a  `tT@s.ddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZddlmZmZddlmZmZddlmZmZmZdd lmZeejGd d d eZ eej!Gd d d eZ"eej#GdddeZ$eej%GdddeZ&eej'j(GdddeZ)dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc _txt2obj_gc)hashes serialization)dsaecrsa) _ASN1Typec@seZdZddZddZddZddZd d Zd d Zd dZ e dZ e ddZddZe ddZe ddZe ddZe ddZe ddZe ddZe jd d!Ze d"d#Ze d$d%Zd&d'Zd(S)) _CertificatecCsZ||_||_|jj|j}|dkr0tjj|_n&|dkrDtjj|_nt d ||dS)Nrz{} is not a valid X509 version) _backend_x509_libZX509_get_versionrVersionv1_versionZv3ZInvalidVersionformat)selfbackendZ x509_certversionr!K/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/x509.py__init__s   z_Certificate.__init__cCs d|jS)Nz)rsubjectrr!r!r"__repr__,sz_Certificate.__repr__cCs,t|tjstS|jj|j|j}|dkSNr) isinstancer CertificateNotImplementedrrZX509_cmprrotherresr!r!r"__eq__/s z_Certificate.__eq__cCs ||k SNr!rr,r!r!r"__ne__6sz_Certificate.__ne__cCst|tjjSr/hash public_bytesrEncodingDERr%r!r!r"__hash__9sz_Certificate.__hash__cCs|Sr/r!)rmemor!r!r" __deepcopy__<sz_Certificate.__deepcopy__cCs*t||j}||tjj|Sr/) rHashrupdater4rr5r6finalize)r algorithmhr!r!r" fingerprint?sz_Certificate.fingerprintrcCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_serialNumberropenssl_assert_ffiNULLrrasn1_intr!r!r" serial_numberFsz_Certificate.serial_numbercCsR|jj|j}||jjjkr0|jtd|jj||jjj }|j |S)Nz,Certificate public key is of an unknown type) rrZX509_get_pubkeyrrArB_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_keyrpkeyr!r!r" public_keyLs  z_Certificate.public_keycCs|jj|j}t|j|Sr/)rrZX509_getm_notBeforerr rZ asn1_timer!r!r"not_valid_beforeWsz_Certificate.not_valid_beforecCs|jj|j}t|j|Sr/)rrZX509_getm_notAfterrr rNr!r!r"not_valid_after\sz_Certificate.not_valid_aftercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_issuer_namerr@rArBr rissuerr!r!r"rRasz_Certificate.issuercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_get_subject_namerr@rArBr rr$r!r!r"r$gsz_Certificate.subjectcCs8|j}z tj|WSty2td|Yn0dSNz)Signature algorithm OID:{} not recognizedsignature_algorithm_oidrZ_SIG_OIDS_TO_HASHKeyErrorrrroidr!r!r"signature_hash_algorithmms  z%_Certificate.signature_hash_algorithmcCs^|jjd}|jj|jjj||j|j|d|jjjkt|j|dj }t |SNz X509_ALGOR **r) rrAnewrX509_get0_signaturerBrr@r r=rObjectIdentifierrZalgrYr!r!r"rVwsz$_Certificate.signature_algorithm_oidcCs|jj|jSr/)rZ_certificate_extension_parserparserr%r!r!r" extensionssz_Certificate.extensionscCsR|jjd}|jj||jjj|j|j|d|jjjkt|j|dSNzASN1_BIT_STRING **r) rrAr\rr]rBrr@r rZsigr!r!r" signatures z_Certificate.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nunsigned char **rcsjj|dSr'rrZ OPENSSL_freeZpointerr%r!r"z4_Certificate.tbs_certificate_bytes..) rrAr\rZi2d_re_X509_tbsrr@rHbufferrZppr-r!r%r"tbs_certificate_bytess z"_Certificate.tbs_certificate_bytescCsn|j}|tjjur*|jj||j}n(|tjjurJ|jj ||j}nt d|j |dk|j |SNz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr5PEMrZPEM_write_bio_X509rr6Z i2d_X509_bio TypeErrorr@ _read_mem_biorencodingbior-r!r!r"r4s   z_Certificate.public_bytesN)__name__ __module__ __qualname__r#r&r.r1r7r9r?rZread_only_propertyr propertyrErMrOrPrRr$rZrVcached_propertyrardrlr4r!r!r!r"rs<            rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecCs||_||_||_dSr/)rZ_crl _x509_revoked)rrZcrlZ x509_revokedr!r!r"r#sz_RevokedCertificate.__init__cCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_REVOKED_get0_serialNumberr|r@rArBrrCr!r!r"rEs z!