U q`/Y@sddlZddlZddlZddlmZmZddlmZddlm Z m Z m Z ddl m Z mZmZmZmZddlmZmZddlmZmZddlmZdd lmZGd d d ejZGd d d ejZe ej!Gddde"Z#e ej$Gddde"Z%e ej&j'Gddde"Z(dS)N)utilsx509)UnsupportedAlgorithm)dsaecrsa)_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc _txt2obj_gc)hashes serialization)_PUBLIC_KEY_TYPES) _ASN1Typec@sdeZdZUejed<ddZddZee dddZ ee dd d Z e d d d Z ddZejedddZedZee d ddZed ddZeejd ddZeejd ddZeejd ddZeejd ddZ eej!ejd d d!Z"eej#d d"d#Z$ej%ej&d d$d%Z'eed d&d'Z(eed d(d)Z)e*j+ed*d+d,Z,d-S). _CertificateZ_ocsp_resp_refcCsZ||_||_|jj|j}|dkr0tjj|_n&|dkrDtjj|_nt d ||dS)Nrz{} is not a valid X509 version) _backend_x509_libZX509_get_versionrVersionv1_versionZv3InvalidVersionformat)selfbackendZ x509_certversionr P/tmp/pip-target-nv4zd3e_/lib/python/cryptography/hazmat/backends/openssl/x509.py__init__!s  z_Certificate.__init__cCs d|jS)Nz)rsubjectrr r r!__repr__/sz_Certificate.__repr__otherreturncCs*t|tstS|jj|j|j}|dkSNr) isinstancerNotImplementedrrZX509_cmprrr'resr r r!__eq__2s z_Certificate.__eq__cCs ||k SNr rr'r r r!__ne__9sz_Certificate.__ne__r(cCst|tjjSr/hash public_bytesrEncodingDERr$r r r!__hash__<sz_Certificate.__hash__cCs|Sr/r )rmemor r r! __deepcopy__?sz_Certificate.__deepcopy__ algorithmr(cCs*t||j}||tjj|Sr/) rHashrupdater5rr6r7finalize)rr<hr r r! fingerprintBsz_Certificate.fingerprintrcCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_serialNumberropenssl_assert_ffiNULLrrasn1_intr r r! serial_numberIsz_Certificate.serial_numbercCsR|jj|j}||jjjkr0|jtd|jj||jjj }|j |S)Nz,Certificate public key is of an unknown type) rrZX509_get_pubkeyrrCrD_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_keyrpkeyr r r! public_keyOs  z_Certificate.public_keycCs|jj|j}t|j|Sr/)rrZX509_get0_notBeforerr rZ asn1_timer r r!not_valid_beforeZsz_Certificate.not_valid_beforecCs|jj|j}t|j|Sr/)rrZX509_get0_notAfterrr rPr r r!not_valid_after_sz_Certificate.not_valid_aftercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_issuer_namerrBrCrDr rissuerr r r!rTdsz_Certificate.issuercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_subject_namerrBrCrDr rr#r r r!r#jsz_Certificate.subjectcCs:|j}z tj|WStk r4td|YnXdSNz)Signature algorithm OID:{} not recognizedsignature_algorithm_oidrZ_SIG_OIDS_TO_HASHKeyErrorrrroidr r r!signature_hash_algorithmps z%_Certificate.signature_hash_algorithmcCs^|jjd}|jj|jjj||j|j|d|jjjkt|j|dj }t |SNz X509_ALGOR **r) rrCnewrX509_get0_signaturerDrrBr r<rObjectIdentifierralgr[r r r!rX|sz$_Certificate.signature_algorithm_oidcCs|jj|jSr/)rZ_certificate_extension_parserparserr$r r r! extensionssz_Certificate.extensionscCsR|jjd}|jj||jjj|j|j|d|jjjkt|j|dSNzASN1_BIT_STRING **r) rrCr^rr_rDrrBr rsigr r r! signaturesz_Certificate.