3 L]@sddlmZmZmZddlZddlZddlZddlZddl m Z ddl m Z ddl mZddlmZmZmZmZGdddejjZd d Zd d Zd dZddZddZddZddZddZGdddeZ ddZ!ddZ"dd Z#d!d"Z$d#d$Z%d%d&Z&d'd(Z'd)d*Z(d+d,Z)d-d.Z*d/d0Z+d1d2Z,d3d4Z-d5d6Z.d7d8Z/dZ0d9Z1d:d;Z2e j3j4e j3j5e j3j6e j3j7e j3j8e j3j9e j3j:e j3j;d<ZZ=d?d@Z>dAdBZ?dCdDZ@dEdFZAdGdHZBe j3jCe j3j4e j3j5e j3j6e j3j7e j3j8e j3j9e j3jDe j3j:e j3j;dI ZEe j3jCde j3j4d9e j3j5dJe j3j6dKe j3j7dLe j3j8dMe j3j9dNe j3jDdOe j3j:dPe j3j;dQi ZFdRdSZGdTdUZHdVdWZIdXdYZJdZd[ZKd\d]ZLd^d_ZMd`daZNdbdcZOdddeZPdfdgZQdhdiZRejSe#ejTe$ejUe'ejVe)ejWe/ejXe%ejYe&ejZe!ej[e?ej\e@ej]eej^eAej_e*ej`e+ejae.iZbebjcZdeBedeje<ejfeGejgeHejheIiZiejjeejkeejXe%ej_e*ejYe&ejle-iZmejneRiZoejneRiZpe djdkdldkebdmZqe dndkdodkeddmZre dpdkdqdkeddmZse drdkdsdkeidmZte dtdkdudkemdmZue dvdkdwdkeodmZve dxdkdydkepdmZwdS)z)absolute_importdivisionprint_functionN)x509)_TLS_FEATURE_TYPE_TO_ENUM)_ASN1_TYPE_TO_ENUM)CRLEntryExtensionOIDCertificatePoliciesOID ExtensionOIDOCSPExtensionOIDc@seZdZejjZdS) _IntegersN)__name__ __module__ __qualname__ asn1cryptocoreZIntegerZ _child_specrrZ/tmp/pip-install-wfra5znf/cryptography/cryptography/hazmat/backends/openssl/decode_asn1.pyr sr cCsd}|jjd|}|jj|||d}||dkrX|d}|jjd|}|jj|||d}|j|dk|jj||ddjS)NPzchar[]r)_ffinew_libZ OBJ_obj2txtopenssl_assertbufferdecode)backendobjZbuf_lenbufresrrr_obj2txts  r cCsn|jj|}|j||jjk|jj|}|j||jjkt||}t||}t|j }t j t j |||S)N) rZX509_NAME_ENTRY_get_objectrrNULLZX509_NAME_ENTRY_get_data_asn1_string_to_utf8r rtyperZ NameAttributeObjectIdentifier)rZx509_name_entryrdatavalueoidr#rrr_decode_x509_name_entry3s     r(c Cs|jj|}g}d}x`t|D]T}|jj||}t||}|jj|}||kr`|jt|gn|dj||}qWt j dd|DS)Nrcss|]}tj|VqdS)N)rRelativeDistinguishedName).0Zrdnrrr Nsz$_decode_x509_name..r,) rZX509_NAME_entry_countrangeZX509_NAME_get_entryr(Z Cryptography_X509_NAME_ENTRY_setappendsetaddrName) rZ x509_namecount attributesZ prev_set_idxentry attributeZset_idrrr_decode_x509_name?s   r7cCsV|jj|}g}x@t|D]4}|jj||}|j||jjk|jt||qW|S)N) rZsk_GENERAL_NAME_numr-Zsk_GENERAL_NAME_valuerrr!r._decode_general_name)rgnsnumnamesignrrr_decode_general_namesQs r>c Cs|j|jjkr.t||jjjd}tjj |S|j|jj kr\t||jj jd}tj j |S|j|jj krt||jj}tjtj|S|j|jjkrbt||jj}t|}|dks|dkrNtj|d|d}tj||dd}tt|dd}|jd}|d krt|}d||dkr6tdtj|jd j|} n tj|} tj| S|j|jjkrtj t!||jj"S|j|jj#krt||jj$jd}tj%j |S|j|jj&krt||jj'j(} t)||jj'j*} tj+tj| | Stj,d jtj-j.