o CZhF@s>ddlmZddlZddlZddlZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZGdd d ejZGd d d ejZe je je je je jfZd!ddZGdddejZGdddZGdddejdZ GdddejdZ!GdddejdZ"GdddZ#Gdd d Z$e j%Z%e j&Z&dS)") annotationsN)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrM/var/www/html/lang_env/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r rr SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm/s r$c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r rrZGOODREVOKEDUNKNOWNrrrrr%6sr%c@seZdZdddZdS)_SingleResponsecertx509.Certificateissuerrr cert_statusr% this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|tjr t|tjstdt|t|tjstd|dur,t|tjs,td||_||_||_||_ ||_ t|t sDtd|t j urZ|durQt d|durYt dn$t|tjsdtdt|}|tkrpt d|dur~t|tjs~td ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r!r Certificate TypeErrorr$datetimeZ_certZ_issuer _algorithmZ _this_updateZ _next_updater%r&r#r r Z ReasonFlagsZ _cert_statusZ_revocation_timeZ_revocation_reason) selfr)r+rr,r-r/r1r2rrr__init__=s\        z_SingleResponse.__init__N)r)r*r+r*rrr,r%r-r.r/r0r1r0r2r3)r rrr:rrrrr(<sr(c@seZdZeejdddZeejdddZeejddd Zeejdd d Z ejdddZ eejdddZ dS) OCSPRequestrbytescCdSz3 The hash of the issuer public key Nrr9rrrissuer_key_hashzOCSPRequest.issuer_key_hashcCr=z- The hash of the issuer name Nrr?rrrissuer_name_hashrAzOCSPRequest.issuer_name_hashrcCr=zK The hash algorithm used in the issuer name and key hashes Nrr?rrrhash_algorithmrAzOCSPRequest.hash_algorithmintcCr=zM The serial number of the cert whose status is being checked Nrr?rrr serial_numberrAzOCSPRequest.serial_numberencodingserialization.EncodingcCr=)z/ Serializes the request to DER Nrr9rIrrr public_bytesrAzOCSPRequest.public_bytesx509.ExtensionscCr=)zP The list of request extensions. Not single request extensions. Nrr?rrr extensionsrAzOCSPRequest.extensionsNrr<rrrrFrIrJrr<rrM) r rrpropertyabcabstractmethodr@rCrErHrLrNrrrrr;s$ r;) metaclassc@seZdZeejdddZeejdddZeejdd d Zeejdd d Z eejdddZ eejd ddZ eejd ddZ eejd!ddZ eejd"ddZdS)#OCSPSingleResponserr%cCr=zY The status of the certificate (an element from the OCSPCertStatus enum) Nrr?rrrcertificate_statusrAz%OCSPSingleResponse.certificate_statusr0cCr=z^ The date of when the certificate was revoked or None if not revoked. Nrr?rrrr1rAz"OCSPSingleResponse.revocation_timer3cCr=zi The reason the certificate was revoked or None if not specified or not revoked. Nrr?rrrr2rAz$OCSPSingleResponse.revocation_reasonr.cCr=z The most recent time at which the status being indicated is known by the responder to have been correct Nrr?rrrr-rAzOCSPSingleResponse.this_updatecCr=zC The time when newer information will be available Nrr?rrrr/rAzOCSPSingleResponse.next_updater<cCr=r>rr?rrrr@rAz"OCSPSingleResponse.issuer_key_hashcCr=rBrr?rrrrCrAz#OCSPSingleResponse.issuer_name_hashrcCr=rDrr?rrrrErAz!OCSPSingleResponse.hash_algorithmrFcCr=rGrr?rrrrHrAz OCSPSingleResponse.serial_numberNrr%rr0rr3rr.rOrPrQ)r rrrTrUrVrZr1r2r-r/r@rCrErHrrrrrXs8rXc@seZdZeejd@ddZeejdAddZeejdBd d ZeejdCd d Z eejdDddZ eejdDddZ eejdEddZ eejdFddZ eejdGddZeejdHddZeejdId d!ZeejdJd#d$ZeejdKd&d'ZeejdHd(d)ZeejdJd*d+ZeejdDd,d-ZeejdDd.d/ZeejdLd1d2ZeejdMd4d5ZeejdNd7d8ZeejdNd9d:ZejdOd=d>Zd?S)P OCSPResponser#typing.Iterator[OCSPSingleResponse]cCr=)z_ An iterator over the individual SINGLERESP structures in the response Nrr?rrr responsesrAzOCSPResponse.responsesrcCr=)zm The status of the response. This is a value from the OCSPResponseStatus enumeration Nrr?rrrresponse_statusrAzOCSPResponse.response_statusx509.ObjectIdentifiercCr=)zA The ObjectIdentifier of the signature algorithm Nrr?rrrsignature_algorithm_oidrAz$OCSPResponse.signature_algorithm_oidhashes.HashAlgorithm | NonecCr=)zX Returns a HashAlgorithm corresponding to the type of the digest signed Nrr?rrrsignature_hash_algorithm rAz%OCSPResponse.signature_hash_algorithmr<cCr=)z% The signature bytes Nrr?rrr signaturerAzOCSPResponse.signaturecCr=)z+ The tbsResponseData bytes Nrr?rrrtbs_response_bytesrAzOCSPResponse.tbs_response_byteslist[x509.Certificate]cCr=)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrr?rrr