B \`I@s:ddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z ddl m Z mZmZmZmZmZmZmZmZmZddlmZddlmZmZddlmZmZmZe e j!Gd d d e"Z#e e j$Gd d d e"Z%e e j&Gd dde"Z'e e j(Gddde"Z)e e j*j+Gddde"Z,dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm) _CERTIFICATE_EXTENSION_PARSER$_CERTIFICATE_EXTENSION_PARSER_NO_SCT_CRL_EXTENSION_PARSER_CSR_EXTENSION_PARSER%_REVOKED_CERTIFICATE_EXTENSION_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc)hashes serialization)dsaecrsac@seZdZddZddZddZddZd d Zd d Ze d dZ e ddZ e ddZ ddZ e ddZe ddZe ddZe ddZe ddZe dd Zejd!d"Ze d#d$Ze d%d&Zd'd(Zd)S)* _CertificatecCs||_||_dS)N)_backend_x509)selfbackendrr\/opt/alt/python37/lib64/python3.7/site-packages/cryptography/hazmat/backends/openssl/x509.py__init__sz_Certificate.__init__cCs d|jS)Nz)formatsubject)rrrr__repr__ sz_Certificate.__repr__cCs,t|tjstS|jj|j|j}|dkS)Nr) isinstancer CertificateNotImplementedr_libZX509_cmpr)rotherresrrr__eq__#s z_Certificate.__eq__cCs ||k S)Nr)rr'rrr__ne__*sz_Certificate.__ne__cCst|tjjS)N)hash public_bytesrEncodingDER)rrrr__hash__-sz_Certificate.__hash__cCs*t||j}||tjj|S)N) rHashrupdater,rr-r.finalize)r algorithmhrrr fingerprint0sz_Certificate.fingerprintcCsF|jj|j}|dkr tjjS|dkr0tjjStd ||dS)Nrz{0} is not a valid X509 version) rr&ZX509_get_versionrrVersionv1Zv3ZInvalidVersionr )rversionrrrr95sz_Certificate.versioncCstjdtjdd|jS)Nzz4_Certificate.tbs_certificate_bytes..) rr@rSr&Zi2d_re_X509_tbsrr?rEbuffer)rppr(r)rrtbs_certificate_bytess z"_Certificate.tbs_certificate_bytescCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |S)Nz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr-PEMr&ZPEM_write_bio_X509rr.Z i2d_X509_bio TypeErrorr? _read_mem_bio)rencodingbior(rrrr,s   z_Certificate.public_bytesN)__name__ __module__ __qualname__rr"r)r*r/r5propertyr9r>r=rIrKrLrMr!rRrNrcached_propertyrXrZrar,rrrrrs(       rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecCs||_||_||_dS)N)rZ_crl _x509_revoked)rrZcrlZ x509_revokedrrrrsz_RevokedCertificate.__init__cCs2|jj|j}|j||jjjkt|j|S)N)rr&ZX509_REVOKED_get0_serialNumberror?r@rAr )rrBrrrr=sz!_RevokedCertificate.serial_numbercCst|j|jj|jS)N)rrr&Z X509_REVOKED_get0_revocationDatero)rrrrrevocation_datesz#_RevokedCertificate.revocation_datecCst|j|jS)N)r rWrro)rrrrrXsz_RevokedCertificate.extensionsN) rirjrkrrlr=rprrmrXrrrrrns  rnc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ eddZ eddZ eddZeddZddZddZddZdd Zd!d"Zejd#d$Zd%d&Zd'S)(_CertificateRevocationListcCs||_||_dS)N)r _x509_crl)rrZx509_crlrrrrsz#_CertificateRevocationList.__init__cCs,t|tjstS|jj|j|j}|dkS)Nr)r#rCertificateRevocationListr%rr&Z X509_CRL_cmprr)rr'r(rrrr)s z!_CertificateRevocationList.__eq__cCs ||k S)Nr)rr'rrrr*sz!_CertificateRevocationList.__ne__cCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nrb) rr0rrcr&i2d_X509_CRL_biorrr?rfr1r2)rr3r4rhr(Zderrrrr5s    z&_CertificateRevocationList.fingerprintcCsl|jjd}t|j|}|jj|j||}|dkr:dS|j|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rr@rSrr&ZX509_CRL_get0_by_serialrrr?rArn)rr=revokedrBr(rrr(get_revoked_certificate_by_serial_numbers  zC_CertificateRevocationList.get_revoked_certificate_by_serial_numbercCs8|j}y tj|Stk r2td|YnXdS)Nz*Signature algorithm OID:{0} not recognized)rNrrOrPrr )rrQrrrrRs  z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |S)Nz X509_ALGOR **r) rr@rSr&X509_CRL_get0_signaturerrrAr?rr3rrU)rrVrQrrrrN s z2_CertificateRevocationList.signature_algorithm_oidcCs2|jj|j}|j||jjjkt|j|S)N)rr&ZX509_CRL_get_issuerrrr?r@rAr)rrMrrrrMsz!_CertificateRevocationList.issuercCs2|jj|j}|j||jjjkt|j|S)N)rr&ZX509_CRL_get_nextUpdaterrr?r@rAr)rZnurrr next_updatesz&_CertificateRevocationList.next_updatecCs2|jj|j}|j||jjjkt|j|S)N)rr&ZX509_CRL_get_lastUpdaterrr?r@rAr)rZlurrr last_update!sz&_CertificateRevocationList.last_updatecCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr@rSr&rwrrrAr?r)rrYrrrrZ's z$_CertificateRevocationList.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nzunsigned char **rcsjj|dS)Nr)rr&r[)r\)rrrr]6r^z?