o )%a/Y@sddlZddlZddlZddlmZmZddlmZddlm Z m Z m Z ddl m Z mZmZmZmZddlmZmZddlmZmZddlmZdd lmZGd d d ejZGd d d ejZe ej!Gddde"Z#e ej$Gddde"Z%e ej&j'Gddde"Z(dS)N)utilsx509)UnsupportedAlgorithm)dsaecrsa)_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc _txt2obj_gc)hashes serialization)_PUBLIC_KEY_TYPES) _ASN1Typec@sleZdZUejed<ddZddZdede fdd Z dede fd d Z de fd d Z ddZdejdefddZedZede fddZdefddZedejfddZedejfddZedejfddZedejfddZ edej!ejfd d!Z"edej#fd"d#Z$ej%dej&fd$d%Z'edefd&d'Z(edefd(d)Z)d*e*j+defd+d,Z,d-S). _Certificate_ocsp_resp_refcCsZ||_||_|jj|j}|dkrtjj|_dS|dkr$tjj|_dSt d ||)Nrz{} is not a valid X509 version) _backend_x509_libX509_get_versionrVersionv1_versionv3InvalidVersionformat)selfbackend x509_certversionr$K/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/x509.py__init__!s z_Certificate.__init__cCs d|jS)Nz)rsubjectr r$r$r%__repr__/s z_Certificate.__repr__otherreturncC*t|tstS|jj|j|j}|dkSNr) isinstancerNotImplementedrrX509_cmprr r*resr$r$r%__eq__2 z_Certificate.__eq__cC ||k SNr$r r*r$r$r%__ne__9 z_Certificate.__ne__cCt|tjjSr6hash public_bytesrEncodingDERr(r$r$r%__hash__<z_Certificate.__hash__cCs|Sr6r$)r memor$r$r% __deepcopy__?sz_Certificate.__deepcopy__ algorithmcCs*t||j}||tjj|Sr6) rHashrupdater=rr>r?finalize)r rDhr$r$r% fingerprintBsz_Certificate.fingerprintrcC2|jj|j}|j||jjjkt|j|Sr6)rrX509_get_serialNumberropenssl_assert_ffiNULLrr asn1_intr$r$r% serial_numberI z_Certificate.serial_numbercCsR|jj|j}||jjjkr|jtd|jj||jjj }|j |S)Nz,Certificate public key is of an unknown type) rrX509_get_pubkeyrrMrN_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_keyr pkeyr$r$r% public_keyOs   z_Certificate.public_keycC|jj|j}t|j|Sr6)rrX509_get0_notBeforerr r asn1_timer$r$r%not_valid_beforeZ z_Certificate.not_valid_beforecCr\r6)rrX509_get0_notAfterrr r^r$r$r%not_valid_after_raz_Certificate.not_valid_aftercCrJr6)rrX509_get_issuer_namerrLrMrNr r issuerr$r$r%rfdrRz_Certificate.issuercCrJr6)rrX509_get_subject_namerrLrMrNr r r'r$r$r%r'jrRz_Certificate.subjectcC0|j}ztj|WStytd|wNz)Signature algorithm OID:{} not recognizedsignature_algorithm_oidr_SIG_OIDS_TO_HASHKeyErrorrrr oidr$r$r%signature_hash_algorithmp  z%_Certificate.signature_hash_algorithmcCs^|jjd}|jj|jjj||j|j|d|jjjkt|j|dj }t |SNz X509_ALGOR **r) rrMnewrX509_get0_signaturerNrrLr rDrObjectIdentifierr algrpr$r$r%rl| z$_Certificate.signature_algorithm_oidcC|jj|jSr6)r_certificate_extension_parserparserr(r$r$r% extensionsz_Certificate.extensionscCsR|jjd}|jj||jjj|j|j|d|jjjkt|j|dSNzASN1_BIT_STRING **r) rrMrtrrurNrrLr r sigr$r$r% signature z_Certificate.signaturecdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nunsigned char **rcjj|dSr-rr OPENSSL_freepointerr(r$r%z4_Certificate.tbs_certificate_bytes..) rrMrtri2d_re_X509_tbsrrLrVbufferr ppr2r$r(r%tbs_certificate_bytes z"_Certificate.tbs_certificate_bytesencodingcCn|j}|tjjur|jj||j}n|tjjur%|jj ||j}nt d|j |dk|j |SNz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr>PEMrPEM_write_bio_X509rr? i2d_X509_bio TypeErrorrL _read_mem_bior rbior2r$r$r%r=s    z_Certificate.public_bytesN)-__name__ __module__ __qualname__typingAny__annotations__r&r)objectboolr3r8intr@rCr HashAlgorithmbytesrIrread_only_propertyr#propertyrQrr[datetimer`rcrNamerfr'Optionalrqrvrlcached_property Extensionsr}rrrr>r=r$r$r$r%rsD        rc@sPeZdZddZedefddZedejfddZe j de j fdd Z d S) _RevokedCertificatecC||_||_||_dSr6)r_crl _x509_revoked)r r!crl x509_revokedr$r$r%r&s z_RevokedCertificate.__init__r+cCrJr6)rrX509_REVOKED_get0_serialNumberrrLrMrNrrOr$r$r%rQs  z!_RevokedCertificate.serial_numbercCst|j|jj|jSr6)r rr X509_REVOKED_get0_revocationDaterr(r$r$r%revocation_dates z#_RevokedCertificate.revocation_datecCrzr6)r_revoked_cert_extension_parserr|rr(r$r$r%r}sz_RevokedCertificate.extensionsN)rrrr&rrrQrrrrrrr}r$r$r$r%rs rc@sdeZdZddZdedefddZdedefddZd ej de fd d Z e j d d ZdedejejfddZedejej fddZedejfddZedejfddZedejfddZedejfddZede fddZede fddZde j!de fd d!Z"d"d#Z#d$d%Z$d&d'Z%defd(d)Z&e j dej'fd*d+Z(d,e)defd-d.Z*d/S)0_CertificateRevocationListcC||_||_dSr6)r _x509_crl)r r!x509_crlr$r$r%r& z#_CertificateRevocationList.__init__r*r+cCr,r-)r.rr/rr X509_CRL_cmprr1r$r$r%r3r4z!_CertificateRevocationList.__eq__cCr5r6r$r7r$r$r%r8r9z!_CertificateRevocationList.__ne__rDcCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nr) rrErrri2d_X509_CRL_biorrLrrFrG)r rDrHrr2derr$r$r%rIs   z&_CertificateRevocationList.fingerprintcCs@|jj|j}|j||jjjk|jj||jjj}|Sr6) rr X509_CRL_duprrLrMrNrV X509_CRL_free)r dupr$r$r% _sorted_crlsz&_CertificateRevocationList._sorted_crlrQcCsh|jjd}t|j|}|jj|j||}|dkrdS|j|d|jjjkt |j|j|dS)NzX509_REVOKED **r) rrMrtr rX509_CRL_get0_by_serialrrLrNr)r rQrevokedrPr2r$r$r%(get_revoked_certificate_by_serial_numbers zC_CertificateRevocationList.get_revoked_certificate_by_serial_numbercCrirjrkror$r$r%rqrrz3_CertificateRevocationList.signature_hash_algorithmcC^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Srs) rrMrtrX509_CRL_get0_signaturerrNrLr rDrrvrwr$r$r%rlryz2_CertificateRevocationList.signature_algorithm_oidcCrJr6)rrX509_CRL_get_issuerrrLrMrNr rer$r$r%rfrRz!_CertificateRevocationList.issuercCrJr6)rrX509_CRL_get0_nextUpdaterrLrMrNr )r nur$r$r% next_updaterRz&_CertificateRevocationList.next_updatecCrJr6)rrX509_CRL_get0_lastUpdaterrLrMrNr )r lur$r$r% last_update$rRz&_CertificateRevocationList.last_updatecCR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSr) rrMrtrrrrNrLr rr$r$r%r*rz$_CertificateRevocationList.signaturecr)Nrrcrr-rrr(r$r%r9rz?