U EZhQH@sNddlZddlZddlZddlmZmZddlmZddlm Z m Z ddl m Z ddl mZmZmZGdddejZGd d d ejZe je je je je jfZe jdd d d ZGdddejZGdddZGdddejdZGdddejdZ GdddejdZ!GdddZ"GdddZ#e$edddZ%e$e!dd d!Z&dS)"N)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErr]/home/aprabhat/apps/x.techxrdev.in/venv/lib/python3.8/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrrs r) algorithmreturncCst|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm.s r!c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r rZGOODREVOKEDUNKNOWNrrrrr"5sr"c @sHeZdZejejejeeje j eje j eje j ej dddZ dS)_SingleResponse)certissuerr cert_status this_update next_updaterevocation_timerevocation_reasonc Cst|tjrt|tjs tdt|t|tjsrr5r@intrBrEncodingrFr ExtensionsrGrrrrr8s"r8) metaclassc@seZdZeejedddZeejej e j dddZ eejej e j dddZeeje j ddd Zeejej e j dd d Zeejedd d ZeejedddZeejejdddZeejedddZdS)OCSPSingleResponser9cCsdSzY The status of the certificate (an element from the OCSPCertStatus enum) Nrr;rrrcertificate_statussz%OCSPSingleResponse.certificate_statuscCsdSz^ The date of when the certificate was revoked or None if not revoked. Nrr;rrrr+sz"OCSPSingleResponse.revocation_timecCsdSzi The reason the certificate was revoked or None if not specified or not revoked. Nrr;rrrr,sz$OCSPSingleResponse.revocation_reasoncCsdSz The most recent time at which the status being indicated is known by the responder to have been correct Nrr;rrrr)szOCSPSingleResponse.this_updatecCsdSzC The time when newer information will be available Nrr;rrrr*szOCSPSingleResponse.next_updatecCsdSr:rr;rrrr<sz"OCSPSingleResponse.issuer_key_hashcCsdSr=rr;rrrr>sz#OCSPSingleResponse.issuer_name_hashcCsdSr?rr;rrrr@sz!OCSPSingleResponse.hash_algorithmcCsdSrArr;rrrrBsz OCSPSingleResponse.serial_numberN)r r rrHrIrJr"rRr6r7r0r+rr2r,r)r*rKr<r>rr5r@rLrBrrrrrPs6rPc@sdeZdZeejejedddZ eeje dddZ eeje j dddZeejejejddd Zeejedd d Zeejedd d Zeejeje jdddZeejejedddZeejeje jdddZeejejdddZeejedddZeejejejdddZ eejeje j!dddZ"eejejdddZ#eejejejdddZ$eejedd d!Z%eejedd"d#Z&eejejdd$d%Z'eeje(dd&d'Z)eeje j*dd(d)Z+eeje j*dd*d+Z,eje-j.ed,d-d.Z/d/S)0 OCSPResponser9cCsdS)z_ An iterator over the individual SINGLERESP structures in the response Nrr;rrr responsesszOCSPResponse.responsescCsdS)zm The status of the response. This is a value from the OCSPResponseStatus enumeration Nrr;rrrresponse_statusszOCSPResponse.response_statuscCsdS)zA The ObjectIdentifier of the signature algorithm Nrr;rrrsignature_algorithm_oidsz$OCSPResponse.signature_algorithm_oidcCsdS)zX Returns a HashAlgorithm corresponding to the type of the digest signed Nrr;rrrsignature_hash_algorithmsz%OCSPResponse.signature_hash_algorithmcCsdS)z% The signature bytes Nrr;rrr signatureszOCSPResponse.signaturecCsdS)z+ The tbsResponseData bytes Nrr;rrrtbs_response_bytesszOCSPResponse.tbs_response_bytescCsdS)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrr;rrr certificatesszOCSPResponse.certificatescCsdS)z2 The responder's key hash or None Nrr;rrrresponder_key_hash(szOCSPResponse.responder_key_hashcCsdS)z. The responder's Name or None Nrr;rrrresponder_name/szOCSPResponse.responder_namecCsdS)z4 The time the response was produced Nrr;rrr