U e]N@s2ddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZmZmZmZmZmZddlmZddlmZmZddlmZmZmZeej Gd d d e!Z"eej#Gd d d e!Z$eej%Gd dde!Z&eej'Gddde!Z(eej)j*Gddde!Z+dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm) _CERTIFICATE_EXTENSION_PARSER$_CERTIFICATE_EXTENSION_PARSER_NO_SCT_CRL_EXTENSION_PARSER_CSR_EXTENSION_PARSER%_REVOKED_CERTIFICATE_EXTENSION_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc)hashes serialization)dsaecrsac@seZdZddZddZddZddZd d Zd d Ze d dZ e ddZ ddZ e ddZ e ddZe ddZe ddZe ddZe ddZejdd Ze d!d"Ze d#d$Zd%d&Zd'S)( _CertificatecCs||_||_dSN)_backend_x509)selfbackendrrK/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/x509.py__init__sz_Certificate.__init__cCs d|jS)Nz)formatsubjectrrrr__repr__sz_Certificate.__repr__cCs,t|tjstS|jj|j|j}|dkSNr) isinstancer CertificateNotImplementedr_libZX509_cmprrotherresrrr__eq__"s z_Certificate.__eq__cCs ||k Srrrr+rrr__ne__)sz_Certificate.__ne__cCst|tjjSrhash public_bytesrEncodingDERr#rrr__hash__,sz_Certificate.__hash__cCs*t||j}||tjj|Sr) rHashrupdater2rr3r4finalize)r algorithmhrrr fingerprint/sz_Certificate.fingerprintcCsF|jj|j}|dkr tjjS|dkr0tjjStd ||dS)Nrz{} is not a valid X509 version) rr)ZX509_get_versionrrVersionv1Zv3ZInvalidVersionr!rversionrrrr@4sz_Certificate.versioncCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_get_serialNumberropenssl_assert_ffiNULLr rasn1_intrrr serial_number@sz_Certificate.serial_numbercCsR|jj|j}||jjjkr0|jtd|jj||jjj }|j |S)Nz,Certificate public key is of an unknown type) rr)ZX509_get_pubkeyrrBrC_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_keyrpkeyrrr public_keyFs  z_Certificate.public_keycCs|jj|j}t|j|Sr)rr)ZX509_getm_notBeforerrrZ asn1_timerrrnot_valid_beforeQsz_Certificate.not_valid_beforecCs|jj|j}t|j|Sr)rr)ZX509_getm_notAfterrrrOrrrnot_valid_afterVsz_Certificate.not_valid_aftercCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_get_issuer_namerrArBrCrrissuerrrrrS[sz_Certificate.issuercCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_get_subject_namerrArBrCrrr"rrrr"asz_Certificate.subjectcCs:|j}z tj|WStk r4td|YnXdSNz)Signature algorithm OID:{} not recognizedsignature_algorithm_oidrZ_SIG_OIDS_TO_HASHKeyErrorrr!roidrrrsignature_hash_algorithmgs z%_Certificate.signature_hash_algorithmcCs^|jjd}|jj|jjj||j|j|d|jjjkt|j|dj }t |SNz X509_ALGOR **r) rrBnewr)X509_get0_signaturerCrrArr9rObjectIdentifierrZalgrZrrrrWqsz$_Certificate.signature_algorithm_oidcCs.|jjjrt|j|jSt|j|jSdSr)rr)Z#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERrparserr r#rrr extensions{s z_Certificate.extensionscCsR|jjd}|jj||jjj|j|j|d|jjjkt|j|dSNzASN1_BIT_STRING **r) rrBr]r)r^rCrrArrZsigrrr signaturesz_Certificate.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nunsigned char **rcsjj|dSr%rr)Z OPENSSL_freeZpointerr#rrz4_Certificate.tbs_certificate_bytes..) rrBr]r)Zi2d_re_X509_tbsrrArIbufferrZppr,rr#rtbs_certificate_bytess z"_Certificate.tbs_certificate_bytescCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |SNz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr3PEMr)ZPEM_write_bio_X509rr4Z i2d_X509_bio TypeErrorrA _read_mem_biorencodingbior,rrrr2s   z_Certificate.public_bytesN)__name__ __module__ __qualname__r r$r-r/r5r;propertyr@rFrNrPrQrSr"r[rWrcached_propertyrbrermr2rrrrrs<            rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecCs||_||_||_dSr)rZ_crl _x509_revoked)rrZcrlZ x509_revokedrrrr sz_RevokedCertificate.