ó 9(Zc@`s ddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZmZd„Zd„Zd„Zd „Zd „Zd „Zd „Zd „Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z!d„Z"d„Z#d„Z$d„Z%d„Z&d„Z'd„Z(d„Z)d„Z*d „Z+id!e j,j-6d"e j,j.6d#e j,j/6d$e j,j06d%e j,j16d&e j,j26d'e j,j36d(e j,j46Z5d)„Z6d*„Z7d+„Z8d,„Z9ie%ej:6e)ej;6e#ej<6e(ej=6e(ej>6e+ej?6e$ej@6eejA6e&ejB6e6ejC6e6ejD6eejE6e"ejF6e7ejG6e8ejH6ZIie(ej>6e$ej@6e&ejB6eejJ6eejK6ZLie(ejM6eejN6eejO6ZPdS(-i(tabsolute_importtdivisiontprint_functionN(tutilstx509(t_CRL_ENTRY_REASON_ENUM_TO_CODEt_DISTPOINT_TYPE_FULLNAMEt_DISTPOINT_TYPE_RELATIVENAME(tCRLEntryExtensionOIDt ExtensionOIDcC`sb|j|ƒ}|jj||jjƒ}|jj||jjƒ}|j||jjkƒ|S(s Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. (t _int_to_bnt_ffitgct_libtBN_freetBN_to_ASN1_INTEGERtNULLtopenssl_assert(tbackendtxti((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_ints cC`s.t||ƒ}|jj||jjƒ}|S(N(RR R R tASN1_INTEGER_free(RRR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_int_gc(scC`s>|jjƒ}|jj|||ƒ}|j|dkƒ|S(s@ Create an ASN1_OCTET_STRING from a Python byte string. i(R tASN1_OCTET_STRING_newtASN1_OCTET_STRING_setR(Rtdatatlengthtstres((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_str.scC`sV|jjƒ}|jj||jdƒt|jdƒƒƒ}|j|dkƒ|S(s³ Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. tutf8i(R tASN1_UTF8STRING_newtASN1_STRING_settencodetlenR(RtstringRR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_utf8_str8s  'cC`s1t|||ƒ}|jj||jjƒ}|S(N(RR R R tASN1_OCTET_STRING_free(RRRR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_str_gcFscC`st||jƒS(N(Rt skip_certs(Rtinhibit_any_policy((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_inhibit_any_policyLscC`sœ|jjƒ}x†|jD]{}d}xl|D]d}t||ƒ}|jj||jjƒ}|jj||d|ƒ}|j|dkƒd}q,WqW|S(sP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. iiÿÿÿÿi( R t X509_NAME_newtrdnst_encode_name_entryR R tX509_NAME_ENTRY_freetX509_NAME_add_entryR(Rtnametsubjecttrdntset_flagt attributet name_entryR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt _encode_namePs   cC`s.t||ƒ}|jj||jjƒ}|S(N(R6R R R tX509_NAME_free(Rt attributesR1((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_name_gcdscC`s[|jjƒ}xE|D]=}t||ƒ}|jj||ƒ}|j|dkƒqW|S(s9 The sk_X50_NAME_ENTRY created will not be gc'd. i(R tsk_X509_NAME_ENTRY_new_nullR-tsk_X509_NAME_ENTRY_pushR(RR8tstackR4R5R((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_sk_name_entryjs  cC`sU|jjdƒ}t||jjƒ}|jj|jj||j j|dƒ}|S(NRiÿÿÿÿ( tvalueR"t _txt2obj_gctoidt dotted_stringR tX509_NAME_ENTRY_create_by_OBJR Rt_type(RR4R>tobjR5((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyR-vs  !cC`st||jƒS(N(Rt crl_number(Rtext((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt&_encode_crl_number_delta_crl_indicator€scC`sv|jjƒ}|j||jjkƒ|jj||jjƒ}|jj|t|j