ó 9(Zc@`súdZddlmZmZmZmZddlmZmZddl m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZddlmZmZddlmZddlmZmZmZm Z d efd „ƒYZ!d efd „ƒYZ"d efd„ƒYZ#defd„ƒYZ$defd„ƒYZ%defd„ƒYZ&defd„ƒYZ'defd„ƒYZ(defd„ƒYZ)defd„ƒYZ*defd„ƒYZ+defd „ƒYZ,d!efd"„ƒYZ-d#efd$„ƒYZ.d%efd&„ƒYZ/d'efd(„ƒYZ0d)efd*„ƒYZ1d+efd,„ƒYZ2d-efd.„ƒYZ3d/e fd0„ƒYZ4d1e fd2„ƒYZ5d3efd4„ƒYZ6d5e fd6„ƒYZ7d7efd8„ƒYZ8d9efd:„ƒYZ9d;efd<„ƒYZ:d=efd>„ƒYZ;d?efd@„ƒYZ<dAefdB„ƒYZ=dCefdD„ƒYZ>dEefdF„ƒYZ?dGefdH„ƒYZ@dIefdJ„ƒYZAdKefdL„ƒYZBdMefdN„ƒYZCdOefdP„ƒYZDdQS(RuÒ ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. i(tunicode_literalstdivisiontabsolute_importtprint_functioni(tDigestAlgorithmtSignedDigestAlgorithm( tBooleantChoicet EnumeratedtGeneralizedTimet IA5StringtIntegertNulltObjectIdentifiertOctetBitStringt OctetStringtParsableOctetStringtSequencet SequenceOf(tAuthorityInfoAccessSyntaxt CRLReason(tPublicKeyAlgorithm(t Certificatet GeneralNamet GeneralNamestNametVersioncB`seZidd6ZRS(uv1i(t__name__t __module__t_map(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR'stCertIdcB`s2eZdefdefdefdefgZRS(uhash_algorithmuissuer_name_hashuissuer_key_hashu serial_number(RRRRR t_fields(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR-s   tServiceLocatorcB`s eZdefdefgZRS(uissuerulocator(RRRRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR 6s tRequestExtensionIdcB`seZidd6ZRS(uservice_locatoru1.3.6.1.5.5.7.48.1.7(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR!=stRequestExtensioncB`sFeZdefdeied6fdefgZdZied6Z RS(uextn_iducriticaludefaultu extn_valueuservice_locator(uextn_idu extn_value( RRR!RtFalseRRt _oid_pairR t _oid_specs(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR"Cs  tRequestExtensionscB`seZeZRS((RRR"t _child_spec(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR&PstRequestcB`sjeZdefdeidd6ed6fgZeZdZ dZ d„Z e d„ƒZ e d„ƒZRS( ureq_certusingle_request_extensionsiuexplicituoptionalcC`sŽtƒ|_xr|dD]f}|dj}d|}t||ƒr]t|||djƒn|djr|jj|ƒqqWt|_dS(uv Sets common named extensions to private attributes and creates a list of critical extensions usingle_request_extensionsuextn_idu _%s_valueu extn_valueucriticalN( tsett_critical_extensionstnativethasattrtsetattrtparsedtaddtTruet_processed_extensions(tselft extensiontnametattribute_name((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt_set_extensions^s    cC`s|js|jƒn|jS(u² Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings (R1R6R*(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytcritical_extensionsps  cC`s#|jtkr|jƒn|jS(u¿ This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object (R1R#R6t_service_locator_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytservice_locator_value~s  N(RRRR&R0RR#R1tNoneR*R8R6tpropertyR7R9(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR(Ts   tRequestscB`seZeZRS((RRR(R'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR<st ResponseTypecB`seZidd6ZRS(ubasic_ocsp_responseu1.3.6.1.5.5.7.48.1.1(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR=‘stAcceptableResponsescB`seZeZRS((RRR=R'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR>—stPreferredSignatureAlgorithmcB`s*eZdefdeied6fgZRS(usig_identifierucert_identifieruoptional(RRRRR0R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR?›s tPreferredSignatureAlgorithmscB`seZeZRS((RRR?R'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR@¢stTBSRequestExtensionIdcB`s#eZidd6dd6dd6ZRS(unonceu1.3.6.1.5.5.7.48.1.2uacceptable_responsesu1.3.6.1.5.5.7.48.1.4upreferred_signature_algorithmsu1.3.6.1.5.5.7.48.1.8(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRA¦stTBSRequestExtensioncB`sTeZdefdeied6fdefgZdZied6e d6e d6Z RS(uextn_iducriticaludefaultu extn_valueunonceuacceptable_responsesupreferred_signature_algorithms(uextn_idu extn_value( RRRARR#RRR$RR>R@R%(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRB®s tTBSRequestExtensionscB`seZeZRS((RRRBR'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRC½st TBSRequestcB`seeZdeidd6dd6fdeidd6ed6fdefd eid d6ed6fgZRS( uversioniuexplicituv1udefaulturequestor_nameiuoptionalu request_listurequest_extensionsi(RRRRR0R<RCR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRDÁs t CertificatescB`seZeZRS((RRRR'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyREÊst SignaturecB`s:eZdefdefdeidd6ed6fgZRS(usignature_algorithmu signatureucertsiuexplicituoptional(RRRRRER0R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRFÎs  t OCSPRequestcB`s”eZdefdeidd6ed6fgZeZd Z d Z d Z d Z d„Z ed„ƒZed„ƒZed„ƒZed „ƒZRS( u tbs_requestuoptional_signatureiuexplicituoptionalcC`s’tƒ|_xv|ddD]f}|dj}d|}t||ƒrat|||djƒn|djr|jj|ƒqqWt|_dS(uv Sets common named extensions to private attributes and creates a list of critical extensions u tbs_requesturequest_extensionsuextn_idu _%s_valueu extn_valueucriticalN( R)R*R+R,R-R.R/R0R1(R2R3R4R5((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR6âs    cC`s|js|jƒn|jS(u² Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings (R1R6R*(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR7ôs  cC`s#|jtkr|jƒn|jS(uÊ This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object (R1R#R6t _nonce_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt nonce_values  cC`s#|jtkr|jƒn|jS(u( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object (R1R#R6t_acceptable_responses_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytacceptable_responses_values  cC`s#|jtkr|jƒn|jS(uj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object (R1R#R6t%_preferred_signature_algorithms_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt$preferred_signature_algorithms_values  N(RRRDRFR0RR#R1R:R*RHRJRLR6R;R7RIRKRM(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRGÖs   tOCSPResponseStatuscB`s8eZidd6dd6dd6dd6dd 6d d 6ZRS( u successfuliumalformed_requestiuinternal_erroriu try_lateriu sign_requirediu unauthorizedi(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRN0st ResponderIdcB`s4eZdeidd6fdeidd6fgZRS(uby_nameiuexplicituby_keyi(RRRRt _alternatives(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRO;st RevokedInfocB`s1eZdefdeidd6ed6fgZRS(urevocation_timeurevocation_reasoniuexplicituoptional(RRR RR0R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRQBs t CertStatuscB`sGeZdeidd6fdeidd6fdeidd6fgZRS(ugoodiuimpliciturevokediuunknowni(RRR RQRP(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRRIstCrlIdcB`s\eZdeidd6ed6fdeidd6ed6fdeidd6ed6fgZRS(ucrl_urliuexplicituoptionalucrl_numiucrl_timei(RRR R0R R R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRSQstSingleResponseExtensionIdcB`s8eZidd6dd6dd6dd6dd 6d d 6ZRS( ucrlu1.3.6.1.5.5.7.48.1.3uarchive_cutoffu1.3.6.1.5.5.7.48.1.6u crl_reasonu 2.5.29.21uinvalidity_dateu 2.5.29.24ucertificate_issueru 2.5.29.29u!signed_certificate_timestamp_listu1.3.6.1.4.1.11129.2.4.5(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRTYstSingleResponseExtensioncB`sieZdefdeied6fdefgZd Zied6e d6e d6e d6e d6e d 6Z RS( uextn_iducriticaludefaultu extn_valueucrluarchive_cutoffu crl_reasonuinvalidity_dateucertificate_issueru!signed_certificate_timestamp_list(uextn_idu extn_value(RRRTRR#RRR$RSR RRRR%(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRUgs tSingleResponseExtensionscB`seZeZRS((RRRUR'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRVystSingleResponsec B`sêeZdefdefdefdeidd6ed6fdeidd6ed6fgZeZ dZ dZ dZ dZdZdZd „Zed „ƒZed „ƒZed „ƒZed „ƒZed„ƒZed„ƒZRS(ucert_idu cert_statusu this_updateu next_updateiuexplicituoptionalusingle_extensionsicC`sŽtƒ|_xr|dD]f}|dj}d|}t||ƒr]t|||djƒn|djr|jj|ƒqqWt|_dS(uv Sets common named extensions to private attributes and creates a list of critical extensions usingle_extensionsuextn_idu _%s_valueu extn_valueucriticalN( R)R*R+R,R-R.R/R0R1(R2R3R4R5((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR6Žs    cC`s|js|jƒn|jS(u² Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings (R1R6R*(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR7 