o CZhE @spddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z mZddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%ed d d Z&ej'e j(e j)e j*e j+e j,e j-e j.e j/fZ0Gd dde1Z2d?ddZ3d@ddZ4dAdd Z5Gd!d"d"Z6Gd#d$d$Z7Gd%d&d&ej8Z9Gd'd(d(e1Z:Gd)d*d*ej;d+Ze>=e j>Gd.d/d/e>Z?Gd0d1d1ej;d+Z@e@=e j@Gd2d3d3ej;d+ZAeA=e jAe jBZBe jCZCe jDZDe jEZEe jFZFe jGZGe jHZHGd4d5d5ZIGd6d7d7ZJGd8d9d9ZKGd:d;d;ZLdBd=d>ZMdS)C) annotationsN)utils)x509)hashes serialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifiericeZdZd fdd ZZS) AttributeNotFoundmsgstroidrreturnNonect|||_dSN)super__init__r)selfrr __class__M/var/www/html/lang_env/lib/python3.10/site-packages/cryptography/x509/base.pyr$9  zAttributeNotFound.__init__)rrrrrr __name__ __module__ __qualname__r$ __classcell__r(r(r&r)r8r extensionExtension[ExtensionType] extensionslist[Extension[ExtensionType]]rr cCs"|D] }|j|jkrtdqdS)Nz$This extension has already been set.)r ValueError)r1r3er(r(r)_reject_duplicate_extension>s  r7rr attributes0list[tuple[ObjectIdentifier, bytes, int | None]]cCs$|D] \}}}||krtdqdS)Nz$This attribute has already been set.)r5)rr8Zattr_oid_r(r(r)_reject_duplicate_attributeHs r;timedatetime.datetimecCs6|jdur|}|r |nt}|jdd|S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)r? utcoffsetdatetime timedeltareplace)r<offsetr(r(r)_convert_to_naive_utc_timeRs rEc@sXeZdZejjfdd d Zedd d Zedd dZdddZ dddZ dddZ dS) Attributerrvaluebytes_typeintrr cC||_||_||_dSr")_oid_valuerI)r%rrGrIr(r(r)r$a zAttribute.__init__cC|jSr")rLr%r(r(r)rkz Attribute.oidcCrOr")rMrPr(r(r)rGorQzAttribute.valuercCsd|jd|jdS)Nz)rrGrPr(r(r)__repr__szAttribute.__repr__otherobjectboolcCs2t|tstS|j|jko|j|jko|j|jkSr") isinstancerFNotImplementedrrGrIr%rUr(r(r)__eq__vs    zAttribute.__eq__cCst|j|j|jfSr")hashrrGrIrPr(r(r)__hash__szAttribute.__hash__N)rrrGrHrIrJrr rrrrHrrrUrVrrWrrJ) r,r-r.rZ UTF8StringrGr$propertyrrSr[r]r(r(r(r)rF`s      rFc@s8eZdZdddZed\ZZZdd d ZdddZ dS) Attributesr8typing.Iterable[Attribute]rr cCst||_dSr")list _attributes)r%r8r(r(r)r$szAttributes.__init__rgrcCsd|jdS)Nz Zd?S)N Certificate algorithmhashes.HashAlgorithmrrHcCdSz4 Returns bytes using digest passed. Nr(r%rtr(r(r) fingerprintzCertificate.fingerprintrJcCrv)z3 Returns certificate serial number Nr(rPr(r(r) serial_numberrzzCertificate.serial_numberrmcCrv)z1 Returns the certificate version Nr(rPr(r(r)versionrzzCertificate.versionrcCrvz( Returns the public key Nr(rPr(r(r) public_keyrzzCertificate.public_keyr=cCrv)z? Not before time (represented as UTC datetime) Nr(rPr(r(r)not_valid_beforerzzCertificate.not_valid_beforecCrv)zK Not before time (represented as a non-naive UTC datetime) Nr(rPr(r(r)not_valid_before_utcrzz Certificate.not_valid_before_utccCrv)z> Not after time (represented as UTC datetime) Nr(rPr(r(r)not_valid_afterrzzCertificate.not_valid_aftercCrv)zJ Not after time (represented as a non-naive UTC datetime) Nr(rPr(r(r)not_valid_after_utcrzzCertificate.not_valid_after_utcrcCrv)z1 Returns the issuer name object. Nr(rPr(r(r)issuerrzzCertificate.issuercCrvz2 Returns the subject name object. Nr(rPr(r(r)subjectrzzCertificate.subjecthashes.HashAlgorithm | NonecCrvzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. Nr(rPr(r(r)signature_hash_algorithmrzz$Certificate.signature_hash_algorithmrcCrvzJ Returns the ObjectIdentifier of the signature algorithm. Nr(rPr(r(r)signature_algorithm_oidrzz#Certificate.signature_algorithm_oid0None | padding.PSS | padding.PKCS1v15 | ec.ECDSAcCrvz= Returns the signature algorithm parameters. Nr(rPr(r(r)signature_algorithm_parametersrzz*Certificate.signature_algorithm_parametersrcCrv)z/ Returns an Extensions object. Nr(rPr(r(r)r3rzzCertificate.extensionscCrvz. Returns the signature bytes. Nr(rPr(r(r) signature rzzCertificate.signaturecCrv)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. Nr(rPr(r(r)tbs_certificate_bytesrzz!Certificate.tbs_certificate_bytescCrv)zh Returns the tbsCertificate payload bytes with the SCT list extension stripped. Nr(rPr(r(r)tbs_precertificate_bytesrzz$Certificate.tbs_precertificate_bytesrUrVrWcCrvz" Checks equality. Nr(rZr(r(r)r[rzzCertificate.__eq__cCrvz" Computes a hash. Nr(rPr(r(r)r]%rzzCertificate.__hash__encodingserialization.EncodingcCrv)zB Serializes the certificate to PEM or DER format. Nr(r%rr(r(r) public_bytes+rzzCertificate.public_bytesrr cCrv)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nr()r%rr(r(r)verify_directly_issued_by1rzz%Certificate.verify_directly_issued_byNrtrurrHrb)rrmrrrr=rrrrr^rrrrr_rarrrrH)rrsrr )r,r-r.abcabstractmethodryrcr{r|r~rrrrrrrrrr3rrrr[r]rrr(r(r(r)rsst     rs) metaclassc@s\eZdZeejdddZeejdddZeejddd Zeejdd d Z d S)RevokedCertificaterrJcCrv)zG Returns the serial number of the revoked certificate. Nr(rPr(r(r)r{?rzz RevokedCertificate.serial_numberr=cCrv)zH Returns the date of when this certificate was revoked. Nr(rPr(r(r)revocation_dateFrzz"RevokedCertificate.revocation_datecCrv)zl Returns the date of when this certificate was revoked as a non-naive UTC datetime. Nr(rPr(r(r)revocation_date_utcMrzz&RevokedCertificate.revocation_date_utcrcCrv)zW Returns an Extensions object containing a list of Revoked extensions. Nr(rPr(r(r)r3UrzzRevokedCertificate.extensionsNrbrr) r,r-r.rcrrr{rrr3r(r(r(r)r>src@sNeZdZdddZedd d Zedd d ZedddZedddZdS)_RawRevokedCertificater{rJrr=r3rcCrKr"_serial_number_revocation_date _extensionsr%r{rr3r(r(r)r$brNz_RawRevokedCertificate.__init__rcCrOr")rrPr(r(r)r{lrQz$_RawRevokedCertificate.serial_numbercCstjdtjdd|jS)NukProperties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.rn) stacklevel)warningswarnrZDeprecatedIn42rrPr(r(r)rps z&_RawRevokedCertificate.revocation_datecCs|jjtjjdS)Nr>)rrCrAtimezoneutcrPr(r(r)rzsz*_RawRevokedCertificate.revocation_date_utccCrOr")rrPr(r(r)r3~rQz!_RawRevokedCertificate.extensionsN)r{rJrr=r3rrbrr) r,r-r.r$rcr{rrr3r(r(r(r)ras    rc@seZdZejdFddZejdGd d ZejdHddZeejdIddZ eejdJddZ eejdKddZ eejdLddZ eejdMddZ eejdMdd ZeejdNd"d#ZeejdNd$d%ZeejdOd'd(ZeejdPd)d*ZeejdPd+d,ZejdQd0d1ZejdRd2d3ZejdSd6d7ZejdTd:d7ZejdUd=d7ZejdVd?d@ZejdWdCdDZdES)XCertificateRevocationListrrrrHcCrv)z: Serializes the CRL to PEM or DER format. Nr(rr(r(r)rrzz&CertificateRevocationList.public_bytesrtrucCrvrwr(rxr(r(r)ryrzz%CertificateRevocationList.fingerprintr{rJRevokedCertificate | NonecCrv)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nr()r%r{r(r(r)(get_revoked_certificate_by_serial_numberrzzBCertificateRevocationList.get_revoked_certificate_by_serial_numberrcCrvrr(rPr(r(r)rrzz2CertificateRevocationList.signature_hash_algorithmrcCrvrr(rPr(r(r)rrzz1CertificateRevocationList.signature_algorithm_oidrcCrvrr(rPr(r(r)rrzz8CertificateRevocationList.signature_algorithm_parametersrcCrv)zC Returns the X509Name with the issuer of this CRL. Nr(rPr(r(r)rrzz CertificateRevocationList.issuerdatetime.datetime | NonecCrv)z? Returns the date of next update for this CRL. Nr(rPr(r(r) next_updaterzz%CertificateRevocationList.next_updatecCrv)zc Returns the date of next update for this CRL as a non-naive UTC datetime. Nr(rPr(r(r)next_update_utcrzz)CertificateRevocationList.next_update_utcr=cCrv)z? Returns the date of last update for this CRL. Nr(rPr(r(r) last_updaterzz%CertificateRevocationList.last_updatecCrv)zc Returns the date of last update for this CRL as a non-naive UTC datetime. Nr(rPr(r(r)last_update_utcrzz)CertificateRevocationList.last_update_utcrcCrv)zS Returns an Extensions object containing a list of CRL extensions. Nr(rPr(r(r)r3rzz$CertificateRevocationList.extensionscCrvrr(rPr(r(r)rrzz#CertificateRevocationList.signaturecCrv)zO Returns the tbsCertList payload bytes as defined in RFC 5280. Nr(rPr(r(r)tbs_certlist_bytesrzz,CertificateRevocationList.tbs_certlist_bytesrUrVrWcCrvrr(rZr(r(r)r[rzz CertificateRevocationList.__eq__cCrv)z< Number of revoked certificates in the CRL. Nr(rPr(r(r)rjrzz!CertificateRevocationList.__len__idxrcCdSr"r(r%rr(r(r)rlz%CertificateRevocationList.__getitem__slicelist[RevokedCertificate]cCrr"r(rr(r(r)rlr int | slice-RevokedCertificate | list[RevokedCertificate]cCrv)zS Returns a revoked certificate (or slice of revoked certificates). Nr(rr(r(r)rlrz#typing.Iterator[RevokedCertificate]cCrv)z8 Iterator over the revoked certificates Nr(rPr(r(r)rk rzz"CertificateRevocationList.__iter__r~rcCrv)zQ Verifies signature of revocation list against given public key. Nr()r%r~r(r(r)is_signature_validrzz,CertificateRevocationList.is_signature_validNrr)r{rJrrrr^rr)rrrrr_rarb)rrJrr)rrrr)rrrr)rr)r~rrrW)r,r-r.rrrryrrcrrrrrrrrr3rrr[rjtypingoverloadrlrkrr(r(r(r)rsl         rc@seZdZejd.ddZejd/dd Zejd0d d Zeejd1ddZ eejd2ddZ eejd3ddZ eejd4ddZ eejd5ddZ eejd6ddZejd7d"d#Zeejd8d$d%Zeejd8d&d'Zeejd9d(d)Zejd:d+d,Zd-S);CertificateSigningRequestrUrVrrWcCrvrr(rZr(r(r)r[rzz CertificateSigningRequest.__eq__rJcCrvrr(rPr(r(r)r]"rzz"CertificateSigningRequest.__hash__rcCrvr}r(rPr(r(r)r~(rzz$CertificateSigningRequest.public_keyrcCrvrr(rPr(r(r)r.rzz!CertificateSigningRequest.subjectrcCrvrr(rPr(r(r)r5rzz2CertificateSigningRequest.signature_hash_algorithmrcCrvrr(rPr(r(r)r?rzz1CertificateSigningRequest.signature_algorithm_oidrcCrvrr(rPr(r(r)rFrzz8CertificateSigningRequest.signature_algorithm_parametersrcCrv)z@ Returns the extensions in the signing request. Nr(rPr(r(r)r3Orzz$CertificateSigningRequest.extensionsrdcCrv)z/ Returns an Attributes object. Nr(rPr(r(r)r8Vrzz$CertificateSigningRequest.attributesrrrHcCrv)z; Encodes the request to PEM or DER