o c$@sddlZddlZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddlmZddlmZddlmZmZdd lmZdd lmZmZmZmZmZmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%m&Z&m'Z'm(Z(ej)d dddZ*dede+fddZ,de-fddZ.Gddde/Z0Gddde/Z1Gdddej2dZ3GdddZ4Gd d!d!e3Z5Gd"d#d#e3Z6Gd$d%d%e3Z7Gd&d'd'e3Z8Gd(d)d)e3Z9Gd*d+d+Z:Gd,d-d-e3Z;Gd.d/d/e3ZGd4d5d5Z?Gd6d7d7ej@ZAeAjBeAjCeAjDeAjEeAjFeAjGeAjHeAjId8ZJeAjBd9eAjCd:eAjDd;eAjEdeAjHd?eAjId@iZKGdAdBdBe3ZLGdCdDdDe3ZMGdEdFdFZNGdGdHdHZOGdIdJdJZPGdKdLdLe3ZQGdMdNdNe3ZRGdOdPdPe3ZSGdQdRdRe3ZTGdSdTdTej@ZUdUdVeUDZVGdWdXdXe3ZWGdYdZdZe3ZXGd[d\d\e3ZYGd]d^d^ejZe*Z[Gd_d`d`Z\Gdadbdbe3Z]Gdcdddde3Z^Gdedfdfe3Z_Gdgdhdhe3Z`Gdidjdje3ZaGdkdldle3ZbGdmdndne3ZcGdodpdpe3ZdGdqdrdre3ZeGdsdtdte3ZfdS)uN)utils)asn1)x509) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPESCERTIFICATE_PUBLIC_KEY_TYPES)SignedCertificateTimestamp) DNSName DirectoryName GeneralName IPAddress OtherName RFC822Name RegisteredIDUniformResourceIdentifier_IPADDRESS_TYPES)NameRelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifierExtensionTypeVar ExtensionTypeT)bound covariant public_keyreturncCslt|tr|tjjtjj}nt|tr |tjj tjj }n|tjjtjj }t |}t|SN) isinstancer public_bytesrZEncodingZDERZ PublicFormatZPKCS1rZX962ZUncompressedPointZSubjectPublicKeyInforZparse_spki_for_datahashlibZsha1digest)rdataZ serializedr'@usr/lib/python3.10/site-packages/cryptography/x509/extensions.py_key_identifier_from_public_key1s   r) field_namecs4dtffdd }fdd}fdd}|||fS)Nr ctt|Sr!)lengetattrselfr*r'r( len_methodJz*_make_sequence_methods..len_methodcr+r!)iterr-r.r0r'r( iter_methodMr2z+_make_sequence_methods..iter_methodcst||Sr!)r-)r/idxr0r'r(getitem_methodPr2z._make_sequence_methods..getitem_method)int)r*r1r4r6r'r0r(_make_sequence_methodsIs   r8c*eZdZdededdffdd ZZS)DuplicateExtensionmsgoidr Nctt||||_dSr!)superr:__init__r<r/r;r< __class__r'r(r?W zDuplicateExtension.__init____name__ __module__ __qualname__strrr? __classcell__r'r'rAr(r:V"r:cr9)ExtensionNotFoundr;r<r Ncr=r!)r>rKr?r<r@rAr'r(r?]rCzExtensionNotFound.__init__rDr'r'rAr(rK\rJrKc@s*eZdZUejeed<defddZdS)rr<r cCstd|)z7 Serializes the extension type to DER. z8public_bytes is not implemented for extension type {0!r})NotImplementedErrorformatr.r'r'r(r#es zExtensionType.public_bytesN) rErFrGtypingClassVarr__annotations__bytesr#r'r'r'r(rbs ) metaclassc@sjeZdZdejdddfddZdeddfdd Zd eje dd fd d Z e d\Z Z ZdefddZdS) Extensions extensionszExtension[ExtensionType]r NcCt||_dSr!)list _extensions)r/rTr'r'r(r?qszExtensions.__init__r<cCs,|D] }|j|kr |Sqtd||)NNo {} extension was found)r<rKrM)r/r<extr'r'r(get_extension_for_oidvs  z Extensions.get_extension_for_oidextclasszExtension[ExtensionTypeVar]cCs@|turtd|D] }t|j|r|Sq td||j)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.rX)UnrecognizedExtension TypeErrorr"valuerKrMr<)r/r[rYr'r'r(get_extension_for_classs  z"Extensions.get_extension_for_classrWcC d|jS)Nz)rMrWr.r'r'r(__repr__ zExtensions.__repr__)rErFrGrNIterabler?rrZTyperr_r8__len____iter__ __getitem__rHrar'r'r'r(rSps$    rSc@sreZdZejZdeddfddZdede fddZ defd d Z de fd d Z edefd dZdefddZdS) CRLNumber crl_numberr NcCt|ts td||_dSNzcrl_number must be an integerr"r7r] _crl_numberr/rir'r'r(r?  zCRLNumber.__init__othercCt|tstS|j|jkSr!)r"rhNotImplementedrir/rpr'r'r(__eq__  zCRLNumber.__eq__cC t|jSr!hashrir.r'r'r(__hash__ zCRLNumber.__hash__cCr`)Nz)rMrir.r'r'r(rarbzCRLNumber.