_CertificateRevocationList.tbs_certlist_bytes..) rrMrtri2d_re_X509_CRL_tbsrrLrVrrr$r(r%tbs_certlist_bytes3rz-_CertificateRevocationList.tbs_certlist_bytesrcCrr) rrrr>rrPEM_write_bio_X509_CRLrr?rrrLrrr$r$r%r==    z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||Sr6) rrX509_CRL_get_REVOKEDrsk_X509_REVOKED_valuerLrMrNr)r idxrrr$r$r% _revoked_certKsz(_CertificateRevocationList._revoked_certccs$tt|D]}||VqdSr6)rangelenr)r ir$r$r%__iter__Qsz#_CertificateRevocationList.__iter__cst|tr|t\}}}fddt|||DSt|}|dkr+|t7}d|kr8tks;tt|S)Ncsg|]}|qSr$)r).0rr(r$r% Xsz:_CertificateRevocationList.__getitem__..r) r.sliceindicesrroperatorindex IndexErrorr)r rstartstopstepr$r(r% __getitem__Us    z&_CertificateRevocationList.__getitem__cCs0|jj|j}||jjjkrdS|jj|Sr-)rrrrrMrNsk_X509_REVOKED_num)r rr$r$r%__len__asz"_CertificateRevocationList.__len__cCrzr6)r_crl_extension_parserr|rr(r$r$r%r}hr~z%_CertificateRevocationList.extensionsr[cCsLt|tjtjtjfstd|jj |j |j }|dkr$|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rFT)r.r _DSAPublicKeyr _RSAPublicKeyr_EllipticCurvePublicKeyrrrX509_CRL_verifyr _evp_pkeyrT)r r[r2r$r$r%is_signature_validls" z-_CertificateRevocationList.is_signature_validN)+rrrr&rrr3r8rrrrIrrrrrrrRevokedCertificaterrrqrvrlrrfrrrrrrr>r=rrrrrr}rrr$r$r$r%rsH          rc@s eZdZddZdedefddZdedefddZdefd d Z de fd d Z e de jfd dZe dejejfddZe de jfddZejde jfddZdejdefddZe defddZe defddZ e defddZ!de jdefdd Z"d!S)"_CertificateSigningRequestcCrr6)r _x509_req)r r!x509_reqr$r$r%r&rz#_CertificateSigningRequest.__init__r*r+cCs2t|tstS|tjj}|tjj}||kSr6)r.rr/r=rr>r?)r r* self_bytes other_bytesr$r$r%r3s z!_CertificateSigningRequest.__eq__cCr5r6r$r7r$r$r%r8r9z!_CertificateSigningRequest.__ne__cCr:r6r;r(r$r$r%r@rAz#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |Sr6) rrX509_REQ_get_pubkeyrrLrMrNrVrWrXrYr$r$r%r[s z%_CertificateSigningRequest.public_keycCrJr6)rrX509_REQ_get_subject_namerrLrMrNr rhr$r$r%r'rRz"_CertificateSigningRequest.subjectcCrirjrkror$r$r%rqrrz3_CertificateSigningRequest.signature_hash_algorithmcCrrs) rrMrtrX509_REQ_get0_signaturerrNrLr rDrrvrwr$r$r%rlryz2_CertificateSigningRequest.signature_algorithm_oidcs6jjj}jj|fdd}jj|S)Ncs"jj|jjjjjdS)NX509_EXTENSION_free)rrsk_X509_EXTENSION_pop_freerM addressof _original_lib)xr(r$r%rs  z7_CertificateSigningRequest.extensions..)rrX509_REQ_get_extensionsrrMrV_csr_extension_parserr|)r x509_extsr$r(r%r}s   