a Ç `½3ã@spddlmZmZmZddlZddlZddlmZddlZddl m Z ddl m Z ddl mZmZmZe  ¡e  ¡e  ¡e  ¡e  ¡dœZGdd „d eƒZGd d „d eƒZd d „eDƒZe je je je je jfZdd„ZGdd„deƒZdd „eDƒZdd„Zdd„ZGdd„de ƒZ!Gdd„de ƒZ"Gdd„de ƒZ#e $ej%¡Gdd„de ƒƒZ&e $ej%¡Gdd „d e ƒƒZ'dS)!é)Úabsolute_importÚdivisionÚprint_functionN)ÚEnum)Úx509)Úhashes)Ú_EARLIEST_UTC_TIMEÚ_convert_to_naive_utc_timeÚ_reject_duplicate_extension)z 1.3.14.3.2.26z2.16.840.1.101.3.4.2.4z2.16.840.1.101.3.4.2.1z2.16.840.1.101.3.4.2.2z2.16.840.1.101.3.4.2.3c@seZdZdZdZdS)ÚOCSPResponderEncodingzBy HashzBy NameN)Ú__name__Ú __module__Ú __qualname__ZHASHÚNAME©rrú8/usr/lib/python3/dist-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)ÚOCSPResponseStatusréééééN) r r rÚ SUCCESSFULZMALFORMED_REQUESTZINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIREDZ UNAUTHORIZEDrrrrr$s rcCsi|] }|j|“qSr©Úvalue©Ú.0ÚxrrrÚ -órcCst|tƒstdƒ‚dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)Ú isinstanceÚ_ALLOWED_HASHESÚ ValueError)Ú algorithmrrrÚ_verify_algorithm7s ÿr$c@seZdZdZdZdZdS)ÚOCSPCertStatusrrrN)r r rZGOODÚREVOKEDZUNKNOWNrrrrr%>sr%cCsi|] }|j|“qSrrrrrrrDrcCsddlm}| |¡S©Nr©Úbackend)Ú,cryptography.hazmat.backends.openssl.backendr)Úload_der_ocsp_request©Údatar)rrrr+Gs r+cCsddlm}| |¡Sr')r*r)Úload_der_ocsp_responser,rrrr.Ms r.c@s2eZdZdgfdd„Zdd„Zdd„Zdd „ZdS) ÚOCSPRequestBuilderNcCs||_||_dS©N)Ú_requestÚ _extensions)ÚselfZrequestÚ extensionsrrrÚ__init__TszOCSPRequestBuilder.__init__cCsL|jdurtdƒ‚t|ƒt|tjƒr2t|tjƒs:tdƒ‚t|||f|jƒS)Nz.Only one certificate can be added to a requestú%cert and issuer must be a Certificate) r1r"r$r rÚ CertificateÚ TypeErrorr/r2)r3ÚcertÚissuerr#rrrÚadd_certificateXs ÿz"OCSPRequestBuilder.add_certificatecCsDt|tjƒstdƒ‚t |j||¡}t||jƒt|j |j|gƒS©Nz"extension must be an ExtensionType) r rÚ ExtensionTyper8Ú ExtensionÚoidr r2r/r1©r3Ú extensionZcriticalrrrÚ add_extensionds  ÿz OCSPRequestBuilder.add_extensioncCs(ddlm}|jdurtdƒ‚| |¡S)Nrr(z*You must add a certificate before building)r*r)r1r"Zcreate_ocsp_request)r3r)rrrÚbuildos  zOCSPRequestBuilder.build)r r rr5r;rBrCrrrrr/Ss  r/c@seZdZdd„ZdS)Ú_SingleResponsec Cst|tjƒrt|tjƒs tdƒ‚t|ƒt|tjƒsýrz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rNr"ÚlistÚlenÚallr8rKrLrMr2)r3rPrrrÚ certificates÷s  üz OCSPResponseBuilder.certificatescCsLt|tjƒstdƒ‚t |j||¡}t||jƒt|j |j |j |j|gƒSr<) r rr=r8r>r?r r2rKrLrMrNr@rrrrBs   üz!OCSPResponseBuilder.add_extensioncCsBddlm}|jdurtdƒ‚|jdur0tdƒ‚| tj|||¡S)Nrr(z&You must add a response before signingz*You must add a responder_id before signing)r*r)rLr"rMÚcreate_ocsp_responserr)r3Z private_keyr#r)rrrÚsigns    ÿzOCSPResponseBuilder.signcCs@ddlm}t|tƒstdƒ‚|tjur0tdƒ‚| |ddd¡S)Nrr(z7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r*r)r rr8rr"rX)ÚclsÚresponse_statusr)rrrÚbuild_unsuccessful s  ÿ z&OCSPResponseBuilder.build_unsuccessful) r r rr5rQrOrWrBrYÚ classmethodr\rrrrrK¾sÿ  rKc@s`eZdZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZej d d „ƒZ ejd d „ƒZ d S)Ú OCSPRequestcCsdS©z3 The hash of the issuer public key Nr©r3rrrÚissuer_key_hash0szOCSPRequest.issuer_key_hashcCsdS©z- The hash of the issuer name Nrr`rrrÚissuer_name_hash6szOCSPRequest.issuer_name_hashcCsdS©zK