__repr__cC|jSr!rmr.r'r'r(rizCRLNumber.crl_numbercC t|Sr! rust_x509Zencode_extension_valuer.r'r'r(r#rzzCRLNumber.public_bytes)rErFrGrZ CRL_NUMBERr<r7r?objectboolrtryrHrapropertyrirQr#r'r'r'r(rhrhc@seZdZejZdejedejej e deje ddfddZ e deddfd d Ze  dd dZdefddZdedefddZde fddZedejefddZedejeje fddZedeje fddZdefddZdS)AuthorityKeyIdentifierkey_identifierauthority_cert_issuerauthority_cert_serial_numberr NcCsr|du|dukr td|dur!t|}tdd|Ds!td|dur.t|ts.td||_||_||_dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecs|]}t|tVqdSr!r"r.0xr'r'r(   z2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) ValueErrorrVallr]r"r7_key_identifier_authority_cert_issuer_authority_cert_serial_number)r/rrrr'r'r(r?s*  zAuthorityKeyIdentifier.__init__rcCst|}||dddSN)rrrr))clsrr%r'r'r(from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keyskiSubjectKeyIdentifiercCs||jdddSr)r%)rrr'r'r("from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercC d|S)NzrMr.r'r'r(raszAuthorityKeyIdentifier.__repr__rpcC2t|tstS|j|jko|j|jko|j|jkSr!)r"rrrrrrrsr'r'r(rts   zAuthorityKeyIdentifier.__eq__cCs,|jdurd}nt|j}t|j||jfSr!)rtuplerxrr)r/Zacir'r'r(rys   zAuthorityKeyIdentifier.__hash__cCr{r!)rr.r'r'r(rr}z%AuthorityKeyIdentifier.key_identifiercCr{r!)rr.r'r'r(rz,AuthorityKeyIdentifier.authority_cert_issuercCr{r!)rr.r'r'r(rr}z3AuthorityKeyIdentifier.authority_cert_serial_numbercCr~r!rr.r'r'r(r#rzz#AuthorityKeyIdentifier.public_bytes)rrr r)rErFrGrZAUTHORITY_KEY_IDENTIFIERr<rNOptionalrQrcrr7r? classmethodr rrrHrarrrtryrrListrrr#r'r'r'r(rsF &       rc@seZdZejZdeddfddZede ddfddZ e defd d Z e defd d Z defd dZdedefddZdefddZdefddZdS)rr%r NcCs ||_dSr!Z_digest)r/r%r'r'r(r?#rzzSubjectKeyIdentifier.__init__rcCs |t|Sr!r)rrr'r'r(from_public_key&s z$SubjectKeyIdentifier.from_public_keycCr{r!rr.r'r'r(r%,r}zSubjectKeyIdentifier.digestcCr{r!rr.r'r'r(r0r}z#SubjectKeyIdentifier.key_identifiercCr`)Nz$)rMr%r.r'r'r(ra4rbzSubjectKeyIdentifier.__repr__rpcCst|tstSt|j|jSr!)r"rrrrZbytes_eqr%rsr'r'r(rt7s zSubjectKeyIdentifier.__eq__cCrvr!)rxr%r.r'r'r(ry=rzzSubjectKeyIdentifier.__hash__cCr~r!rr.r'r'r(r#@rzz!SubjectKeyIdentifier.public_bytes)rErFrGrZSUBJECT_KEY_IDENTIFIERr<rQr?rr rrr%rrHrarrrtr7ryr#r'r'r'r(r s" rc@teZdZejZdejdddfddZe d\Z Z Z de fdd Zd edefd d Zdefd dZdefddZdS)AuthorityInformationAccess descriptionsAccessDescriptionr NcC,t|}tdd|Dstd||_dS)Ncsrr!r"rrr'r'r(rKz6AuthorityInformationAccess.__init__..@Every item in the descriptions list must be an AccessDescriptionrVrr] _descriptionsr/rr'r'r(r?G  z#AuthorityInformationAccess.__init__rcCr`)Nz rMrr.r'r'r(raUrbz#AuthorityInformationAccess.__repr__rpcCrqr!)r"rrrrrsr'r'r(rtXruz!AuthorityInformationAccess.__eq__cCtt|jSr!rxrrr.r'r'r(ry^r2z#AuthorityInformationAccess.__hash__cCr~r!rr.r'r'r(r#arzz'AuthorityInformationAccess.public_bytes)rErFrGrZAUTHORITY_INFORMATION_ACCESSr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(rD  rc@r)SubjectInformationAccessrrr NcCr)Ncsrr!rrr'r'r(rlrz4SubjectInformationAccess.__init__..rrrr'r'r(r?hrz!SubjectInformationAccess.__init__rcCr`)Nzrr.r'r'r(ravrbz!SubjectInformationAccess.__repr__rpcCrqr!)r"rrrrrsr'r'r(rtyruzSubjectInformationAccess.__eq__cCrr!rr.r'r'r(ryr2z!SubjectInformationAccess.__hash__cCr~r!rr.r'r'r(r#rzz%SubjectInformationAccess.public_bytes)rErFrGrZSUBJECT_INFORMATION_ACCESSr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(rerrc@steZdZdededdfddZdefddZd ede fd d Z de fd d Z e defddZe defddZdS)r access_methodaccess_locationr NcCs4t|ts tdt|tstd||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)r"rr]r_access_method_access_location)r/rrr'r'r(r?s   zAccessDescription.