B #aPJ@s dZddlmZmZmZmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZdd lmZm Z m!Z!m"Z"Gd d d eZ#Gd d d eZ$GdddeZ%GdddeZ&GdddeZ'GdddeZ(GdddeZ)GdddeZ*GdddeZ+GdddeZ,GdddeZ-Gd d!d!eZ.Gd"d#d#eZ/Gd$d%d%eZ0Gd&d'd'eZ1Gd(d)d)eZ2Gd*d+d+eZ3Gd,d-d-eZ4Gd.d/d/eZ5Gd0d1d1eZ6Gd2d3d3e Z7Gd4d5d5eZ8Gd6d7d7eZ9Gd8d9d9eZ:Gd:d;d;e Z;Gdd?d?eZ=Gd@dAdAeZ>GdBdCdCeZ?GdDdEdEeZ@GdFdGdGeZAGdHdIdIeZBGdJdKdKeZCGdLdMdMeZDGdNdOdOeZEGdPdQdQeZFGdRdSdSeZGGdTdUdUeZHdVS)Wz ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)unwrap)DigestAlgorithmSignedDigestAlgorithm) BooleanChoice EnumeratedGeneralizedTime IA5StringIntegerNullObjectIdentifierOctetBitString OctetStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntax CRLReason)PublicKeyAlgorithm) Certificate GeneralName GeneralNamesNamec@seZdZddiZdS)Versionrv1N)__name__ __module__ __qualname___mapr$r$6/tmp/pip-target-jgxl_w8r/lib/python/asn1crypto/ocsp.pyr(src@s(eZdZdefdefdefdefgZdS)CertIdZhash_algorithmZissuer_name_hashZissuer_key_hashZ serial_numberN)r r!r"rrr_fieldsr$r$r$r%r&.sr&c@seZdZdefdefgZdS)ServiceLocatorZissuerlocatorN)r r!r"rrr'r$r$r$r%r(7sr(c@seZdZddiZdS)RequestExtensionIdz1.3.6.1.5.5.7.48.1.7service_locatorN)r r!r"r#r$r$r$r%r*>sr*c@s4eZdZdefdeddifdefgZdZdeiZ dS) RequestExtensionextn_idcriticaldefaultF extn_value)r-r0r+N) r r!r"r*r rr' _oid_pairr( _oid_specsr$r$r$r%r,Ds   r,c@seZdZeZdS)RequestExtensionsN)r r!r"r, _child_specr$r$r$r%r3Qsr3c@sPeZdZdefdedddfgZdZdZdZdd Z e d d Z e d d Z dS)RequestZreq_certsingle_request_extensionsrT)explicitoptionalFNcCsht|_xT|dD]H}|dj}d|}t||rDt|||dj|djr|j|qWd|_dS)zv Sets common named extensions to private attributes and creates a list of critical extensions r6r-z _%s_valuer0r.TN)set_critical_extensionsnativehasattrsetattrparsedadd_processed_extensions)self extensionnameattribute_namer$r$r%_set_extensions_s   zRequest._set_extensionscCs|js||jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r@rEr:)rAr$r$r%critical_extensionsqs zRequest.critical_extensionscCs|jdkr||jS)z This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object F)r@rE_service_locator_value)rAr$r$r%service_locator_values zRequest.service_locator_value) r r!r"r&r3r'r@r:rGrEpropertyrFrHr$r$r$r%r5Us r5c@seZdZeZdS)RequestsN)r r!r"r5r4r$r$r$r%rJsrJc@seZdZddiZdS) ResponseTypez1.3.6.1.5.5.7.48.1.1basic_ocsp_responseN)r r!r"r#r$r$r$r%rKsrKc@seZdZeZdS)AcceptableResponsesN)r r!r"rKr4r$r$r$r%rMsrMc@s"eZdZdefdeddifgZdS)PreferredSignatureAlgorithmZsig_identifierZcert_identifierr8TN)r r!r"r rr'r$r$r$r%rNsrNc@seZdZeZdS)PreferredSignatureAlgorithmsN)r r!r"rNr4r$r$r$r%rOsrOc@seZdZddddZdS)TBSRequestExtensionIdnonceacceptable_responsespreferred_signature_algorithms)z1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8N)r r!r"r#r$r$r$r%rPsrPc@s8eZdZdefdeddifdefgZdZee e dZ dS) TBSRequestExtensionr-r.r/Fr0)r-r0)rQrRrSN) r r!r"rPr rr'r1rrMrOr2r$r$r$r%rTs  rTc@seZdZeZdS)TBSRequestExtensionsN)r r!r"rTr4r$r$r$r%rUsrUc@s@eZdZdedddfdedddfd efd ed ddfgZd S) TBSRequestversionrr)r7r/Zrequestor_namerT)r7r8Z request_listrequest_extensionsN)r r!r"rrrJrUr'r$r$r$r%rVsrVc@seZdZeZdS) CertificatesN)r