U q`9@sdddlZddlZddlZddlmZddlmZddlmZm Z ddl m Z m Z m Z mZeeeeedZGdddeZGd d d eZd d eDZejejejejejfZd dZGdddeZdd eDZGdddeZGdddejdZGdddejdZ GdddeZ!GdddeZ"e#edddZ$e#e dd d!Z%dS)"N)Enum)x509)hashes serialization)_EARLIEST_UTC_TIME_PRIVATE_KEY_TYPES_convert_to_naive_utc_time_reject_duplicate_extension)z 1.3.14.3.2.26z2.16.840.1.101.3.4.2.4z2.16.840.1.101.3.4.2.1z2.16.840.1.101.3.4.2.2z2.16.840.1.101.3.4.2.3c@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErr=/tmp/pip-target-nv4zd3e_/lib/python/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrr#s rcCsi|] }|j|qSrvalue.0xrrr ,sr cCst|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError) algorithmrrr_verify_algorithm6s r%c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r r ZGOODREVOKEDUNKNOWNrrrrr&=sr&cCsi|] }|j|qSrrrrrrr Csc@seZdZddZdS)_SingleResponsec Cst|tjrt|tjs tdt|t|tjsr@r HashAlgorithmrBintrDabstractmethodrEncodingrHr ExtensionsrIrrrrr9sr9) metaclassc@seZdZejedddZejejdddZ eje j e j dddZejeddd Zejedd d Zeje jejdd d Zeje j edddZeje j ejdddZejejdddZejedddZeje j ejdddZeje j ejdddZejejdddZeje j ejdddZ ejedddZ!ejedd d!Z"eje j dd"d#Z#eje$dd$d%Z%ejej&dd&d'Z'ejej&dd(d)Z(ej)e*j+ed*d+d,Z,d-S). OCSPResponser:cCsdS)zm The status of the response. This is a value from the OCSPResponseStatus enumeration Nrr=rrrresponse_statusszOCSPResponse.response_statuscCsdS)zA The ObjectIdentifier of the signature algorithm Nrr=rrrsignature_algorithm_oidsz$OCSPResponse.signature_algorithm_oidcCsdS)zX Returns a HashAlgorithm corresponding to the type of the digest signed Nrr=rrrsignature_hash_algorithmsz%OCSPResponse.signature_hash_algorithmcCsdS)z% The signature bytes Nrr=rrr signatureszOCSPResponse.signaturecCsdS)z+ The tbsResponseData bytes Nrr=rrrtbs_response_bytesszOCSPResponse.tbs_response_bytescCsdS)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrr=rrr certificatesszOCSPResponse.certificatescCsdS)z2 The responder's key hash or None Nrr=rrrresponder_key_hashszOCSPResponse.responder_key_hashcCsdS)z. The responder's Name or None Nrr=rrrresponder_nameszOCSPResponse.responder_namecCsdS)z4 The time the response was produced Nrr=rrr produced_atszOCSPResponse.produced_atcCsdS)zY The status of the certificate (an element from the OCSPCertStatus enum) Nrr=rrrcertificate_statusszOCSPResponse.certificate_statuscCsdS)z^ The date of when the certificate was revoked or None if not revoked. Nrr=rrrr6szOCSPResponse.revocation_timecCsdS)zi The reason the certificate was revoked or None if not specified or not revoked. Nrr=rrrr7szOCSPResponse.revocation_reasoncCsdS)z The most recent time at which the status being indicated is known by the responder to have been correct Nrr=rrrr4szOCSPResponse.this_updatecCsdS)zC The time when newer information will be available Nrr=rrrr5 szOCSPResponse.next_updatecCsdSr<rr=rrrr>szOCSPResponse.issuer_key_hashcCsdSr?rr=rrrr@szOCSPResponse.issuer_name_hashcCsdSrArr=rrrrBszOCSPResponse.hash_algorithmcCsdSrCrr=rrrrD!szOCSPResponse.serial_numbercCsdS)zR