a  `@sddlmZmZmZddlZddlZddlZddlZddlm Z ddl Z ddl m Z ddl mZmZmZmZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd lm Z dd l!m"Z"m#Z#m$Z$m%Z%d dZ&ddZ'Gddde(Z)Gddde(Z*e +ej,Gddde-Z.Gddde-Z/e 0e.Gddde-Z1e 0e.Gddde-Z2e 0e.Gddde-Z3e 0e.Gdd d e-Z4e 0e.Gd!d"d"e-Z5Gd#d$d$e-Z6e 0e.Gd%d&d&e-Z7e 0e.Gd'd(d(e-Z8e 0e.Gd)d*d*e-Z9e 0e.Gd+d,d,e-Z:Gd-d.d.e-Z;Gd/d0d0e ZGd5d6d6e-Z?Gd7d8d8e-Z@Gd9d:d:e-ZAe 0e.Gd;d<dd>e-ZCe 0e.Gd?d@d@e-ZDe 0e.GdAdBdBe-ZEGdCdDdDe ZFdEdFeFDZGe 0e.GdGdHdHe-ZHe 0e.GdIdJdJe-ZIe 0e.GdKdLdLe-ZJGdMdNdNe-ZKGdOdPdPe-ZLe 0e.GdQdRdRe-ZMe 0e.GdSdTdTe-ZNe 0e.GdUdVdVe-ZOe 0e.GdWdXdXe-ZPe 0e.GdYdZdZe-ZQe 0e.Gd[d\d\e-ZRe 0e.Gd]d^d^e-ZSe 0e.Gd_d`d`e-ZTe 0e.Gdadbdbe-ZUe 0e.Gdcdddde-ZVdS)e)absolute_importdivisionprint_functionN)Enum)utils) BIT_STRING DERReaderOBJECT_IDENTIFIERSEQUENCE) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)SignedCertificateTimestamp) GeneralName IPAddress OtherName)RelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifiercCst|tr |tjjtjj}nt|tr@|tjj tjj }n|tjjtjj }t |}| t$}|t}|t}Wdn1s0Y|*|t|s|Wdn1s0Y|dkrtd|j}t|S)NrzInvalid public key encoding) isinstancerZ public_bytesr ZEncodingZDERZ PublicFormatZPKCS1r ZX962ZUncompressedPointZSubjectPublicKeyInforZread_single_elementr Z read_elementrr Zis_emptyZread_any_elementZ read_byte ValueErrordatahashlibZsha1digest) public_keyrZ serializedreaderZpublic_key_info algorithmr >/usr/lib/python3/dist-packages/cryptography/x509/extensions.py_key_identifier_from_public_key&s4    ( & r"cs.fdd}fdd}fdd}|||fS)Ncstt|SN)lengetattrself field_namer r! len_methodOsz*_make_sequence_methods..len_methodcstt|Sr#)iterr%r&r(r r! iter_methodRsz+_make_sequence_methods..iter_methodcst||Sr#)r%)r'idxr(r r!getitem_methodUsz._make_sequence_methods..getitem_methodr )r)r*r,r.r r(r!_make_sequence_methodsNs   r/cseZdZfddZZS)DuplicateExtensioncstt||||_dSr#)superr0__init__oidr'msgr3 __class__r r!r2\szDuplicateExtension.__init____name__ __module__ __qualname__r2 __classcell__r r r6r!r0[sr0cseZdZfddZZS)ExtensionNotFoundcstt||||_dSr#)r1r=r2r3r4r6r r!r2bszExtensionNotFound.__init__r8r r r6r!r=asr=c@seZdZejddZdS) ExtensionTypecCsdS)zK Returns the oid associated with the given extension type. Nr r&r r r!r3iszExtensionType.oidN)r9r:r;abcabstractpropertyr3r r r r!r>gsr>c@s:eZdZddZddZddZed\ZZZ dd Z d S) ExtensionscCs ||_dSr#) _extensions)r' extensionsr r r!r2qszExtensions.__init__cCs0|D]}|j|kr|Sqtd||dS)NNo {} extension was found)r3r=format)r'r3extr r r!get_extension_for_oidts  z Extensions.get_extension_for_oidcCsD|turtd|D]}t|j|r|Sqtd||jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.rD)UnrecognizedExtension TypeErrorrvaluer=rEr3)r'ZextclassrFr r r!get_extension_for_class{s   z"Extensions.get_extension_for_classrBcCs d|jS)Nz)rErBr&r r r!__repr__szExtensions.__repr__N) r9r:r;r2rGrKr/__len____iter__ __getitem__rLr r r r!rAps rAc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLNumbercCst|tjstd||_dSNzcrl_number must be an integerrsix integer_typesrI _crl_numberr' crl_numberr r r!r2s zCRLNumber.