|j|j|jdS) Nutf8 0r1zInvalid netmaskz/{}z{} is not a supported typer,)/r#rZGEN_DNS_asn1_string_to_bytesdZdNSNamerrZDNSNameZ_init_without_validationZGEN_URIZuniformResourceIdentifierZUniformResourceIdentifierZGEN_RIDr Z registeredIDZ RegisteredIDr$Z GEN_IPADDZ iPAddresslen ipaddress ip_addressbinintfind ValueError ip_networkexplodedformatZ IPAddressZ GEN_DIRNAMEZ DirectoryNamer7Z directoryNameZ GEN_EMAILZ rfc822NameZ RFC822NameZ GEN_OTHERNAMEZ otherNametype_id _asn1_to_derr&Z OtherNameZUnsupportedGeneralNameTypeZ_GENERAL_NAMESget) rr=r%r'Zdata_lenbasenetmaskbitsprefixiprQr&rrrr8\sP        r8cCstjS)N)rZ OCSPNoCheck)rextrrr_decode_ocsp_no_checksrZcCs0|jjd|}|jj||jj}tjt||S)NzASN1_INTEGER *)rcastgcrASN1_INTEGER_freerZ CRLNumber_asn1_integer_to_int)rrYasn1_intrrr_decode_crl_numbersr`cCs0|jjd|}|jj||jj}tjt||S)NzASN1_INTEGER *)rr[r\rr]rZDeltaCRLIndicatorr^)rrYr_rrr_decode_delta_crl_indicatorsrac@seZdZddZddZdS)_X509ExtensionParsercCs||_||_||_dS)N) ext_countget_exthandlers)selfrcrdrerrr__init__sz_X509ExtensionParser.__init__cCs.g}t}xt|j||D]}|j|||}|j||jjk|jj|}|dk}t j t ||jj |} | |krt j dj| | | tjkr|jj|} tjt|| } t jdd| D} |jt j| || |j| qnd| tjkrJ|jj|} tjjjt|| } | tjjks&t|jt j| |t j|j| qy|j| } Wnnt k r|jj|} |j| |jjk|jj!| j"| j#dd}t j$| |}|jt j| ||YnPX|jj%|}||jjkr|j&t'dj| | ||} |jt j| || |j| qWt j(|S)NrzDuplicate {} extension foundcSsg|]}t|jqSr)rZnative)r*r4rrr sz._X509ExtensionParser.parse..z/The {} extension is invalid and can't be parsed))r/r-rcrdrrr!rZX509_EXTENSION_get_criticalrr$r ZX509_EXTENSION_get_objectZDuplicateExtensionrPr Z TLS_FEATUREZX509_EXTENSION_get_datar loadrEZ TLSFeaturer. Extensionr0ZPRECERT_POISONrrZNullAssertionErrorZ PrecertPoisonreKeyErrorrr%lengthZUnrecognizedExtensionZX509V3_EXT_d2iZ_consume_errorsrMZ Extensions)rfrZx509_obj extensionsZ seen_oidsr<rYcritcriticalr'r%parsedr&handlerZderZ unrecognizedZext_datarrrparses`            z_X509ExtensionParser.parseN)r rrrgrsrrrrrbsrbcCs@|jjd|}|jj||jj}|jj|}g}xt|D]}d}|jj||}tj t ||j }|j |jj kr |jj|j }g}xt|D]} |jj|j | } tj t || j} | tjkr|jj| jjj| jjjddjd} |j| q| tjkstt|| jj} |j| qW|jtj||qrserialrZAuthorityKeyIdentifier)rZakidZkey_identifierZauthority_cert_issuerZauthority_cert_serial_numberrrr _decode_authority_key_identifiercs  rcsjjd|}jj|fdd}jj|}g}xvt|D]j}jj||}j|jjj kt j t |j}j|j jj kt|j }|jt j||q>Wt j|S)Nz*Cryptography_STACK_OF_ACCESS_DESCRIPTION *csjj|jjjjdS)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freer addressofZ _original_lib)r4)rrrsz6_decode_authority_information_access..)rr[r\rZsk_ACCESS_DESCRIPTION_numr-Zsk_ACCESS_DESCRIPTION_valuermethodr!rr$r locationr8r.ZAccessDescriptionZAuthorityInformationAccess)rZaiar:Zaccess_descriptionsr<adr'r=r)rr$_decode_authority_information_access|s  rc Cs|jjd|}|jj||jj}|jj}||ddk}||ddk}||ddk}||ddk}||ddk}||ddk}||ddk} ||d dk} ||d dk} tj||||||| | | S) NzASN1_BIT_STRING *rrrBr@)rr[r\rZASN1_BIT_STRING_freeASN1_BIT_STRING_get_bitrZKeyUsage) rZ bit_stringZget_bitZdigital_signatureZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_onlyrrr_decode_key_usages,rcCs.|jjd|}|jj||jj}t||}|S)NzGENERAL_NAMES *)rr[r\rGENERAL_NAMES_freer>)rr9 general_namesrrr_decode_general_names_extensions rcCstjt||S)N)rZSubjectAlternativeNamer)rrYrrr_decode_subject_alt_namesrcCstjt||S)N)rZIssuerAlternativeNamer)rrYrrr_decode_issuer_alt_namesrcCsF|jjd|}|jj||jj}t||j}t||j}tj ||dS)NzNAME_CONSTRAINTS *)Zpermitted_subtreesZexcluded_subtrees) rr[r\rZNAME_CONSTRAINTS_free_decode_general_subtreesZpermittedSubtreesZexcludedSubtreesrZNameConstraints)rZncZ permittedZexcludedrrr_decode_name_constraintss   rcCsl||jjkrdS|jj|}g}xFt|D]:}|jj||}|j||jjkt||j}|j |q*W|S)N) rr!rZsk_GENERAL_SUBTREE_numr-Zsk_GENERAL_SUBTREE_valuerr8rTr.)rZstack_subtreesr:Zsubtreesr<rnamerrrrs   rc Cs|jjd|}|jj||jj}|j|jjkr@t||j\}}nd}d}|jdk}|j dk}|j dk}|j dk}|j |jjkrt ||j }nd}tj|||||||S)NzISSUING_DIST_POINT *r~)rr[r\rZISSUING_DIST_POINT_free distpointr!_decode_distpointZonlyuserZonlyCAZ indirectCRLZonlyattrZonlysomereasons_decode_reasonsrZIssuingDistributionPoint) rZidp full_name relative_nameZ only_userZonly_caZ indirect_crlZ only_attrZonly_some_reasonsrrr_decode_issuing_dist_points      rcCsD|jjd|}|jj||jj}t||j}t||j}tj ||S)NzPOLICY_CONSTRAINTS *) rr[r\rZPOLICY_CONSTRAINTS_freerZrequireExplicitPolicyZinhibitPolicyMappingrZPolicyConstraints)rZpcZrequire_explicit_policyZinhibit_policy_mappingrrr_decode_policy_constraintss  rcCs|jjd|}|jj||jj}|jj|}g}xJt|D]>}|jj||}|j||jj kt j t ||}|j |q:Wt j|S)Nz#Cryptography_STACK_OF_ASN1_OBJECT *)rr[r\rZsk_ASN1_OBJECT_freeZsk_ASN1_OBJECT_numr-Zsk_ASN1_OBJECT_valuerr!rr$r r.ZExtendedKeyUsage)rskr:Zekusr<rr'rrr_decode_extended_key_usages