__init__cCr)NzYrr.r'r'r(razAccessDescription.__repr__rpcC&t|tstS|j|jko|j|jkSr!)r"rrrrrrsr'r'r(rt   zAccessDescription.__eq__cCt|j|jfSr!)rxrrr.r'r'r(ryzAccessDescription.__hash__cCr{r!)rr.r'r'r(rr}zAccessDescription.access_methodcCr{r!)rr.r'r'r(rr}z!AccessDescription.access_location)rErFrGrrr?rHrarrrtr7ryrrrr'r'r'r(rs   rc@seZdZejZdedeje ddfddZ e defddZ e deje fd d Z defd d Zd edefddZde fddZdefddZdS)BasicConstraintsca path_lengthr NcCsXt|ts td|dur|std|dur$t|tr |dkr$td||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)r"rr]rr7_ca _path_length)r/rrr'r'r(r?s   zBasicConstraints.__init__cCr{r!)rr.r'r'r(rr}zBasicConstraints.cacCr{r!)rr.r'r'r(rr}zBasicConstraints.path_lengthcCr)Nz:rr.r'r'r(rarzBasicConstraints.__repr__rpcCrr!)r"rrrrrrsr'r'r(rt zBasicConstraints.__eq__cCrr!)rxrrr.r'r'r(ryrzBasicConstraints.__hash__cCr~r!rr.r'r'r(r#rzzBasicConstraints.public_bytes)rErFrGrZBASIC_CONSTRAINTSr<rrNrr7r?rrrrHrarrtryrQr#r'r'r'r(rsrc@sreZdZejZdeddfddZedefddZ de de fd d Z defd d Z defd dZdefddZdS)DeltaCRLIndicatorrir NcCrjrkrlrnr'r'r(r?rozDeltaCRLIndicator.__init__cCr{r!r|r.r'r'r(rir}zDeltaCRLIndicator.crl_numberrpcCrqr!)r"rrrrirsr'r'r(rtruzDeltaCRLIndicator.__eq__cCrvr!rwr.r'r'r(ryrzzDeltaCRLIndicator.__hash__cCr)Nz.rr.r'r'r(rarzzDeltaCRLIndicator.__repr__cCr~r!rr.r'r'r(r#rzzDeltaCRLIndicator.public_bytes)rErFrGrZDELTA_CRL_INDICATORr<r7r?rrirrrtryrHrarQr#r'r'r'r(rsrc@r)CRLDistributionPointsdistribution_pointsDistributionPointr NcCr)Ncsrr!r"rrr'r'r(rrz1CRLDistributionPoints.__init__..?distribution_points must be a list of DistributionPoint objectsrVrr]_distribution_pointsr/rr'r'r(r? zCRLDistributionPoints.__init__rcCr`)NzrMrr.r'r'r(rarbzCRLDistributionPoints.__repr__rpcCrqr!)r"rrrrrsr'r'r(rtruzCRLDistributionPoints.__eq__cCrr!rxrrr.r'r'r(ryr2zCRLDistributionPoints.__hash__cCr~r!rr.r'r'r(r#rzz"CRLDistributionPoints.public_bytes)rErFrGrZCRL_DISTRIBUTION_POINTSr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(r  rc@r) FreshestCRLrrr NcCr)Ncsrr!rrr'r'r(r%rz'FreshestCRL.__init__..rrrr'r'r(r?!rzFreshestCRL.__init__rcCr`)Nzrr.r'r'r(ra3rbzFreshestCRL.__repr__rpcCrqr!)r"rrrrrsr'r'r(rt6ruzFreshestCRL.__eq__cCrr!rr.r'r'r(ry<r2zFreshestCRL.__hash__cCr~r!rr.r'r'r(r#?rzzFreshestCRL.public_bytes)rErFrGrZ FRESHEST_CRLr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(rrrc @seZdZdejejedejedejejddejejeddf dd Z de fd d Z d e de fd dZdefddZedejejefddZedejefddZedejejdfddZedejejefddZdS)r full_name relative_namereasons ReasonFlags crl_issuerr NcCs|r|rtd|durt|}tdd|Dstd|r(t|ts(td|dur=t|}tdd|Ds=td|rQt|trMtdd|DsQtd |ratj|vs]tj |vratd |rm|sm|sm|smtd ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.csrr!rrr'r'r(rSrz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecsrr!rrr'r'r(r`rz2crl_issuer must be None or a list of general namescsrr!r"rrr'r'r(rgrz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rrVrr]r"r frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r/rrrrr'r'r(r?DsR    zDistributionPoint.__init__cCr)Nz}rr.r'r'r(razDistributionPoint.__repr__rpcCs>t|tstS|j|jko|j|jko|j|jko|j|jkSr!)r"rrrrrrrrsr'r'r(rts     zDistributionPoint.__eq__cCsH|jdur t|j}nd}|jdurt|j}nd}t||j|j|fSr!)rrrrxrr)r/fnrr'r'r(rys  zDistributionPoint.