__init__cCst|tstS|j|jkSr#)rrPNotImplementedrWr'otherr r r!__eq__s zCRLNumber.__eq__cCs ||k Sr#r rYr r r!__ne__szCRLNumber.__ne__cCs t|jSr#hashrWr&r r r!__hash__szCRLNumber.__hash__cCs d|jS)Nz)rErWr&r r r!rLszCRLNumber.__repr__rUN)r9r:r;rZ CRL_NUMBERr3r2r[r\r_rLrread_only_propertyrWr r r r!rPsrPc@speZdZejZddZeddZeddZ ddZ d d Z d d Z d dZ edZedZedZdS)AuthorityKeyIdentifiercCst|du|dukrtd|durBt|}tdd|DsBtd|dur^t|tjs^td||_||_||_ dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecss|]}t|tVqdSr#rr.0xr r r! sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) rlistallrIrrSrT_key_identifier_authority_cert_issuer_authority_cert_serial_number)r'key_identifierauthority_cert_issuerauthority_cert_serial_numberr r r!r2s* zAuthorityKeyIdentifier.__init__cCst|}||dddSN)rlrmrnr")clsrrr r r!from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keycCs||jdddSro)r)rqZskir r r!"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercCs d|S)NzrEr&r r r!rLszAuthorityKeyIdentifier.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkSr#)rrarXrlrmrnrYr r r!r[s   zAuthorityKeyIdentifier.__eq__cCs ||k Sr#r rYr r r!r\szAuthorityKeyIdentifier.__ne__cCs,|jdurd}n t|j}t|j||jfSr#)rmtupler^rlrn)r'Zacir r r!r_s    zAuthorityKeyIdentifier.__hash__rirjrkN)r9r:r;rZAUTHORITY_KEY_IDENTIFIERr3r2 classmethodrrrsrLr[r\r_rr`rlrmrnr r r r!ras!     rac@sPeZdZejZddZeddZe dZ ddZ dd Z d d Zd d ZdS)SubjectKeyIdentifiercCs ||_dSr#)_digest)r'rr r r!r2 szSubjectKeyIdentifier.__init__cCs |t|Sr#rp)rqrr r r!from_public_keysz$SubjectKeyIdentifier.from_public_keyrxcCs d|jS)Nz$)rErr&r r r!rLszSubjectKeyIdentifier.__repr__cCst|tstSt|j|jSr#)rrwrXr Zbytes_eqrrYr r r!r[s zSubjectKeyIdentifier.__eq__cCs ||k Sr#r rYr r r!r\szSubjectKeyIdentifier.__ne__cCs t|jSr#)r^rr&r r r!r_"szSubjectKeyIdentifier.__hash__N)r9r:r;rZSUBJECT_KEY_IDENTIFIERr3r2rvryrr`rrLr[r\r_r r r r!rw s  rwc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) AuthorityInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#rAccessDescriptionrcr r r!rf,z6AuthorityInformationAccess.__init__..@Every item in the descriptions list must be an AccessDescriptionrgrhrI _descriptionsr'Z descriptionsr r r!r2*s z#AuthorityInformationAccess.__init__rcCs d|jS)Nz rErr&r r r!rL6sz#AuthorityInformationAccess.__repr__cCst|tstS|j|jkSr#)rrzrXrrYr r r!r[9s z!AuthorityInformationAccess.__eq__cCs ||k Sr#r rYr r r!r\?sz!AuthorityInformationAccess.__ne__cCstt|jSr#r^rurr&r r r!r_Bsz#AuthorityInformationAccess.__hash__N)r9r:r;rZAUTHORITY_INFORMATION_ACCESSr3r2r/rMrNrOrLr[r\r_r r r r!rz&s rzc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) SubjectInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#r{rcr r r!rfLr}z4SubjectInformationAccess.__init__..r~rrr r r!r2Js z!SubjectInformationAccess.__init__rcCs d|jS)Nzrr&r r r!rLVsz!SubjectInformationAccess.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[Ys zSubjectInformationAccess.__eq__cCs ||k Sr#r rYr r r!r\_szSubjectInformationAccess.