__init__cCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_REVOKED_get0_serialNumberr}rArBrCr rDrrrrFs z!_RevokedCertificate.serial_numbercCst|j|jj|jSr)rrr)Z X509_REVOKED_get0_revocationDater}r#rrrrevocation_dates z#_RevokedCertificate.revocation_datecCst|j|jSr)r rarr}r#rrrrbsz_RevokedCertificate.extensionsN) rwrxryr rzrFr~rr{rbrrrrr|s   r|c@seZdZddZddZddZddZejd d Z d d Z e d dZ e ddZ e ddZe ddZe ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zejd%d&Zd'd(Zd)S)*_CertificateRevocationListcCs||_||_dSr)r _x509_crl)rrZx509_crlrrrr sz#_CertificateRevocationList.__init__cCs,t|tjstS|jj|j|j}|dkSr%)r&rCertificateRevocationListr(rr)Z X509_CRL_cmprr*rrrr-s z!_CertificateRevocationList.__eq__cCs ||k Srrr.rrrr/sz!_CertificateRevocationList.__ne__cCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nro) rr6rrpr)i2d_X509_CRL_biorrArsr7r8)rr9r:rvr,Zderrrrr;s   z&_CertificateRevocationList.fingerprintcCs@|jj|j}|j||jjjk|jj||jjj}|Sr) rr)Z X509_CRL_duprrArBrCrIZ X509_CRL_free)rduprrr _sorted_crlsz&_CertificateRevocationList._sorted_crlcCsl|jjd}t|j|}|jj|j||}|dkr:dS|j|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rrBr]rr)ZX509_CRL_get0_by_serialrrArCr|)rrFrevokedrEr,rrr(get_revoked_certificate_by_serial_numbers" zC_CertificateRevocationList.get_revoked_certificate_by_serial_numbercCs:|j}z tj|WStk r4td|YnXdSrUrVrYrrrr[s z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr\) rrBr]r)X509_CRL_get0_signaturerrCrArr9rr_r`rrrrW sz2_CertificateRevocationList.signature_algorithm_oidcCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_CRL_get_issuerrrArBrCrrRrrrrSsz!_CertificateRevocationList.issuercCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_CRL_get_nextUpdaterrArBrCr)rZnurrr next_updatesz&_CertificateRevocationList.next_updatecCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_CRL_get_lastUpdaterrArBrCr)rZlurrr last_update!sz&_CertificateRevocationList.last_updatecCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSrc) rrBr]r)rrrCrArrdrrrre'sz$_CertificateRevocationList.signaturecsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrfrcsjj|dSr%rgrhr#rrri6rjz?_CertificateRevocationList.tbs_certlist_bytes..) rrBr]r)Zi2d_re_X509_CRL_tbsrrArIrkrlrr#rtbs_certlist_bytes0s z-_CertificateRevocationList.tbs_certlist_bytescCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |Srn) rrprr3rqr)ZPEM_write_bio_X509_CRLrr4rrrrArsrtrrrr2:s   z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||Sr) rr)X509_CRL_get_REVOKEDrZsk_X509_REVOKED_valuerArBrCr|)ridxrrrrr _revoked_certHsz(_CertificateRevocationList._revoked_certccs"tt|D]}||Vq dSr)rangelenr)rirrr__iter__Nsz#_CertificateRevocationList.__iter__cst|tr8|t\}}}fddt|||DSt|}|dkrV|t7}d|krntkstnt|SdS)Ncsg|]}|qSr)r).0rr#rr Usz:_CertificateRevocationList.__getitem__..r) r&sliceindicesrroperatorindex IndexErrorr)rrstartstopsteprr#r __getitem__Rs   z&_CertificateRevocationList.__getitem__cCs4|jj|j}||jjjkr"dS|jj|SdSr%)rr)rrrBrCZsk_X509_REVOKED_num)rrrrr__len__^sz"_CertificateRevocationList.