ƒ}|j|dkƒ|S(Ni( R tASN1_ENUMERATED_newRR RR tASN1_ENUMERATED_freetASN1_ENUMERATED_setRtreason(Rt crl_reasontasn1enumR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_crl_reason„s cC`se|jj|jjtj|jjƒƒƒ}|j||jjkƒ|jj ||jj ƒ}|S(N( R tASN1_GENERALIZEDTIME_setR Rtcalendarttimegmtinvalidity_datet timetupleRR tASN1_GENERALIZEDTIME_free(RRRttime((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_invalidity_dates  c C`s^|jjƒ}|j||jjkƒ|jj||jjƒ}x|D] }|jjƒ}|j||jjkƒ|jj||ƒ}|j|dkƒt ||j j ƒ}||_ |j rJ|jjƒ}|j||jjkƒxX|j D]M}|jjƒ} |j| |jjkƒ|jj|| ƒ}|j|dkƒt|tjƒr¬t |tjj ƒ| _t||jdƒt|jdƒƒƒ| j_qùt|tjƒsÄt‚t |tjj ƒ| _|jjƒ} |j| |jjkƒ| | j_ |j!r1t"||j!ƒ| _#nt$||j%ƒ| _&qùW||_'qJqJW|S(Nitascii((R tsk_POLICYINFO_new_nullRR RR tsk_POLICYINFO_freetPOLICYINFO_newtsk_POLICYINFO_pusht_txt2objtpolicy_identifierRAtpolicyidtpolicy_qualifierstsk_POLICYQUALINFO_new_nulltPOLICYQUALINFO_newtsk_POLICYQUALINFO_pusht isinstancetsixt text_typeRtOID_CPS_QUALIFIERtpqualidRR"R#tdtcpsurit UserNoticetAssertionErrortOID_CPS_USER_NOTICEtUSERNOTICE_newt usernoticet explicit_textR%texptextt_encode_notice_referencetnotice_referencet noticereft qualifiers( Rtcertificate_policiestcpt policy_infotpiRR@tpqist qualifiertpqitun((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_certificate_policiesœsL    !  cC`s¾|dkr|jjS|jjƒ}|j||jjkƒt||jƒ|_|jjƒ}||_ xH|j D]=}t ||ƒ}|jj ||ƒ}|j|dkƒquW|SdS(Ni( tNoneR RR t NOTICEREF_newRR%t organizationtsk_ASN1_INTEGER_new_nullt noticenostnotice_numbersRtsk_ASN1_INTEGER_push(Rtnoticetnrt notice_stacktnumbertnumR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyRqÎs   cC`sA|jdƒ}|jj|dƒ}|j||jjkƒ|S(s_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. RWi(R"R t OBJ_txt2objRR R(RR0RD((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyR\áscC`s.t||ƒ}|jj||jjƒ}|S(N(R\R R R tASN1_OBJECT_free(RR0RD((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyR?ìscC`st|ddƒS(sg The OCSP No Check extension is defined as a null ASN.1 value embedded in an ASN.1 string. si(R'(RRF((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_ocsp_nocheckòscC`sø|jj}|jjƒ}|jj||jjƒ}||d|jƒ}|j|dkƒ||d|jƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ|j rª||d|jƒ}|j|dkƒ||d |jƒ}|j|dkƒnJ||ddƒ}|j|dkƒ||d dƒ}|j|dkƒ|S( Niiiiiiiii(R tASN1_BIT_STRING_set_bittASN1_BIT_STRING_newR R tASN1_BIT_STRING_freetdigital_signatureRtcontent_commitmenttkey_enciphermenttdata_enciphermentt key_agreementt key_cert_signtcrl_signt encipher_onlyt decipher_only(Rt key_usagetset_bittkuR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_key_usageús6  cC`sÈ|jjƒ}|j||jjkƒ|jj||jjƒ}|jdk rvt ||jt |jƒƒ|_ n|j dk rt ||j ƒ|_n|jdk