__ne__cCstt|jSr#rr&r r r!r_bsz!SubjectInformationAccess.__hash__N)r9r:r;rZSUBJECT_INFORMATION_ACCESSr3r2r/rMrNrOrLr[r\r_r r r r!rFs rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)r|cCs4t|tstdt|ts$td||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)rrrIr_access_method_access_location)r' access_methodaccess_locationr r r!r2gs   zAccessDescription.__init__cCs d|S)NzYrtr&r r r!rLqszAccessDescription.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rr|rXrrrYr r r!r[ws    zAccessDescription.__eq__cCs ||k Sr#r rYr r r!r\szAccessDescription.__ne__cCst|j|jfSr#)r^rrr&r r r!r_szAccessDescription.__hash__rrN) r9r:r;r2rLr[r\r_rr`rrr r r r!r|fs   r|c@sNeZdZejZddZedZ edZ ddZ ddZ d d Z d d Zd S)BasicConstraintscCsZt|tstd|dur&|s&td|durJt|tjrB|dkrJtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)rboolrIrrSrT_ca _path_length)r'ca path_lengthr r r!r2s   zBasicConstraints.__init__rrcCs d|S)Nz:rtr&r r r!rLszBasicConstraints.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[s zBasicConstraints.__eq__cCs ||k Sr#r rYr r r!r\szBasicConstraints.__ne__cCst|j|jfSr#)r^rrr&r r r!r_szBasicConstraints.__hash__N)r9r:r;rZBASIC_CONSTRAINTSr3r2rr`rrrLr[r\r_r r r r!rs  rc@sDeZdZejZddZedZ ddZ ddZ dd Z d d Z d S) DeltaCRLIndicatorcCst|tjstd||_dSrQrRrVr r r!r2s zDeltaCRLIndicator.__init__rUcCst|tstS|j|jkSr#)rrrXrWrYr r r!r[s zDeltaCRLIndicator.__eq__cCs ||k Sr#r rYr r r!r\szDeltaCRLIndicator.__ne__cCs t|jSr#r]r&r r r!r_szDeltaCRLIndicator.__hash__cCs d|S)Nz.rtr&r r r!rLszDeltaCRLIndicator.__repr__N)r9r:r;rZDELTA_CRL_INDICATORr3r2rr`rWr[r\r_rLr r r r!rs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CRLDistributionPointscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#rDistributionPointrcr r r!rfsz1CRLDistributionPoints.__init__..?distribution_points must be a list of DistributionPoint objectsrgrhrI_distribution_pointsr'Zdistribution_pointsr r r!r2szCRLDistributionPoints.__init__rcCs d|jS)NzrErr&r r r!rLszCRLDistributionPoints.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zCRLDistributionPoints.__eq__cCs ||k Sr#r rYr r r!r\szCRLDistributionPoints.__ne__cCstt|jSr#r^rurr&r r r!r_szCRLDistributionPoints.__hash__N)r9r:r;rZCRL_DISTRIBUTION_POINTSr3r2r/rMrNrOrLr[r\r_r r r r!rs  rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) FreshestCRLcCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#rrcr r r!rfsz'FreshestCRL.__init__..rrrr r r!r2szFreshestCRL.__init__rcCs d|jS)Nzrr&r r r!rLszFreshestCRL.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[ s zFreshestCRL.__eq__cCs ||k Sr#r rYr r r!r\szFreshestCRL.__ne__cCstt|jSr#rr&r r r!r_szFreshestCRL.__hash__N)r9r:r;rZ FRESHEST_CRLr3r2r/rMrNrOrLr[r\r_r r r r!rs  rc@s\eZdZddZddZddZddZd d Ze d Z e d Z e d Z e dZ dS)rcCs|r|rtd|r6t|}tdd|Ds6td|rLt|tsLtd|rrt|}tdd|Dsrtd|rt|trtdd|Dstd |rtj|vstj |vrtd |r|s|s|std ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.css|]}t|tVqdSr#rbrcr r r!rf"r}z-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdSr#rbrcr r r!rf/r}z2crl_issuer must be None or a list of general namescss|]}t|tVqdSr#r ReasonFlagsrcr r r!rf6r}z0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rrgrhrIrr frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r' full_name relative_namereasons crl_issuerr r r!r2sV zDistributionPoint.