B \'@sjddlmZmZmZddlZddlZddlZddlZddlm Z ddl m Z ddl Z ddl mZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd lmZdd lmZm Z m!Z!m"Z"d dZ#Gddde$Z%Gddde$Z&e 'ej(Gddde)Z*Gddde)Z+e,e*Gddde)Z-e,e*Gddde)Z.e,e*Gddde)Z/e,e*Gddde)Z0Gdd d e)Z1e,e*Gd!d"d"e)Z2e,e*Gd#d$d$e)Z3e,e*Gd%d&d&e)Z4e,e*Gd'd(d(e)Z5Gd)d*d*e)Z6Gd+d,d,e Z7e,e*Gd-d.d.e)Z8e,e*Gd/d0d0e)Z9Gd1d2d2e)Z:Gd3d4d4e)Z;Gd5d6d6e)Ze,e*Gd;d<dd>e)Z@Gd?d@d@e ZAeBdAdBeADZCe,e*GdCdDdDe)ZDe,e*GdEdFdFe)ZEe,e*GdGdHdHe)ZFGdIdJdJe)ZGGdKdLdLe)ZHe,e*GdMdNdNe)ZIe,e*GdOdPdPe)ZJe,e*GdQdRdRe)ZKe,e*GdSdTdTe)ZLe,e*GdUdVdVe)ZMe,e*GdWdXdXe)ZNe,e*GdYdZdZe)ZOe,e*Gd[d\d\e)ZPe,e*Gd]d^d^e)ZQdS)_)absolute_importdivisionprint_functionN)Enum) PublicKeyInfo)utils) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)SignedCertificateTimestamp) GeneralName IPAddress OtherName)RelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifiercCstt|tr |tjjtjj}nFt|tr@|tjj tjj }n&|tjjtjj }t t |d}t|S)N public_key) isinstancer Z public_bytesr ZEncodingZDERZ PublicFormatZPKCS1r ZX962ZUncompressedPointZSubjectPublicKeyInfobytesrloadhashlibZsha1digest)rdataZ serializedr;lib/python3.7/site-packages/cryptography/x509/extensions.py_key_identifier_from_public_keys     rcseZdZfddZZS)DuplicateExtensioncstt||||_dS)N)superr__init__oid)selfmsgr") __class__rrr!7szDuplicateExtension.__init__)__name__ __module__ __qualname__r! __classcell__rr)r%rr6srcseZdZfddZZS)ExtensionNotFoundcstt||||_dS)N)r r*r!r")r#r$r")r%rrr!=szExtensionNotFound.__init__)r&r'r(r!r)rr)r%rr*<sr*c@seZdZejddZdS) ExtensionTypecCsdS)zK Returns the oid associated with the given extension type. Nr)r#rrrr"DszExtensionType.oidN)r&r'r(abcabstractpropertyr"rrrrr+Bsr+c@sDeZdZddZddZddZddZd d Zd d Zd dZ dS) ExtensionscCs ||_dS)N) _extensions)r# extensionsrrrr!LszExtensions.__init__cCs0x|D]}|j|kr|SqWtd||dS)NzNo {} extension was found)r"r*format)r#r"extrrrget_extension_for_oidOs  z Extensions.get_extension_for_oidcCsD|tkrtdx|D]}t|j|r|SqWtd||jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.zNo {} extension was found)UnrecognizedExtension TypeErrorrvaluer*r1r")r#Zextclassr2rrrget_extension_for_classVs  z"Extensions.get_extension_for_classcCs t|jS)N)iterr/)r#rrr__iter__fszExtensions.__iter__cCs t|jS)N)lenr/)r#rrr__len__iszExtensions.__len__cCs |j|S)N)r/)r#idxrrr __getitem__lszExtensions.__getitem__cCs d|jS)Nz)r1r/)r#rrr__repr__oszExtensions.__repr__N) r&r'r(r!r3r7r9r;r=r>rrrrr.Ksr.c@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLNumbercCst|tjstd||_dS)Nzcrl_number must be an integer)rsix integer_typesr5 _crl_number)r# crl_numberrrrr!ys zCRLNumber.__init__cCst|tstS|j|jkS)N)rr?NotImplementedrC)r#otherrrr__eq__s zCRLNumber.__eq__cCs ||k S)Nr)r#rErrr__ne__szCRLNumber.__ne__cCs t|jS)N)hashrC)r#rrr__hash__szCRLNumber.__hash__cCs d|jS)Nz)r1rC)r#rrrr>szCRLNumber.__repr__rBN)r&r'r(rZ CRL_NUMBERr"r!rFrGrIr>rread_only_propertyrCrrrrr?usr?c@speZdZejZddZeddZeddZ ddZ d d Z d d Z d dZ edZedZedZdS)AuthorityKeyIdentifiercCst|dk|dkkrtd|dk rBt|}tdd|DsBtd|dk r^t|tjs^td||_||_||_ dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecss|]}t|tVqdS)N)rr ).0xrrr sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) ValueErrorlistallr5rr@rA_key_identifier_authority_cert_issuer_authority_cert_serial_number)r#key_identifierauthority_cert_issuerauthority_cert_serial_numberrrrr!s"   zAuthorityKeyIdentifier.