s  cC`s#|jtkr|jƒn|jS(u¬ This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object (R1R#R6t _crl_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt crl_value®s  cC`s#|jtkr|jƒn|jS(uÜ This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object (R1R#R6t_archive_cutoff_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytarchive_cutoff_value¼s  cC`s#|jtkr|jƒn|jS(uŽ This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object (R1R#R6t_crl_reason_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytcrl_reason_valueÊs  cC`s#|jtkr|jƒn|jS(u= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object (R1R#R6t_invalidity_date_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytinvalidity_date_value×s  cC`s#|jtkr|jƒn|jS(u— This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object (R1R#R6t_certificate_issuer_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytcertificate_issuer_valueçs  N(RRRRRR R0RVRR#R1R:R*RXRZR\R^R`R6R;R7RYR[R]R_Ra(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRW}s&      t ResponsescB`seZeZRS((RRRWR'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRbõstResponseDataExtensionIdcB`seZidd6dd6ZRS(unonceu1.3.6.1.5.5.7.48.1.2uextended_revokeu1.3.6.1.5.5.7.48.1.9(RRR(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRcùstResponseDataExtensioncB`sMeZdefdeied6fdefgZdZied6e d6Z RS(uextn_iducriticaludefaultu extn_valueunonceuextended_revoke(uextn_idu extn_value( RRRcRR#RRR$RR R%(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRds tResponseDataExtensionscB`seZeZRS((RRRdR'(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRest ResponseDatac B`s]eZdeidd6dd6fdefdefdefdeid d6ed 6fgZRS( uversioniuexplicituv1udefaultu responder_idu produced_atu responsesuresponse_extensionsiuoptional( RRRROR RbReR0R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRfs    tBasicOCSPResponsecB`sCeZdefdefdefdeidd6ed6fgZRS(utbs_response_datausignature_algorithmu signatureucertsiuexplicituoptional(RRRfRRRER0R(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRgs   t ResponseBytescB`s3eZdefdefgZdZied6ZRS(u response_typeuresponseubasic_ocsp_response(u response_typeuresponse(RRR=RRR$RgR%(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRh%s  t OCSPResponsecB`seZdefdeidd6ed6fgZeZd Z d Z d Z d„Z e d„ƒZe d„ƒZe d„ƒZe d „ƒZe d „ƒZRS( uresponse_statusuresponse_bytesiuexplicituoptionalcC`stƒ|_x|ddjddD]f}|dj}d|}t||ƒrlt|||djƒn|djr&|jj|ƒq&q&Wt|_d S( uv Sets common named extensions to private attributes and creates a list of critical extensions uresponse_bytesuresponseutbs_response_datauresponse_extensionsuextn_idu _%s_valueu extn_valueucriticalN( R)R*R.R+R,R-R/R0R1(R2R3R4R5((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR6<s     cC`s|js|jƒn|jS(u² Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings (R1R6R*(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyR7Ns  cC`s#|jtkr|jƒn|jS(u§ This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object (R1R#R6RH(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRI\s  cC`s#|jtkr|jƒn|jS(uÊ This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) (R1R#R6t_extended_revoke_value(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytextended_revoke_valuejs  cC`s|ddjS(u’ A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object uresponse_bytesuresponse(R.(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pytbasic_ocsp_responsexs cC`s|ddjdS(u A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object uresponse_bytesuresponseutbs_response_data(R.(R2((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt response_dataƒs N(RRRNRhR0RR#R1R:R*RHRjR6R;R7RIRkRlRm(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyRi1s    N(Et__doc__t __future__RRRRtalgosRRtcoreRRRR R R R R RRRRRtcrlRRtkeysRtx509RRRRRRR R!R"R&R(R<R=R>R?R@RARBRCRDRERFRGRNRORQRRRSRTRURVRWRbRcRdReRfRgRhRi(((s3/tmp/pip-build-wDUJoH/asn1crypto/asn1crypto/ocsp.pyt sT"X"  9 Z x