__init__cCs d|S)Nz}rtr&r r r!rLNszDistributionPoint.__repr__cCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkSr#)rrrXrrrrrYr r r!r[Us     zDistributionPoint.__eq__cCs ||k Sr#r rYr r r!r\`szDistributionPoint.__ne__cCsH|jdurt|j}nd}|jdur0t|j}nd}t||j|j|fSr#)rrurr^rr)r'fnrr r r!r_cs    zDistributionPoint.__hash__rrrrN)r9r:r;r2rLr[r\r_rr`rrrrr r r r!rs5    rc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) r9r:r;rZkey_compromiseZ ca_compromiseZaffiliation_changedrZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr r r r!rvsrc@sNeZdZejZddZddZddZddZ d d Z e d Z e d Zd S)PolicyConstraintscCs`|durt|tjstd|dur8t|tjs8td|durP|durPtd||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)rrSrTrIr_require_explicit_policy_inhibit_policy_mapping)r'require_explicit_policyinhibit_policy_mappingr r r!r2s$  zPolicyConstraints.__init__cCs d|S)Nz{rtr&r r r!rLszPolicyConstraints.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[s    zPolicyConstraints.__eq__cCs ||k Sr#r rYr r r!r\szPolicyConstraints.__ne__cCst|j|jfSr#)r^rrr&r r r!r_s zPolicyConstraints.__hash__rrN)r9r:r;rZPOLICY_CONSTRAINTSr3r2rLr[r\r_rr`rrr r r r!rs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CertificatePoliciescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#)rPolicyInformationrcr r r!rfr}z/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rgrhrI _policies)r'Zpoliciesr r r!r2s zCertificatePolicies.__init__rcCs d|jS)Nz)rErr&r r r!rLszCertificatePolicies.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zCertificatePolicies.__eq__cCs ||k Sr#r rYr r r!r\szCertificatePolicies.__ne__cCstt|jSr#)r^rurr&r r r!r_szCertificatePolicies.__hash__N)r9r:r;rZCERTIFICATE_POLICIESr3r2r/rMrNrOrLr[r\r_r r r r!rs rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCsHt|tstd||_|r>t|}tdd|Ds>td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|]}t|tjtfVqdSr#)rrSZ text_type UserNoticercr r r!rfsz-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)rrrI_policy_identifierrgrh_policy_qualifiers)r'policy_identifierpolicy_qualifiersr r r!r2s zPolicyInformation.__init__cCs d|S)Nzertr&r r r!rLszPolicyInformation.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[s    zPolicyInformation.__eq__cCs ||k Sr#r rYr r r!r\szPolicyInformation.__ne__cCs(|jdurt|j}nd}t|j|fSr#)rrur^r)r'Zpqr r r!r_s  zPolicyInformation.__hash__rrN) r9r:r;r2rLr[r\r_rr`rrr r r r!rs  rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs&|rt|tstd||_||_dS)Nz2notice_reference must be None or a NoticeReference)rNoticeReferencerI_notice_reference_explicit_text)r'notice_reference explicit_textr r r!r2szUserNotice.__init__cCs d|S)NzVrtr&r r r!rLszUserNotice.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[$s    zUserNotice.