z%_CertificateSigningRequest.extensionsrcCrr) rrrr>rrPEM_write_bio_X509_REQrr?i2d_X509_REQ_biorrLrrr$r$r%r=rz'_CertificateSigningRequest.public_bytescr)Nrrcrr-rrr(r$r%rrzB_CertificateSigningRequest.tbs_certrequest_bytes..) rrMrtri2d_re_X509_REQ_tbsrrLrVrrr$r(r%tbs_certrequest_bytesrz0_CertificateSigningRequest.tbs_certrequest_bytescCrr) rrMrtrrrrNrLr rr$r$r%rrz$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkr2|j dSdS)NrFT) rrrrrLrMrNrVrWX509_REQ_verifyrT)r rZr2r$r$r%rs z-_CertificateSigningRequest.is_signature_validrpcCs t|j|j}|jj|j|d}|dkrtd|||jj |j|}|j ||jj j k|j |jj |dk|jj|d}|j ||jj j k|jtjjtjjtjjfvritd||j|jj|d|j|jj j }|j ||jj j k|jj d|}t|j|S)NzNo {} attribute was foundrrz&OID {} has a disallowed ASN.1 type: {}z ASN1_STRING *)rr dotted_stringrX509_REQ_get_attr_by_OBJrrAttributeNotFoundrX509_REQ_get_attrrLrMrNX509_ATTRIBUTE_countX509_ATTRIBUTE_get0_typetyper UTF8StringvaluePrintableString IA5StringrUX509_ATTRIBUTE_get0_datacastr )r rpobjposattr asn1_typedatar$r$r%get_attribute_for_oids>  z0_CertificateSigningRequest.get_attribute_for_oidN)#rrrr&rrr3r8rr@rr[rrrr'rrrrrqrvrlrrrr}rr>rr=r rrrr$r$r$r%rs0       rc@seZdZddZedejjfddZede fddZ ede j fdd Z edejj fd d Zed d ZdefddZdedefddZdedefddZdS)_SignedCertificateTimestampcCrr6)r _sct_list_sct)r r!sct_listsctr$r$r%r&$s z$_SignedCertificateTimestamp.__init__r+cC,|jj|j}||jjjksJtjjjSr6) rrSCT_get_versionr!SCT_VERSION_V1rcertificate_transparencyrr)r r#r$r$r%r#*s z#_SignedCertificateTimestamp.versioncCsH|jjd}|jj|j|}|dksJ|jj|d|ddSNrr)rrMrtrSCT_get0_log_idr!r)r out log_id_lengthr$r$r%log_id0s z"_SignedCertificateTimestamp.log_idcCs4|jj|j}|d}tj|dj|ddS)Ni) microsecond)rrSCT_get_timestampr!rutcfromtimestampreplace)r timestamp millisecondsr$r$r%r17s z%_SignedCertificateTimestamp.timestampcCr$r6) rrSCT_get_log_entry_typer!CT_LOG_ENTRY_TYPE_PRECERTrr' LogEntryTypePRE_CERTIFICATE)r entry_typer$r$r%r7?s z&_SignedCertificateTimestamp.entry_typecCsf|jjd}|jj|j|}|j|dk|j|d|jjjk|jj|d|ddSr() rrMrtrSCT_get0_signaturer!rLrNr)r ptrptrr2r$r$r% _signatureGs z&_SignedCertificateTimestamp._signaturecCs t|jSr6)r<r:r(r$r$r%r@Or9z$_SignedCertificateTimestamp.__hash__r*cCst|tstS|j|jkSr6)r.rr/r:r7r$r$r%r3Rs  z"_SignedCertificateTimestamp.__eq__cCr5r6r$r7r$r$r%r8Xr9z"_SignedCertificateTimestamp.__ne__N)rrrr&rrr'rr#rr,rr1r5r7r:rr@rrr3r8r$r$r$r%r s r))rrr cryptographyrrcryptography.exceptionsr$cryptography.hazmat.backends.opensslrrr0cryptography.hazmat.backends.openssl.decode_asn1rr r r r 0cryptography.hazmat.backends.openssl.encode_asn1r rcryptography.hazmat.primitivesrrcryptography.x509.basercryptography.x509.namer Certificaterrrregister_interfaceCertificateRevocationListrrCertificateSigningRequestrr'SignedCertificateTimestamprr$r$r$r%s0    % 5