U EZh @s ddlZddlZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZmZmZmZmZddlmZmZmZddlmZmZmZmZddlmZmZdd l m!Z!ed d d Z"ej#e j$e j%e j&e j'e j(e j)e j*e j+fZ,Gd d d e-Z.eeej/eeddddZ0e!ej/ej1e!e2ej3e4fddddZ5ejejdddZ6GdddZ7GdddZ8Gdddej9Z:Gddde-Z;Gdd d ejej=Gd"d#d#ejej?Gd$d%d%e?Z@Gd&d'd'ejejAGd(d)d)ejejBdEe2ejCe=d*d+d,ZDe2ej/e=d-d.d/ZEdFe2ejCe=d*d0d1ZFdGe2ejCeBd*d2d3ZGdHe2ejCeBd*d4d5ZHdIe2ejCeAd*d6d7ZIdJe2ejCeAd*d8d9ZJGd:d;d;ZKGdd?d?ZMGd@dAdAZNe4dBdCdDZOdS)KN)utils)x509)hashes serialization)dsaeced448ed25519rsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifierics&eZdZeeddfdd ZZS)AttributeNotFoundN)msgoidreturncst|||_dSN)super__init__r)selfrr __class__]/home/aprabhat/apps/x.techxrdev.in/venv/lib/python3.8/site-packages/cryptography/x509/base.pyr6s zAttributeNotFound.__init__)__name__ __module__ __qualname__strrr __classcell__r"r"r r#r5sr) extension extensionsrcCs"|D]}|j|jkrtdqdS)Nz$This extension has already been set.)r ValueError)r)r*er"r"r#_reject_duplicate_extension;s r-)r attributesrcCs$|D]\}}}||krtdqdS)Nz$This attribute has already been set.)r+)rr.Zattr_oid_r"r"r#_reject_duplicate_attributeEsr0timercCs:|jdk r2|}|r|nt}|jdd|S|SdS)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. N)tzinfo)r3 utcoffsetdatetime timedeltareplace)r2offsetr"r"r#_convert_to_naive_utc_timeQs  r9c@sxeZdZejjfeeeddddZ e edddZ e eddd Ze dd d Z eed d dZedddZdS) AttributeN)rvalue_typercCs||_||_||_dSr)_oid_valuer<)rrr;r<r"r"r#r`szAttribute.__init__rcCs|jSr)r=rr"r"r#rjsz Attribute.oidcCs|jSr)r>r@r"r"r#r;nszAttribute.valuecCsd|jd|jdS)Nz)rr;r@r"r"r#__repr__rszAttribute.__repr__otherrcCs2t|tstS|j|jko0|j|jko0|j|jkSr) isinstancer:NotImplementedrr;r<rrDr"r"r#__eq__us    zAttribute.__eq__cCst|j|j|jfSr)hashrr;r<r@r"r"r#__hash__szAttribute.__hash__)r$r%r&rZ UTF8Stringr;rbytesintrpropertyrr'rBobjectboolrHrJr"r"r"r#r:_s  r:c@sNeZdZejeddddZed\ZZ Z e dddZ e ed d d ZdS) AttributesN)r.rcCst||_dSr)list _attributes)rr.r"r"r#rszAttributes.__init__rRr?cCsd|jdS)Nz Not after time (represented as UTC datetime) Nr"r@r"r"r#not_valid_afterszCertificate.not_valid_aftercCsdS)z1 Returns the issuer name object. Nr"r@r"r"r#issuerszCertificate.issuercCsdSz2 Returns the subject name object. Nr"r@r"r"r#subjectszCertificate.subjectcCsdSzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. Nr"r@r"r"r#signature_hash_algorithmsz$Certificate.signature_hash_algorithmcCsdSzJ Returns the ObjectIdentifier of the signature algorithm. Nr"r@r"r"r#signature_algorithm_oidsz#Certificate.signature_algorithm_oidcCsdS)z/ Returns an Extensions object. Nr"r@r"r"r#r*szCertificate.extensionscCsdSz. Returns the signature bytes. Nr"r@r"r"r# signatureszCertificate.signaturecCsdS)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. Nr"r@r"r"r#tbs_certificate_bytessz!Certificate.tbs_certificate_bytescCsdS)zh Returns the tbsCertificate payload bytes with the SCT list extension stripped. Nr"r@r"r"r#tbs_precertificate_bytessz$Certificate.tbs_precertificate_bytesrCcCsdSz" Checks equality. Nr"rGr"r"r#rHszCertificate.__eq__cCsdSz" Computes a hash. Nr"r@r"r"r#rJ szCertificate.