3 L]V5@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d Zd d Z d dZ!ddZ"ddZ#ej$eGddde%Z&ej$eGddde%Z'dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_CRL_ENTRY_REASON_CODE_TO_ENUM_OCSP_BASICRESP_EXT_PARSER_OCSP_REQ_EXT_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate) serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcstjfdd}|S)Ncs(|jtjkrtdn|f|SdS)NzCOCSP response status is not successful so the property has no value)response_statusr SUCCESSFUL ValueError)selfargs)funcS/tmp/pip-install-wfra5znf/cryptography/cryptography/hazmat/backends/openssl/ocsp.pywrappers z._requires_successful_response..wrapper) functoolswraps)rr!r)rr _requires_successful_responses r$cCs^|jjd}|jj|jj|jj||jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r)_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr )backendcert_idZkey_hashresrrr _issuer_key_hash's  r/cCs^|jjd}|jj||jj|jj|jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r%r)r&r'r(r)r*r+r )r,r-Z name_hashr.rrr _issuer_name_hash2s r0cCs^|jjd}|jj|jj|jj|jj||}|j|dk|j|d|jjkt||dS)NzASN1_INTEGER **r%r)r&r'r(r)r*r+r )r,r-numr.rrr _serial_number=s  r2c Cs|jjd}|jj|jj||jj|jj|}|j|dk|j|d|jjkt||d}yt|Stk rt dj |YnXdS)NzASN1_OBJECT **r%rz*Signature algorithm OID: {} not recognized) r&r'r(r)r*r+rrKeyErrorrformat)r,r-Zasn1objr.oidrrr _hash_algorithmHs r6c@sPeZdZddZejdZeeddZ eeddZ eedd Z eed d Z eed d Z eeddZeeddZddZeeddZeeddZeeddZeeddZeeddZeeddZeed d!Zeed"d#Zeed$d%Zeed&d'Zejed(d)Zd*d+Zd,S)- _OCSPResponsecCs||_||_|jjj|j}|jj|tkt||_|jtjkr|jjj |j}|jj||jj j k|jj j ||jjj |_|jj|jjj|jdk|jjj|jd|_|jj|j|jj j k|jjj|j|_|jj|j|jj j kdS)Nr%r)_backend_ocsp_responser(ZOCSP_response_statusr+r_statusrrZOCSP_response_get1_basicr&r*gcZOCSP_BASICRESP_free_basicZOCSP_resp_countZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)rr,Z ocsp_responsestatusbasicrrr __init__[s(   z_OCSPResponse.__init__r:cCs>|jjj|j}|jj||jjjkt|j|j}t j |S)N) r8r(ZOCSP_resp_get0_tbs_sigalgr<r+r&r*r algorithmrZObjectIdentifier)rZalgr5rrr signature_algorithm_oidysz%_OCSPResponse.signature_algorithm_oidc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rCrZ_SIG_OIDS_TO_HASHr3rr4)rr5rrr signature_hash_algorithms  z&_OCSPResponse.signature_hash_algorithmcCs2|jjj|j}|jj||jjjkt|j|S)N)r8r(ZOCSP_resp_get0_signaturer<r+r&r*r )rsigrrr signaturesz_OCSPResponse.signaturecsjjjj}jj|jjjkjjjd}jjj||}jj|djjjkjjj |fdd}jj|dkjjj |d|ddS)Nzunsigned char **rcsjjj|dS)Nr)r8r(Z OPENSSL_free)pointer)rrr sz2_OCSPResponse.tbs_response_bytes..) r8r(ZOCSP_resp_get0_respdatar<r+r&r*r'Zi2d_OCSP_RESPDATAr;buffer)rZrespdatappr.r)rr tbs_response_bytessz _OCSPResponse.tbs_response_bytescCsz|jjj|j}|jjj|}g}xRt|D]F}|jjj||}|jj||jjj kt |j|}||_ |j |q,W|S)N) r8r(ZOCSP_resp_get0_certsr<Z sk_X509_numrangeZ sk_X509_valuer+r&r*rZ _ocsp_respappend)rZsk_x509r1certsircertrrr certificatess z_OCSPResponse.certificatescCs.