__eq__cCs ||k Sr#r rYr r r!r\-szUserNotice.__ne__cCst|j|jfSr#)r^rrr&r r r!r_0szUserNotice.__hash__rrN) r9r:r;r2rLr[r\r_rr`rrr r r r!rs   rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdSr#)rintrcr r r!rf;r}z+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrgrhrI_notice_numbers)r' organizationnotice_numbersr r r!r28s zNoticeReference.__init__cCs d|S)NzUrtr&r r r!rL@szNoticeReference.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[Fs    zNoticeReference.__eq__cCs ||k Sr#r rYr r r!r\OszNoticeReference.__ne__cCst|jt|jfSr#)r^rrurr&r r r!r_RszNoticeReference.__hash__rrN) r9r:r;r2rLr[r\r_rr`rrr r r r!r7s  rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) ExtendedKeyUsagecCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#)rrrcr r r!rf_r}z,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rgrhrI_usages)r'Zusagesr r r!r2]s zExtendedKeyUsage.__init__rcCs d|jS)Nz)rErr&r r r!rLhszExtendedKeyUsage.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[ks zExtendedKeyUsage.__eq__cCs ||k Sr#r rYr r r!r\qszExtendedKeyUsage.__ne__cCstt|jSr#)r^rurr&r r r!r_tszExtendedKeyUsage.__hash__N)r9r:r;rZEXTENDED_KEY_USAGEr3r2r/rMrNrOrLr[r\r_r r r r!rYs rc@s2eZdZejZddZddZddZddZ d S) OCSPNoCheckcCst|tstSdSNT)rrrXrYr r r!r[|s zOCSPNoCheck.__eq__cCs ||k Sr#r rYr r r!r\szOCSPNoCheck.__ne__cCsttSr#)r^rr&r r r!r_szOCSPNoCheck.__hash__cCsdS)Nzr r&r r r!rLszOCSPNoCheck.__repr__N) r9r:r;rZ OCSP_NO_CHECKr3r[r\r_rLr r r r!rxs rc@s2eZdZejZddZddZddZddZ d S) PrecertPoisoncCst|tstSdSr)rrrXrYr r r!r[s zPrecertPoison.__eq__cCs ||k Sr#r rYr r r!r\szPrecertPoison.__ne__cCsttSr#)r^rr&r r r!r_szPrecertPoison.__hash__cCsdS)Nzr r&r r r!rLszPrecertPoison.__repr__N) r9r:r;rZPRECERT_POISONr3r[r\r_rLr r r r!rs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) TLSFeaturecCs8t|}tdd|Dr&t|dkr.td||_dS)Ncss|]}t|tVqdSr#)rTLSFeatureTypercr r r!rfr}z&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rgrhr$rI _features)r'Zfeaturesr r r!r2s zTLSFeature.__init__rcCs d|S)Nz$rtr&r r r!rLszTLSFeature.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zTLSFeature.__eq__cCs ||k Sr#r rYr r r!r\szTLSFeature.__ne__cCstt|jSr#)r^rurr&r r r!r_szTLSFeature.__hash__N)r9r:r;rZ TLS_FEATUREr3r2r/rMrNrOrLr[r\r_r r r r!rs rc@seZdZdZdZdS)rN)r9r:r;Zstatus_requestZstatus_request_v2r r r r!rsrcCsi|] }|j|qSr rJrcr r r! r}rc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InhibitAnyPolicycCs.t|tjstd|dkr$td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)rrSrTrIr _skip_certs)r' skip_certsr r r!r2s  zInhibitAnyPolicy.__init__cCs d|S)Nz-rtr&r r r!rLszInhibitAnyPolicy.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zInhibitAnyPolicy.__eq__cCs ||k Sr#r rYr r r!r\szInhibitAnyPolicy.__ne__cCs t|jSr#)r^rr&r r r!r_szInhibitAnyPolicy.__hash__rN)r9r:r;rZINHIBIT_ANY_POLICYr3r2rLr[r\r_rr`rr r r r!rs rc@seZdZejZddZedZ edZ edZ edZ edZ edZed Zed d Zed d ZddZddZddZddZdS)KeyUsagec CsN|s|s | rtd||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r'digital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyr r r!r2s zKeyUsage.