__hash__cCr{r!rr.r'r'r(rr}zDistributionPoint.full_namecCr{r!rr.r'r'r(rr}zDistributionPoint.relative_namecCr{r!)rr.r'r'r(rr}zDistributionPoint.reasonscCr{r!)rr.r'r'r(rr}zDistributionPoint.crl_issuer)rErFrGrNrrcrr FrozenSetr?rHrarrrtr7ryrrrrrrr'r'r'r(rCs. ;  rc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) rErFrGrkey_compromise ca_compromiseaffiliation_changedrcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserr'r'r'r(rsr)rrrrrrrrc@seZdZejZdejedejeddfddZ de fddZ d e de fd d Zdefd d ZedejefddZedejefddZdefddZdS)PolicyConstraintsrequire_explicit_policyinhibit_policy_mappingr NcCs\|dur t|ts td|durt|tstd|dur&|dur&td||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)r"r7r]r_require_explicit_policy_inhibit_policy_mapping)r/rrr'r'r(r?s$   zPolicyConstraints.__init__cCr)Nz{rr.r'r'r(rarzPolicyConstraints.__repr__rpcCrr!)r"rrrrrrsr'r'r(rt rzPolicyConstraints.__eq__cCrr!)rxrrr.r'r'r(rys zPolicyConstraints.__hash__cCr{r!)rr.r'r'r(rr}z)PolicyConstraints.require_explicit_policycCr{r!)rr.r'r'r(rr}z(PolicyConstraints.inhibit_policy_mappingcCr~r!rr.r'r'r(r# rzzPolicyConstraints.public_bytes)rErFrGrZPOLICY_CONSTRAINTSr<rNrr7r?rHrarrrtryrrrrQr#r'r'r'r(rs"  rc@r)CertificatePoliciespoliciesPolicyInformationr NcCr)Ncsrr!)r"rrr'r'r(r)rz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rVrr] _policies)r/rr'r'r(r?'  zCertificatePolicies.__init__rcCr`)Nz)rMrr.r'r'r(ra3rbzCertificatePolicies.__repr__rpcCrqr!)r"rrrrrsr'r'r(rt6ruzCertificatePolicies.__eq__cCrr!)rxrrr.r'r'r(ry<r2zCertificatePolicies.__hash__cCr~r!rr.r'r'r(r#?rzz CertificatePolicies.public_bytes)rErFrGrZCERTIFICATE_POLICIESr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(r$s rc@seZdZdedejejejedfddfddZ defdd Z d e de fd d Z defd dZedefddZedejejejedffddZdS)rpolicy_identifierpolicy_qualifiers UserNoticer NcCsLt|ts td||_|dur!t|}tdd|Ds!td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|] }t|ttfVqdSr!)r"rHrrr'r'r(rRs z-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)r"rr]_policy_identifierrVr_policy_qualifiers)r/rrr'r'r(r?Ds  zPolicyInformation.__init__cCr)Nzerr.r'r'r(ra\rzPolicyInformation.__repr__rpcCrr!)r"rrrrrrsr'r'r(rtbrzPolicyInformation.__eq__cCs(|jdur t|j}nd}t|j|fSr!)rrrxr)r/Zpqr'r'r(ryks zPolicyInformation.__hash__cCr{r!)rr.r'r'r(rur}z#PolicyInformation.policy_identifiercCr{r!)rr.r'r'r(ryrz#PolicyInformation.policy_qualifiers)rErFrGrrNrrcUnionrHr?rarrrtr7ryrrrrr'r'r'r(rCs&   rc@seZdZdejddejeddfddZdefdd Zd ede fd d Z de fd dZ e dejdfddZe dejefddZdS)rnotice_referenceNoticeReference explicit_textr NcCs&|r t|ts td||_||_dS)Nz2notice_reference must be None or a NoticeReference)r"rr]_notice_reference_explicit_text)r/rrr'r'r(r?s zUserNotice.__init__cCr)NzVrr.r'r'r(rarzUserNotice.__repr__rpcCrr!)r"rrrrrrsr'r'r(rtrzUserNotice.__eq__cCrr!)rxrrr.r'r'r(ryrzUserNotice.__hash__cCr{r!)r r.r'r'r(rr}zUserNotice.notice_referencecCr{r!)r r.r'r'r(rr}zUserNotice.explicit_text)rErFrGrNrrHr?rarrrtr7ryrrrr'r'r'r(rs  rc@seZdZdejedejeddfddZdefddZ d e de fd d Z defd d Z edejefddZedejefddZdS)r organizationnotice_numbersr NcCs2||_t|}tdd|Dstd||_dS)Ncsrr!)r"r7rr'r'r(rrz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrVrr]_notice_numbers)r/r r r'r'r(r?s  zNoticeReference.__init__cCr)NzUrr.r'r'r(rarzNoticeReference.__repr__rpcCrr!)r"rrrr r rsr'r'r(rtrzNoticeReference.__eq__cCst|jt|jfSr!)rxr rr r.r'r'r(ryzNoticeReference.