__init__cCst|}||dddS)N)rUrVrW)r)clsrrrrrfrom_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keycCs||jjdddS)N)rUrVrW)r6r)rXZskirrr"from_issuer_subject_key_identifiersz9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercCs d|S)Nz)r1)r#rrrr>szAuthorityKeyIdentifier.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrKrDrUrVrW)r#rErrrrFs    zAuthorityKeyIdentifier.__eq__cCs ||k S)Nr)r#rErrrrGszAuthorityKeyIdentifier.__ne__cCs,|jdkrd}n t|j}t|j||jfS)N)rVtuplerHrUrW)r#ZacirrrrIs   zAuthorityKeyIdentifier.__hash__rRrSrTN)r&r'r(rZAUTHORITY_KEY_IDENTIFIERr"r! classmethodrYrZr>rFrGrIrrJrUrVrWrrrrrKs    rKc@sPeZdZejZddZeddZe dZ ddZ dd Z d d Zd d ZdS)SubjectKeyIdentifiercCs ||_dS)N)_digest)r#rrrrr!szSubjectKeyIdentifier.__init__cCs |t|S)N)r)rXrrrrfrom_public_keysz$SubjectKeyIdentifier.from_public_keyr^cCs d|jS)Nz$)r1r)r#rrrr>szSubjectKeyIdentifier.__repr__cCst|tstSt|j|jS)N)rr]rDrZbytes_eqr)r#rErrrrFs zSubjectKeyIdentifier.__eq__cCs ||k S)Nr)r#rErrrrGszSubjectKeyIdentifier.__ne__cCs t|jS)N)rHr)r#rrrrIszSubjectKeyIdentifier.__hash__N)r&r'r(rZSUBJECT_KEY_IDENTIFIERr"r!r\r_rrJrr>rFrGrIrrrrr]s  r]c@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS)AuthorityInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rAccessDescription)rLrMrrrrNsz6AuthorityInformationAccess.__init__..z@Every item in the descriptions list must be an AccessDescription)rPrQr5 _descriptions)r#Z descriptionsrrrr! s z#AuthorityInformationAccess.__init__cCs t|jS)N)r8rb)r#rrrr9sz#AuthorityInformationAccess.__iter__cCs t|jS)N)r:rb)r#rrrr;sz"AuthorityInformationAccess.__len__cCs d|jS)Nz )r1rb)r#rrrr>sz#AuthorityInformationAccess.__repr__cCst|tstS|j|jkS)N)rr`rDrb)r#rErrrrFs z!AuthorityInformationAccess.__eq__cCs ||k S)Nr)r#rErrrrG%sz!AuthorityInformationAccess.__ne__cCs |j|S)N)rb)r#r<rrrr=(sz&AuthorityInformationAccess.__getitem__cCstt|jS)N)rHr[rb)r#rrrrI+sz#AuthorityInformationAccess.__hash__N)r&r'r(rZAUTHORITY_INFORMATION_ACCESSr"r!r9r;r>rFrGr=rIrrrrr`s r`c@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)racCs4t|tstdt|ts$td||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)rrr5r _access_method_access_location)r# access_methodaccess_locationrrrr!0s   zAccessDescription.__init__cCs d|S)NzY)r1)r#rrrr>:szAccessDescription.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrarDrerf)r#rErrrrF@s  zAccessDescription.__eq__cCs ||k S)Nr)r#rErrrrGIszAccessDescription.__ne__cCst|j|jfS)N)rHrerf)r#rrrrILszAccessDescription.__hash__rcrdN) r&r'r(r!r>rFrGrIrrJrerfrrrrra/s   rac@sNeZdZejZddZedZ edZ ddZ ddZ d d Z d d Zd S)BasicConstraintscCsZt|tstd|dk r&|s&td|dk rJt|tjrB|dkrJtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)rboolr5rOr@rA_ca _path_length)r#ca path_lengthrrrr!Ws  zBasicConstraints.__init__rirjcCs d|S)Nz:)r1)r#rrrr>lszBasicConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrgrDrkrl)r#rErrrrFps zBasicConstraints.__eq__cCs ||k S)Nr)r#rErrrrGvszBasicConstraints.__ne__cCst|j|jfS)N)rHrkrl)r#rrrrIyszBasicConstraints.__hash__N)r&r'r(rZBASIC_CONSTRAINTSr"r!rrJrkrlr>rFrGrIrrrrrgSs  rgc@sDeZdZejZddZedZ ddZ ddZ dd Z d d Z d S) DeltaCRLIndicatorcCst|tjstd||_dS)Nzcrl_number must be an integer)rr@rAr5rB)r#rCrrrr!s zDeltaCRLIndicator.