B \Úæ`²Wã@sBddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZddlmZmZdd„Zd d „Zd d „Zd d„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd „Zd!d"„Z d#d$„Z!d%d&„Z"d'd(„Z#d)d*„Z$d+d,„Z%d-d.„Z&d/d0„Z'd1d2„Z(d3d4„Z)d5d6„Z*d7d8„Z+d9d:„Z,d;d<„Z-e j.j/d=e j.j0d>e j.j1d?e j.j2d@e j.j3dAe j.j4dBe j.j5dCe j.j6dDiZ7dEdF„Z8dGdH„Z9dIdJ„Z:dKdL„Z;eje%ej?e*ej@e*ejAe-ejBe&ejCe ejDe(ejEe8ejFe8ejGeejHe$ejIe9ejJe:iZKej@e*ejBe&ejDe(ejLeejMeiZNejOe*ejPeejQeiZRdS)Mé)Úabsolute_importÚdivisionÚprint_functionN)ÚutilsÚx509)Ú_CRL_ENTRY_REASON_ENUM_TO_CODEÚ_DISTPOINT_TYPE_FULLNAMEÚ_DISTPOINT_TYPE_RELATIVENAME)Ú _ASN1Type)ÚCRLEntryExtensionOIDÚ ExtensionOIDcCsD| |¡}|j ||jj¡}|j ||jj¡}| ||jjk¡|S)a Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. )Z _int_to_bnÚ_ffiÚgcÚ_libZBN_freeZBN_to_ASN1_INTEGERÚNULLÚopenssl_assert)ÚbackendÚxÚi©rúc/opt/alt/python37/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyÚ_encode_asn1_ints rcCs t||ƒ}|j ||jj¡}|S)N)rr rrZASN1_INTEGER_free)rrrrrrÚ_encode_asn1_int_gc)s rcCs,|j ¡}|j |||¡}| |dk¡|S)z@ Create an ASN1_OCTET_STRING from a Python byte string. é)rZASN1_OCTET_STRING_newZASN1_OCTET_STRING_setr)rÚdataÚlengthÚsÚresrrrÚ_encode_asn1_str/s rcCs<|j ¡}|j || d¡t| d¡ƒ¡}| |dk¡|S)z³ Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. Úutf8r)rZASN1_UTF8STRING_newÚASN1_STRING_setÚencodeÚlenr)rÚstringrrrrrÚ_encode_asn1_utf8_str9s  r$cCs"t|||ƒ}|j ||jj¡}|S)N)rr rrZASN1_OCTET_STRING_free)rrrrrrrÚ_encode_asn1_str_gcGs r%cCs t||jƒS)N)rZ skip_certs)rZinhibit_any_policyrrrÚ_encode_inhibit_any_policyMsr&cCsp|j ¡}x`|jD]V}d}xL|D]D}t||ƒ}|j ||jj¡}|j ||d|¡}| |dk¡d}q WqW|S)zP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. réÿÿÿÿr) rZ X509_NAME_newZrdnsÚ_encode_name_entryr rZX509_NAME_ENTRY_freeZX509_NAME_add_entryr)rÚnameÚsubjectZrdnZset_flagÚ attributeÚ name_entryrrrrÚ _encode_nameQs       r-cCs t||ƒ}|j ||jj¡}|S)N)r-r rrZX509_NAME_free)rÚ attributesr*rrrÚ_encode_name_gces r/cCsB|j ¡}x2|D]*}t||ƒ}|j ||¡}| |dk¡qW|S)z: The sk_X509_NAME_ENTRY created will not be gc'd. r)rZsk_X509_NAME_ENTRY_new_nullr(Zsk_X509_NAME_ENTRY_pushr)rr.Ústackr+r,rrrrÚ_encode_sk_name_entryks    r1cCsX|jtjkr|j d¡}n |j d¡}t||jjƒ}|j  |j j ||jj|t |ƒ¡}|S)NÚ utf_16_ber) Z_typer Z BMPStringÚvaluer!