3 L][@sddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddZd d Zd d Zd dZddZddZddZddZddZddZddZddZdd Z d!d"Z!d#d$Z"d%d&Z#d'd(Z$d)d*Z%d+d,Z&d-d.Z'd/d0Z(d1d2Z)d3d4Z*d5d6Z+d7d8Z,d9d:Z-d;d<Z.d=d>Z/d?d@Z0e j1j2dAe j1j3dBe j1j4dCe j1j5dDe j1j6dEe j1j7dFe j1j8dGe j1j9dHiZ:dIdJZ;dKdLZdQdRZ?dSdTZ@dUdVZAdWdXZBejCe)ejDe-ejEe'ejFe,ejGe,ejHe0ejIe(ejJe"ejKe*ejLe>ejMe>ejNeejOe&ejPe?ejQe@iZRejGe,ejIe(ejKe*ejSeejTeejUeiZVejWe,ejXe ejYe!iZZej[eBiZ\ej[eBiZ]dS)Y)absolute_importdivisionprint_functionN)utilsx509)_CRL_ENTRY_REASON_ENUM_TO_CODE_DISTPOINT_TYPE_FULLNAME_DISTPOINT_TYPE_RELATIVENAME) _ASN1Type)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDcCsD|j|}|jj||jj}|jj||jj}|j||jjk|S)a Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. )Z _int_to_bn_ffigc_libZBN_freeZBN_to_ASN1_INTEGERNULLopenssl_assert)backendxirZ/tmp/pip-install-wfra5znf/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.py_encode_asn1_ints rcCs t||}|jj||jj}|S)N)rrrrZASN1_INTEGER_free)rrrrrr_encode_asn1_int_gc+s rcCs0|jj}|jj||t|}|j|dk|S)z@ Create an ASN1_OCTET_STRING from a Python byte string. )rZASN1_OCTET_STRING_newZASN1_OCTET_STRING_setlenr)rdatasresrrr_encode_asn1_str1s rcCs<|jj}|jj||jdt|jd}|j|dk|S)z Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. utf8r)rZASN1_UTF8STRING_newASN1_STRING_setencoderr)rstringrrrrr_encode_asn1_utf8_str;s  r$cCs t||}|jj||jj}|S)N)rrrrZASN1_OCTET_STRING_free)rrrrrr_encode_asn1_str_gcIs r%cCs t||jS)N)rZ skip_certs)rZinhibit_any_policyrrr_encode_inhibit_any_policyOsr&cCsp|jj}x`|jD]V}d}xL|D]D}t||}|jj||jj}|jj||d|}|j|dkd}q WqW|S)zP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. rrr') rZ X509_NAME_newZrdns_encode_name_entryrrZX509_NAME_ENTRY_freeZX509_NAME_add_entryr)rnamesubjectZrdnZset_flag attribute name_entryrrrr _encode_nameSs       r-cCs t||}|jj||jj}|S)N)r-rrrZX509_NAME_free)r attributesr*rrr_encode_name_gcgs r/cCsB|jj}x2|D]*}t||}|jj||}|j|dkqW|S)z: The sk_X509_NAME_ENTRY created will not be gc'd. r)rZsk_X509_NAME_ENTRY_new_nullr(Zsk_X509_NAME_ENTRY_pushr)rr.stackr+r,rrrr_encode_sk_name_entryms    r1cCsX|jtjkr|jjd}n |jjd}t||jj}|jj |j j ||jj|t |}|S)N utf_16_ber ) _typer Z BMPStringvaluer" _txt2obj_gcoid dotted_stringrZX509_NAME_ENTRY_create_by_OBJrrr)rr+r4objr,rrrr(ys  r(cCs t||jS)N)rZ crl_number)rextrrr&_encode_crl_number_delta_crl_indicatorsr:cCs|jj}|j||jjk|jj||jj}|jr8dnd|_|j rHdnd|_ |j rXdnd|_ |j rhdnd|_|jrt||j|_|jrt||j|_|jrt||j|_|S)Nr)rZISSUING_DIST_POINT_newrrrrZISSUING_DIST_POINT_freeZonly_contains_user_certsZonlyuserZonly_contains_ca_certsZonlyCAZ indirect_crlZ indirectCRLZonly_contains_attribute_certsZonlyattrZonly_some_reasons_encode_reasonflagsZonlysomereasons full_name_encode_full_name distpoint relative_name_encode_relative_name)rr9Zidprrr_encode_issuing_dist_points  rBcCsT|jj}|j||jjk|jj||jj}|jj|t|j }|j|dk|S)Nr) rZASN1_ENUMERATED_newrrrrZASN1_ENUMERATED_freeZASN1_ENUMERATED_setrreason)rZ crl_reasonZasn1enumrrrr_encode_crl_reasons rDcCsF|jj|jjtj|jj}|j||jjk|jj ||jj }|S)N) rZASN1_GENERALIZEDTIME_setrrcalendartimegminvalidity_date timetuplerrZASN1_GENERALIZEDTIME_free)rrGtimerrr_encode_invalidity_dates  rJc Cs|jj}|j||jjk|jj||jj}xh|D]^}|jj}|j||jjk|jj||}|j|dkt ||j j }||_ |j r6|jj}|j||jjkx|j D]}|jj} |j| |jjk|jj|| }|j|dkt|tjr"t |tjj | _t||jd| j_qt|tjs4tt |tjj | _|jj} |j| |jjk| | j_|j r~t!