U q`9@sddlZddlZddlmZmZddlmZddlmZm Z m Z m Z m Z m Z ddlmZddlmZmZddlmZmZmZmZmZmZmZdd Zd d Zd d ZddZGdddeZGdddeZ dS)N)utilsx509)UnsupportedAlgorithm)_CRL_ENTRY_REASON_CODE_TO_ENUM_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate)hashes serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcCs^|jd}|j|jj|jj||jj|}||dk||d|jjkt||dSNASN1_OCTET_STRING **r_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr)backendcert_idZkey_hashresr"P/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/backends/openssl/ocsp.py_issuer_key_hashs r$cCs^|jd}|j||jj|jj|jj|}||dk||d|jjkt||dSrr)rr Z name_hashr!r"r"r#_issuer_name_hash-s r%cCs^|jd}|j|jj|jj|jj||}||dk||d|jjkt||dS)NzASN1_INTEGER **rr)rrrrrrr)rr numr!r"r"r#_serial_number;s r'cCs|jd}|j|jj||jj|jj|}||dk||d|jjkt||d}z t|WStk rt d |YnXdS)NzASN1_OBJECT **rrz*Signature algorithm OID: {} not recognized) rrrrrrr rKeyErrorrformat)rr Zasn1objr!oidr"r"r#_hash_algorithmEs"  r+c@seZdZddZedZddddZee j ddd Z ee j ejdd d Zeedd d ZeedddZee je jdddZee j edddZee j e jdddZddZeejdddZeedddZee j ejdddZee j e j dddZ!eejdd d!Z"ee j ejdd"d#Z#eedd$d%Z$eedd&d'Z%eejdd(d)Z&ee'dd*d+Z(ej)e j*dd,d-Z+ej)e j*dd.d/Z,e-j.ed0d1d2Z/dS)3 _OCSPResponsecCs||_||_|jj|j}|j|tkt||_|jtjkr|jj |j}|j||jj j k|jj ||jjj |_|jj|j}|dkrtd||jj|jd|_|j|j|jj j k|jj|j|_|j|j|jj j kdS)NrzhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)_backend_ocsp_responserZOCSP_response_statusrr_statusr SUCCESSFULZOCSP_response_get1_basicrrgcZOCSP_BASICRESP_free_basicZOCSP_resp_count ValueErrorr)ZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)selfrZ ocsp_responsestatusbasicZnum_respr"r"r#__init__Zs>  z_OCSPResponse.__init__r/NreturncCs|jtjkrtddS)NzCOCSP response status is not successful so the property has no value)response_statusrr0r3r6r"r"r#_requires_successful_response|s z+_OCSPResponse._requires_successful_responsecCsF||jj|j}|j||jjjkt|j|j }t |SN) r>r-rZOCSP_resp_get0_tbs_sigalgr2rrrr algorithmrObjectIdentifier)r6algr*r"r"r#signature_algorithm_oids z%_OCSPResponse.signature_algorithm_oidcCsB||j}z tj|WStk r<td|YnXdS)Nz)Signature algorithm OID:{} not recognized)r>rCrZ_SIG_OIDS_TO_HASHr(rr))r6r*r"r"r#signature_hash_algorithms z&_OCSPResponse.signature_hash_algorithmcCs:||jj|j}|j||jjjkt|j|Sr?) r>r-rZOCSP_resp_get0_signaturer2rrrr)r6sigr"r"r# signaturesz_OCSPResponse.signaturecsjjj}j|jjjkjjd}jj ||}j|djjjkjj |fdd}j|dkjj |d|ddS)Nzunsigned char **rcsjj|dS)Nr)r-rZ OPENSSL_free)pointerr=r"r#z2_OCSPResponse.tbs_response_bytes..) r>r-rZOCSP_resp_get0_respdatar2rrrrZi2d_OCSP_RESPDATAr1buffer)r6Zrespdatappr!r"r=r#tbs_response_bytess z _OCSPResponse.tbs_response_bytescCs~||jj|j}|jj|}g}t|D]F}|jj||}|j||jj j kt |j|}||_ | |q2|Sr?)r>r-rZOCSP_resp_get0_certsr2Z sk_X509_numrangeZ sk_X509_valuerrrr Z_ocsp_resp_refappend)r6Zsk_x509r&certsiZx509_ptrcertr"r"r# certificatess   z_OCSPResponse.certificatescCs6||\}}||jjjkr&dSt|j|SdSr?)r>_responder_key_namer-rrr)r6_ asn1_stringr"r"r#responder_key_hashs  z _OCSPResponse.responder_key_hashcCs6||\}}||jjjkr&dSt|j|SdSr?)r>rSr-rrr)r6 x509_namerTr"r"r#responder_names  z_OCSPResponse.responder_namecCsP|jjd}|jjd}|jj|j||}|j|dk|d|dfS)Nrz X509_NAME **rr)r-rrrZOCSP_resp_get0_idr2r)r6rUrWr!r"r"r#rSsz!