__hash__cCr{r!)r r.r'r'r(r r}zNoticeReference.organizationcCr{r!)rr.r'r'r(r r}zNoticeReference.notice_numbers)rErFrGrNrrHrcr7r?rarrrtryrr rr r'r'r'r(rs   rc@steZdZejZdejeddfddZ e d\Z Z Z defddZd edefd d Zdefd d ZdefddZdS)ExtendedKeyUsageusagesr NcCr)Ncsrr!)r"rrr'r'r(rrz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rVrr]_usages)r/rr'r'r(r?s  zExtendedKeyUsage.__init__rcCr`)Nz)rMrr.r'r'r(rarbzExtendedKeyUsage.__repr__rpcCrqr!)r"rrrrrsr'r'r(rtruzExtendedKeyUsage.__eq__cCrr!)rxrrr.r'r'r(ryr2zExtendedKeyUsage.__hash__cCr~r!rr.r'r'r(r#rzzExtendedKeyUsage.public_bytes)rErFrGrZEXTENDED_KEY_USAGEr<rNrcrr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(rs rc@NeZdZejZdedefddZde fddZ de fddZ de fd d Zd S) OCSPNoCheckrpr cCt|tstSdSNT)r"rrrrsr'r'r(rt zOCSPNoCheck.__eq__cCttSr!)rxrr.r'r'r(ryzOCSPNoCheck.__hash__cCdS)Nzr'r.r'r'r(razOCSPNoCheck.__repr__cCr~r!rr.r'r'r(r#rzzOCSPNoCheck.public_bytesN)rErFrGrZ OCSP_NO_CHECKr<rrrtr7ryrHrarQr#r'r'r'r(r rc@r) PrecertPoisonrpr cCrr)r"rrrrsr'r'r(rtrzPrecertPoison.__eq__cCrr!)rxrr.r'r'r(ry rzPrecertPoison.__hash__cCr)Nzr'r.r'r'r(rarzPrecertPoison.__repr__cCr~r!rr.r'r'r(r#rzzPrecertPoison.public_bytesN)rErFrGrZPRECERT_POISONr<rrrtr7ryrHrarQr#r'r'r'r(rrrc@r) TLSFeaturefeaturesTLSFeatureTyper NcCs8t|}tdd|Drt|dkrtd||_dS)Ncsrr!)r"r rr'r'r(rrz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rVrr,r] _features)r/rr'r'r(r?s  zTLSFeature.__init__r!cCr)Nz$rr.r'r'r(ra)rzzTLSFeature.__repr__rpcCrqr!)r"rrrr!rsr'r'r(rt,ruzTLSFeature.__eq__cCrr!)rxrr!r.r'r'r(ry2r2zTLSFeature.__hash__cCr~r!rr.r'r'r(r#5rzzTLSFeature.public_bytes)rErFrGrZ TLS_FEATUREr<rNrcr?r8rerfrgrHrarrrtr7ryrQr#r'r'r'r(rs rc@seZdZdZdZdS)r rN)rErFrGZstatus_requestZstatus_request_v2r'r'r'r(r 9sr cCsi|]}|j|qSr'r^rr'r'r( Dr$c@sreZdZejZdeddfddZdefddZ de de fd d Z defd d Z edefd dZdefddZdS)InhibitAnyPolicy skip_certsr NcCs,t|ts td|dkrtd||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)r"r7r]r _skip_certs)r/r'r'r'r(r?Js  zInhibitAnyPolicy.__init__cCr)Nz-rr.r'r'r(raSrzzInhibitAnyPolicy.__repr__rpcCrqr!)r"r&rrr'rsr'r'r(rtVruzInhibitAnyPolicy.__eq__cCrvr!)rxr'r.r'r'r(ry\rzzInhibitAnyPolicy.__hash__cCr{r!)r(r.r'r'r(r'_r}zInhibitAnyPolicy.skip_certscCr~r!rr.r'r'r(r#crzzInhibitAnyPolicy.public_bytes)rErFrGrZINHIBIT_ANY_POLICYr<r7r?rHrarrrtryrr'rQr#r'r'r'r(r&Gs r&c@s"eZdZejZdedededededededed ed d fd d Zed efddZ ed efddZ ed efddZ ed efddZ ed efddZ ed efddZed efddZed efddZed efddZd efd d!Zd"ed efd#d$Zd efd%d&Zd efd'd(Zd S))KeyUsagedigital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyr Nc CsN|s |s| r td||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r/r*r+r,r-r.r/r0r1r2r'r'r(r?js  zKeyUsage.__init__cCr{r!)r3r.r'r'r(r*r}zKeyUsage.digital_signaturecCr{r!)r4r.r'r'r(r+r}zKeyUsage.content_commitmentcCr{r!)r5r.r'r'r(r,r}zKeyUsage.key_enciphermentcCr{r!)r6r.r'r'r(r-r}zKeyUsage.data_enciphermentcCr{r!)r7r.r'r'r(r.r}zKeyUsage.key_agreementcCr{r!)r8r.r'r'r(r/r}zKeyUsage.key_cert_signcCr{r!)r9r.r'r'r(r0r}zKeyUsage.crl_signcC|jstd|jS)Nz7encipher_only is undefined unless key_agreement is true)r.rr:r.r'r'r(r1 zKeyUsage.encipher_onlycCr<)Nz7decipher_only is undefined unless key_agreement is true)r.rr;r.r'r'r(r2r=zKeyUsage.decipher_onlycCs:z|j}|j}Wn tyd}d}Ynwd|||S)NFa-)r1r2rrM)r/r1r2r'r'r(ras   zKeyUsage.__repr__rpcCszt|tstS|j|jko<|j|jko<|j|jko<|j|jko<|j|jko<|j|jko<|j |j ko<|j |j ko<|j |j kSr!) r"r)rrr*r+r,r-r.r/r0r:r;rsr'r'r(rts&          zKeyUsage.__eq__c Cs,t|j|j|j|j|j|j|j|j|j f Sr!) rxr*r+r,r-r.r/r0r:r;r.r'r'r(ryszKeyUsage.