__hash__encodingrcCsdS)zB Serializes the certificate to PEM or DER format. Nr"rrzr"r"r# public_bytesszCertificate.public_bytesN)rlrcCsdS)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nr")rrlr"r"r#verify_directly_issued_bysz%Certificate.verify_directly_issued_by)(r$r%r&abcabstractmethodr HashAlgorithmrKrerMrLrfr[rgrrir5rjrkrrlrnrVOptionalrprrrrr*rtrurvrNrOrHrJrEncodingr|r}r"r"r"r#r`sb r`) metaclassc@sVeZdZeejedddZeejejdddZ eeje dddZ dS) RevokedCertificater?cCsdS)zG Returns the serial number of the revoked certificate. Nr"r@r"r"r#rf'sz RevokedCertificate.serial_numbercCsdS)zH Returns the date of when this certificate was revoked. Nr"r@r"r"r#revocation_date.sz"RevokedCertificate.revocation_datecCsdS)zW Returns an Extensions object containing a list of Revoked extensions. Nr"r@r"r"r#r*5szRevokedCertificate.extensionsN) r$r%r&rMr~rrLrfr5rrr*r"r"r"r#r&src@sXeZdZeejedddZeedddZeejdddZ eedd d Z d S) _RawRevokedCertificaterfrr*cCs||_||_||_dSr_serial_number_revocation_date _extensionsrrfrr*r"r"r#rBsz_RawRevokedCertificate.__init__r?cCs|jSr)rr@r"r"r#rfLsz$_RawRevokedCertificate.serial_numbercCs|jSr)rr@r"r"r#rPsz&_RawRevokedCertificate.revocation_datecCs|jSr)rr@r"r"r#r*Tsz!_RawRevokedCertificate.extensionsN) r$r%r&rLr5rrrMrfrr*r"r"r"r#rAs rc@seZdZejejedddZeje j edddZ eje e jeddd Zeeje je j d d d Zeejed d dZeejed ddZeeje jejd ddZeejejd ddZeejed ddZeejed ddZeejed ddZejeedddZ eje d ddZ!e j"e ed d!d"Z#e j"e$e j%ed d#d"Z#eje j&e e$fe j&ee j%efd d$d"Z#eje j'ed d%d&Z(eje)ed'd(d)Z*d*S)+CertificateRevocationListrycCsdS)z: Serializes the CRL to PEM or DER format. Nr"r{r"r"r#r|Zsz&CertificateRevocationList.public_bytesracCsdSrcr"rdr"r"r#re`sz%CertificateRevocationList.fingerprint)rfrcCsdS)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nr")rrfr"r"r#(get_revoked_certificate_by_serial_numberfszBCertificateRevocationList.get_revoked_certificate_by_serial_numberr?cCsdSror"r@r"r"r#rposz2CertificateRevocationList.signature_hash_algorithmcCsdSrqr"r@r"r"r#rrysz1CertificateRevocationList.signature_algorithm_oidcCsdS)zC Returns the X509Name with the issuer of this CRL. Nr"r@r"r"r#rlsz CertificateRevocationList.issuercCsdS)z? Returns the date of next update for this CRL. Nr"r@r"r"r# next_updatesz%CertificateRevocationList.next_updatecCsdS)z? Returns the date of last update for this CRL. Nr"r@r"r"r# last_updatesz%CertificateRevocationList.last_updatecCsdS)zS Returns an Extensions object containing a list of CRL extensions. Nr"r@r"r"r#r*sz$CertificateRevocationList.extensionscCsdSrsr"r@r"r"r#rtsz#CertificateRevocationList.signaturecCsdS)zO Returns the tbsCertList payload bytes as defined in RFC 5280. Nr"r@r"r"r#tbs_certlist_bytessz,CertificateRevocationList.tbs_certlist_bytesrCcCsdSrwr"rGr"r"r#rHsz CertificateRevocationList.__eq__cCsdS)z< Number of revoked certificates in the CRL. Nr"r@r"r"r#rXsz!CertificateRevocationList.__len__)idxrcCsdSrr"rrr"r"r#rZsz%CertificateRevocationList.__getitem__cCsdSrr"rr"r"r#rZscCsdS)zS Returns a revoked certificate (or slice of revoked certificates). Nr"rr"r"r#rZscCsdS)z8 Iterator over the revoked certificates Nr"r@r"r"r#rYsz"CertificateRevocationList.__iter__)rircCsdS)zQ Verifies signature of revocation list against given public key. Nr")rrir"r"r#is_signature_validsz,CertificateRevocationList.is_signature_validN)+r$r%r&r~rrrrKr|rrrerLrVrrrrMrprrrrrlr5rrrr*rtrrNrOrHrXoverloadrZsliceListUnionIteratorrYrrr"r"r"r#rYsf  rc@s@eZdZejeedddZejedddZ eje dddZ e eje dd d Ze ejejejdd d Ze ejedd dZe ejedddZe ejedddZejejedddZe ejedddZe ejedddZe ejedddZ ejeedddZ!dS) CertificateSigningRequestrCcCsdSrwr"rGr"r"r#rHsz CertificateSigningRequest.