U q`Q!@s ddlZddlmZddlmZddlmZddlmZm Z GdddeZ dd e DZ e Z eje jeje jeje jeje jeje jeje jiZejd ejd ejd ejd ejdejdejdejdejdi ZddZGddde Z Gddde Z!Gddde Z"dS)N)Enum)utils) _get_backend)NameOIDObjectIdentifierc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) _ASN1Type N) __name__ __module__ __qualname__ UTF8StringZ NumericStringPrintableStringZ T61String IA5StringZUTCTimeZGeneralizedTimeZ VisibleStringZUniversalStringZ BMPStringrr=/tmp/pip-target-nv4zd3e_/lib/python/cryptography/x509/name.pyr srcCsi|] }|j|qSr)value.0irrr srZCNLZSTOZOUCZSTREETZDCUIDcCs|sdS|dd}|dd}|dd}|dd }|d d }|d d }|dd}|dd}|ddkr|d|}|ddkr|ddd}|S)z>Escape special characters in RFC4514 Distinguished Name value.\z\\"z\"+z\+,z\,;z\;z\>z\00r)# r-Nz\ )replace)valrrr_escape_dn_value4s          r1c@s~eZdZefeedddZedZ edZ edddZ e e d d d Ze e d d d ZedddZedddZdS) NameAttribute)oidrcCst|tstdt|ts$td|tjks8|tjkrRt|ddkrRt d|t krht |t j}t|t sztd||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z#value argument must be a text type.utf8z/Country name must be a 2 character country codez%_type must be from the _ASN1Type enum) isinstancer TypeErrorstrr COUNTRY_NAMEJURISDICTION_COUNTRY_NAMElenencode ValueError _SENTINEL_NAMEOID_DEFAULT_TYPEgetrr_oid_value_type)selfr3rrCrrr__init__Ms*    zNameAttribute.__init__rArBreturncCs$t|j|jj}d|t|jfS)z Format as RFC4514 Distinguished Name string. Use short attribute name if available, otherwise fall back to OID dotted string. z%s=%s)_NAMEOID_TO_NAMEr@r3Z dotted_stringr1r)rDkeyrrrrfc4514_stringrszNameAttribute.rfc4514_stringotherrGcCs&t|tstS|j|jko$|j|jkSN)r6r2NotImplementedr3rrDrLrrr__eq__|s zNameAttribute.__eq__cCs ||k SrMrrOrrr__ne__szNameAttribute.__ne__cCst|j|jfSrM)hashr3rrDrrr__hash__szNameAttribute.__hash__cCs d|S)Nz/)formatrSrrr__repr__szNameAttribute.__repr__N)rrrr>rr8rErZread_only_propertyr3rrJobjectboolrPrQintrTrVrrrrr2Ls"   r2c@seZdZejedddZejedddZe dddZ e e d d d Z e e d d d ZedddZejedddZedddZe dddZdS)RelativeDistinguishedName) attributescCs\t|}|stdtdd|Ds.td||_t||_t|jt|krXtddS)Nz-a relative distinguished name cannot be emptycss|]}t|tVqdSrMr6r2rxrrr sz5RelativeDistinguishedName.__init__..z/attributes must be an iterable of NameAttributez$duplicate attributes are not allowed)listr=allr7 _attributes frozenset_attribute_setr;rDr[rrrrEs z"RelativeDistinguishedName.__init__rFcsfdd|DS)Ncsg|]}|jkr|qSrr3rrfrr s zDRelativeDistinguishedName.get_attributes_for_oid..rrDr3rrfrget_attributes_for_oidsz0RelativeDistinguishedName.get_attributes_for_oidcCsddd|jDS)z Format as RFC4514 Distinguished Name string. Within each RDN, attributes are joined by '+', although that is rarely used in certificates. r&css|]}|VqdSrMrJrattrrrrr_sz;RelativeDistinguishedName.rfc4514_string..)joinrbrSrrrrJsz(RelativeDistinguishedName.rfc4514_stringrKcCst|tstS|j|jkSrM)r6rZrNrdrOrrrrPs z RelativeDistinguishedName.__eq__cCs ||k SrMrrOrrrrQsz RelativeDistinguishedName.__ne__cCs t|jSrM)rRrdrSrrrrTsz"RelativeDistinguishedName.__hash__cCs t|jSrM)iterrbrSrrr__iter__sz"RelativeDistinguishedName.__iter__cCs t|jSrM)r;rbrSrrr__len__sz!RelativeDistinguishedName.__len__cCsd|S)Nz)rUrJrSrrrrVsz"RelativeDistinguishedName.__repr__N)rrrtypingIterabler2rEListrir8rJrWrXrPrQrYrTIteratorrorprVrrrrrZs rZc@seZdZddZedddZejedddZ e ej e ddd Z dedd d Zeed ddZeed ddZedddZejedddZedddZedddZd S)NamecCsRt|}tdd|Dr,dd|D|_n"tdd|DrF||_ntddS)Ncss|]}t|tVqdSrMr\r]rrrr_sz Name.__init__..cSsg|]}t|gqSr)rZr]rrrrgsz!Name.__init__..css|]}t|tVqdSrM)r6rZr]rrrr_szNattributes must be a list of NameAttribute or a list RelativeDistinguishedName)r`rarbr7rerrrrEs z Name.__init__rFcCsdddt|jDS)a Format as RFC4514 Distinguished Name string. For example 'CN=foobar.com,O=Foo Corp,C=US' An X.509 name is a two-level structure: a list of sets of attributes. Each list element is separated by ',' and within each list element, set elements are separated by '+'. The latter is almost never used in real world certificates. According to RFC4514 section 2.1 the RDNSequence must be reversed when converting to string representation. r'css|]}|VqdSrMrjrkrrrr_sz&Name.rfc4514_string..)rmreversedrbrSrrrrJs zName.rfc4514_stringcsfdd|DS)Ncsg|]}|jkr|qSrrfrrfrrrgs z/Name.get_attributes_for_oid..rrhrrfrriszName.get_attributes_for_oidcCs|jSrMrbrSrrrrdnssz Name.rdnsNcCst|}||SrM)rZx509_name_bytes)rDbackendrrr public_bytesszName.public_bytesrKcCst|tstS|j|jkSrM)r6rurNrbrOrrrrPs z Name.__eq__cCs ||k SrMrrOrrrrQsz Name.__ne__cCstt|jSrM)rRtuplerbrSrrrrTsz Name.__hash__ccs |jD]}|D] }|VqqdSrMrw)rDrdnZavarrrros z Name.__iter__cCstdd|jDS)Ncss|]}t|VqdSrM)r;)rr|rrrr_szName.__len__..)sumrbrSrrrrpsz Name.__len__cCs ddd|jD}d|S)Nr'css|]}|VqdSrMrjrkrrrr_sz Name.__repr__..z )rmrbrU)rDrxrrrrVsz Name.__repr__)N)rrrrEr8rJrqrsr2ripropertyrrrZrxbytesrzrWrXrPrQrYrTrtrorprVrrrrrusru)#rqenumrZ cryptographyrZcryptography.hazmat.backendsrZcryptography.x509.oidrrrZ_ASN1_TYPE_TO_ENUMrWr>r9rr:Z SERIAL_NUMBERZ DN_QUALIFIERZ EMAIL_ADDRESSrZDOMAIN_COMPONENTr?Z COMMON_NAMEZ LOCALITY_NAMEZSTATE_OR_PROVINCE_NAMEZORGANIZATION_NAMEZORGANIZATIONAL_UNIT_NAMEZSTREET_ADDRESSZUSER_IDrHr1r2rZrurrrrsV      @1