__hash__cCr~r!rr.r'r'r(r#rzzKeyUsage.public_bytes)rErFrGrZ KEY_USAGEr<rr?rr*r+r,r-r.r/r0r1r2rHrarrtr7ryrQr#r'r'r'r(r)gsZ   r)c@seZdZejZdejeje dejeje ddfddZ de de fdd Z d eje ddfd d Zdefd dZdefddZedejeje fddZedejeje fddZdefddZdS)NameConstraintspermitted_subtreesexcluded_subtreesr NcCs|dur t|}|stdtdd|Dstd|||dur@t|}|s.tdtdd|Ds;td|||durL|durLtd||_||_dS) Nz3permitted_subtrees must be a non-empty list or Nonecsrr!rrr'r'r(rrz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonez2excluded_subtrees must be a non-empty list or Nonecsrr!rrr'r'r(rrz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rVrrr]_validate_ip_name_permitted_subtrees_excluded_subtrees)r/r?r@r'r'r(r?s8   zNameConstraints.__init__rpcCrr!)r"r>rrr@r?rsr'r'r(rtrzNameConstraints.__eq__treecCstdd|Dr tddS)Ncss0|]}t|tot|jtjtjf VqdSr!)r"rr^ ipaddressZ IPv4NetworkZ IPv6Network)rnamer'r'r(r#s  z4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyr])r/rDr'r'r(rA"sz!NameConstraints._validate_ip_namecCr)Nzerr.r'r'r(ra/rzNameConstraints.__repr__cCs@|jdur t|j}nd}|jdurt|j}nd}t||fSr!)r?rr@rx)r/psesr'r'r(ry5s   zNameConstraints.__hash__cCr{r!)rBr.r'r'r(r?Frz"NameConstraints.permitted_subtreescCr{r!)rCr.r'r'r(r@Lrz!NameConstraints.excluded_subtreescCr~r!rr.r'r'r(r#RrzzNameConstraints.public_bytes)rErFrGrZNAME_CONSTRAINTSr<rNrrcrr?rrrtrArHrar7ryrrr?r@rQr#r'r'r'r(r>s, *    r>c@seZdZdedededdfddZedefdd Zedefd d Z edefd d Z de fddZ de defddZdefddZdS) Extensionr<criticalr^r NcCs:t|ts tdt|tstd||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)r"rr]r_oid _critical_value)r/r<rKr^r'r'r(r?Ws   zExtension.__init__cCr{r!rLr.r'r'r(r<fr}z Extension.oidcCr{r!)rMr.r'r'r(rKjr}zExtension.criticalcCr{r!rNr.r'r'r(r^nr}zExtension.valuecCr)Nz@rr.r'r'r(rarrzExtension.__repr__rpcCrr!)r"rJrrr<rKr^rsr'r'r(rtxs    zExtension.__eq__cCst|j|j|jfSr!)rxr<rKr^r.r'r'r(ryrzExtension.__hash__)rErFrGrrrr?rr<rKr^rHrarrtr7ryr'r'r'r(rJVs&  rJc @seZdZdejeddfddZed\ZZ Z ej dej ej eej eej efdejefdd Zej dej edejefd d Zej dej edejefd d Zej dej edejefd d Zej dej edejefd d Zdej ej eej eej eej eej eej eej efdej ejeejeejeejeejeffdd ZdefddZdedefddZdefddZ dS) GeneralNames general_namesr NcCr)Ncsrr!rrr'r'r(rrz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rVrr]_general_namesr/rRr'r'r(r?rzGeneralNames.__init__rStypecCdSr!r'r/rUr'r'r(get_values_for_type z GeneralNames.get_values_for_typecCrVr!r'rWr'r'r(rXcCrVr!r'rWr'r'r(rXrZcCrVr!r'rWr'r'r(rXcCrVr!r'rWr'r'r(rXr[cs0fdd|D}tkrdd|DSt|S)Nc3s|] }t|r|VqdSr!)r"rirUr'r(rsz3GeneralNames.get_values_for_type..cSsg|]}|jqSr'r#r\r'r'r( sz4GeneralNames.get_values_for_type..)rrV)r/rUZobjsr'r^r(rXscCr`)NzrMrSr.r'r'r(rarbzGeneralNames.__repr__rpcCrqr!)r"rQrrrSrsr'r'r(rtruzGeneralNames.__eq__cCrr!)rxrrSr.r'r'r(ryr2zGeneralNames.__hash__)!rErFrGrNrcrr?r8rerfrgoverloadrrdr rrrrHrXr rrrrrrrarrrtr7ryr'r'r'r(rQs|         rQc @eZdZejZdejeddfddZ e d\Z Z Z ejdejejeejeejefdejefdd Zejdejedejefd d Zejdejedejefd d Zejdejedejefd d Zejdejedejefd d Zdejejeejeejeejeejeejeejefdejejeejeejeejeejeffdd ZdefddZdede fddZ!de"fddZ#de$fddZ%dS)SubjectAlternativeNamerRr NcCrUr!rQrSrTr'r'r(r?r2zSubjectAlternativeName.__init__rSrUcCrVr!r'rWr'r'r(rXrYz*SubjectAlternativeName.get_values_for_typecCrVr!r'rWr'r'r(rXrZcCrVr!r'rWr'r'r(rXrZcCrVr!r'rWr'r'r(rXr[cCrVr!r'rWr'r'r(rXr[cC |j|Sr!rSrXrWr'r'r(rX  cCr`)Nzr`r.r'r'r(ra rbzSubjectAlternativeName.__repr__rpcCrqr!)r"rcrrrSrsr'r'r(rt#ruzSubjectAlternativeName.