__eq__r?cCsdSrxr"r@r"r"r#rJsz"CertificateSigningRequest.__hash__cCsdSrhr"r@r"r"r#risz$CertificateSigningRequest.public_keycCsdSrmr"r@r"r"r#rnsz!CertificateSigningRequest.subjectcCsdSror"r@r"r"r#rpsz2CertificateSigningRequest.signature_hash_algorithmcCsdSrqr"r@r"r"r#rrsz1CertificateSigningRequest.signature_algorithm_oidcCsdS)z@ Returns the extensions in the signing request. Nr"r@r"r"r#r*sz$CertificateSigningRequest.extensionscCsdS)z/ Returns an Attributes object. Nr"r@r"r"r#r. sz$CertificateSigningRequest.attributesrycCsdS)z; Encodes the request to PEM or DER format. Nr"r{r"r"r#r|sz&CertificateSigningRequest.public_bytescCsdSrsr"r@r"r"r#rtsz#CertificateSigningRequest.signaturecCsdS)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. Nr"r@r"r"r#tbs_certrequest_bytessz/CertificateSigningRequest.tbs_certrequest_bytescCsdS)z8 Verifies signature of signing request. Nr"r@r"r"r#r&sz,CertificateSigningRequest.is_signature_validrScCsdS)z: Get the attribute value for a given OID. Nr")rrr"r"r#rU-sz/CertificateSigningRequest.get_attribute_for_oidN)"r$r%r&r~rrNrOrHrLrJrrirMrrnrVrrrrprrrrr*rPr.rrrKr|rtrrrUr"r"r"r#rsF r)databackendrcCs t|Sr) rust_x509load_pem_x509_certificaterrr"r"r#r9sr)rrcCs t|Sr)rload_pem_x509_certificates)rr"r"r#r?srcCs t|Sr)rload_der_x509_certificaterr"r"r#rDsrcCs t|Sr)rload_pem_x509_csrrr"r"r#rKsrcCs t|Sr)rload_der_x509_csrrr"r"r#rRsrcCs t|Sr)rload_pem_x509_crlrr"r"r#rYsrcCs t|Sr)rload_der_x509_crlrr"r"r#r`src @seZdZdggfejeejeeejej e e eje fdddZ eddddZeeddd d Zdd e e ejedd d dZdeejeejedddZdS) CertificateSigningRequestBuilderN) subject_namer*r.cCs||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_namerrR)rrr*r.r"r"r#rgs z)CertificateSigningRequestBuilder.__init__namercCs4t|tstd|jdk r$tdt||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.)rEr TypeErrorrr+rrrRrrr"r"r#rvs  z-CertificateSigningRequestBuilder.subject_nameextvalcriticalrcCsDt|tstdt|j||}t||jt|j|j|g|j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) rErrrrr-rrrrRrrrr)r"r"r# add_extensions   z.CertificateSigningRequestBuilder.add_extension)_tag)rr;rrcCs|t|tstdt|ts$td|dk r>t|ts>tdt||j|dk rZ|j}nd}t|j |j |j|||fgS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) rErrrKrr0rRr;rrr)rrr;rtagr"r"r# add_attributes   z.CertificateSigningRequestBuilder.add_attribute private_keyrbrrcCs |jdkrtdt|||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subject)rr+rZcreate_x509_csrrrrbrr"r"r#signs z%CertificateSigningRequestBuilder.sign)N)r$r%r&rVrrrrrTuplerrKrLrrrOrrrr _AllowedHashTypesAnyrrr"r"r"r#rfs:     $rc @seZdZUejeeed<ddddddgfeje eje eje eje eje j eje j ejeeddddZ e ddddZe ddd d Ze dd d d Ze ddddZe j ddddZe j ddddZeeddddZdeejeejedddZdS)CertificateBuilderrN) issuer_namerrirfrjrkr*rcCs6tj|_||_||_||_||_||_||_||_ dSr) r[r]_version _issuer_namer _public_keyr_not_valid_before_not_valid_afterr)rrrrirfrjrkr*r"r"r#rs zCertificateBuilder.