__init__rrrrrrrcCs|jstdn|jSdS)Nz7encipher_only is undefined unless key_agreement is true)rrrr&r r r!rs zKeyUsage.encipher_onlycCs|jstdn|jSdS)Nz7decipher_only is undefined unless key_agreement is true)rrrr&r r r!r!s zKeyUsage.decipher_onlycCs:z|j}|j}Wnty*d}d}Yn0d|||S)NFa-)rrrrE)r'rrr r r!rL*s   zKeyUsage.__repr__cCszt|tstS|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j |j kox|j |j kox|j |j kSr#) rrrXrrrrrrrrrrYr r r!r[?s&          zKeyUsage.__eq__cCs ||k Sr#r rYr r r!r\OszKeyUsage.__ne__c Cs,t|j|j|j|j|j|j|j|j|j f Sr#) r^rrrrrrrrrr&r r r!r_RszKeyUsage.__hash__N)r9r:r;rZ KEY_USAGEr3r2rr`rrrrrrrpropertyrrrLr[r\r_r r r r!rs"         rc@sVeZdZejZddZddZddZddZ d d Z d d Z e d Ze dZdS)NameConstraintscCs|dur4t|}tdd|Ds*td|||durht|}tdd|Ds^td|||dur|durtd||_||_dS)Ncss|]}t|tVqdSr#rbrcr r r!rfir}z+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonecss|]}t|tVqdSr#rbrcr r r!rfsr}z?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rgrhrI_validate_ip_namer_permitted_subtrees_excluded_subtrees)r'permitted_subtreesexcluded_subtreesr r r!r2fs(  zNameConstraints.__init__cCs&t|tstS|j|jko$|j|jkSr#)rrrXrrrYr r r!r[s    zNameConstraints.__eq__cCs ||k Sr#r rYr r r!r\szNameConstraints.__ne__cCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdSr#)rrrJ ipaddressZ IPv4NetworkZ IPv6Network)rdnamer r r!rfs  z4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrI)r'Ztreer r r!rs z!NameConstraints._validate_ip_namecCs d|S)Nzertr&r r r!rLszNameConstraints.__repr__cCs@|jdurt|j}nd}|jdur0t|j}nd}t||fSr#)rrurr^)r'ZpsZesr r r!r_s    zNameConstraints.__hash__rrN)r9r:r;rZNAME_CONSTRAINTSr3r2r[r\rrLr_rr`rrr r r r!rbs   rc@sReZdZddZedZedZedZddZ dd Z d d Z d d Z dS) ExtensioncCs:t|tstdt|ts$td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)rrrIr_oid _critical_value)r'r3criticalrJr r r!r2s  zExtension.__init__rrrcCs d|S)Nz@rtr&r r r!rLszExtension.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkSr#)rrrXr3rrJrYr r r!r[s    zExtension.__eq__cCs ||k Sr#r rYr r r!r\szExtension.__ne__cCst|j|j|jfSr#)r^r3rrJr&r r r!r_szExtension.__hash__N) r9r:r;r2rr`r3rrJrLr[r\r_r r r r!rs    rc@sJeZdZddZed\ZZZddZddZ dd Z d d Z d d Z dS) GeneralNamescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#rbrcr r r!rfr}z(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rgrhrI_general_namesr'Z general_namesr r r!r2s zGeneralNames.__init__rcs0fdd|D}tkr(dd|D}t|S)Nc3s|]}t|r|VqdSr#)rrdityper r!rfr}z3GeneralNames.get_values_for_type..css|] }|jVqdSr#rrr r r!rfr})rrg)r'rZobjsr rr!get_values_for_typesz GeneralNames.get_values_for_typecCs d|jS)NzrErr&r r r!rLszGeneralNames.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zGeneralNames.__eq__cCs ||k Sr#r rYr r r!r\szGeneralNames.__ne__cCstt|jSr#)r^rurr&r r r!r_szGeneralNames.__hash__N) r9r:r;r2r/rMrNrOrrLr[r\r_r r r r!rs  rc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)SubjectAlternativeNamecCst||_dSr#rrrr r r!r2szSubjectAlternativeName.