rrc Cs|jjd|}|jj||jj}|jj|}g}xt|D]}d}d}d}d}|jj||} | j|jj krvt || j}| j |jj krt || j }| j |jj krt|| j \}}|jtj||||q:W|S)Nz"Cryptography_STACK_OF_DIST_POINT *)rr[r\rZCRL_DIST_POINTS_freeZsk_DIST_POINT_numr-Zsk_DIST_POINT_valuereasonsr!rZ CRLissuerr>rrr.rZDistributionPoint) rcdpsr: dist_pointsr<rrZ crl_issuerrZcdprrr_decode_dist_pointss*   r)rrBrrrrrr@cCs<g}x.tjtD] \}}|jj||r|j|qWt|S)N)six iteritems_REASON_BIT_MAPPINGrrr. frozenset)rrZ enum_reasonsZ bit_positionreasonrrrrMs rc Cs|jtkr t||jj}|dfS|jj}|jj|}t}x@t |D]4}|jj ||}|j ||j j k|jt||qDWtj|}d|fS)N)r#_DISTPOINT_TYPE_FULLNAMEr>rfullnameZ relativenamerZsk_X509_NAME_ENTRY_numr/r-Zsk_X509_NAME_ENTRY_valuerrr!r0r(rr)) rrrZrnsZrnumr3r<ZrnrrrrrWs    rcCst||}tj|S)N)rrZCRLDistributionPoints)rrrrrr_decode_crl_distribution_pointsts rcCst||}tj|S)N)rrZ FreshestCRL)rrrrrr_decode_freshest_crlys rcCs4|jjd|}|jj||jj}t||}tj|S)NzASN1_INTEGER *)rr[r\rr]r^rZInhibitAnyPolicy)rr_Z skip_certsrrr_decode_inhibit_any_policy~s rcCstddlm}|jjd|}|jj||jj}g}x8t|jj|D]$}|jj ||}|j ||||qBWt j |S)Nr)_SignedCertificateTimestampzCryptography_STACK_OF_SCT *) Z)cryptography.hazmat.backends.openssl.x509rrr[r\rZ SCT_LIST_freer-Z sk_SCT_numZ sk_SCT_valuer.rZ)PrecertificateSignedCertificateTimestamps)rZ asn1_sctsrZsctsr<Zsctrrr-_decode_precert_signed_certificate_timestampss r) rrrBrrrrr@ rBrrrrr@rrc Csb|jjd|}|jj||jj}|jj|}ytjt|St k r\t dj |YnXdS)NzASN1_ENUMERATED *zUnsupported reason code: {}) rr[r\rZASN1_ENUMERATED_freeZASN1_ENUMERATED_getrZ CRLReason_CRL_ENTRY_REASON_CODE_TO_ENUMrlrMrP)renumcoderrr_decode_crl_reasons rcCs0|jjd|}|jj||jj}tjt||S)NzASN1_GENERALIZEDTIME *)rr[r\rASN1_GENERALIZEDTIME_freerZInvalidityDate_parse_asn1_generalized_time)rZinv_dategeneralized_timerrr_decode_invalidity_dates  rcCs4|jjd|}|jj||jj}t||}tj|S)NzGENERAL_NAMES *)rr[r\rrr>rZCertificateIssuer)rr9rrrr_decode_cert_issuers rcsnjjd}jj||}j|dkj|djjkjj|fdd}jj|d|ddS)Nzunsigned char **rcsjj|dS)Nr)r OPENSSL_free)r)rrrrsz_asn1_to_der..)rrrZ i2d_ASN1_TYPErr!r\r)rZ asn1_typerrr)rrrRs rRcCs@|jj||jj}|j||jjk|jj||jj}|j|S)N)rZASN1_INTEGER_to_BNrr!rr\ZBN_freeZ _bn_to_int)rr_Zbnrrrr^sr^cCs||jjkrdSt||SdS)N)rr!r^)rr_rrrrs rcCs|jj|j|jddS)N)rrr%rm)rrrrrrEsrEcCst||jdS)Nrt)rEr)rrrrr_asn1_string_to_asciisrcs~jjd}jj||}|dkr2tdj|jj|djjkjj |fdd}jj |d|ddj