rÄt||jƒ|_n|S(N(R tAUTHORITY_KEYID_newRR RR tAUTHORITY_KEYID_freetkey_identifierR~RR#tkeyidtauthority_cert_issuert_encode_general_namestissuertauthority_cert_serial_numberRtserial(Rtauthority_keyidtakid((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt _encode_authority_key_identifierscC`sv|jjƒ}|jj||jjƒ}|jr9dnd|_|jrr|jdk rrt||jƒ|_ n|S(Niÿi( R tBASIC_CONSTRAINTS_newR R tBASIC_CONSTRAINTS_freetcat path_lengthR~Rtpathlen(Rtbasic_constraintst constraints((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_basic_constraints2s cC`sÈ|jjƒ}|j||jjkƒ|jj||jjƒ}x~|D]v}|jjƒ}t||j j ƒ}t ||j ƒ}||_ ||_|jj||ƒ}|j|dkƒqJW|S(Ni(R tsk_ACCESS_DESCRIPTION_new_nullRR RR tsk_ACCESS_DESCRIPTION_freetACCESS_DESCRIPTION_newR\t access_methodRAt_encode_general_nametaccess_locationtmethodtlocationtsk_ACCESS_DESCRIPTION_push(Rtauthority_info_accesstaiataccess_descriptiontadR·tgnR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt$_encode_authority_information_access@s    cC`st|jjƒ}|j||jjkƒxE|D]=}t||ƒ}|jj||ƒ}|j|dkƒq/W|S(Ni(R tGENERAL_NAMES_newRR RRµtsk_GENERAL_NAME_push(Rtnamest general_namesR0R¾R((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyR¢Ts cC`s.t||ƒ}|jj||jjƒ}|S(N(R¢R R R tGENERAL_NAMES_free(RtsanRÃ((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_alt_name_s cC`st||jt|jƒƒS(N(R'tdigestR#(Rtski((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_subject_key_identifiergscC`s2t|tjƒrÃ|jjƒ}|j||jjkƒ|jj|_ |jj ƒ}|j||jjkƒ|j j dƒ}|jj ||t|ƒƒ}|j|dkƒ||j_nkt|tjƒrX|jjƒ}|j||jjkƒ|jj|_ |jj|j jj dƒdƒ}|j||jjkƒ||j_nÖt|tjƒrÂ|jjƒ}|j||jjkƒt||j ƒ}|jj|_ ||j_nlt|tjƒrÀ|jjƒ}|j||jjkƒt|j tjƒr=|j jjtj d |j j!dƒ}nMt|j tj"ƒr~|j jjtj d|j j!dƒ}n |j j}t#||t|ƒƒ} |jj$|_ | |j_%nnt|tj&ƒr|jjƒ}|j||jjkƒ|jj'ƒ} |j| |jjkƒ|jj|j(jj dƒdƒ} |j| |jjkƒ|jj)d|j ƒ} |jj)d ƒ} | | d <|jj*|jj| t|j ƒƒ}||jjkrå|j+ƒt,d ƒ‚n| | _(|| _ |jj-|_ | |j_.nt|tj/ƒr—|jjƒ}|j||jjkƒ|j j dƒ} t#|| t| ƒƒ}|jj0|_ ||j_1n—t|tj2ƒr|jjƒ}|j||jjkƒ|j j dƒ} t#|| t| ƒƒ}|jj3|_ ||j_4nt,d j5|ƒƒ‚|S(NRiRWi ii€isunsigned char[]sunsigned char **isInvalid ASN.1 datas"{0} is an unknown GeneralName typeIl (6RcRtDNSNameR tGENERAL_NAME_newRR RtGEN_DNSttypetASN1_IA5STRING_newR>R"R!R#RhtdNSNamet RegisteredIDtGEN_RIDRŠRAt registeredIDt DirectoryNameR6t GEN_DIRNAMEt directoryNamet IPAddresst ipaddresst IPv4Networktnetwork_addresstpackedRt int_to_bytest num_addressest IPv6NetworkRt GEN_IPADDt iPAddresst OtherNamet OTHERNAME_newttype_idtnewt d2i_ASN1_TYPEt_consume_errorst ValueErrort GEN_OTHERNAMEt otherNamet RFC822Namet GEN_EMAILt rfc822NametUniformResourceIdentifiertGEN_URItuniformResourceIdentifiertformat(RR0R¾tia5R>RRDtdir_nameRÚtipaddrt other_nameRâRt data_ptr_ptrtasn1_str((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyRµks”            