_RevokedCertificate.serial_numbercCst|j|jj|jSr/)r rrZ X509_REVOKED_get0_revocationDater|r%r!r!r"revocation_dates z#_RevokedCertificate.revocation_datecCs|jj|jSr/)rZ_revoked_cert_extension_parserr`r|r%r!r!r"rasz_RevokedCertificate.extensionsN) rvrwrxr#ryrEr}rrzrar!r!r!r"r{s   r{c@seZdZddZddZddZddZejd d Z d d Z e d dZ e ddZ e ddZe ddZe ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zejd%d&Zd'd(Zd)S)*_CertificateRevocationListcCs||_||_dSr/)r _x509_crl)rrZx509_crlr!r!r"r#sz#_CertificateRevocationList.__init__cCs,t|tjstS|jj|j|j}|dkSr')r(rCertificateRevocationListr*rrZ X509_CRL_cmprr+r!r!r"r.s z!_CertificateRevocationList.__eq__cCs ||k Sr/r!r0r!r!r"r1sz!_CertificateRevocationList.__ne__cCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nrn) rr:rrori2d_X509_CRL_biorr@rrr;r<)rr=r>rur-Zderr!r!r"r?s   z&_CertificateRevocationList.fingerprintcCs@|jj|j}|j||jjjk|jj||jjj}|Sr/) rrZ X509_CRL_duprr@rArBrHZ X509_CRL_free)rdupr!r!r" _sorted_crlsz&_CertificateRevocationList._sorted_crlcCsl|jjd}t|j|}|jj|j||}|dkr:dS|j|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rrAr\r rZX509_CRL_get0_by_serialrr@rBr{)rrErevokedrDr-r!r!r"(get_revoked_certificate_by_serial_numbers zC_CertificateRevocationList.get_revoked_certificate_by_serial_numbercCs8|j}z tj|WSty2td|Yn0dSrTrUrXr!r!r"rZs  z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr[) rrAr\rX509_CRL_get0_signaturerrBr@r r=rr^r_r!r!r"rVsz2_CertificateRevocationList.signature_algorithm_oidcCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get_issuerrr@rArBr rQr!r!r"rRsz!_CertificateRevocationList.issuercCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get_nextUpdaterr@rArBr )rZnur!r!r" next_updatesz&_CertificateRevocationList.next_updatecCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_CRL_get_lastUpdaterr@rArBr )rZlur!r!r" last_updatesz&_CertificateRevocationList.last_updatecCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSrb) rrAr\rrrrBr@r rcr!r!r"rd"s z$_CertificateRevocationList.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrercsjj|dSr'rfrgr%r!r"rh1riz?_CertificateRevocationList.tbs_certlist_bytes..) rrAr\rZi2d_re_X509_CRL_tbsrr@rHrjrkr!r%r"tbs_certlist_bytes+s z-_CertificateRevocationList.tbs_certlist_bytescCsn|j}|tjjur*|jj||j}n(|tjjurJ|jj ||j}nt d|j |dk|j |Srm) rrorr5rprZPEM_write_bio_X509_CRLrr6rrqr@rrrsr!r!r"r45s   z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||Sr/) rrX509_CRL_get_REVOKEDrZsk_X509_REVOKED_valuer@rArBr{)ridxrrr!r!r" _revoked_certCsz(_CertificateRevocationList._revoked_certccs"tt|D]}||Vq dSr/)rangelenr)rir!r!r"__iter__Isz#_CertificateRevocationList.__iter__cst|tr8|t\}}}fddt|||DSt|}|dkrV|t7}d|krntkstnt|SdS)Ncsg|]}|qSr!)r).0rr%r!r" Priz:_CertificateRevocationList.__getitem__..r) r(sliceindicesrroperatorindex IndexErrorr)rrstartstopstepr!r%r" __getitem__Ms   z&_CertificateRevocationList.__getitem__cCs4|jj|j}||jjjkr"dS|jj|SdSr')rrrrrArBZsk_X509_REVOKED_num)rrr!r!r"__len__Ysz"_CertificateRevocationList.__len__cCs|jj|jSr/)rZ_crl_extension_parserr`rr%r!r!r"ra`sz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj |j |j }|dkrH|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rnFT)r(rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrqrrZX509_CRL_verifyrZ _evp_pkeyrF)rrMr-r!r!r"is_signature_validds z-_CertificateRevocationList.is_signature_validN)rvrwrxr#r.r1r?rrzrrryrZrVrRrrrdrr4rrrrrarr!r!r!r"r~s:           r~c@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZddZdS)_CertificateSigningRequestcCs||_||_dSr/)r _x509_req)rrZx509_reqr!r!r"r#zsz#_CertificateSigningRequest.