dS) Nzunsigned char **rz&Unsupported ASN1 string type. Type: {}rcsjj|dS)Nr)rr)r)rrrrsz&_asn1_string_to_utf8..r?r,) rrrZASN1_STRING_to_UTF8rMrPr#rr!r\rr)rrrrr)rrr"s r"cCs`|j||jjk|jj||jj}||jjkrDtdjt|||jj||jj }t ||S)Nz1Couldn't parse ASN.1 time as generalizedtime {!r}) rrr!rZASN1_TIME_to_generalizedtimerMrPrEr\rr)rZ asn1_timerrrr_parse_asn1_time s   rcCs"t||jjd|}tjj|dS)Nz ASN1_STRING *z %Y%m%d%H%M%SZ)rrr[datetimestrptime)rrtimerrrrsrcCs0|jjd|}|jj||jj}tjt||S)NzASN1_OCTET_STRING *)rr[r\rrrZ OCSPNoncerE)rnoncerrr _decode_nonce#srcCs |jj|S)N)rX509_get_ext_count)rr4rrrr\srcCs|jj||S)N)r X509_get_ext)rr4r<rrrr]s)rcrdrecCs |jj|S)N)rr)rr4rrrrbscCs|jj||S)N)rr)rr4r<rrrrcscCs |jj|S)N)rZsk_X509_EXTENSION_num)rr4rrrrhscCs|jj||S)N)rZsk_X509_EXTENSION_value)rr4r<rrrriscCs |jj|S)N)rZX509_REVOKED_get_ext_count)rr4rrrrnscCs|jj||S)N)rZX509_REVOKED_get_ext)rr4r<rrrroscCs |jj|S)N)rZX509_CRL_get_ext_count)rr4rrrrtscCs|jj||S)N)rZX509_CRL_get_ext)rr4r<rrrruscCs |jj|S)N)rZOCSP_REQUEST_get_ext_count)rr4rrrrzscCs|jj||S)N)rZOCSP_REQUEST_get_ext)rr4r<rrrr{scCs |jj|S)N)rZOCSP_BASICRESP_get_ext_count)rr4rrrrscCs|jj||S)N)rZOCSP_BASICRESP_get_ext)rr4r<rrrrs)x __future__rrrrrHZasn1crypto.corerrZ cryptographyrZcryptography.x509.extensionsrZcryptography.x509.namerZcryptography.x509.oidrr r r rZ SequenceOfr r r(r7r>r8rZr`raobjectrbr|rxrrrrrrrrrrrrrrZ_DISTPOINT_TYPE_RELATIVENAMErZ ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserrrrrrrZ unspecifiedZremove_from_crlrZ_CRL_ENTRY_REASON_ENUM_TO_CODErrrrRr^rrErr"rrrZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZAUTHORITY_INFORMATION_ACCESSZCERTIFICATE_POLICIESZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZ OCSP_NO_CHECKZINHIBIT_ANY_POLICYZISSUER_ALTERNATIVE_NAMEZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_HANDLERS_NO_SCTcopyZ_EXTENSION_HANDLERSZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSZ CRL_REASONZINVALIDITY_DATEZCERTIFICATE_ISSUERZ_REVOKED_EXTENSION_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_HANDLERSZNONCEZ_OCSP_REQ_EXTENSION_HANDLERSZ"_OCSP_BASICRESP_EXTENSION_HANDLERSZ$_CERTIFICATE_EXTENSION_PARSER_NO_SCTZ_CERTIFICATE_EXTENSION_PARSERZ_CSR_EXTENSION_PARSERZ%_REVOKED_CERTIFICATE_EXTENSION_PARSERZ_CRL_EXTENSION_PARSERZ_OCSP_REQ_EXT_PARSERZ_OCSP_BASICRESP_EXT_PARSERrrrrs     NJ'  -