_OCSPResponse._responder_key_namecCs$||jj|j}t|j|Sr?)r>r-rZOCSP_resp_get0_produced_atr2r )r6 produced_atr"r"r#rYs z_OCSPResponse.produced_atcCsP||jj|j|jjj|jjj|jjj|jjj}|j|tkt|Sr?) r>r-rOCSP_single_get0_statusr4rrrr)r6r7r"r"r#certificate_statussz _OCSPResponse.certificate_statuscCsz||jtjk rdS|jjd}|jj|j |jjj ||jjj |jjj |j |d|jjj kt |j|dSNzASN1_GENERALIZEDTIME **r) r>r[rREVOKEDr-rrrrZr4rrr r6Z asn1_timer"r"r#revocation_times z_OCSPResponse.revocation_timecCs||jtjk rdS|jjd}|jj|j ||jjj |jjj |jjj |ddkr`dS|j |dt kt |dSdS)Nzint *r) r>r[rr]r-rrrrZr4rrr)r6Z reason_ptrr"r"r#revocation_reasons"   z_OCSPResponse.revocation_reasoncCsj||jjd}|jj|j|jjj|jjj||jjj|j|d|jjjkt |j|dSr\) r>r-rrrrZr4rrr r^r"r"r# this_updatesz_OCSPResponse.this_updatecCsj||jjd}|jj|j|jjj|jjj|jjj||d|jjjkrbt|j|dSdSdSr\) r>r-rrrrZr4rr r^r"r"r# next_update%sz_OCSPResponse.next_updatecCs|t|j|jSr?)r>r$r-r5r=r"r"r#issuer_key_hash5sz_OCSPResponse.issuer_key_hashcCs|t|j|jSr?)r>r%r-r5r=r"r"r#issuer_name_hash:sz_OCSPResponse.issuer_name_hashcCs|t|j|jSr?)r>r+r-r5r=r"r"r#hash_algorithm?sz_OCSPResponse.hash_algorithmcCs|t|j|jSr?)r>r'r-r5r=r"r"r# serial_numberDsz_OCSPResponse.serial_numbercCs||jj|jSr?)r>r-Z_ocsp_basicresp_ext_parserparser2r=r"r"r# extensionsIsz_OCSPResponse.extensionscCs||jj|jSr?)r>r-Z_ocsp_singleresp_ext_parserrhr4r=r"r"r#single_extensionsNsz_OCSPResponse.single_extensionsencodingr;cCsL|tjjk rtd|j}|jj||j}|j |dk|j |SNz/The only allowed encoding value is Encoding.DERr) r EncodingDERr3r-_create_mem_bio_gcrZi2d_OCSP_RESPONSE_bior.r _read_mem_bior6rlZbior!r"r"r# public_bytesSs  z_OCSPResponse.public_bytes)0__name__ __module__ __qualname__r9rZread_only_propertyr<r>propertyrrArCtypingOptionalr HashAlgorithmrDbytesrFrLListZ CertificaterRrVNamerXrSdatetimerYrr[r_Z ReasonFlagsrarbrcrdrerfintrgcached_property Extensionsrirjr rnrsr"r"r"r#r,YsX       r,c@seZdZddZeedddZeedddZeeddd Z ee j dd d Z e jejdd d ZejedddZdS) _OCSPRequestcCs~|j|dkrtd||_||_|jj|jd|_|j|j|jjj k|jj |j|_ |j|j |jjj kdS)Nrz+OCSP request contains more than one requestr) rZOCSP_request_onereq_countNotImplementedErrorr- _ocsp_requestZOCSP_request_onereq_get0_requestrrrZOCSP_onereq_get0_idr5)r6rZ ocsp_requestr"r"r#r9`sz_OCSPRequest.__init__r:cCst|j|jSr?)r$r-r5r=r"r"r#rdnsz_OCSPRequest.issuer_key_hashcCst|j|jSr?)r%r-r5r=r"r"r#rersz_OCSPRequest.issuer_name_hashcCst|j|jSr?)r'r-r5r=r"r"r#rgvsz_OCSPRequest.serial_numbercCst|j|jSr?)r+r-r5r=r"r"r#rfzsz_OCSPRequest.hash_algorithmcCs|jj|jSr?)r-Z_ocsp_req_ext_parserrhrr=r"r"r#ri~sz_OCSPRequest.extensionsrkcCsL|tjjk rtd|j}|jj||j}|j |dk|j |Srm) r rnror3r-rprZi2d_OCSP_REQUEST_biorrrqrrr"r"r#rss   z_OCSPRequest.public_bytesN)rtrurvr9rwr{rdrerrgr rzrfrrrrrir rnrsr"r"r"r#r_sr)!r~rxZ cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rrrrr r Z)cryptography.hazmat.backends.openssl.x509r Zcryptography.hazmat.primitivesr r Zcryptography.x509.ocsprrrrrrrr$r%r'r+r,rr"r"r"r#s   $