r!r"rr4r$r$r$r%rZsrZc@s*eZdZdefdefdedddfgZdS) Signaturesignature_algorithm signaturecertsrT)r7r8N)r r!r"r rrZr'r$r$r$r%r[sr[c@speZdZdefdedddfgZdZdZdZdZ dZ dd Z e d d Z e d d Ze ddZe ddZdS) OCSPRequest tbs_requestZoptional_signaturerT)r7r8FNcCslt|_xX|ddD]H}|dj}d|}t||rHt|||dj|djr|j|qWd|_dS) zv Sets common named extensions to private attributes and creates a list of critical extensions r`rXr-z _%s_valuer0r.TN)r9r:r;r<r=r>r?r@)rArBrCrDr$r$r%rEs   zOCSPRequest._set_extensionscCs|js||jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r@rEr:)rAr$r$r%rFs zOCSPRequest.critical_extensionscCs|jdkr||jS)z This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object F)r@rE _nonce_value)rAr$r$r% nonce_values zOCSPRequest.nonce_valuecCs|jdkr||jS)a( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object F)r@rE_acceptable_responses_value)rAr$r$r%acceptable_responses_values z&OCSPRequest.acceptable_responses_valuecCs|jdkr||jS)aj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object F)r@rE%_preferred_signature_algorithms_value)rAr$r$r%$preferred_signature_algorithms_value s z0OCSPRequest.preferred_signature_algorithms_value)r r!r"rVr[r'r@r:rarcrerErIrFrbrdrfr$r$r$r%r_s   r_c@seZdZdddddddZdS) OCSPResponseStatusZ successfulZmalformed_requestZinternal_errorZ try_laterZ sign_required unauthorized)rrrYN)r r!r"r#r$r$r$r%rg1s rgc@s(eZdZdeddifdeddifgZdS) ResponderIdZby_namer7rby_keyrYN)r r!r"rr _alternativesr$r$r$r%rl<s rlc@s eZdZddZeddZdS) StatusGoodcCs6|dk r,|dkr,t|ts,ttdt|d|_dS)z` Sets the value of the object :param value: None or 'good' NgoodzK value must be one of None, "good", not %s ) isinstancer ValueErrorrreprcontents)rAvaluer$r$r%r9Es  zStatusGood.setcCsdS)Nrpr$)rAr$r$r%r;WszStatusGood.nativeN)r r!r"r9rIr;r$r$r$r%roDsroc@s eZdZddZeddZdS) StatusUnknowncCs6|dk r,|dkr,t|ts,ttdt|d|_dS)zc Sets the value of the object :param value: None or 'unknown' NunknownzN value must be one of None, "unknown", not %s rq)rrrrsrrtru)rArvr$r$r%r9^s  zStatusUnknown.setcCsdS)Nrxr$)rAr$r$r%r;pszStatusUnknown.nativeN)r r!r"r9rIr;r$r$r$r%rw]srwc@s$eZdZdefdedddfgZdS) RevokedInfoZrevocation_timeZrevocation_reasonrT)r7r8N)r r!r"r rr'r$r$r$r%ryusryc@s4eZdZdeddifdeddifdeddifgZdS) CertStatusrpZimplicitrZrevokedrrxrYN)r r!r"roryrwrnr$r$r$r%rz|s  rzc@s:eZdZdedddfdedddfdedddfgZd S) CrlIdZcrl_urlrT)r7r8Zcrl_numrZcrl_timerYN)r r!r"rrr r'r$r$r$r%r{sr{c@seZdZdddddddZdS) SingleResponseExtensionIdcrlarchive_cutoff crl_reasoninvalidity_datecertificate_issuer!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z 2.5.29.21z 2.5.29.24z 2.5.29.29z1.3.6.1.4.1.11129.2.4.5N)r r!r"r#r$r$r$r%r|s r|c@s>eZdZdefdeddifdefgZdZee e e e e dZ dS) SingleResponseExtensionr-r.r/Fr0)r-r0)r}r~rrrrN)r r!r"r|r rr'r1r{r rrrr2r$r$r$r%rs  rc@seZdZeZdS)SingleResponseExtensionsN)r r!r"rr4r$r$r$r%rsrc @seZdZdefdefdefdedddfded ddfgZd Zd Z d Z d Z d Z d Z d Zd d ZeddZeddZeddZeddZeddZeddZd S)SingleResponseZcert_idZ cert_statusZ this_updateZ next_updaterT)r7r8single_extensionsrFNcCsht|_xT|dD]H}|dj}d|}t||rDt|||dj|djr|j|qWd|_dS)zv Sets common named extensions to private attributes