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nunsigned char **rcsjj|dSr)rrZ OPENSSL_freepointerr$r r!z4_Certificate.tbs_certificate_bytes..) rrCr^rZi2d_re_X509_tbsrrBrJbufferrppr-r r$r!tbs_certificate_bytess z"_Certificate.tbs_certificate_bytesencodingr(cCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |SNz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr6PEMrZPEM_write_bio_X509rr7Z i2d_X509_bio TypeErrorrB _read_mem_biorrtbior-r r r!r5s   z_Certificate.public_bytesN)-__name__ __module__ __qualname__typingAny__annotations__r"r%objectboolr.r1intr8r:r HashAlgorithmbytesrArZread_only_propertyrpropertyrGrrOdatetimerQrRrNamerTr#Optionalr\r`rXcached_property Extensionsrdrhrrrr6r5r r r r!rs@        rc@sPeZdZddZeedddZeejdddZe j e j ddd Z d S) _RevokedCertificatecCs||_||_||_dSr/)rZ_crl _x509_revoked)rrZcrlZ x509_revokedr r r!r"sz_RevokedCertificate.__init__r2cCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_REVOKED_get0_serialNumberrrBrCrDrrEr r r!rGs z!_RevokedCertificate.serial_numbercCst|j|jj|jSr/)r rrZ X509_REVOKED_get0_revocationDaterr$r r r!revocation_dates z#_RevokedCertificate.revocation_datecCs|jj|jSr/)rZ_revoked_cert_extension_parserrcrr$r r r!rdsz_RevokedCertificate.extensionsN)r}r~rr"rrrGrrrrrrrdr r r r!rs rc@sXeZdZddZeedddZeedddZej e dd d Z e j d d Zeejejd ddZeejej dddZeejdddZeejdddZeejdddZeejdddZee dddZee dddZe j!e dd d!Z"d"d#Z#d$d%Z$d&d'Z%edd(d)Z&e j ej'dd*d+Z(e)ed,d-d.Z*d/S)0_CertificateRevocationListcCs||_||_dSr/)r _x509_crl)rrZx509_crlr r r!r"sz#_CertificateRevocationList.__init__r&cCs*t|tstS|jj|j|j}|dkSr))r*rr+rrZ X509_CRL_cmprr,r r r!r.s z!_CertificateRevocationList.__eq__cCs ||k Sr/r r0r r r!r1sz!_CertificateRevocationList.__ne__r;cCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nrv) rr=rrwri2d_X509_CRL_biorrBrzr>r?)rr<r@r|r-Zderr r r!rAs   z&_CertificateRevocationList.fingerprintcCs@|jj|j}|j||jjjk|jj||jjj}|Sr/) rrZ X509_CRL_duprrBrCrDrJZ X509_CRL_free)rdupr r r! _sorted_crlsz&_CertificateRevocationList._sorted_crl)rGr(cCsl|jjd}t|j|}|jj|j||}|dkr:dS|j|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rrCr^r rZX509_CRL_get0_by_serialrrBrDr)rrGrevokedrFr-r r r!(get_revoked_certificate_by_serial_numbers zC_CertificateRevocationList.get_revoked_certificate_by_serial_numberr2cCs:|j}z tj|WStk r4td|YnXdSrVrWrZr r r!r\s z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr]) rrCr^rX509_CRL_get0_signaturerrDrBr r<rr`rar r r!rXsz2_CertificateRevocationList.signature_algorithm_oidcCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get_issuerrrBrCrDr rSr r r!rTsz!_CertificateRevocationList.issuercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get0_nextUpdaterrBrCrDr )rnur r r! next_updatesz&_CertificateRevocationList.next_updatecCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get0_lastUpdaterrBrCrDr )rZlur r r! last_update$sz&_CertificateRevocationList.last_updatecCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSre) rrCr^rrrrDrBr rfr r r!rh*sz$_CertificateRevocationList.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrircsjj|dSr)rjrkr$r r!rm9rnz?