__len__cCst|j|jSr)r rarrr#rrrrbesz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj |j |j }|dkrH|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.roFT)r&rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrrrr)ZX509_CRL_verifyrZ _evp_pkeyrG)rrNr,rrris_signature_validis  z-_CertificateRevocationList.is_signature_validN)rwrxryr r-r/r;rr{rrrzr[rWrSrrrerr2rrrrrbrrrrrrs:           rc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZdS)_CertificateSigningRequestcCs||_||_dSr)r _x509_req)rrZx509_reqrrrr {sz#_CertificateSigningRequest.__init__cCs2t|tstS|tjj}|tjj}||kSr)r&rr(r2rr3r4)rr+Z self_bytesZ other_bytesrrrr-s  z!_CertificateSigningRequest.__eq__cCs ||k Srrr.rrrr/sz!_CertificateSigningRequest.__ne__cCst|tjjSrr0r#rrrr5sz#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |Sr) rr)X509_REQ_get_pubkeyrrArBrCrIrJrKrLrrrrNsz%_CertificateSigningRequest.public_keycCs2|jj|j}|j||jjjkt|j|Sr)rr)ZX509_REQ_get_subject_namerrArBrCrrTrrrr"sz"_CertificateSigningRequest.subjectcCs:|j}z tj|WStk r4td|YnXdSrUrVrYrrrr[s z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Sr\) rrBr]r)X509_REQ_get0_signaturerrCrArr9rr_r`rrrrWsz2_CertificateSigningRequest.signature_algorithm_oidcs6jjj}jj|fdd}tj|S)Ncs"jj|jjjjjdS)NZX509_EXTENSION_free)rr)Zsk_X509_EXTENSION_pop_freerBZ addressofZ _original_lib)xr#rrris z7_CertificateSigningRequest.extensions..)rr)ZX509_REQ_get_extensionsrrBrIr ra)rZ x509_extsrr#rrbs  z%_CertificateSigningRequest.extensionscCsn|j}|tjjkr*|jj||j}n(|tjjkrJ|jj ||j}nt d|j |dk|j |Srn) rrprr3rqr)ZPEM_write_bio_X509_REQrr4Zi2d_X509_REQ_biorrrArsrtrrrr2s   z'_CertificateSigningRequest.public_bytescsdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nrfrcsjj|dSr%rgrhr#rrrirjzB_CertificateSigningRequest.tbs_certrequest_bytes..) rrBr]r)Zi2d_re_X509_REQ_tbsrrArIrkrlrr#rtbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSrc) rrBr]r)rrrCrArrdrrrresz$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkrd|j dSdS)NroFT) rr)rrrArBrCrIrJZX509_REQ_verifyrG)rrMr,rrrrs z-_CertificateSigningRequest.is_signature_validN)rwrxryr r-r/r5rNrzr"r[rWrr{rbr2rrerrrrrrys(      rc@sheZdZddZeddZeddZeddZed d Zed d Z d dZ ddZ ddZ dS)_SignedCertificateTimestampcCs||_||_||_dSr)rZ _sct_list_sct)rrZsct_listZsctrrrr sz$_SignedCertificateTimestamp.__init__cCs,|jj|j}||jjjks"ttjjj Sr) rr)ZSCT_get_versionrZSCT_VERSION_V1AssertionErrorrcertificate_transparencyr=r>r?rrrr@sz#_SignedCertificateTimestamp.versioncCsH|jjd}|jj|j|}|dks,t|jj|d|ddSNrfr)rrBr]r)ZSCT_get0_log_idrrrk)routZ log_id_lengthrrrlog_ids z"_SignedCertificateTimestamp.log_idcCs4|jj|j}|d}tj|dj|ddS)Ni)Z microsecond)rr)ZSCT_get_timestamprdatetimeZutcfromtimestampreplace)r timestampZ millisecondsrrrrsz%_SignedCertificateTimestamp.timestampcCs,|jj|j}||jjjks"ttjjj Sr) rr)ZSCT_get_log_entry_typerZCT_LOG_ENTRY_TYPE_PRECERTrrrZ LogEntryTypeZPRE_CERTIFICATE)r entry_typerrrrsz&_SignedCertificateTimestamp.entry_typecCsf|jjd}|jj|j|}|j|dk|j|d|jjjk|jj|d|ddSr) rrBr]r)ZSCT_get0_signaturerrArCrk)rZptrptrr,rrr _signatures z&_SignedCertificateTimestamp._signaturecCs t|jSr)r1rr#rrrr5sz$_SignedCertificateTimestamp.__hash__cCst|tstS|j|jkSr)r&rr(rr.rrrr-s z"_SignedCertificateTimestamp.__eq__cCs ||k Srrr.rrrr/!sz"_SignedCertificateTimestamp.__ne__N) rwrxryr rzr@rrrrr5r-r/rrrrrs     r),Z __future__rrrrrZ cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrrrZ0cryptography.hazmat.backends.openssl.encode_asn1rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZregister_interfacer'objectrZRevokedCertificater|rrZCertificateSigningRequestrrZSignedCertificateTimestamprrrrrs, 0   % - o