_CertificateRevocationList.tbs_certlist_bytes..) rr@rSr&Zi2d_re_X509_CRL_tbsrrr?rEr_)rr`r(r)rrtbs_certlist_bytes0s z-_CertificateRevocationList.tbs_certlist_bytescCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |S)Nz/encoding must be an item from the Encoding enumrb) rrcrr-rdr&ZPEM_write_bio_X509_CRLrrr.rtrer?rf)rrgrhr(rrrr,:s    z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||S)N) rr&X509_CRL_get_REVOKEDrrZsk_X509_REVOKED_valuer?r@rArn)ridxrurrrr _revoked_certHsz(_CertificateRevocationList._revoked_certccs&x tt|D]}||VqWdS)N)rangelenr~)rirrr__iter__Nsz#_CertificateRevocationList.__iter__cst|tr8|t\}}}fddt|||DSt|}|dkrV|t7}d|krntkstnt|SdS)Ncsg|]}|qSr)r~).0r)rrr Usz:_CertificateRevocationList.__getitem__..r) r#sliceindicesrroperatorindex IndexErrorr~)rr|startstopstepr)rr __getitem__Rs   z&_CertificateRevocationList.__getitem__cCs4|jj|j}||jjjkr"dS|jj|SdS)Nr)rr&r{rrr@rAZsk_X509_REVOKED_num)rrurrr__len__^sz"_CertificateRevocationList.__len__cCst|j|jS)N)r rWrrr)rrrrrXesz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj |j |j }|dkrH|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rbFT)r#rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrerr&ZX509_CRL_verifyrrZ _evp_pkeyrC)rrIr(rrris_signature_validis    z-_CertificateRevocationList.is_signature_validN)rirjrkrr)r*r5rvrlrRrNrMrxryrZrzr,r~rrrrrmrXrrrrrrqs&      rqc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZdS)_CertificateSigningRequestcCs||_||_dS)N)r _x509_req)rrZx509_reqrrrr{sz#_CertificateSigningRequest.__init__cCs2t|tstS|tjj}|tjj}||kS)N)r#rr%r,rr-r.)rr'Z self_bytesZ other_bytesrrrr)s  z!_CertificateSigningRequest.__eq__cCs ||k S)Nr)rr'rrrr*sz!_CertificateSigningRequest.__ne__cCst|tjjS)N)r+r,rr-r.)rrrrr/sz#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |S)N) rr&X509_REQ_get_pubkeyrr?r@rArErFrG)rrHrrrrIsz%_CertificateSigningRequest.public_keycCs2|jj|j}|j||jjjkt|j|S)N)rr&ZX509_REQ_get_subject_namerr?r@rAr)rr!rrrr!sz"_CertificateSigningRequest.subjectcCs8|j}y tj|Stk r2td|YnXdS)Nz*Signature algorithm OID:{0} not recognized)rNrrOrPrr )rrQrrrrRs  z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |S)Nz X509_ALGOR **r) rr@rSr&X509_REQ_get0_signaturerrAr?rr3rrU)rrVrQrrrrNs z2_CertificateSigningRequest.signature_algorithm_oidcCs|jj|j}t|j|S)N)rr&ZX509_REQ_get_extensionsrr rW)rZ x509_extsrrrrXsz%_CertificateSigningRequest.extensionscCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |S)Nz/encoding must be an item from the Encoding enumrb) rrcrr-rdr&ZPEM_write_bio_X509_REQrr.Zi2d_X509_REQ_biorer?rf)rrgrhr(rrrr,s    z'_CertificateSigningRequest.public_bytescsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nzunsigned char **rcsjj|dS)Nr)rr&r[)r\)rrrr]r^zB_CertificateSigningRequest.tbs_certrequest_bytes..) rr@rSr&Zi2d_re_X509_REQ_tbsrr?rEr_)rr`r(r)rrtbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr@rSr&rrrAr?r)rrYrrrrZs z$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkrd|j dSdS)NrbFT) rr&rrr?r@rArErFZX509_REQ_verifyrC)rrHr(rrrrs z-_CertificateSigningRequest.is_signature_validN)rirjrkrr)r*r/rIrlr!rRrNrrmrXr,rrZrrrrrrys   rc@sDeZdZddZeddZeddZeddZed d Zd S) _SignedCertificateTimestampcCs||_||_||_dS)N)rZ _sct_list_sct)rrZsct_listZsctrrrrsz$_SignedCertificateTimestamp.__init__cCs|jj|j}tjjjS)N)rr&ZSCT_get_versionrrcertificate_transparencyr7r8)rr9rrrr9sz#_SignedCertificateTimestamp.versioncCs<|jjd}|jj|j|}|jj|d|ddS)Nzunsigned char **r)rr@rSr&ZSCT_get0_log_idrr_)routZ log_id_lengthrrrlog_idsz"_SignedCertificateTimestamp.log_idcCs4|jj|j}|d}tj|dj|ddS)Ni)Z microsecond)rr&ZSCT_get_timestamprdatetimeZutcfromtimestampreplace)r timestampZ millisecondsrrrrs  z%_SignedCertificateTimestamp.timestampcCs|jj|j}tjjjS)N)rr&ZSCT_get_log_entry_typerrrZ LogEntryTypeZPRE_CERTIFICATE)r entry_typerrrrsz&_SignedCertificateTimestamp.entry_typeN) rirjrkrrlr9rrrrrrrrs    r)-Z __future__rrrrrr;Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrrrZ0cryptography.hazmat.backends.openssl.encode_asn1rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZregister_interfacer$objectrZRevokedCertificaternrsrqZCertificateSigningRequestrrZSignedCertificateTimestamprrrrrs, 0 %#g