cC`sy|jjƒ}|jj||jjƒ}xH|D]@}t||jƒ}|jj||ƒ}|j|dkƒq1W|S(Ni( R tsk_ASN1_OBJECT_new_nullR R tsk_ASN1_OBJECT_freeR\RAtsk_ASN1_OBJECT_pushR(Rtextended_key_usagetekuR@RDR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_extended_key_usageÌs iiiiiiiic C`s |jjƒ}|jj||jjƒ}xÚ|D]Ò}|jjƒ}|j||jjkƒ|jrß|jj ƒ}|j||jjkƒ||_xC|jD]5}|jj |t |dƒ}|j|dkƒq£Wn|j r=|jj ƒ}|j||jjkƒt|_t||j ƒ|j_||_n|jrº|jj ƒ}|j||jjkƒt|_t||jƒ} |j| |jjkƒ| |j_||_n|jrÛt||jƒ|_n|jj||ƒ}|j|dkƒq1W|S(Ni(R tsk_DIST_POINT_new_nullR R tsk_DIST_POINT_freetDIST_POINT_newRRtreasonsRŽRt_CRLREASONFLAGSt full_nametDIST_POINT_NAME_newRRÍR¢R0tfullnamet distpointt relative_nameRR=t relativenamet crl_issuert CRLissuertsk_DIST_POINT_push( RtcdpstcdptpointtdptbitmaskRKRtdpnR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_cdps_freshest_crlãs@            cC`s}|jjƒ}|j||jjkƒ|jj||jjƒ}t||jƒ}||_ t||j ƒ}||_ |S(N( R tNAME_CONSTRAINTS_newRR RR tNAME_CONSTRAINTS_freet_encode_general_subtreetpermitted_subtreestpermittedSubtreestexcluded_subtreestexcludedSubtrees(Rtname_constraintstnct permittedtexcluded((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_name_constraints s  cC`s•|jjƒ}|j||jjkƒ|jj||jjƒ}|jdk rjt ||jƒ|_ n|j dk r‘t ||j ƒ|_ n|S(N( R tPOLICY_CONSTRAINTS_newRR RR tPOLICY_CONSTRAINTS_freetrequire_explicit_policyR~RtrequireExplicitPolicytinhibit_policy_mappingtinhibitPolicyMapping(Rtpolicy_constraintstpc((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_policy_constraintsscC`s†|dkr|jjS|jjƒ}xV|D]N}|jjƒ}t||ƒ|_|jj||ƒ}|dks,t ‚q,W|SdS(Ni( R~R RR tsk_GENERAL_SUBTREE_new_nulltGENERAL_SUBTREE_newRµtbasetsk_GENERAL_SUBTREE_pushRk(Rtsubtreestgeneral_subtreesR0tgsR((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyR.s   (Qt __future__RRRRPR×Rdt cryptographyRRt0cryptography.hazmat.backends.openssl.decode_asn1RRRtcryptography.x509.oidRR RRRR%R'R*R6R9R=R-RGRNRVR}RqR\R?RŒRœR¨R°R¿R¢RÆRÉRµRût ReasonFlagstkey_compromiset ca_compromisetaffiliation_changedt supersededtcessation_of_operationtcertificate_holdtprivilege_withdrawnt aa_compromiseRRRR%RtBASIC_CONSTRAINTStSUBJECT_KEY_IDENTIFIERt KEY_USAGEtSUBJECT_ALTERNATIVE_NAMEtISSUER_ALTERNATIVE_NAMEtEXTENDED_KEY_USAGEtAUTHORITY_KEY_IDENTIFIERtCERTIFICATE_POLICIEStAUTHORITY_INFORMATION_ACCESStCRL_DISTRIBUTION_POINTSt FRESHEST_CRLtINHIBIT_ANY_POLICYt OCSP_NO_CHECKtNAME_CONSTRAINTStPOLICY_CONSTRAINTSt_EXTENSION_ENCODE_HANDLERSt CRL_NUMBERtDELTA_CRL_INDICATORt_CRL_EXTENSION_ENCODE_HANDLERStCERTIFICATE_ISSUERt CRL_REASONtINVALIDITY_DATEt$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS(((sV/tmp/pip-build-wDUJoH/cryptography/cryptography/hazmat/backends/openssl/encode_asn1.pyts            2         a         *