certificates rAzOCSPResponse.certificates bytes | NonecCr=)z2 The responder's key hash or None Nrr?rrrresponder_key_hash)rAzOCSPResponse.responder_key_hashx509.Name | NonecCr=)z. The responder's Name or None Nrr?rrrresponder_name0rAzOCSPResponse.responder_namer.cCr=)z4 The time the response was produced Nrr?rrr produced_at7rAzOCSPResponse.produced_atr%cCr=rYrr?rrrrZ>rAzOCSPResponse.certificate_statusr0cCr=r[rr?rrrr1ErAzOCSPResponse.revocation_timer3cCr=r\rr?rrrr2MrAzOCSPResponse.revocation_reasoncCr=r]rr?rrrr-UrAzOCSPResponse.this_updatecCr=r^rr?rrrr/]rAzOCSPResponse.next_updatecCr=r>rr?rrrr@drAzOCSPResponse.issuer_key_hashcCr=rBrr?rrrrCkrAzOCSPResponse.issuer_name_hashrcCr=rDrr?rrrrErrAzOCSPResponse.hash_algorithmrFcCr=rGrr?rrrrHyrAzOCSPResponse.serial_numberrMcCr=)zR The list of response extensions. Not single response extensions. Nrr?rrrrNrAzOCSPResponse.extensionscCr=)zR The list of single response extensions. Not response extensions. Nrr?rrrsingle_extensionsrAzOCSPResponse.single_extensionsrIrJcCr=)z0 Serializes the response to DER NrrKrrrrLrAzOCSPResponse.public_bytesN)rrd)rr)rrg)rrirO)rrm)rro)rrqrbr_r`rarPrQrSrR)r rrrTrUrVrerfrhrjrkrlrnrprrrsrZr1r2r-r/r@rCrErHrNrtrLrrrrrcsrcc@sFeZdZddgfd#d d Zd$ddZd%ddZd&ddZd'd!d"ZdS)(OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | NonerN(list[x509.Extension[x509.ExtensionType]]rr cCs||_||_||_dSN)_request _request_hash _extensions)r9rvrxrNrrrr:s  zOCSPRequestBuilder.__init__r)r*r+rrcCsZ|jdus |jdurtdt|t|tjrt|tjs"tdt|||f|j|j S)N.Only one certificate can be added to a requestr4) r|r}r#r$r!rr5r6rur~)r9r)r+rrrradd_certificatesz"OCSPRequestBuilder.add_certificaterCr<r@rHrFcCs|jdus |jdurtdt|tstdt|td|td||j t |ks5|j t |kr9tdt |j||||f|j S)Nrz serial_number must be an integerrCr@z`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) r|r}r#r!rFr6r$r _check_bytes digest_sizelenrur~)r9rCr@rHrrrradd_certificate_by_hashs&    z*OCSPRequestBuilder.add_certificate_by_hashextvalx509.ExtensionTypecriticalboolcCsJt|tjs tdt|j||}t||jt|j |j g|j|SNz"extension must be an ExtensionType) r!r ExtensionTyper6 Extensionoidr r~rur|r}r9rr extensionrrr add_extensions  z OCSPRequestBuilder.add_extensionr;cCs&|jdur|jdurtdt|S)Nz*You must add a certificate before building)r|r}r#rZcreate_ocsp_requestr?rrrbuilds zOCSPRequestBuilder.build)rvrwrxryrNrzrr )r)r*r+r*rrrru) rCr<r@r<rHrFrrrru)rrrrrru)rr;)r rrr:rrrrrrrrrus    ruc@s`eZdZdddgfd5d d Zd6ddZd7d d!Zd8d#d$Zd9d)d*Zd:d/d0Ze d;d3d4Z dS)<OCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | NonerNrzcCs||_||_||_||_dSr{) _response _responder_id_certsr~)r9rrrrNrrrr:s zOCSPResponseBuilder.__init__r)r*r+rrr,r%r-r.r/r0r1r2r3rc Cs<|jdur tdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rr#r(rrrr~) r9r)r+rr,r-r/r1r2Z singleresprrr add_responses$  z OCSPResponseBuilder.add_responserIr responder_certcCsP|jdur tdt|tjstdt|tstdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr#r!rr5r6r rrrr~)r9rIrrrrrs   z OCSPResponseBuilder.responder_id!typing.Iterable[x509.Certificate]cCs\|jdur tdt|}t|dkrtdtdd|Ds$tdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjVqdSr{)r!rr5).0xrrr 1sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rr#listrallr6rrrr~)r9rrrrrn)s  z OCSPResponseBuilder.certificatesrrrrcCsNt|tjs tdt|j||}t||jt|j |j |j g|j|Sr) r!rrr6rrr r~rrrrrrrrr:s   z!OCSPResponseBuilder.add_extension private_keyrrirccCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr#rrcreate_ocsp_responserr)r9rrrrrsignJs   zOCSPResponseBuilder.signrfrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r!rr6rr#rr)clsrfrrrbuild_unsuccessfulXs  z&OCSPResponseBuilder.build_unsuccessful)rrrrrrrNrz)r)r*r+r*rrr,r%r-r.r/r0r1r0r2r3rr)rIr rr*rr)rrrr)rrrrrr)rrrrirrc)rfrrrc) r rrr:rrrnrr classmethodrrrrrrs    r)rrrr )' __future__rrUr7typingZ cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baser r r Enumr rSHA1SHA224SHA256SHA384SHA512r"r$r%r(ABCMetar;rXrcrurZload_der_ocsp_requestZload_der_ocsp_responserrrrs8     F+D%T}