_CertificateRevocationList.tbs_certlist_bytes..) rrCr^rZi2d_re_X509_CRL_tbsrrBrJrorpr r$r!tbs_certlist_bytes3s z-_CertificateRevocationList.tbs_certlist_bytesrscCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |Sru) rrwrr6rxrZPEM_write_bio_X509_CRLrr7rryrBrzr{r r r!r5=s   z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||Sr/) rrX509_CRL_get_REVOKEDrZsk_X509_REVOKED_valuerBrCrDr)ridxrrr r r! _revoked_certKsz(_CertificateRevocationList._revoked_certccs"tt|D]}||Vq dSr/)rangelenr)rir r r!__iter__Qsz#_CertificateRevocationList.__iter__cst|tr8|t\}}}fddt|||DSt|}|dkrV|t7}d|krntkstnt|SdS)Ncsg|]}|qSr )r).0rr$r r! Xsz:_CertificateRevocationList.__getitem__..r) r*sliceindicesrroperatorindex IndexErrorr)rrstartstopstepr r$r! __getitem__Us   z&_CertificateRevocationList.__getitem__cCs4|jj|j}||jjjkr"dS|jj|SdSr))rrrrrCrDZsk_X509_REVOKED_num)rrr r r!__len__asz"_CertificateRevocationList.__len__cCs|jj|jSr/)rZ_crl_extension_parserrcrr$r r r!rdhsz%_CertificateRevocationList.extensions)rOr(cCsLt|tjtjtjfstd|jj |j |j }|dkrH|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rvFT)r*rZ _DSAPublicKeyrZ _RSAPublicKeyrZ_EllipticCurvePublicKeyryrrZX509_CRL_verifyrZ _evp_pkeyrH)rrOr-r r r!is_signature_validls$ z-_CertificateRevocationList.is_signature_validN)+r}r~rr"rrr.r1rrrrArrrrrrrRevokedCertificaterrr\r`rXrrTrrrrhrrr6r5rrrrrrdrrr r r r!rs@        rc@seZdZddZeedddZeedddZedd d Z e dd d Z e e jdd dZe ejejdddZe e jdddZeje jdddZejedddZe edddZe edddZ e edddZ!e jeddd Z"d!S)"_CertificateSigningRequestcCs||_||_dSr/)r _x509_req)rrZx509_reqr r r!r"sz#_CertificateSigningRequest.__init__r&cCs2t|tstS|tjj}|tjj}||kSr/)r*rr+r5rr6r7)rr'Z self_bytesZ other_bytesr r r!r.s  z!_CertificateSigningRequest.__eq__cCs ||k Sr/r r0r r r!r1sz!_CertificateSigningRequest.__ne__r2cCst|tjjSr/r3r$r r r!r8sz#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |Sr/) rrX509_REQ_get_pubkeyrrBrCrDrJrKrLrMr r r!rOsz%_CertificateSigningRequest.public_keycCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_REQ_get_subject_namerrBrCrDr rUr r r!r#sz"_CertificateSigningRequest.subjectcCs:|j}z tj|WStk r4td|YnXdSrVrWrZr r r!r\s z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr]) rrCr^rX509_REQ_get0_signaturerrDrBr r<rr`rar r r!rXsz2_CertificateSigningRequest.signature_algorithm_oidcs6jjj}jj|fdd}jj|S)Ncs"jj|jjjjjdS)NZX509_EXTENSION_free)rrZsk_X509_EXTENSION_pop_freerC addressofZ _original_lib)xr$r r!rms z7_CertificateSigningRequest.extensions..)rrZX509_REQ_get_extensionsrrCrJZ_csr_extension_parserrc)rZ x509_extsr r$r!rds   z%_CertificateSigningRequest.extensionsrscCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |Sru) rrwrr6rxrZPEM_write_bio_X509_REQrr7Zi2d_X509_REQ_bioryrBrzr{r r r!r5s   z'_CertificateSigningRequest.public_bytescsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrircsjj|dSr)rjrkr$r r!rmrnzB_CertificateSigningRequest.tbs_certrequest_bytes..) rrCr^rZi2d_re_X509_REQ_tbsrrBrJrorpr r$r!tbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSre) rrCr^rrrrDrBr rfr r r!rhsz$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkrd|j dSdS)NrvFT) rrrrrBrCrDrJrKZX509_REQ_verifyrH)rrNr-r r r!rs z-_CertificateSigningRequest.is_signature_valid)r[r(cCs t|j|j}|jj|j|d}|dkrs.   % 5