The hash algorithm used in the issuer name and key hashes Nrr`rrrÚhash_algorithm<szOCSPRequest.hash_algorithmcCsdS©zM The serial number of the cert whose status is being checked Nrr`rrrÚ serial_numberBszOCSPRequest.serial_numbercCsdS)z/ Serializes the request to DER Nr)r3rRrrrÚ public_bytesHszOCSPRequest.public_bytescCsdS)zP The list of request extensions. Not single request extensions. Nrr`rrrr4NszOCSPRequest.extensionsN) r r rÚabcÚabstractpropertyrarcrergÚabstractmethodrhr4rrrrr^.s     r^c@s$eZdZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejd d „ƒZ ejd d „ƒZ ejd d„ƒZ ejdd„ƒZ ejdd„ƒZ ejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd „ƒZejd!d"„ƒZejd#d$„ƒZejd%d&„ƒZejd'd(„ƒZd)S)*Ú OCSPResponsecCsdS)zm The status of the response. This is a value from the OCSPResponseStatus enumeration Nrr`rrrr[WszOCSPResponse.response_statuscCsdS)zA The ObjectIdentifier of the signature algorithm Nrr`rrrÚsignature_algorithm_oid^sz$OCSPResponse.signature_algorithm_oidcCsdS)zX Returns a HashAlgorithm corresponding to the type of the digest signed Nrr`rrrÚsignature_hash_algorithmdsz%OCSPResponse.signature_hash_algorithmcCsdS)z% The signature bytes Nrr`rrrÚ signaturejszOCSPResponse.signaturecCsdS)z+ The tbsResponseData bytes Nrr`rrrÚtbs_response_bytespszOCSPResponse.tbs_response_bytescCsdS)z» A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrr`rrrrWvszOCSPResponse.certificatescCsdS)z2 The responder's key hash or None Nrr`rrrÚresponder_key_hash~szOCSPResponse.responder_key_hashcCsdS)z. The responder's Name or None Nrr`rrrÚresponder_name„szOCSPResponse.responder_namecCsdS)z4 The time the response was produced Nrr`rrrÚ produced_atŠszOCSPResponse.produced_atcCsdS)zY The status of the certificate (an element from the OCSPCertStatus enum) Nrr`rrrÚcertificate_statusszOCSPResponse.certificate_statuscCsdS)z^ The date of when the certificate was revoked or None if not revoked. Nrr`rrrrI–szOCSPResponse.revocation_timecCsdS)zi The reason the certificate was revoked or None if not specified or not revoked. Nrr`rrrrJszOCSPResponse.revocation_reasoncCsdS)z The most recent time at which the status being indicated is known by the responder to have been correct Nrr`rrrrG¤szOCSPResponse.this_updatecCsdS)zC The time when newer information will be available Nrr`rrrrH«szOCSPResponse.next_updatecCsdSr_rr`rrrra±szOCSPResponse.issuer_key_hashcCsdSrbrr`rrrrc·szOCSPResponse.issuer_name_hashcCsdSrdrr`rrrre½szOCSPResponse.hash_algorithmcCsdSrfrr`rrrrgÃszOCSPResponse.serial_numbercCsdS)zR The list of response extensions. Not single response extensions. Nrr`rrrr4ÉszOCSPResponse.extensionscCsdS)zR The list of single response extensions. Not response extensions. Nrr`rrrÚsingle_extensionsÏszOCSPResponse.single_extensionsN)r r rrirjr[rmrnrorprWrqrrrsrtrIrJrGrHrarcrergr4rurrrrrlUsP                   rl)(Z __future__rrrrirEÚenumrZsixZ cryptographyrZcryptography.hazmat.primitivesrZcryptography.x509.baserr r ZSHA1ZSHA224ZSHA256ZSHA384ZSHA512Z _OIDS_TO_HASHr rZ_RESPONSE_STATUS_TO_ENUMr!r$r%Z_CERT_STATUS_TO_ENUMr+r.Úobjectr/rDrKZ add_metaclassÚABCMetar^rlrrrrÚsD   û  û %Fp &