Ú _txt2obj_gcÚoidÚ dotted_stringrZX509_NAME_ENTRY_create_by_OBJr rr")rr+r3Úobjr,rrrr(ws  r(cCs t||jƒS)N)rZ crl_number)rÚextrrrÚ&_encode_crl_number_delta_crl_indicator…sr9cCsT|j ¡}| ||jjk¡|j ||jj¡}|j |t|j ¡}| |dk¡|S)Nr) rZASN1_ENUMERATED_newrr rrZASN1_ENUMERATED_freeZASN1_ENUMERATED_setrÚreason)rZ crl_reasonZasn1enumrrrrÚ_encode_crl_reason‰s r;cCsF|j |jjt |j ¡¡¡}| ||jjk¡|j  ||jj ¡}|S)N) rZASN1_GENERALIZEDTIME_setr rÚcalendarZtimegmÚinvalidity_dateZ timetuplerrZASN1_GENERALIZEDTIME_free)rr=ZtimerrrÚ_encode_invalidity_date•s  r>c Csª|j ¡}| ||jjk¡|j ||jj¡}xt|D]j}|j ¡}| ||jjk¡|j ||¡}| |dk¡t ||j j ƒ}||_ |j r6|j ¡}| ||jjk¡xð|j D]æ}|j ¡} | | |jjk¡|j || ¡}| |dk¡t|tjƒr.t |tjj ƒ| _t|| d¡t| d¡ƒƒ| j_q²t|tjƒs@t‚t |tjj ƒ| _|j ¡} | | |jjk¡| | j_ |j!rŠt"||j!ƒ| _#t$||j%ƒ| _&q²W||_'q6W|S)NrÚascii)(rZsk_POLICYINFO_new_nullrr rrZsk_POLICYINFO_freeZPOLICYINFO_newZsk_POLICYINFO_pushÚ_txt2objZpolicy_identifierr6ZpolicyidZpolicy_qualifiersZsk_POLICYQUALINFO_new_nullZPOLICYQUALINFO_newZsk_POLICYQUALINFO_pushÚ isinstanceÚsixZ text_typerZOID_CPS_QUALIFIERZpqualidrr!r"ÚdZcpsuriZ UserNoticeÚAssertionErrorZOID_CPS_USER_NOTICEZUSERNOTICE_newZ usernoticeZ explicit_textr$ZexptextÚ_encode_notice_referenceZnotice_referenceZ noticerefZ qualifiers) rZcertificate_policiesZcpZ policy_infoZpirr5ZpqisZ qualifierZpqiZunrrrÚ_encode_certificate_policies¡sL        rFcCsˆ|dkr|jjS|j ¡}| ||jjk¡t||jƒ|_|j ¡}||_x4|j D]*}t ||ƒ}|j  ||¡}| |dk¡qRW|SdS)Nr) r rrZ NOTICEREF_newrr$Z organizationZsk_ASN1_INTEGER_new_nullZ noticenosZnotice_numbersrZsk_ASN1_INTEGER_push)rZnoticeZnrZ notice_stackZnumberZnumrrrrrEÓs    rEcCs.| d¡}|j |d¡}| ||jjk¡|S)z_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. r?r)r!rÚ OBJ_txt2objrr r)rr)r7rrrr@æs r@cCs t||ƒ}|j ||jj¡}|S)N)r@r rrZASN1_OBJECT_free)rr)r7rrrr4ñs r4cCs t|ddƒS)zg The OCSP No Check extension is defined as a null ASN.1 value embedded in an ASN.1 string. sé)r%)rr8rrrÚ_encode_ocsp_nocheck÷srIcCsb|jj}|j ¡}|j ||jj¡}||d|jƒ}| |dk¡||d|jƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡|j r*||d|jƒ}| |dk¡||d |jƒ}| |dk¡n4||ddƒ}| |dk¡||d dƒ}| |dk¡|S) NrrrHéééééé)rÚASN1_BIT_STRING_set_bitÚASN1_BIT_STRING_newr rZASN1_BIT_STRING_freeZdigital_signaturerZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_only)rZ key_usageZset_bitZkurrrrÚ_encode_key_usageÿs6   rRcCs‚|j ¡}| ||jjk¡|j ||jj¡}|jdk rNt||jt |jƒƒ|_ |j dk rft ||j ƒ|_ |jdk