format. Nr(rr(r(r)r]rzz&CertificateSigningRequest.public_bytescCrvrr(rPr(r(r)rcrzz#CertificateSigningRequest.signaturecCrv)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. Nr(rPr(r(r)tbs_certrequest_bytesjrzz/CertificateSigningRequest.tbs_certrequest_bytescCrv)z8 Verifies signature of signing request. Nr(rPr(r(r)rrrzz,CertificateSigningRequest.is_signature_validrcCrv)z: Get the attribute value for a given OID. Nr()r%rr(r(r)riyrzz/CertificateSigningRequest.get_attribute_for_oidNrarbrrrr^rr)rrdrr_)rrW)rrrrH)r,r-r.rrr[r]r~rcrrrrr3r8rrrrrir(r(r(r)rsL    rc@sVeZdZdggfd*dd Zd+d dZd,ddZddd-ddZ d.ddd/d(d)ZdS)0 CertificateSigningRequestBuilderN subject_name Name | Noner3r4r8r9cCs||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_namerrg)r%rr3r8r(r(r)r$s  z)CertificateSigningRequestBuilder.__init__namerrcCs4t|ts td|jdurtdt||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.)rXr TypeErrorrr5rrrgr%rr(r(r)rs   z-CertificateSigningRequestBuilder.subject_nameextvalrcriticalrWcCsFt|ts tdt|j||}t||jt|jg|j||j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) rXrrrrr7rrrrgr%rrr1r(r(r) add_extensions   z.CertificateSigningRequestBuilder.add_extension)_tagrrrGrHr_ASN1Type | NonecCs~t|ts tdt|tstd|durt|tstdt||j|dur-|j}nd}t|j |j g|j|||fS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) rXrrrHrr;rgrGrrr)r%rrGrtagr(r(r) add_attributes   z.CertificateSigningRequestBuilder.add_attribute rsa_padding private_keyrrt_AllowedHashTypes | Nonebackend typing.Anyr%padding.PSS | padding.PKCS1v15 | NonercCsX|jdur td|dur$t|tjtjfstdt|tjs$tdt ||||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys) rr5rXr PSSPKCS1v15rr RSAPrivateKey rust_x509Zcreate_x509_csrr%rrtrrr(r(r)signs  z%CertificateSigningRequestBuilder.sign)rrr3r4r8r9)rrrr)rrrrWrr)rrrGrHrrrrr") rrrtrrrrrrr)r,r-r.r$rrrrr(r(r(r)rs $rc@seZdZUded<ddddddgfd9ddZd:ddZd:ddZd;ddZdd+d,Z d?dd-d@d7d8Z dS)ACertificateBuilderr4rN issuer_namerrr~ CertificatePublicKeyTypes | Noner{ int | Nonerrrr3rr cCs6tj|_||_||_||_||_||_||_||_ dSr") rmrp_version _issuer_namer _public_keyr_not_valid_before_not_valid_afterr)r%rrr~r{rrr3r(r(r)r$s  zCertificateBuilder.__init__rrcCsDt|ts td|jdurtdt||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. rN%The issuer name may only be set once.) rXrrrr5rrrrrrrrr(r(r)r s  zCertificateBuilder.issuer_namecCsDt|ts td|jdurtdt|j||j|j|j |j |j S)z: Sets the requestor's distinguished name. rNr) rXrrrr5rrrrrrrrr(r(r)rs  zCertificateBuilder.subject_namekeyrc Cs`t|tjtjtjtjt j t j t jfstd|jdur tdt|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rXrZ DSAPublicKeyr Z RSAPublicKeyrZEllipticCurvePublicKeyr ZEd25519PublicKeyr ZEd448PublicKeyrZX25519PublicKeyr Z X448PublicKeyrrr5rrrrrrr)r%rr(r(r)r~/s2  zCertificateBuilder.public_keynumberrJcCsht|ts td|jdurtd|dkrtd|dkr$tdt|j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) rXrJrrr5 bit_lengthrrrrrrrr%rr(r(r)r{Ts&   z CertificateBuilder.serial_numberr<r=cCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rXrArrr5rE_EARLIEST_UTC_TIMErrrrrrrr%r<r(r(r)ros,  z#CertificateBuilder.not_valid_beforecCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rNz)The not valid after may only be set once.zsv   (    $  "  fevI