__init__cCs2t|tstS|tjj}|tjj}||kSr/)r(rr*r4rr5r6)rr,Z self_bytesZ other_bytesr!r!r"r.~s  z!_CertificateSigningRequest.__eq__cCs ||k Sr/r!r0r!r!r"r1sz!_CertificateSigningRequest.__ne__cCst|tjjSr/r2r%r!r!r"r7sz#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |Sr/) rrX509_REQ_get_pubkeyrr@rArBrHrIrJrKr!r!r"rMsz%_CertificateSigningRequest.public_keycCs2|jj|j}|j||jjjkt|j|Sr/)rrZX509_REQ_get_subject_namerr@rArBr rSr!r!r"r$sz"_CertificateSigningRequest.subjectcCs8|j}z tj|WSty2td|Yn0dSrTrUrXr!r!r"rZs  z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr[) rrAr\rX509_REQ_get0_signaturerrBr@r r=rr^r_r!r!r"rVsz2_CertificateSigningRequest.signature_algorithm_oidcs6jjj}jj|fdd}jj|S)Ncs"jj|jjjjjdS)NZX509_EXTENSION_free)rrZsk_X509_EXTENSION_pop_freerAZ addressofZ _original_lib)xr%r!r"rhs  z7_CertificateSigningRequest.extensions..)rrZX509_REQ_get_extensionsrrArHZ_csr_extension_parserr`)rZ x509_extsr!r%r"ras   z%_CertificateSigningRequest.extensionscCsn|j}|tjjur*|jj||j}n(|tjjurJ|jj ||j}nt d|j |dk|j |Srm) rrorr5rprZPEM_write_bio_X509_REQrr6Zi2d_X509_REQ_biorqr@rrrsr!r!r"r4s   z'_CertificateSigningRequest.public_bytescsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrercsjj|dSr'rfrgr%r!r"rhrizB_CertificateSigningRequest.tbs_certrequest_bytes..) rrAr\rZi2d_re_X509_REQ_tbsrr@rHrjrkr!r%r"tbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSrb) rrAr\rrrrBr@r rcr!r!r"rds z$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkrd|j dSdS)NrnFT) rrrrr@rArBrHrIZX509_REQ_verifyrF)rrLr-r!r!r"rs z-_CertificateSigningRequest.is_signature_validcCs t|j|j}|jj|j|d}|dkr z0_CertificateSigningRequest.get_attribute_for_oidN)rvrwrxr#r.r1r7rMryr$rZrVrrzrar4rrdrrr!r!r!r"rxs*       rc@sheZdZddZeddZeddZeddZed d Zed d Z d dZ ddZ ddZ dS)_SignedCertificateTimestampcCs||_||_||_dSr/)rZ _sct_list_sct)rrZsct_listZsctr!r!r"r#sz$_SignedCertificateTimestamp.__init__cCs,|jj|j}||jjjks"JtjjjSr/) rrZSCT_get_versionrZSCT_VERSION_V1rcertificate_transparencyrr)rr r!r!r"r sz#_SignedCertificateTimestamp.versioncCsH|jjd}|jj|j|}|dks,J|jj|d|ddSNrer)rrAr\rZSCT_get0_log_idrrj)routZ log_id_lengthr!r!r"log_id"s z"_SignedCertificateTimestamp.log_idcCs4|jj|j}|d}tj|dj|ddS)Ni)Z microsecond)rrZSCT_get_timestamprdatetimeZutcfromtimestampreplace)r timestampZ millisecondsr!r!r"r)s z%_SignedCertificateTimestamp.timestampcCs,|jj|j}||jjjks"JtjjjSr/) rrZSCT_get_log_entry_typerZCT_LOG_ENTRY_TYPE_PRECERTrrZ LogEntryTypeZPRE_CERTIFICATE)r entry_typer!r!r"r1sz&_SignedCertificateTimestamp.entry_typecCsf|jjd}|jj|j|}|j|dk|j|d|jjjk|jj|d|ddSr) rrAr\rZSCT_get0_signaturerr@rBrj)rZptrptrr-r!r!r" _signature9s z&_SignedCertificateTimestamp._signaturecCs t|jSr/)r3rr%r!r!r"r7Asz$_SignedCertificateTimestamp.__hash__cCst|tstS|j|jkSr/)r(rr*rr0r!r!r"r.Ds z"_SignedCertificateTimestamp.__eq__cCs ||k Sr/r!r0r!r!r"r1Jsz"_SignedCertificateTimestamp.__ne__N) rvrwrxr#ryr rrrrr7r.r1r!r!r!r"rs     r)*Z __future__rrrrrZ cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r Z0cryptography.hazmat.backends.openssl.encode_asn1r rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZcryptography.x509.namerZregister_interfacer)objectrZRevokedCertificater{rr~ZCertificateSigningRequestrrZSignedCertificateTimestamprr!r!r!r"s0    % -