The list of response extensions. Not single response extensions. Nrr=rrrrI'szOCSPResponse.extensionscCsdS)zR The list of single response extensions. Not response extensions. Nrr=rrrsingle_extensions-szOCSPResponse.single_extensionsrEcCsdS)z0 Serializes the response to DER NrrGrrrrH3szOCSPResponse.public_bytesN)-r r r rJrKrrTrZObjectIdentifierrUtypingOptionalrrMrVrLrWrXListr+rYrZNamer[r-r\r&r]r6r/r7r4r5r>r@rBrNrDrQrIr^rOrrPrHrrrrrSsV rSc@sVeZdZdgfddZejejejddddZej e dddd Z e d d d Z dS) OCSPRequestBuilderNcCs||_||_dSN)_request _extensions)r0requestrIrrrr8;szOCSPRequestBuilder.__init__)r1r2r$r;cCsL|jdk rtdt|t|tjr2t|tjs:tdt|||f|jS)Nz.Only one certificate can be added to a requestr*) rer#r%r!rr+r,rcrf)r0r1r2r$rrradd_certificate?s z"OCSPRequestBuilder.add_certificateextvalcriticalr;cCsDt|tjstdt|j||}t||jt|j |j|gSNz"extension must be an ExtensionType) r!r ExtensionTyper, Extensionoidr rfrcrer0rjrk extensionrrr add_extensionPs   z OCSPRequestBuilder.add_extensionr:cCs(ddlm}|jdkrtd||S)Nrbackendz*You must add a certificate before building),cryptography.hazmat.backends.openssl.backendrtrer#Zcreate_ocsp_request)r0rtrrrbuild]s  zOCSPRequestBuilder.build)r r r r8rr+rrMrhrmboolrrr9rvrrrrrc:s  rcc @seZdZdddgfddZejejejee j e j e j e j e j e j ej dd ddZ eejdddd Ze jejdd d d Zejedd ddZee j ejedddZeeedddZdS)OCSPResponseBuilderNcCs||_||_||_||_dSrd) _response _responder_id_certsrf)r0response responder_idcertsrIrrrr8gszOCSPResponseBuilder.__init__) r1r2r$r3r4r5r6r7r;c Cs<|jdk rtdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)ryr#r)rxrzr{rf) r0r1r2r$r3r4r5r6r7Z singleresprrr add_responseos$  z OCSPResponseBuilder.add_response)rFresponder_certr;cCsP|jdk rtdt|tjs&tdt|ts8tdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rzr#r!rr+r,r rxryr{rf)r0rFrrrrr}s   z OCSPResponseBuilder.responder_id)r~r;cCs\|jdk rtdt|}t|dkr.tdtdd|DsHtdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tjVqdSrd)r!rr+rrrr sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) r{r#listlenallr,rxryrzrf)r0r~rrrrYs  z OCSPResponseBuilder.certificatesricCsLt|tjstdt|j||}t||jt|j |j |j |j|gSrl) r!rrmr,rnror rfrxryrzr{rprrrrrs   z!OCSPResponseBuilder.add_extension) private_keyr$r;cCsBddlm}|jdkrtd|jdkr0td|tj|||S)Nrrsz&You must add a response before signingz*You must add a responder_id before signing)rurtryr#rzcreate_ocsp_responserr)r0rr$rtrrrsigns   zOCSPResponseBuilder.sign)rTr;cCs@ddlm}t|tstd|tjkr0td||dddS)Nrrsz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rurtr!rr,rr#r)clsrTrtrrrbuild_unsuccessfuls   z&OCSPResponseBuilder.build_unsuccessful)r r r r8rr+rrMr&r-r_r`r/rr r}IterablerYrmrwrrrrSr classmethodrrrrrrrxfsD           rx)datar;cCsddlm}||SNrrs)rurtload_der_ocsp_requestrrtrrrrs rcCsddlm}||Sr)rurtload_der_ocsp_responserrrrrs r)&rJr-r_enumrZ cryptographyrZcryptography.hazmat.primitivesrrZcryptography.x509.baserrrr SHA1SHA224SHA256SHA384SHA512Z _OIDS_TO_HASHr rZ_RESPONSE_STATUS_TO_ENUMr"r%r&Z_CERT_STATUS_TO_ENUMobjectr)ABCMetar9rSrcrxrLrrrrrrs@      F& ,|