆj d¡}ˆj ||¡}ˆ |dk¡ˆ |dˆjjk¡ˆj |‡fdd„¡}ˆj |d|¡dd…S)Nzunsigned char **rcsˆj |d¡S)Nr)rÚ OPENSSL_free)r)rrrÚ²óz_asn1_to_der..)rrrZ i2d_ASN1_TYPErr rUr)rZ asn1_typerrr)rrrM¬s rMcCs@|j ||jj¡}| ||jjk¡|j ||jj¡}| |¡S)N)rZASN1_INTEGER_to_BNrr rrUZBN_freeZ _bn_to_int)rrXZbnrrrrW·srWcCs||jjkrdSt||ƒSdS)N)rr rW)rrXrrrrq¾s rqcCs|j |j|j¡dd…S)N)rrr$rd)rrsrrrrCÅsrCcCst||ƒ d¡S)Nrg)rCr)rrsrrrÚ_asn1_string_to_asciiÉsr¯cs~ˆj d¡}ˆj ||¡}|dkr2td |j¡ƒ‚ˆ |dˆjjk¡ˆj  |‡fdd„¡}ˆj  |d|¡dd…  d¡S)Nzunsigned char **r(z'Unsupported ASN1 string type. Type: {0}rcsˆj |d¡S)Nr)rr¬)r)rrrr­×r®z&_asn1_string_to_utf8..r=) rrrZASN1_STRING_to_UTF8rJrKr"rr rUrr)rrsrrr)rrr!Ís r!cCs`| ||jjk¡|j ||jj¡}||jjkrDtd t||ƒ¡ƒ‚|j ||jj ¡}t ||ƒS)Nz1Couldn't parse ASN.1 time as generalizedtime {!r}) rrr rZASN1_TIME_to_generalizedtimerJrKrCrUr§r¨)rZ asn1_timer©rrrÚ_parse_asn1_timeÜs   r°cCs"t||j d|¡ƒ}tj |d¡S)Nz ASN1_STRING *z %Y%m%d%H%M%SZ)r¯rrTÚdatetimeZstrptime)rr©Ztimerrrr¨îsr¨cCs |j |¡S)N)rÚX509_get_ext_count)rr3rrrr­r®r­cCs|j ||¡S)N)rÚ X509_get_ext)rr3r:rrrr­ r®)r\r]r^cCs |j |¡S)N)rr²)rr3rrrr­%r®cCs|j ||¡S)N)rr³)rr3r:rrrr­&r®cCs |j |¡S)N)rZsk_X509_EXTENSION_num)rr3rrrr­+r®cCs|j ||¡S)N)rZsk_X509_EXTENSION_value)rr3r:rrrr­,r®cCs |j |¡S)N)rZX509_REVOKED_get_ext_count)rr3rrrr­1r®cCs|j ||¡S)N)rZX509_REVOKED_get_ext)rr3r:rrrr­2r®cCs |j |¡S)N)rZX509_CRL_get_ext_count)rr3rrrr­7r®cCs|j ||¡S)N)rZX509_CRL_get_ext)rr3r:rrrr­8r®)jZ __future__rrrr±rFZasn1crypto.corerrZ cryptographyrZcryptography.x509.extensionsrZcryptography.x509.namer Zcryptography.x509.oidr r r r rr'r5r<r6rSrYrZÚobjectr[rmrkrrrtrvryrr„r…r†rˆr‡rŠr‹r—Z_DISTPOINT_TYPE_RELATIVENAMEr›rœrržr rZ unspecifiedrŽrrr‘r’r“Zremove_from_crlr”r•r£Z_CRL_ENTRY_REASON_ENUM_TO_CODEr¦rªr«rMrWrqrCr¯r!r°r¨ZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZAUTHORITY_INFORMATION_ACCESSZCERTIFICATE_POLICIESZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZ OCSP_NO_CHECKZINHIBIT_ANY_POLICYZISSUER_ALTERNATIVE_NAMEZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_HANDLERS_NO_SCTÚcopyZ_EXTENSION_HANDLERSZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSZ CRL_REASONZINVALIDITY_DATEZCERTIFICATE_ISSUERZ_REVOKED_EXTENSION_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZ_CRL_EXTENSION_HANDLERSZ$_CERTIFICATE_EXTENSION_PARSER_NO_SCTZ_CERTIFICATE_EXTENSION_PARSERZ_CSR_EXTENSION_PARSERZ%_REVOKED_CERTIFICATE_EXTENSION_PARSERZ_CRL_EXTENSION_PARSERrrrrÚsè     N?'  ^