o )%a9ã@sÐddlZddlZddlmZmZddlmZddlmZm Z m Z m Z m Z m Z ddlmZddlmZmZddlmZmZmZmZmZmZmZdd „Zd d „Zd d „Zdd„ZGdd„deƒZGdd„deƒZ dS)éN)ÚutilsÚx509)ÚUnsupportedAlgorithm)Ú_CRL_ENTRY_REASON_CODE_TO_ENUMÚ_asn1_integer_to_intÚ_asn1_string_to_bytesÚ_decode_x509_nameÚ_obj2txtÚ_parse_asn1_generalized_time)Ú _Certificate)ÚhashesÚ serialization)ÚOCSPCertStatusÚ OCSPRequestÚ OCSPResponseÚOCSPResponseStatusÚ_CERT_STATUS_TO_ENUMÚ _OIDS_TO_HASHÚ_RESPONSE_STATUS_TO_ENUMcCs^|j d¡}|j |jj|jj||jj|¡}| |dk¡| |d|jjk¡t||dƒS©NúASN1_OCTET_STRING **ér©Ú_ffiÚnewÚ_libÚOCSP_id_get0_infoÚNULLÚopenssl_assertr)ÚbackendÚcert_idÚkey_hashÚres©r#úK/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ocsp.pyÚ_issuer_key_hashs ûr%cCs^|j d¡}|j ||jj|jj|jj|¡}| |dk¡| |d|jjk¡t||dƒSrr)rr Ú name_hashr"r#r#r$Ú_issuer_name_hash-s ûr'cCs^|j d¡}|j |jj|jj|jj||¡}| |dk¡| |d|jjk¡t||dƒS)NzASN1_INTEGER **rr)rrrrrrr)rr Únumr"r#r#r$Ú_serial_number;s ÿr)cCs†|j d¡}|j |jj||jj|jj|¡}| |dk¡| |d|jjk¡t||dƒ}zt|WStyBt d  |¡ƒ‚w)NzASN1_OBJECT **rrz*Signature algorithm OID: {} not recognized) rrrrrrr rÚKeyErrorrÚformat)rr Úasn1objr"Úoidr#r#r$Ú_hash_algorithmEs$ û  ÿÿr.c@sàeZdZdd„Ze d¡Zd3dd„Zede j fdd „ƒZ ede j ejfd d „ƒZedefd d „ƒZedefdd„ƒZede je jfdd„ƒZede j efdd„ƒZede j e jfdd„ƒZdd„Zedejfdd„ƒZedefdd„ƒZede j ejfdd„ƒZede j e j fdd„ƒZ!edejfd d!„ƒZ"ede j ejfd"d#„ƒZ#edefd$d%„ƒZ$edefd&d'„ƒZ%edejfd(d)„ƒZ&ede'fd*d+„ƒZ(ej)de j*fd,d-„ƒZ+ej)de j*fd.d/„ƒZ,d0e-j.defd1d2„Z/dS)4Ú _OCSPResponsecCs||_||_|jj |j¡}|j |tv¡t||_|jtjur€|jj  |j¡}|j ||jj j k¡|jj   ||jjj ¡|_|jj |j¡}|dkrStd |¡ƒ‚|jj |jd¡|_|j |j|jj j k¡|jj |j¡|_|j |j|jj j k¡dSdS)NrzhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)Ú_backendÚ_ocsp_responserÚOCSP_response_statusrrÚ_statusrÚ SUCCESSFULÚOCSP_response_get1_basicrrÚgcÚOCSP_BASICRESP_freeÚ_basicÚOCSP_resp_countÚ ValueErrorr+ÚOCSP_resp_get0Ú_singleÚOCSP_SINGLERESP_get0_idÚ_cert_id)ÚselfrÚ ocsp_responseÚstatusÚbasicÚnum_respr#r#r$Ú__init__Zs<  ÿ ÿýÿÿÿêz_OCSPResponse.__init__r3ÚreturnNcCs|jtjkr tdƒ‚dS)NzCOCSP response status is not successful so the property has no value)Úresponse_statusrr4r:©r?r#r#r$Ú_requires_successful_response|s ÿÿz+_OCSPResponse._requires_successful_responsecCsF| ¡|jj |j¡}|j ||jjjk¡t|j|j ƒ}t   |¡S©N) rHr0rÚOCSP_resp_get0_tbs_sigalgr8rrrr Ú algorithmrÚObjectIdentifier)r?