__init__rcCs |j|Sr#rrr'rr r r!r sz*SubjectAlternativeName.get_values_for_typecCs d|jS)Nzrr&r r r!rLszSubjectAlternativeName.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zSubjectAlternativeName.__eq__cCs ||k Sr#r rYr r r!r\szSubjectAlternativeName.__ne__cCs t|jSr#r^rr&r r r!r_szSubjectAlternativeName.__hash__N)r9r:r;rZSUBJECT_ALTERNATIVE_NAMEr3r2r/rMrNrOrrLr[r\r_r r r r!rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)IssuerAlternativeNamecCst||_dSr#rrr r r!r2#szIssuerAlternativeName.__init__rcCs |j|Sr#rrr r r!r(sz)IssuerAlternativeName.get_values_for_typecCs d|jS)Nzrr&r r r!rL+szIssuerAlternativeName.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[.s zIssuerAlternativeName.__eq__cCs ||k Sr#r rYr r r!r\4szIssuerAlternativeName.__ne__cCs t|jSr#rr&r r r!r_7szIssuerAlternativeName.__hash__N)r9r:r;rZISSUER_ALTERNATIVE_NAMEr3r2r/rMrNrOrrLr[r\r_r r r r!rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)CertificateIssuercCst||_dSr#rrr r r!r2?szCertificateIssuer.__init__rcCs |j|Sr#rrr r r!rDsz%CertificateIssuer.get_values_for_typecCs d|jS)Nzrr&r r r!rLGszCertificateIssuer.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[Js zCertificateIssuer.__eq__cCs ||k Sr#r rYr r r!r\PszCertificateIssuer.__ne__cCs t|jSr#rr&r r r!r_SszCertificateIssuer.__hash__N)r9r:r;rZCERTIFICATE_ISSUERr3r2r/rMrNrOrrLr[r\r_r r r r!r;src@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLReasoncCst|tstd||_dS)Nz*reason must be an element from ReasonFlags)rrrI_reason)r'reasonr r r!r2[s zCRLReason.__init__cCs d|jS)Nz)rErr&r r r!rLaszCRLReason.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[ds zCRLReason.__eq__cCs ||k Sr#r rYr r r!r\jszCRLReason.__ne__cCs t|jSr#)r^rr&r r r!r_mszCRLReason.__hash__rN)r9r:r;rZ CRL_REASONr3r2rLr[r\r_rr`rr r r r!rWsrc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InvalidityDatecCst|tjstd||_dS)Nz+invalidity_date must be a datetime.datetime)rdatetimerI_invalidity_date)r'invalidity_dater r r!r2ws zInvalidityDate.__init__cCs d|jS)Nz$)rErr&r r r!rL}szInvalidityDate.__repr__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zInvalidityDate.__eq__cCs ||k Sr#r rYr r r!r\szInvalidityDate.__ne__cCs t|jSr#)r^rr&r r r!r_szInvalidityDate.__hash__rN)r9r:r;rZINVALIDITY_DATEr3r2rLr[r\r_rr`rr r r r!rssrc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) )PrecertificateSignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#rrrdZsctr r r!rfszEPrecertificateSignedCertificateTimestamps.__init__..YEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamprgrhrI_signed_certificate_timestampsr'Zsigned_certificate_timestampsr r r!r2sz2PrecertificateSignedCertificateTimestamps.__init__r cCsdt|S)Nz/rErgr&r r r!rLsz2PrecertificateSignedCertificateTimestamps.__repr__cCstt|jSr#r^rur r&r r r!r_sz2PrecertificateSignedCertificateTimestamps.__hash__cCst|tstS|j|jkSr#)rrrXr rYr r r!r[s  z0PrecertificateSignedCertificateTimestamps.__eq__cCs ||k Sr#r rYr r r!r\sz0PrecertificateSignedCertificateTimestamps.