and creates a list of critical extensions rr-z _%s_valuer0r.TN)r9r:r;r<r=r>r?r@)rArBrCrDr$r$r%rEs   zSingleResponse._set_extensionscCs|js||jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r@rEr:)rAr$r$r%rFs z"SingleResponse.critical_extensionscCs|jdkr||jS)z This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object F)r@rE _crl_value)rAr$r$r% crl_values zSingleResponse.crl_valuecCs|jdkr||jS)z This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object F)r@rE_archive_cutoff_value)rAr$r$r%archive_cutoff_values z#SingleResponse.archive_cutoff_valuecCs|jdkr||jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)r@rE_crl_reason_value)rAr$r$r%crl_reason_values zSingleResponse.crl_reason_valuecCs|jdkr||jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)r@rE_invalidity_date_value)rAr$r$r%invalidity_date_value s z$SingleResponse.invalidity_date_valuecCs|jdkr||jS)z This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object F)r@rE_certificate_issuer_value)rAr$r$r%certificate_issuer_values z'SingleResponse.certificate_issuer_value)r r!r"r&rzr rr'r@r:rrrrrrErIrFrrrrrr$r$r$r%rs&    rc@seZdZeZdS) ResponsesN)r r!r"rr4r$r$r$r%r(src@seZdZdddZdS)ResponseDataExtensionIdrQextended_revoke)z1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.9N)r r!r"r#r$r$r$r%r,src@s6eZdZdefdeddifdefgZdZee dZ dS) ResponseDataExtensionr-r.r/Fr0)r-r0)rQrN) r r!r"rr rr'r1rrr2r$r$r$r%r3s   rc@seZdZeZdS)ResponseDataExtensionsN)r r!r"rr4r$r$r$r%rAsrc @s>eZdZdedddfdefdefdefded d d fgZd S) ResponseDatarWrr)r7r/Z responder_idZ produced_at responsesresponse_extensionsrT)r7r8N) r r!r"rrlr rrr'r$r$r$r%rEs rc@s0eZdZdefdefdefdedddfgZdS) BasicOCSPResponsetbs_response_datar\r]r^rT)r7r8N)r r!r"rr rrZr'r$r$r$r%rOsrc@s(eZdZdefdefgZdZdeiZdS) ResponseBytes response_typeresponse)rrrLN) r r!r"rKrr'r1rr2r$r$r$r%rXs rc@sxeZdZdefdedddfgZdZdZdZdZ dd Z e d d Z e d d Z e ddZe ddZe ddZdS) OCSPResponseZresponse_statusresponse_bytesrT)r7r8FNcCsvt|_xb|ddjddD]H}|dj}d|}t||rRt|||dj|djr |j|q Wd |_d S) zv Sets common named extensions to private attributes and creates a list of critical extensions rrrrr-z _%s_valuer0r.TN)r9r:r>r;r<r=r?r@)rArBrCrDr$r$r%rEos   zOCSPResponse._set_extensionscCs|js||jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r@rEr:)rAr$r$r%rFs z OCSPResponse.critical_extensionscCs|jdkr||jS)z This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object F)r@rEra)rAr$r$r%rbs zOCSPResponse.nonce_valuecCs|jdkr||jS)z This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) F)r@rE_extended_revoke_value)rAr$r$r%extended_revoke_values z"OCSPResponse.extended_revoke_valuecCs|ddjS)z A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object rr)r>)rAr$r$r%rLs z OCSPResponse.basic_ocsp_responsecCs|ddjdS)z A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object rrr)r>)rAr$r$r% response_datas zOCSPResponse.response_data)r r!r"rgrr'r@r:rarrErIrFrbrrLrr$r$r$r%rds    rN)I__doc__ __future__rrrr_errorsrZalgosrr corer r r r rrrrrrrrrr}rrkeysrx509rrrrrr&r(r*r,r3r5rJrKrMrNrOrPrTrUrVrZr[r_rgrlrorwryrzr{r|rrrrrrrrrrrr$r$r$r% sZ <   9 Z x