__eq__cCrvr!rxrSr.r'r'r(ry)rzzSubjectAlternativeName.__hash__cCr~r!rr.r'r'r(r#,rzz#SubjectAlternativeName.public_bytes)&rErFrGrZSUBJECT_ALTERNATIVE_NAMEr<rNrcrr?r8rerfrgrarrdr rrrrHrXr rrrrrrrarrrtr7ryrQr#r'r'r'r(rc        rcc @rb)IssuerAlternativeNamerRr NcCrUr!rdrTr'r'r(r?3r2zIssuerAlternativeName.__init__rSrUcCrVr!r'rWr'r'r(rX8rYz)IssuerAlternativeName.get_values_for_typecCrVr!r'rWr'r'r(rXCrZcCrVr!r'rWr'r'r(rXJrZcCrVr!r'rWr'r'r(rXQr[cCrVr!r'rWr'r'r(rXWr[cCrer!rfrWr'r'r(rX]rgcCr`)Nzr`r.r'r'r(raqrbzIssuerAlternativeName.__repr__rpcCrqr!)r"rjrrrSrsr'r'r(rttruzIssuerAlternativeName.__eq__cCrvr!rhr.r'r'r(ryzrzzIssuerAlternativeName.__hash__cCr~r!rr.r'r'r(r#}rzz"IssuerAlternativeName.public_bytes)&rErFrGrZISSUER_ALTERNATIVE_NAMEr<rNrcrr?r8rerfrgrarrdr rrrrHrXr rrrrrrrarrrtr7ryrQr#r'r'r'r(rj0rirjc @rb)CertificateIssuerrRr NcCrUr!rdrTr'r'r(r?r2zCertificateIssuer.__init__rSrUcCrVr!r'rWr'r'r(rXrYz%CertificateIssuer.get_values_for_typecCrVr!r'rWr'r'r(rXrZcCrVr!r'rWr'r'r(rXrZcCrVr!r'rWr'r'r(rXr[cCrVr!r'rWr'r'r(rXr[cCrer!rfrWr'r'r(rXrgcCr`)Nzr`r.r'r'r(rarbzCertificateIssuer.__repr__rpcCrqr!)r"rkrrrSrsr'r'r(rtruzCertificateIssuer.__eq__cCrvr!rhr.r'r'r(ryrzzCertificateIssuer.__hash__cCr~r!rr.r'r'r(r#rzzCertificateIssuer.public_bytes)&rErFrGrZCERTIFICATE_ISSUERr<rNrcrr?r8rerfrgrarrdr rrrrHrXr rrrrrrrarrrtr7ryrQr#r'r'r'r(rkrirkc@sreZdZejZdeddfddZdefddZ de de fd d Z de fd d Zedefd dZdefddZdS) CRLReasonreasonr NcCrj)Nz*reason must be an element from ReasonFlags)r"rr]_reason)r/rmr'r'r(r?rozCRLReason.__init__cCr`)Nz)rMrnr.r'r'r(rarbzCRLReason.__repr__rpcCrqr!)r"rlrrrmrsr'r'r(rtruzCRLReason.__eq__cCrvr!)rxrmr.r'r'r(ryrzzCRLReason.__hash__cCr{r!)rnr.r'r'r(rmr}zCRLReason.reasoncCr~r!rr.r'r'r(r#rzzCRLReason.public_bytes)rErFrGrZ CRL_REASONr<rr?rHrarrrtr7ryrrmrQr#r'r'r'r(rlsrlc@sveZdZejZdejddfddZdefddZ de de fd d Z de fd d Zedejfd dZdefddZdS)InvalidityDateinvalidity_dater NcCst|tjs td||_dS)Nz+invalidity_date must be a datetime.datetime)r"datetimer]_invalidity_date)r/rpr'r'r(r?s  zInvalidityDate.__init__cCr`)Nz$)rMrrr.r'r'r(raszInvalidityDate.__repr__rpcCrqr!)r"rorrrprsr'r'r(rtruzInvalidityDate.__eq__cCrvr!)rxrpr.r'r'r(ryrzzInvalidityDate.__hash__cCr{r!)rrr.r'r'r(rpr}zInvalidityDate.invalidity_datecCr~r!rr.r'r'r(r# rzzInvalidityDate.public_bytes)rErFrGrZINVALIDITY_DATEr<rqr?rHrarrrtr7ryrrprQr#r'r'r'r(rosroc@teZdZejZdejeddfddZ e d\Z Z Z defddZdefd d Zd edefd d ZdefddZdS))PrecertificateSignedCertificateTimestampssigned_certificate_timestampsr NcCr)Ncsrr!r"r rZsctr'r'r(r  zEPrecertificateSignedCertificateTimestamps.__init__..YEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamprVrr]_signed_certificate_timestampsr/rur'r'r(r? z2PrecertificateSignedCertificateTimestamps.__init__r{cCdt|S)Nz/rMrVr.r'r'r(ra&sz2PrecertificateSignedCertificateTimestamps.__repr__cCrr!rxrr{r.r'r'r(ry+r2z2PrecertificateSignedCertificateTimestamps.__hash__rpcCrqr!)r"rtrrr{rsr'r'r(rt. z0PrecertificateSignedCertificateTimestamps.__eq__cCr~r!rr.r'r'r(r#7rzz6PrecertificateSignedCertificateTimestamps.public_bytes)rErFrGrZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr<rNrcr r?r8rerfrgrHrar7ryrrrtrQr#r'r'r'r(rts    rtc@rs)SignedCertificateTimestampsrur NcCr)Ncsrr!rvrwr'r'r(rErxz7SignedCertificateTimestamps.__init__..ryrzr|r'r'r(r?>r}z$SignedCertificateTimestamps.__init__r{cCr~)Nz!rr.r'r'r(raSr2z$SignedCertificateTimestamps.__repr__cCrr!rr.r'r'r(ryVr2z$SignedCertificateTimestamps.