Úalgr-r#r#r$Úsignature_algorithm_oidƒs  z%_OCSPResponse.signature_algorithm_oidcCs8| ¡|j}ztj|WStytd |¡ƒ‚w)Nz)Signature algorithm OID:{} not recognized)rHrNrÚ_SIG_OIDS_TO_HASHr*rr+)r?r-r#r#r$Úsignature_hash_algorithm‹s  ÿÿz&_OCSPResponse.signature_hash_algorithmcCs:| ¡|jj |j¡}|j ||jjjk¡t|j|ƒSrI) rHr0rÚOCSP_resp_get0_signaturer8rrrr)r?Úsigr#r#r$Ú signature˜s z_OCSPResponse.signaturecsªˆ ¡ˆjj ˆj¡}ˆj |ˆjjjk¡ˆjj d¡}ˆjj  ||¡}ˆj |dˆjjjk¡ˆjj  |‡fdd„¡}ˆj |dk¡ˆjj  |d|¡dd…S)Nzunsigned char **rcsˆjj |d¡S)Nr)r0rÚ OPENSSL_free)ÚpointerrGr#r$Ú¨sz2_OCSPResponse.tbs_response_bytes..) rHr0rÚOCSP_resp_get0_respdatar8rrrrÚi2d_OCSP_RESPDATAr6Úbuffer)r?ÚrespdataÚppr"r#rGr$Útbs_response_bytesŸs ÿz _OCSPResponse.tbs_response_bytescCs~| ¡|jj |j¡}|jj |¡}g}t|ƒD]#}|jj ||¡}|j ||jj j k¡t |j|ƒ}||_ |  |¡q|SrI)rHr0rÚOCSP_resp_get0_certsr8Ú sk_X509_numÚrangeÚ sk_X509_valuerrrr Ú_ocsp_resp_refÚappend)r?Úsk_x509r(ÚcertsÚiÚx509_ptrÚcertr#r#r$Ú certificates­s   z_OCSPResponse.certificatescCs2| ¡| ¡\}}||jjjkrdSt|j|ƒSrI)rHÚ_responder_key_namer0rrr)r?Ú_Ú asn1_stringr#r#r$Úresponder_key_hash¿ó   z _OCSPResponse.responder_key_hashcCs2| ¡| ¡\}}||jjjkrdSt|j|ƒSrI)rHrir0rrr)r?Ú x509_namerjr#r#r$Úresponder_nameÈrmz_OCSPResponse.responder_namecCsP|jj d¡}|jj d¡}|jj |j||¡}|j |dk¡|d|dfS)Nrz X509_NAME **rr)r0rrrÚOCSP_resp_get0_idr8r)r?rkrnr"r#r#r$riÑsÿz!_OCSPResponse._responder_key_namecCs$| ¡|jj |j¡}t|j|ƒSrI)rHr0rÚOCSP_resp_get0_produced_atr8r )r?Ú produced_atr#r#r$rrÚs ÿ z_OCSPResponse.produced_atcCsP| ¡|jj |j|jjj|jjj|jjj|jjj¡}|j |tv¡t|SrI) rHr0rÚOCSP_single_get0_statusr<rrrr)r?rAr#r#r$Úcertificate_statusâsûz _OCSPResponse.certificate_statuscCsz| ¡|jtjur dS|jj d¡}|jj |j |jjj ||jjj |jjj ¡|j  |d|jjj k¡t |j|dƒS©NzASN1_GENERALIZEDTIME **r) rHrtrÚREVOKEDr0rrrrsr<rrr ©r?Ú asn1_timer#r#r$Úrevocation_timeïs ûz_OCSPResponse.revocation_timecCs€| ¡|jtjur dS|jj d¡}|jj |j ||jjj |jjj |jjj ¡|ddkr0dS|j  |dt v¡t |dS)Nzint *réÿÿÿÿ) rHrtrrvr0rrrrsr<rrr)r?