__init__rcCsDt|tstd|jdk r$tdt||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. rN%The issuer name may only be set once.) rErrrr+rrrrrrrrr"r"r#rs  zCertificateBuilder.issuer_namecCsDt|tstd|jdk r$tdt|j||j|j|j |j |j S)z: Sets the requestor's distinguished name. rNr) rErrrr+rrrrrrrrr"r"r#rs  zCertificateBuilder.subject_name)keyrc Cs`t|tjtjtjtjt j t j t jfs.td|jdk r@tdt|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rErZ DSAPublicKeyr Z RSAPublicKeyrZEllipticCurvePublicKeyr ZEd25519PublicKeyrZEd448PublicKeyr ZX25519PublicKeyr Z X448PublicKeyrrr+rrrrrrr)rrr"r"r#ris2  zCertificateBuilder.public_keynumberrcCsht|tstd|jdk r$td|dkr4td|dkrHtdt|j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) rErLrrr+ bit_lengthrrrrrrrrrr"r"r#rf!s&   z CertificateBuilder.serial_numberr1cCszt|tjstd|jdk r&tdt|}|tkr>td|jdk rZ||jkrZtdt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rEr5rrr+r9_EARLIEST_UTC_TIMErrrrrrrrr2r"r"r#rj<s,  z#CertificateBuilder.not_valid_beforecCszt|tjstd|jdk r&tdt|}|tkr>td|jdk rZ||jkrZtdt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rNz)The not valid after may only be set once.ztd|jdk rZ||jkrZtdt|j ||j|j |j S)Nr!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) rEr5rrr+r9rrrrrr)rrr"r"r#rs(  z,CertificateRevocationListBuilder.last_update)rrcCsrt|tjstd|jdk r&tdt|}|tkr>td|jdk rZ||jkrZtdt|j |j||j |j S)Nrrrz8The next update date must be after the last update date.) rEr5rrr+r9rrrrrr)rrr"r"r#rs(  z,CertificateRevocationListBuilder.next_updatercCsLt|tstdt|j||}t||jt|j|j |j |j|g|j S)zM Adds an X.509 extension to the certificate revocation list. r) rErrrrr-rrrrrrrr"r"r#rs   z.CertificateRevocationListBuilder.add_extension)revoked_certificatercCs2t|tstdt|j|j|j|j|j|gS)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) rErrrrrrrr)rrr"r"r#add_revoked_certificates  z8CertificateRevocationListBuilder.add_revoked_certificatercCsD|jdkrtd|jdkr$td|jdkr6tdt|||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)rr+rrrZcreate_x509_crlrr"r"r#r$s   z%CertificateRevocationListBuilder.sign)N)r$r%r&rVrrrrrrrr5rrrrrOrrr rrrrr"r"r"r#rsJ          rc@seZdZddgfejeejejejee dddZ eddddZ ejddd d Z e e dd d d ZdejedddZdS)RevokedCertificateBuilderNrcCs||_||_||_dSrrrr"r"r#r7sz"RevokedCertificateBuilder.__init__rcCsXt|tstd|jdk r$td|dkr4td|dkrHtdt||j|jS)Nrrrz$The serial number should be positiverr) rErLrrr+rrrrrr"r"r#rfAs   z'RevokedCertificateBuilder.serial_numberr1cCsNt|tjstd|jdk r&tdt|}|tkr>tdt|j||j S)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rEr5rrr+r9rrrrrr"r"r#rSs  z)RevokedCertificateBuilder.revocation_datercCsDt|tstdt|j||}t||jt|j|j |j|gS)Nr) rErrrrr-rrrrrr"r"r#rcs   z'RevokedCertificateBuilder.add_extension)rrcCs:|jdkrtd|jdkr$tdt|j|jt|jS)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr+rrrr)rrr"r"r#buildqs  zRevokedCertificateBuilder.build)N)r$r%r&rVrrLr5rrrrrfrrOrrrrr"r"r"r#r6s"    rr?cCsttddd?S)Nbigr)rL from_bytesosurandomr"r"r"r#random_serial_numbersr)N)N)N)N)N)N)Pr~r5rrVZ cryptographyrZ"cryptography.hazmat.bindings._rustrrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrr r r r Z/cryptography.hazmat.primitives.asymmetric.typesr rrZcryptography.x509.extensionsrrrrZcryptography.x509.namerrZcryptography.x509.oidrrrSHA224SHA256SHA384SHA512ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512r Exceptionrrr-rrKrrLr0r9r:rPEnumr[r^ABCMetar`registerrrrrrrrrrrrrrrrrrr"r"r"r#s  $      $  | ]       \nI