__hash__rpcCrqr!)r"rrrr{rsr'r'r(rtYrz"SignedCertificateTimestamps.__eq__cCr~r!rr.r'r'r(r#brzz(SignedCertificateTimestamps.public_bytes)rErFrGrZSIGNED_CERTIFICATE_TIMESTAMPSr<rNrcr r?r8rerfrgrHrar7ryrrrtrQr#r'r'r'r(r;s    rc@sreZdZejZdeddfddZdede fddZ de fd d Z de fd d Zedefd dZdefddZdS) OCSPNoncenoncer NcCrj)Nznonce must be bytes)r"rQr]_nonce)r/rr'r'r(r?irozOCSPNonce.__init__rpcCrqr!)r"rrrrrsr'r'r(rtoruzOCSPNonce.__eq__cCrvr!)rxrr.r'r'r(ryurzzOCSPNonce.__hash__cCr)Nzrr.r'r'r(raxrzzOCSPNonce.__repr__cCr{r!)rr.r'r'r(r{r}zOCSPNonce.noncecCr~r!rr.r'r'r(r#rzzOCSPNonce.public_bytes)rErFrGrZNONCEr<rQr?rrrtr7ryrHrarrr#r'r'r'r(rfrrc@s2eZdZejZdejeje deje de de dejej e de de dd fd d Zdefd d Zdede fddZdefddZedejeje fddZedeje fddZede fddZede fddZedejej e fddZede fddZede fdd Zdefd!d"Zd S)#IssuingDistributionPointrronly_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsr Nc Cs|durt|}|rt|trtdd|Dstd|r,tj|vs(tj|vr,tdt|t r@t|t r@t|t r@t|t sDtd||||g}t dd|DdkrYtd t |||||||gshtd ||_ ||_ ||_||_||_||_||_dS) Ncsrr!rrr'r'r(rrz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|]}|r|qSr'r'rr'r'r(r_r%z5IssuingDistributionPoint.__init__..rzOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rVr"rrr]rrrrrr,rG_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r/rrrrrrrZcrl_constraintsr'r'r(r?sp     z!IssuingDistributionPoint.__init__cCr)NaGrr.r'r'r(rasz!IssuingDistributionPoint.__repr__rpcCsbt|tstS|j|jko0|j|jko0|j|jko0|j|jko0|j|jko0|j|jko0|j |j kSr!) r"rrrrrrrrrrrsr'r'r(rts"       zIssuingDistributionPoint.__eq__cCs$t|j|j|j|j|j|j|jfSr!)rxrrrrrrrr.r'r'r(rysz!IssuingDistributionPoint.__hash__cCr{r!rr.r'r'r(rr}z"IssuingDistributionPoint.full_namecCr{r!rr.r'r'r(rr}z&IssuingDistributionPoint.relative_namecCr{r!)rr.r'r'r(r r}z1IssuingDistributionPoint.only_contains_user_certscCr{r!)rr.r'r'r(r r}z/IssuingDistributionPoint.only_contains_ca_certscCr{r!)rr.r'r'r(rrz*IssuingDistributionPoint.only_some_reasonscCr{r!)rr.r'r'r(rr}z%IssuingDistributionPoint.indirect_crlcCr{r!)rr.r'r'r(rr}z6IssuingDistributionPoint.only_contains_attribute_certscCr~r!rr.r'r'r(r#rzz%IssuingDistributionPoint.public_bytes) rErFrGrZISSUING_DISTRIBUTION_POINTr<rNrrcrrrrrr?rHrarrtr7ryrrrrrrrrrrQr#r'r'r'r(rsN S   rc@seZdZdededdfddZedefddZedefd d Zde fd d Z d e de fddZ defddZdefddZdS)r\r<r^r NcCs"t|ts td||_||_dS)Nzoid must be an ObjectIdentifier)r"rr]rLrN)r/r<r^r'r'r(r?$s  zUnrecognizedExtension.__init__cCr{r!rOr.r'r'r(r<*r}zUnrecognizedExtension.oidcCr{r!rPr.r'r'r(r^.r}zUnrecognizedExtension.valuecCr)Nz7rr.r'r'r(ra2rzUnrecognizedExtension.__repr__rpcCrr!)r"r\rrr<r^rsr'r'r(rt8rzUnrecognizedExtension.__eq__cCrr!)rxr<r^r.r'r'r(ry>rzUnrecognizedExtension.__hash__cCr{r!r#r.r'r'r(r#Asz"UnrecognizedExtension.public_bytes)rErFrGrrQr?rr<r^rHrarrrtr7ryr#r'r'r'r(r\#sr\)gabcrqr$rErN cryptographyrZ"cryptography.hazmat.bindings._rustrrrZcryptography.hazmat.primitivesrrZ,cryptography.hazmat.primitives.asymmetric.ecrZ-cryptography.hazmat.primitives.asymmetric.rsarZ/cryptography.hazmat.primitives.asymmetric.typesr r Z*cryptography.x509.certificate_transparencyr Zcryptography.x509.general_namer r rrrrrrrZcryptography.x509.namerrZcryptography.x509.oidrrrrTypeVarrrQr)rHr8 Exceptionr:rKABCMetarrSrhrrrrrrrrrrEnumrrrrrrrrrZ_REASON_BIT_MAPPINGZ_CRLREASONFLAGSrrrrrrrrrr Z_TLS_FEATURE_TYPE_TO_ENUMr&r)r>GenericrJrQrcrjrkrlrortrrrr\r'r'r'r(s      ,   'l$!!(.%%p  A=+("  j0YQQQ-+!