|j\}}||jjjkrdSt|j|SdS)N)_responder_key_namer8r&r*r )r_ asn1_stringrrr responder_key_hashs z _OCSPResponse.responder_key_hashcCs.|j\}}||jjjkrdSt|j|SdS)N)rRr8r&r*r )r x509_namerSrrr responder_names z_OCSPResponse.responder_namecCsP|jjjd}|jjjd}|jjj|j||}|jj|dk|d|dfS)NzASN1_OCTET_STRING **z X509_NAME **r%r)r8r&r'r(ZOCSP_resp_get0_idr<r+)rrTrVr.rrr rRs  z!_OCSPResponse._responder_key_namecCs|jjj|j}t|j|S)N)r8r(ZOCSP_resp_get0_produced_atr<r)r produced_atrrr rXsz_OCSPResponse.produced_atcCsH|jjj|j|jjj|jjj|jjj|jjj}|jj|tkt|S)N)r8r(OCSP_single_get0_statusr=r&r*r+r)rr?rrr certificate_statuss z _OCSPResponse.certificate_statuscCsr|jtjk rdS|jjjd}|jjj|j|jjj ||jjj |jjj |jj |d|jjj kt |j|dS)NzASN1_GENERALIZEDTIME **r) rZrREVOKEDr8r&r'r(rYr=r*r+r)r asn1_timerrr revocation_times  z_OCSPResponse.revocation_timecCs||jtjk rdS|jjjd}|jjj|j||jjj |jjj |jjj |ddkrXdS|jj |dt kt |dSdS)Nzint *rr%) rZrr[r8r&r'r(rYr=r*r+r)rZ reason_ptrrrr revocation_reasons   z_OCSPResponse.revocation_reasoncCsb|jjjd}|jjj|j|jjj|jjj||jjj|jj|d|jjjkt|j|dS)NzASN1_GENERALIZEDTIME **r) r8r&r'r(rYr=r*r+r)rr\rrr this_update s z_OCSPResponse.this_updatecCsb|jjjd}|jjj|j|jjj|jjj|jjj||d|jjjkrZt|j|dSdSdS)NzASN1_GENERALIZEDTIME **r)r8r&r'r(rYr=r*r)rr\rrr next_updatesz_OCSPResponse.next_updatecCst|j|jS)N)r/r8r>)rrrr issuer_key_hash)sz_OCSPResponse.issuer_key_hashcCst|j|jS)N)r0r8r>)rrrr issuer_name_hash.sz_OCSPResponse.issuer_name_hashcCst|j|jS)N)r6r8r>)rrrr hash_algorithm3sz_OCSPResponse.hash_algorithmcCst|j|jS)N)r2r8r>)rrrr serial_number8sz_OCSPResponse.serial_numbercCstj|j|jS)N)r parser8r<)rrrr extensions=sz_OCSPResponse.extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rEncodingDERrr8_create_mem_bio_gcr(Zi2d_OCSP_RESPONSE_bior9r+ _read_mem_bio)rencodingbior.rrr public_bytesBs   z_OCSPResponse.public_bytesN)__name__ __module__ __qualname__rArZread_only_propertyrpropertyr$rCrDrFrKrQrUrWrRrXrZr]r_r`rarbrcrdrecached_propertyrgrnrrrr r7YsP      r7c@sZeZdZddZeddZeddZeddZed d Ze j d d Z d dZ dS) _OCSPRequestcCs~|jj|dkrtd||_||_|jjj|jd|_|jj|j|jjj k|jjj |j|_ |jj|j |jjj kdS)Nr%z+OCSP request contains more than one requestr) r(ZOCSP_request_onereq_countNotImplementedErrorr8 _ocsp_requestZOCSP_request_onereq_get0_requestr+r&r*ZOCSP_onereq_get0_idr>)rr,Z ocsp_requestrrr rARs z_OCSPRequest.__init__cCst|j|jS)N)r/r8r>)rrrr rb`sz_OCSPRequest.issuer_key_hashcCst|j|jS)N)r0r8r>)rrrr rcdsz_OCSPRequest.issuer_name_hashcCst|j|jS)N)r2r8r>)rrrr rehsz_OCSPRequest.serial_numbercCst|j|jS)N)r6r8r>)rrrr rdlsz_OCSPRequest.hash_algorithmcCstj|j|jS)N)r rfr8rv)rrrr rgpsz_OCSPRequest.extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rrhrirr8rjr(Zi2d_OCSP_REQUEST_biorvr+rk)rrlrmr.rrr rnts  z_OCSPRequest.public_bytesN) rorprqrArrrbrcrerdrrsrgrnrrrr rtPs    rt)( __future__rrrr"Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrZ)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr$r/r0r2r6Zregister_interfaceobjectr7rtrrrr s" (  $   w