3 L]>@sXdZddlmZmZmZmZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZmZmZmZmZGdd d e ZGd d d eZGd d d eZGdddeZGdddeZ Gddde Z!GdddeZ"GdddeZ#GdddeZ$GdddeZ%GdddeZ&GdddeZ'Gd d!d!eZ(dS)"z ASN.1 type classes for certificate revocation lists (CRL). Exports the following items: - CertificateList() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_functionN)SignedDigestAlgorithm) Boolean EnumeratedGeneralizedTimeIntegerObjectIdentifierOctetBitStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntaxAuthorityKeyIdentifierCRLDistributionPointsDistributionPointName GeneralNamesName ReasonFlagsTimec@seZdZddddZdS)VersionZv1Zv2Zv3)rrN)__name__ __module__ __qualname___maprr6/tmp/pip-install-wfra5znf/asn1crypto/asn1crypto/crl.pyr+src @sdeZdZdedddfdedddfd ed ddfd ed dd fdedddfdedddfgZdS)IssuingDistributionPointdistribution_pointrT)explicitoptionalZonly_contains_user_certsrF)implicitdefaultZonly_contains_ca_certsrZonly_some_reasons)r%r$Z indirect_crlZonly_contains_attribute_certsN)rrrrrr_fieldsrrrr r!3s r!c@s eZdZddddddddZd S) TBSCertListExtensionIdissuer_alt_name crl_numberdelta_crl_indicatorissuing_distribution_pointauthority_key_identifier freshest_crlauthority_information_access)z 2.5.29.18z 2.5.29.20z 2.5.29.27z 2.5.29.28z 2.5.29.35z 2.5.29.46z1.3.6.1.5.5.7.1.1N)rrrrrrrr r+>sr+c@s@eZdZdefdeddifdefgZdZee e e e e e dZdS) TBSCertListExtensionextn_idcriticalr&F extn_value)r,r-r.r/r0r1r2N)r4r6)rrrr+rrr* _oid_pairrr r!rrr _oid_specsrrrr r3Js  r3c@seZdZeZdS)TBSCertListExtensionsN)rrrr3 _child_specrrrr r9]sr9c @s2eZdZddddddddd d d Zed d ZdS) CRLReason unspecifiedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdremove_from_crlprivilege_withdrawn aa_compromise) rrrr'r(r) c Cs ddddddddd d d |jS) a :return: A unicode string with revocation description that is suitable to show to end-users. Starts with a lower case letter and phrased in such a way that it makes sense after the phrase "because of" or "due to". zan unspecified reasonza compromised keyzthe CA being compromisedzan affiliation changezcertificate supersessionza cessation of operationza certificate holdzremoval from the CRLzprivilege withdrawlzthe AA being compromised) r<r=r>r?r@rArBrCrDrE)native)selfrrr human_friendlyos zCRLReason.human_friendlyN)rrrrpropertyrLrrrr r;asr;c@seZdZdddddZdS)CRLEntryExtensionId crl_reasonhold_instruction_codeinvalidity_datecertificate_issuer)z 2.5.29.21z 2.5.29.23z 2.5.29.24z 2.5.29.29N)rrrrrrrr rNsrNc@s:eZdZdefdeddifdefgZdZee e e dZ dS) CRLEntryExtensionr4r5r&Fr6)rOrPrQrRN)r4r6) rrrrNrrr*r7r;r r rr8rrrr rSs  rSc@seZdZeZdS)CRLEntryExtensionsN)rrrrSr:rrrr rTsrTc@seZdZdefdefdeddifgZdZdZdZ dZ dZ dZ dd Z ed d Zed d ZeddZeddZeddZdS)RevokedCertificateZuser_certificateZrevocation_datecrl_entry_extensionsr$TFNcCsht|_xT|dD]H}|dj}d|}t||rDt|||dj|djr|jj|qWd|_dS)zv Sets common named extensions to private attributes and creates a list of critical extensions rVr4z _%s_valuer6r5TN)set_critical_extensionsrJhasattrsetattrparsedadd_processed_extensions)rK extensionnameattribute_namerrr _set_extensionss   z"RevokedCertificate._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r]rarX)rKrrr critical_extensionss z&RevokedCertificate.critical_extensionscCs|jdkr|j|jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)r]ra_crl_reason_value)rKrrr crl_reason_values z#RevokedCertificate.crl_reason_valuecCs|jdkr|j|jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)r]ra_invalidity_date_value)rKrrr invalidity_date_values z(RevokedCertificate.invalidity_date_valuecCs|jdkr|j|jS)a This extension indicates the issuer of the certificate in question, and is used in indirect CRLs. CRL entries without this extension are for certificates issued from the last seen issuer. :return: None or an x509.GeneralNames object F)r]ra_certificate_issuer_value)rKrrr certificate_issuer_values z+RevokedCertificate.certificate_issuer_valuecCs@|jdkr:d|_|jr:x"|jD]}|jdkr|j|_PqW|jS)zi :return: None, or an asn1crypto.x509.Name object for the issuer of the cert FNZdirectory_name) _issuer_namerhr_chosen)rK general_namerrr issuer_names   zRevokedCertificate.issuer_name)rrrr rrTr*r]rXrcrergrirarMrbrdrfrhrlrrrr rUs   rUc@seZdZeZdS)RevokedCertificatesN)rrrrUr:rrrr rmsrmc @sTeZdZdeddifdefdefdefdeddifdeddifd ed dd fgZ d S) TbsCertListversionr$T