__init__rBcCst|tstS|j|jkS)N)rrmrDrC)r#rErrrrFs zDeltaCRLIndicator.__eq__cCs ||k S)Nr)r#rErrrrGszDeltaCRLIndicator.__ne__cCs t|jS)N)rHrC)r#rrrrIszDeltaCRLIndicator.__hash__cCs d|S)Nz.)r1)r#rrrr>szDeltaCRLIndicator.__repr__N)r&r'r(rZDELTA_CRL_INDICATORr"r!rrJrCrFrGrIr>rrrrrm}s rmc@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS)CRLDistributionPointscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rDistributionPoint)rLrMrrrrNsz1CRLDistributionPoints.__init__..z?distribution_points must be a list of DistributionPoint objects)rPrQr5_distribution_points)r#distribution_pointsrrrr!s zCRLDistributionPoints.__init__cCs t|jS)N)r8rp)r#rrrr9szCRLDistributionPoints.__iter__cCs t|jS)N)r:rp)r#rrrr;szCRLDistributionPoints.__len__cCs d|jS)Nz)r1rp)r#rrrr>szCRLDistributionPoints.__repr__cCst|tstS|j|jkS)N)rrnrDrp)r#rErrrrFs zCRLDistributionPoints.__eq__cCs ||k S)Nr)r#rErrrrGszCRLDistributionPoints.__ne__cCs |j|S)N)rp)r#r<rrrr=sz!CRLDistributionPoints.__getitem__cCstt|jS)N)rHr[rp)r#rrrrIszCRLDistributionPoints.__hash__N)r&r'r(rZCRL_DISTRIBUTION_POINTSr"r!r9r;r>rFrGr=rIrrrrrns rnc@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS) FreshestCRLcCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rro)rLrMrrrrNsz'FreshestCRL.__init__..z?distribution_points must be a list of DistributionPoint objects)rPrQr5rp)r#rqrrrr!s zFreshestCRL.__init__cCs t|jS)N)r8rp)r#rrrr9szFreshestCRL.__iter__cCs t|jS)N)r:rp)r#rrrr;szFreshestCRL.__len__cCs d|jS)Nz)r1rp)r#rrrr>szFreshestCRL.__repr__cCst|tstS|j|jkS)N)rrrrDrp)r#rErrrrFs zFreshestCRL.__eq__cCs ||k S)Nr)r#rErrrrGszFreshestCRL.__ne__cCs |j|S)N)rp)r#r<rrrr=szFreshestCRL.__getitem__cCstt|jS)N)rHr[rp)r#rrrrIszFreshestCRL.__hash__N)r&r'r(rZ FRESHEST_CRLr"r!r9r;r>rFrGr=rIrrrrrrs rrc@s\eZdZddZddZddZddZd d Ze d Z e d Z e d Z e dZ dS)rocCs|r|rtd|r6t|}tdd|Ds6td|rLt|tsLtd|rrt|}tdd|Dsrtd|rt|trtdd|Dstd |rtj|kstj |krtd |r|s|s|std ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.css|]}t|tVqdS)N)rr )rLrMrrrrNsz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdS)N)rr )rLrMrrrrNsz2crl_issuer must be None or a list of general namescss|]}t|tVqdS)N)r ReasonFlags)rLrMrrrrNsz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rOrPrQr5rr frozensetrs unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r# full_name relative_namereasons crl_issuerrrrr!s@   zDistributionPoint.__init__cCs d|S)Nz})r1)r#rrrr> szDistributionPoint.__repr__cCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkS)N)rrorDr{r|r}r~)r#rErrrrF's     zDistributionPoint.__eq__cCs ||k S)Nr)r#rErrrrG2szDistributionPoint.__ne__cCsH|jdk rt|j}nd}|jdk r0t|j}nd}t||j|j|fS)N)r{r[r~rHr|r})r#fnr~rrrrI5s    zDistributionPoint.__hash__rwrxryrzN)r&r'r(r!r>rFrGrIrrJr{r|r}r~rrrrros4    roc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rsruZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) r&r'r(ruZkey_compromiseZ ca_compromiseZaffiliation_changedrZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiservrrrrrsHsrsc@sNeZdZejZddZddZddZddZ d d Z e d Z e d Zd S)PolicyConstraintscCs`|dk rt|tjstd|dk r8t|tjs8td|dkrP|dkrPtd||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)rr@rAr5rO_require_explicit_policy_inhibit_policy_mapping)r#require_explicit_policyinhibit_policy_mappingrrrr!Ys    zPolicyConstraints.