produced_at6szOCSPResponse.produced_atcCsdSrQrr;rrrrR=szOCSPResponse.certificate_statuscCsdSrSrr;rrrr+DszOCSPResponse.revocation_timecCsdSrTrr;rrrr,LszOCSPResponse.revocation_reasoncCsdSrUrr;rrrr)TszOCSPResponse.this_updatecCsdSrVrr;rrrr*\szOCSPResponse.next_updatecCsdSr:rr;rrrr<cszOCSPResponse.issuer_key_hashcCsdSr=rr;rrrr>jszOCSPResponse.issuer_name_hashcCsdSr?rr;rrrr@qszOCSPResponse.hash_algorithmcCsdSrArr;rrrrBxszOCSPResponse.serial_numbercCsdS)zR The list of response extensions. Not single response extensions. Nrr;rrrrGszOCSPResponse.extensionscCsdS)zR The list of single response extensions. Not response extensions. Nrr;rrrsingle_extensionsszOCSPResponse.single_extensionsrCcCsdS)z0 Serializes the response to DER NrrErrrrFszOCSPResponse.public_bytesN)0r r rrHrIrJr6IteratorrPrXrrYrZObjectIdentifierrZr7rr5r[rKr\r]Listr.r^r_Namer`r0rar"rRr+r2r,r)r*r<r>r@rLrBrNrGrbrrMrFrrrrrWs rWc@seZdZddgfejejejejej fejeje e e ej fej ej ejddddZejejej ddddZe e e ej ddd d Zejedd d d ZedddZdS)OCSPRequestBuilderN)request request_hashrGrcCs||_||_||_dSN)_request _request_hash _extensions)r3rgrhrGrrrr4s zOCSPRequestBuilder.__init__)r&r'rrcCsZ|jdk s|jdk rtdt|t|tjrr<rBrrcCs|jdk s|jdk rtdt|ts.tdt|td|td||j t |ksj|j t |krrtdt |j||||f|j S)Nrmz serial_number must be an integerr>r<z`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rjrkr rrLr/r!r _check_bytes digest_sizelenrfrl)r3r>r<rBrrrradd_certificate_by_hashs(     z*OCSPRequestBuilder.add_certificate_by_hashextvalcriticalrcCsHt|tjstdt|j||}t||jt|j |j |j|gSNz"extension must be an ExtensionType) rr ExtensionTyper/ Extensionoidr rlrfrjrkr3rtru extensionrrr add_extensions   z OCSPRequestBuilder.add_extensionr9cCs&|jdkr|jdkrtdt|S)Nz*You must add a certificate before building)rjrkr rZcreate_ocsp_requestr;rrrbuildszOCSPRequestBuilder.build)r r rr6r7Tuplerr.rr5rKrLrdrxrwr4rnrrboolr|r8r}rrrrrfs>    rfc @s eZdZdddgfejeejejeje fejej ejej ej ej dddZ ejejejeejejejejejejejdd ddZe ejddd d Zejejdd d d Zej eddddZeejejedddZeeedddZdS)OCSPResponseBuilderN)response responder_idcertsrGcCs||_||_||_||_dSri) _response _responder_id_certsrl)r3rrrrGrrrr4s zOCSPResponseBuilder.__init__) r&r'rr(r)r*r+r,rc Cs<|jdk rtdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rr r%rrrrl) r3r&r'rr(r)r*r+r,Z singleresprrr add_responses$  z OCSPResponseBuilder.add_response)rDresponder_certrcCsP|jdk rtdt|tjs&tdt|ts8tdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr rrr.r/r rrrrl)r3rDrrrrrs   z OCSPResponseBuilder.responder_id)rrcCs\|jdk rtdt|}t|dkr.tdtdd|DsHtdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tjVqdSri)rrr.).0xrrr 3sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rr listrqallr/rrrrl)r3rrrrr^+s  z OCSPResponseBuilder.certificatesrscCsLt|tjstdt|j||}t||jt|j |j |j |j|gSrv) rrrwr/rxryr rlrrrrrzrrrr|<s   z!OCSPResponseBuilder.add_extension) private_keyrrcCs6|jdkrtd|jdkr$tdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr rrcreate_ocsp_responserr)r3rrrrrsignLs  zOCSPResponseBuilder.sign)rYrcCs4t|tstd|tjkr$tdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rrr/rr rr)clsrYrrrbuild_unsuccessfulZs  z&OCSPResponseBuilder.build_unsuccessful)r r rr6r7r%r~rr.r rdrxrwr4rr5r"r0r2rrIterabler^rr|rrWr classmethodrrrrrrrsR           r)datarcCs t|Sri)rload_der_ocsp_requestrrrrrhsrcCs t|Sri)rload_der_ocsp_responserrrrrlsr)'rIr0r6Z cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baserr r Enumr rSHA1SHA224SHA256SHA384SHA512rr5r!r"r%ABCMetar8rPrWrfrrKrrrrrrs4    F+D%V~