||j | _"t#||j$| _%qW||_&q6W|S)Nrascii)'rZsk_POLICYINFO_new_nullrrrrZsk_POLICYINFO_freeZPOLICYINFO_newZsk_POLICYINFO_push_txt2objZpolicy_identifierr7ZpolicyidZpolicy_qualifiersZsk_POLICYQUALINFO_new_nullZPOLICYQUALINFO_newZsk_POLICYQUALINFO_push isinstancesix text_typerZOID_CPS_QUALIFIERZpqualidrr"dZcpsuriZ UserNoticeAssertionErrorZOID_CPS_USER_NOTICEZUSERNOTICE_newZ usernoticeZ explicit_textr$Zexptext_encode_notice_referenceZnotice_referenceZ noticerefZ qualifiers) rZcertificate_policiescpZ policy_infopirr6ZpqisZ qualifierZpqiZunrrr_encode_certificate_policiessJ        rUcCs|dkr|jjS|jj}|j||jjkt||j|_|jj}||_x4|j D]*}t ||}|jj ||}|j|dkqRW|SdS)Nr) rrrZ NOTICEREF_newrr$Z organizationZsk_ASN1_INTEGER_new_nullZ noticenosZnotice_numbersrZsk_ASN1_INTEGER_push)rnoticenrZ notice_stacknumbernumrrrrrRs    rRcCs.|jd}|jj|d}|j||jjk|S)z_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. rKr)r"r OBJ_txt2objrrr)rr)r8rrrrLs rLcCs t||}|jj||jj}|S)N)rLrrrZASN1_OBJECT_free)rr)r8rrrr5s r5cCs |jjS)N)rZ ASN1_NULL_new)rr9rrr_encode_ocsp_nochecksr[cCsb|jj}|jj}|jj||jj}||d|j}|j|dk||d|j}|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk|j r*||d|j}|j|dk||d |j}|j|dkn4||dd}|j|dk||d d}|j|dk|S) Nrr)rASN1_BIT_STRING_set_bitASN1_BIT_STRING_newrrZASN1_BIT_STRING_freeZdigital_signaturerZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_only)rZ key_usageZset_bitZkurrrr_encode_key_usages6   recCsz|jj}|j||jjk|jj||jj}|jdk rFt||j|_ |j dk r^t ||j |_ |j dk rvt||j |_|S)N)rZAUTHORITY_KEYID_newrrrrZAUTHORITY_KEYID_freeZkey_identifierrZkeyidZauthority_cert_issuer_encode_general_namesZissuerZauthority_cert_serial_numberrserial)rZauthority_keyidZakidrrr _encode_authority_key_identifier3s       rhcCsN|jj}|jj||jj}|jr&dnd|_|jrJ|jdk rJt||j|_|S)Nr;r) rZBASIC_CONSTRAINTS_newrrZBASIC_CONSTRAINTS_freecaZ path_lengthrpathlen)rZbasic_constraints constraintsrrr_encode_basic_constraintsJs   rlcsjj}j|jjkjj|fdd}xV|D]N}jj}t|jj }t |j |j ||_ jj||}j|dkq8W|S)Ncsjj|jjjjdS)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freer addressofZ _original_lib)r)rrr]sz6_encode_authority_information_access..r)rZsk_ACCESS_DESCRIPTION_new_nullrrrrZACCESS_DESCRIPTION_newrLZ access_methodr7!_encode_general_name_preallocatedZaccess_locationlocationmethodZsk_ACCESS_DESCRIPTION_push)rZauthority_info_accessZaiaZaccess_descriptionadrqrr)rr$_encode_authority_information_accessXs    rscCsT|jj}|j||jjkx2|D]*}t||}|jj||}|j|dkq"W|S)Nr)rZGENERAL_NAMES_newrrr_encode_general_nameZsk_GENERAL_NAME_push)rnames general_namesr)gnrrrrrfrs   rfcCs t||}|jj||jj}|S)N)rfrrrZGENERAL_NAMES_free)rsanrvrrr_encode_alt_name}s  rycCs t||jS)N)r%digest)rZskirrr_encode_subject_key_identifiersr{cCs|jj}t||||S)N)rZGENERAL_NAME_newro)rr)rwrrrrts  rtcCsRt|tjr~|j||jjk|jj|_|jj }|j||jjk|j j d}|jj ||t |}|j|dk||j_nt|tjr|j||jjk|jj|_|jj|j jj dd}|j||jjk||j_nrt|tjr|j||jjkt||j }|jj|_||j_n0t|tjr|j||jjkt|j tjrn|j jjtjd |j j d}n|j j d}n|j j}t"||} |jj#|_| |j_$nt|tj%r|j||jjk|jj&} |j| |jjk|jj|j'jj dd} |j| |jjk|jj(d|j } |jj(d } | | d <|jj)|jj| t |j }||jjkr|j*t+d | | _'|| _ |jj,|_| |j_-nt|tj.r|j||jjk|j j d} t"|| }|jj/|_||j_0nXt|tj1r@|j||jjk|j j d} t"|| }|jj2|_||j_3nt+d j4|dS)Nr rrK r^zunsigned char[]zunsigned char **rzInvalid ASN.1 dataz!