Ú reason_ptrr#r#r$Úrevocation_reasons" û  ÿ z_OCSPResponse.revocation_reasoncCsj| ¡|jj d¡}|jj |j|jjj|jjj||jjj¡|j |d|jjjk¡t |j|dƒSru) rHr0rrrrsr<rrr rwr#r#r$Ú this_updatesûz_OCSPResponse.this_updatecCsf| ¡|jj d¡}|jj |j|jjj|jjj|jjj|¡|d|jjjkr1t|j|dƒSdSru) rHr0rrrrsr<rr rwr#r#r$Ú next_update%sûz_OCSPResponse.next_updatecCó| ¡t|j|jƒSrI)rHr%r0r>rGr#r#r$Úissuer_key_hash5óz_OCSPResponse.issuer_key_hashcCrrI)rHr'r0r>rGr#r#r$Úissuer_name_hash:rz_OCSPResponse.issuer_name_hashcCrrI)rHr.r0r>rGr#r#r$Úhash_algorithm?rz_OCSPResponse.hash_algorithmcCrrI)rHr)r0r>rGr#r#r$Ú serial_numberDrz_OCSPResponse.serial_numbercCó| ¡|jj |j¡SrI)rHr0Ú_ocsp_basicresp_ext_parserÚparser8rGr#r#r$Ú extensionsIóz_OCSPResponse.extensionscCr…rI)rHr0Ú_ocsp_singleresp_ext_parserr‡r<rGr#r#r$Úsingle_extensionsNr‰z_OCSPResponse.single_extensionsÚencodingcCóL|tjjur tdƒ‚|j ¡}|jj ||j¡}|j  |dk¡|j  |¡S©Nz/The only allowed encoding value is Encoding.DERr) r ÚEncodingÚDERr:r0Ú_create_mem_bio_gcrÚi2d_OCSP_RESPONSE_bior1rÚ _read_mem_bio©r?rŒÚbior"r#r#r$Ú public_bytesSs  ÿ z_OCSPResponse.public_bytes)rEN)0Ú__name__Ú __module__Ú __qualname__rDrÚread_only_propertyrFrHÚpropertyrrLrNÚtypingÚOptionalr Ú HashAlgorithmrPÚbytesrSr\ÚListÚ CertificaterhrlÚNameroriÚdatetimerrrrtryÚ ReasonFlagsr|r}r~r€r‚rƒÚintr„Úcached_propertyÚ Extensionsrˆr‹r rr–r#r#r#r$r/Ys\   þ     r/c@sˆeZdZdd„Zedefdd„ƒZedefdd„ƒZedefdd „ƒZ ede j fd d „ƒZ e jdejfd d „ƒZdejdefdd„ZdS)Ú _OCSPRequestcCs~|j |¡dkr tdƒ‚||_||_|jj |jd¡|_|j |j|jjj k¡|jj  |j¡|_ |j |j |jjj k¡dS)Nrz+OCSP request contains more than one requestr) rÚOCSP_request_onereq_countÚNotImplementedErrorr0Ú _ocsp_requestÚOCSP_request_onereq_get0Ú_requestrrrÚOCSP_onereq_get0_idr>)r?rÚ ocsp_requestr#r#r$rD`sÿÿz_OCSPRequest.__init__rEcCót|j|jƒSrI)r%r0r>rGr#r#r$r€nóz_OCSPRequest.issuer_key_hashcCr°rI)r'r0r>rGr#r#r$r‚rr±z_OCSPRequest.issuer_name_hashcCr°rI)r)r0r>rGr#r#r$r„vr±z_OCSPRequest.serial_numbercCr°rI)r.r0r>rGr#r#r$rƒzr±z_OCSPRequest.hash_algorithmcCs|jj |j¡SrI)r0Ú_ocsp_req_ext_parserr‡r«rGr#r#r$rˆ~sz_OCSPRequest.extensionsrŒcCrrŽ) r rrr:r0r‘rÚi2d_OCSP_REQUEST_bior«rr“r”r#r#r$r–‚s   z_OCSPRequest.public_bytesN)r—r˜r™rDr›rŸr€r‚r¥r„r ržrƒrr¦rr§rˆr rr–r#r#r#r$r¨_sr¨)!r£rœÚ cryptographyrrÚcryptography.exceptionsrÚ0cryptography.hazmat.backends.openssl.decode_asn1rrrrr r Ú)cryptography.hazmat.backends.openssl.x509r Úcryptography.hazmat.primitivesr r Úcryptography.x509.ocsprrrrrrrr%r'r)r.r/r¨r#r#r#r$Ús    $