__ne__N)r9r:r;rZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr3r2r/rMrNrOrLr_r[r\r r r r!rs   rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) SignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr#r r r r r!rfsz7SignedCertificateTimestamps.__init__..r r rr r r!r2sz$SignedCertificateTimestamps.__init__r cCsdt|S)Nz!rr&r r r!rLsz$SignedCertificateTimestamps.__repr__cCstt|jSr#rr&r r r!r_sz$SignedCertificateTimestamps.__hash__cCst|tstS|j|jkSr#)rrrXr rYr r r!r[s  z"SignedCertificateTimestamps.__eq__cCs ||k Sr#r rYr r r!r\sz"SignedCertificateTimestamps.__ne__N)r9r:r;rZSIGNED_CERTIFICATE_TIMESTAMPSr3r2r/rMrNrOrLr_r[r\r r r r!rs   rc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) OCSPNoncecCst|tstd||_dS)Nznonce must be bytes)rbytesrI_nonce)r'noncer r r!r2s zOCSPNonce.__init__cCst|tstS|j|jkSr#)rrrXrrYr r r!r[s zOCSPNonce.__eq__cCs ||k Sr#r rYr r r!r\szOCSPNonce.__ne__cCs t|jSr#)r^rr&r r r!r_szOCSPNonce.__hash__cCs d|S)Nzrtr&r r r!rLszOCSPNonce.__repr__rN)r9r:r;rZNONCEr3r2r[r\r_rLrr`rr r r r!rsrc@seZdZejZddZddZddZddZ d d Z e d Z e d Ze d Ze dZe dZe dZe dZdS)IssuingDistributionPointc Cs|r(t|tr tdd|Ds(td|rHtj|vs@tj|vrHtdt|trpt|trpt|trpt|tsxtd||||g}t dd|Ddkrtd t |||||||gstd ||_ ||_ ||_ ||_||_||_||_dS) Ncss|]}t|tVqdSr#rrcr r r!rf r}z4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSr r rcr r r! /r}z5IssuingDistributionPoint.__init__..zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rrrhrIrrrrrr$r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r'rronly_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsZcrl_constraintsr r r!r2sp  z!IssuingDistributionPoint.__init__cCs d|S)NaGrtr&r r r!rLQsz!IssuingDistributionPoint.__repr__cCsbt|tstS|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j |j kSr#) rrrXrrrrr r!r"rYr r r!r[]s"       zIssuingDistributionPoint.__eq__cCs ||k Sr#r rYr r r!r\lszIssuingDistributionPoint.__ne__cCs$t|j|j|j|j|j|j|jfSr#)r^rrrrr r!r"r&r r r!r_osz!IssuingDistributionPoint.__hash__rrrrrrrN)r9r:r;rZISSUING_DISTRIBUTION_POINTr3r2rLr[r\r_rr`rrrrr r!r"r r r r!rs&P     rc@sHeZdZddZedZedZddZddZ d d Z d d Z d S)rHcCs"t|tstd||_||_dS)Nzoid must be an ObjectIdentifier)rrrIrr)r'r3rJr r r!r2s zUnrecognizedExtension.__init__rrcCs d|S)Nz7rtr&r r r!rLszUnrecognizedExtension.__repr__cCs&t|tstS|j|jko$|j|jkSr#)rrHrXr3rJrYr r r!r[s zUnrecognizedExtension.__eq__cCs ||k Sr#r rYr r r!r\szUnrecognizedExtension.__ne__cCst|j|jfSr#)r^r3rJr&r r r!r_szUnrecognizedExtension.__hash__N) r9r:r;r2rr`r3rJrLr[r\r_r r r r!rHs  rH)WZ __future__rrrr?rrrenumrrSZ cryptographyrZcryptography.hazmat._derrrr r Zcryptography.hazmat.primitivesr r Z,cryptography.hazmat.primitives.asymmetric.ecr Z-cryptography.hazmat.primitives.asymmetric.rsarZ*cryptography.x509.certificate_transparencyrZcryptography.x509.general_namerrrZcryptography.x509.namerZcryptography.x509.oidrrrrr"r/ Exceptionr0r=Z add_metaclassABCMetaobjectr>rAZregister_interfacerPrarwrzrr|rrrrrrrrrrrrrrrrZ_TLS_FEATURE_TYPE_TO_ENUMrrrrrrrrrrrrrrrHr r r r!s      (  ![$)##^ <2%"" qQ)&(&