{} is an unknown GeneralName typel)5rMrZDNSNamerrrrZGEN_DNStypeZASN1_IA5STRING_newr4r"r!rrPZdNSNameZ RegisteredIDZGEN_RIDrZr7Z registeredIDZ DirectoryNamer-Z GEN_DIRNAMEZ directoryNameZ IPAddress ipaddress IPv4Networknetwork_addresspackedrZ int_to_bytes num_addresses IPv6NetworkrZ GEN_IPADDZ iPAddressZ OtherNameZ OTHERNAME_newtype_idnewZ d2i_ASN1_TYPEZ_consume_errors ValueErrorZ GEN_OTHERNAMEZ otherNameZ RFC822NameZ GEN_EMAILZ rfc822NameZUniformResourceIdentifierZGEN_URIZuniformResourceIdentifierformat)rr)rwZia5r4rr8Zdir_nameripaddrZ other_namerrZ data_ptr_ptrZasn1_strrrrros                          rocCsV|jj}|jj||jj}x4|D],}t||j}|jj||}|j|dkq"W|S)Nr) rZsk_ASN1_OBJECT_new_nullrrZsk_ASN1_OBJECT_freerLr7Zsk_ASN1_OBJECT_pushr)rZextended_key_usageZekur6r8rrrr_encode_extended_key_usages   rrr\r]r^r_r`rarbcCsP|jj}|j||jjkx.|D]&}|jj|t|d}|j|dkq"W|S)Nr)rrdrrrrc_CRLREASONFLAGS)rreasonsZbitmaskrCrrrrr<s  r<cCs4|jj}|j||jjkt|_t|||j_ |S)N) rDIST_POINT_NAME_newrrrrrrfr)fullname)rr=dpnrrrr> s  r>cCs4|jj}|j||jjkt|_t|||j_ |S)N) rrrrrr rr1r)Z relativename)rr@rrrrrAs  rAcCs|jj}|jj||jj}x|D]}|jj}|j||jjk|jrVt ||j|_|j rjt ||j |_ |j r~t||j |_ |jrt||j|_|jj||}|j|dkq"W|S)Nr)rZsk_DIST_POINT_new_nullrrZsk_DIST_POINT_freeZDIST_POINT_newrrrr<r=r>r?r@rAZ crl_issuerrfZ CRLissuerZsk_DIST_POINT_push)rZcdpsZcdpZpointZdprrrr_encode_cdps_freshest_crls    rcCsV|jj}|j||jjk|jj||jj}t||j}||_ t||j }||_ |S)N) rZNAME_CONSTRAINTS_newrrrrZNAME_CONSTRAINTS_free_encode_general_subtreeZpermitted_subtreesZpermittedSubtreesZexcluded_subtreesZexcludedSubtrees)rZname_constraintsZncZ permittedZexcludedrrr_encode_name_constraints3s   rcCsb|jj}|j||jjk|jj||jj}|jdk rFt||j|_ |j dk r^t||j |_ |S)N) rZPOLICY_CONSTRAINTS_newrrrrZPOLICY_CONSTRAINTS_freeZrequire_explicit_policyrZrequireExplicitPolicyZinhibit_policy_mappingZinhibitPolicyMapping)rZpolicy_constraintsZpcrrr_encode_policy_constraintsCs     rcCs`|dkr|jjS|jj}x<|D]4}|jj}t|||_|jj||}|dks tq W|SdS)Nr) rrrZsk_GENERAL_SUBTREE_new_nullZGENERAL_SUBTREE_newrtbaseZsk_GENERAL_SUBTREE_pushrQ)rZsubtreesZgeneral_subtreesr)ZgsrrrrrTs    rcCs t||jS)N)r%nonce)rrrrr _encode_noncebsr)^ __future__rrrrErrNZ cryptographyrrZ0cryptography.hazmat.backends.openssl.decode_asn1rrr Zcryptography.x509.namer Zcryptography.x509.oidr r r rrrr$r%r&r-r/r1r(r:rBrDrJrUrRrLr5r[rerhrlrsrfryr{rtrorZ ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr<r>rArrrrrZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZISSUER_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZCERTIFICATE_POLICIESZAUTHORITY_INFORMATION_ACCESSZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZINHIBIT_ANY_POLICYZ OCSP_NO_CHECKZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_ENCODE_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_ENCODE_HANDLERSZCERTIFICATE_ISSUERZ CRL_REASONZINVALIDITY_DATEZ$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSZNONCEZ'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSZ)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSrrrrs     1   X