r~t||jƒ|_|S)N)rZAUTHORITY_KEYID_newrr rrZAUTHORITY_KEYID_freeZkey_identifierrr"ZkeyidZauthority_cert_issuerÚ_encode_general_namesZissuerZauthority_cert_serial_numberrÚserial)rZauthority_keyidZakidrrrÚ _encode_authority_key_identifiers      rUcCsN|j ¡}|j ||jj¡}|jr&dnd|_|jrJ|jdk rJt||jƒ|_|S)Néÿr) rZBASIC_CONSTRAINTS_newr rZBASIC_CONSTRAINTS_freeZcaZ path_lengthrZpathlen)rZbasic_constraintsZ constraintsrrrÚ_encode_basic_constraints7s   rWcCsŒ|j ¡}| ||jjk¡|j ||jj¡}xX|D]P}|j ¡}t||j j ƒ}t ||j ƒ}||_ ||_|j ||¡}| |dk¡q4W|S)Nr)rZsk_ACCESS_DESCRIPTION_new_nullrr rrZsk_ACCESS_DESCRIPTION_freeZACCESS_DESCRIPTION_newr@Z access_methodr6Ú_encode_general_nameZaccess_locationÚmethodÚlocationZsk_ACCESS_DESCRIPTION_push)rZauthority_info_accessZaiaZaccess_descriptionZadrYÚgnrrrrÚ$_encode_authority_information_accessEs      r\cCsT|j ¡}| ||jjk¡x2|D]*}t||ƒ}|j ||¡}| |dk¡q"W|S)Nr)rZGENERAL_NAMES_newrr rrXZsk_GENERAL_NAME_push)rÚnamesÚ general_namesr)r[rrrrrSYs   rScCs t||ƒ}|j ||jj¡}|S)N)rSr rrZGENERAL_NAMES_free)rZsanr^rrrÚ_encode_alt_nameds  r_cCst||jt|jƒƒS)N)r%Zdigestr")rZskirrrÚ_encode_subject_key_identifierlsr`cCsªt|tjƒrˆ|j ¡}| ||jjk¡|jj|_ |j  ¡}| ||jjk¡|j   d¡}|j  ||t|ƒ¡}| |dk¡||j_nt|tjƒrð|j ¡}| ||jjk¡|jj|_ |j |j j  d¡d¡}| ||jjk¡||j_n¶t|tjƒr<|j ¡}| ||jjk¡t||j ƒ}|jj|_ ||j_njt|tjƒrø|j ¡}| ||jjk¡t|j tjƒr–|j jjt  d|j j!d¡}n|j j!d¡}n|j j}t#||t|ƒƒ} |jj$|_ | |j_%n®t|tj&ƒrä|j ¡}| ||jjk¡|j '¡} | | |jjk¡|j |j(j  d¡d¡} | | |jjk¡|j )d|j ¡} |j )d ¡} | | d <|j *|jj| t|j ƒ¡}||jjkrÄ| +¡t,d ƒ‚| | _(|| _ |jj-|_ | |j_.nÂt|tj/ƒr>|j ¡}| ||jjk¡|j   d¡} t#|| t| ƒƒ}|jj0|_ ||j_1nht|tj2ƒr˜|j ¡}| ||jjk¡|j   d¡} t#|| t| ƒƒ}|jj3|_ ||j_4nt,d  5|¡ƒ‚|S) Nrrr?lrKé€ézunsigned char[]zunsigned char **rzInvalid ASN.1 dataz"{0} is an unknown GeneralName type)6rArZDNSNamerZGENERAL_NAME_newrr rZGEN_DNSÚtypeZASN1_IA5STRING_newr3r!r r"rCZdNSNameZ RegisteredIDZGEN_RIDrGr6Z registeredIDZ DirectoryNamer-Z GEN_DIRNAMEZ directoryNameZ IPAddressÚ ipaddressZ IPv4NetworkZnetwork_addressÚpackedrZ int_to_bytesZ num_addressesZ IPv6NetworkrZ GEN_IPADDZ iPAddressZ OtherNameZ OTHERNAME_newÚtype_idÚnewZ d2i_ASN1_TYPEZ_consume_errorsÚ ValueErrorZ GEN_OTHERNAMEZ otherNameZ RFC822NameZ GEN_EMAILZ rfc822NameZUniformResourceIdentifierZGEN_URIZuniformResourceIdentifierÚformat)rr)r[Zia5r3rr7Zdir_namereZipaddrZ other_namerfrZ data_ptr_ptrZasn1_strrrrrXps”                               rXcCsV|j ¡}|j ||jj¡}x4|D],}t||jƒ}|j ||¡}| |dk¡q"W|S)Nr) rZsk_ASN1_OBJECT_new_nullr rZsk_ASN1_OBJECT_freer@r6Zsk_ASN1_OBJECT_pushr)rZextended_key_usageZekur5r7rrrrÚ_encode_extended_key_usageÑs   rjrrHrJrKrLrMrNrOc Csn|j ¡}|j ||jj¡}xJ|D]@}|j ¡}| ||jjk¡|jr |j  ¡}| ||jjk¡||_x0|jD]&}|j  |t |d¡}| |dk¡qvW|j rÞ|j  ¡}| ||jjk¡t|_t||j ƒ|j_||_|jr4|j  ¡}| ||jjk¡t|_t||jƒ} | | |jjk¡| |j_||_|jrJt||jƒ|_|j ||¡}| |dk¡q$W|S)Nr)rZsk_DIST_POINT_new_nullr rZsk_DIST_POINT_freeZDIST_POINT_newrrZreasonsrQrPÚ_CRLREASONFLAGSZ full_nameZDIST_POINT_NAME_newrrcrSr)ÚfullnameZ distpointZ relative_namer r1Ú relativenameZ crl_issuerZ CRLissuerZsk_DIST_POINT_push) rZcdpsZcdpZpointZdpZbitmaskr:rZdpnrmrrrÚ_encode_cdps_freshest_crlès@       rncCsV|j ¡}| ||jjk¡|j ||jj¡}t||jƒ}||_ t||j ƒ}||_ |S)N) rZNAME_CONSTRAINTS_newrr rrZNAME_CONSTRAINTS_freeÚ_encode_general_subtreeZpermitted_subtreesZpermittedSubtreesZexcluded_subtreesZexcludedSubtrees)rZname_constraintsZncZ permittedZexcludedrrrÚ_encode_name_constraintss   rpcCsb|j ¡}| ||jjk¡|j ||jj¡}|jdk rFt||jƒ|_ |j dk r^t||j ƒ|_ |S)N) rZPOLICY_CONSTRAINTS_newrr rrZPOLICY_CONSTRAINTS_freeZrequire_explicit_policyrZrequireExplicitPolicyZinhibit_policy_mappingZinhibitPolicyMapping)rZpolicy_constraintsZpcrrrÚ_encode_policy_constraints"s     rqcCs`|dkr|jjS|j ¡}x<|D]4}|j ¡}t||ƒ|_|j ||¡}|dks t‚q W|SdS)Nr) r rrZsk_GENERAL_SUBTREE_new_nullZGENERAL_SUBTREE_newrXÚbaseZsk_GENERAL_SUBTREE_pushrD)rZsubtreesZgeneral_subtreesr)Zgsrrrrro3s    ro)SZ __future__rrrr<rdrBZ cryptographyrrZ0cryptography.hazmat.backends.openssl.decode_asn1rrr Zcryptography.x509.namer Zcryptography.x509.oidr r rrrr$r%r&r-r/r1r(r9r;r>rFrEr@r4rIrRrUrWr\rSr_r`rXrjZ ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserkrnrprqroZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZISSUER_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZCERTIFICATE_POLICIESZAUTHORITY_INFORMATION_ACCESSZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZINHIBIT_ANY_POLICYZ OCSP_NO_CHECKZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_ENCODE_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZ_CRL_EXTENSION_ENCODE_HANDLERSZCERTIFICATE_ISSUERZ CRL_REASONZINVALIDITY_DATEZ$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSrrrrÚsŽ     2   a  *