signatureissuerZ this_updateZ next_updateZrevoked_certificatescrl_extensionsr)r#r$N) rrrrrrrrmr9r*rrrr rns   rnc@seZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZddZedd Zed d Zed d ZeddZeddZeddZeddZeddZeddZeddZeddZ eddZ!ed d!Z"ed"d#Z#ed$d%Z$dS)&CertificateList tbs_cert_listZsignature_algorithmrpFNcCslt|_xX|ddD]H}|dj}d|}t||rHt|||dj|djr|jj|qWd|_dS) zv Sets common named extensions to private attributes and creates a list of critical extensions rtrrr4z _%s_valuer6r5TN)rWrXrJrYrZr[r\r])rKr^r_r`rrr ra4s   zCertificateList._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r]rarX)rKrrr rbFs z#CertificateList.critical_extensionscCs|jdkr|j|jS)z This extension allows associating one or more alternative names with the issuer of the CRL. :return: None or an x509.GeneralNames object F)r]ra_issuer_alt_name_value)rKrrr issuer_alt_name_valueTs z%CertificateList.issuer_alt_name_valuecCs|jdkr|j|jS)z This extension adds a monotonically increasing number to the CRL and is used to distinguish different versions of the CRL. :return: None or an Integer object F)r]ra_crl_number_value)rKrrr crl_number_valuebs z CertificateList.crl_number_valuecCs|jdkr|j|jS)z This extension indicates a CRL is a delta CRL, and contains the CRL number of the base CRL that it is a delta from. :return: None or an Integer object F)r]ra_delta_crl_indicator_value)rKrrr delta_crl_indicator_valueps z)CertificateList.delta_crl_indicator_valuecCs|jdkr|j|jS)z This extension includes information about what types of revocations and certificates are part of the CRL. :return: None or an IssuingDistributionPoint object F)r]ra!_issuing_distribution_point_value)rKrrr issuing_distribution_point_value~s z0CertificateList.issuing_distribution_point_valuecCs|jdkr|j|jS)z This extension helps in identifying the public key with which to validate the authenticity of the CRL. :return: None or an AuthorityKeyIdentifier object F)r]ra_authority_key_identifier_value)rKrrr authority_key_identifier_values z.CertificateList.authority_key_identifier_valuecCs|jdkr|j|jS)z This extension is used in complete CRLs to indicate where a delta CRL may be located. :return: None or a CRLDistributionPoints object F)r]ra_freshest_crl_value)rKrrr freshest_crl_values z"CertificateList.freshest_crl_valuecCs|jdkr|j|jS)z This extension is used to provide a URL with which to download the certificate used to sign this CRL. :return: None or an AuthorityInfoAccessSyntax object F)r]ra#_authority_information_access_value)rKrrr "authority_information_access_values z2CertificateList.authority_information_access_valuecCs |ddS)z_ :return: An asn1crypto.x509.Name object for the issuer of the CRL rtrqr)rKrrr rqszCertificateList.issuercCs|js dS|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension NZkey_identifier)r~rJ)rKrrr r0sz(CertificateList.authority_key_identifiercCst|jdkrng|_|jrnxV|jD]L}|djdkr|d}|jdkrDq|j}|jdddkr|jj|qW|jS) z :return: A list of unicode strings that are URLs that should contain either an individual DER-encoded X.509 certificate, or a DER-encoded CMS message containing multiple certificates NZ access_methodZ ca_issuersZaccess_locationuniform_resource_identifierrzhttp://)_issuer_cert_urlsrrJr_lowerappend)rKentrylocationurlrrr issuer_cert_urlss   z CertificateList.issuer_cert_urlscCsj|jdkrdg|_|jdk rdxH|jD]>}|d}|jdkr:q"x$|jD]}|jdkrB|jj|qBWq"W|jS)z Returns delta CRL URLs - only applies to complete CRLs :return: A list of zero or more DistributionPoint objects Nr"Zname_relative_to_crl_issuerr)_delta_crl_distribution_pointsrr_rjr)rKr"Zdistribution_point_namerkrrr delta_crl_distribution_pointss      z-CertificateList.delta_crl_distribution_pointscCs |djS)zE :return: A byte string of the signature rp)rJ)rKrrr rpszCertificateList.signaturecCs$|jdkrtj|jj|_|jS)zf :return: The SHA1 hash of the DER-encoded bytes of this certificate list N)_sha1hashlibsha1dumpdigest)rKrrr rs zCertificateList.sha1cCs$|jdkrtj|jj|_|jS)zi :return: The SHA-256 hash of the DER-encoded bytes of this certificate list N)_sha256rsha256rr)rKrrr rs zCertificateList.sha256)%rrrrnrr r*r]rXrurwryr{r}rrrrrrrarMrbrvrxrzr|r~rrrqr0rrrprrrrrr rss@            rs))__doc__ __future__rrrrrZalgosrcorerr r r r r rrrx509rrrrrrrrrr!r+r3r9r;rNrSrTrUrmrnrsrrrr  s$ , (  & k