__init__cCs d|S)Nz{)r1)r#rrrr>rszPolicyConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrDrr)r#rErrrrFys  zPolicyConstraints.__eq__cCs ||k S)Nr)r#rErrrrGszPolicyConstraints.__ne__cCst|j|jfS)N)rHrr)r#rrrrIszPolicyConstraints.__hash__rrN)r&r'r(rZPOLICY_CONSTRAINTSr"r!r>rFrGrIrrJrrrrrrrUs rc@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS)CertificatePoliciescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rPolicyInformation)rLrMrrrrNsz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rPrQr5 _policies)r#Zpoliciesrrrr!s zCertificatePolicies.__init__cCs t|jS)N)r8r)r#rrrr9szCertificatePolicies.__iter__cCs t|jS)N)r:r)r#rrrr;szCertificatePolicies.__len__cCs d|jS)Nz)r1r)r#rrrr>szCertificatePolicies.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zCertificatePolicies.__eq__cCs ||k S)Nr)r#rErrrrGszCertificatePolicies.__ne__cCs |j|S)N)r)r#r<rrrr=szCertificatePolicies.__getitem__cCstt|jS)N)rHr[r)r#rrrrIszCertificatePolicies.__hash__N)r&r'r(rZCERTIFICATE_POLICIESr"r!r9r;r>rFrGr=rIrrrrrs rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCsHt|tstd||_|r>t|}tdd|Ds>td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|]}t|tjtfVqdS)N)rr@Z text_type UserNotice)rLrMrrrrNsz-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)rrr5_policy_identifierrPrQ_policy_qualifiers)r#policy_identifierpolicy_qualifiersrrrr!s  zPolicyInformation.__init__cCs d|S)Nze)r1)r#rrrr>szPolicyInformation.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrDrr)r#rErrrrFs  zPolicyInformation.__eq__cCs ||k S)Nr)r#rErrrrGszPolicyInformation.__ne__cCs(|jdk rt|j}nd}t|j|fS)N)rr[rHr)r#ZpqrrrrIs  zPolicyInformation.__hash__rrN) r&r'r(r!r>rFrGrIrrJrrrrrrrs  rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs&|rt|tstd||_||_dS)Nz2notice_reference must be None or a NoticeReference)rNoticeReferencer5_notice_reference_explicit_text)r#notice_reference explicit_textrrrr!s zUserNotice.__init__cCs d|S)NzV)r1)r#rrrr>szUserNotice.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrDrr)r#rErrrrFs  zUserNotice.__eq__cCs ||k S)Nr)r#rErrrrGszUserNotice.__ne__cCst|j|jfS)N)rHrr)r#rrrrI szUserNotice.__hash__rrN) r&r'r(r!r>rFrGrIrrJrrrrrrrs   rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdS)N)rint)rLrMrrrrNsz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrPrQr5_notice_numbers)r# organizationnotice_numbersrrrr!s zNoticeReference.__init__cCs d|S)NzU)r1)r#rrrr>szNoticeReference.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrDrr)r#rErrrrF!s  zNoticeReference.__eq__cCs ||k S)Nr)r#rErrrrG*szNoticeReference.__ne__cCst|jt|jfS)N)rHrr[r)r#rrrrI-szNoticeReference.__hash__rrN) r&r'r(r!r>rFrGrIrrJrrrrrrrs   rc@sJeZdZejZddZddZddZddZ d d Z d d Z d dZ dS)ExtendedKeyUsagecCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rLrMrrrrN:sz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rPrQr5_usages)r#Zusagesrrrr!8s zExtendedKeyUsage.__init__cCs t|jS)N)r8r)r#rrrr9AszExtendedKeyUsage.__iter__cCs t|jS)N)r:r)r#rrrr;DszExtendedKeyUsage.__len__cCs d|jS)Nz)r1r)r#rrrr>GszExtendedKeyUsage.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFJs zExtendedKeyUsage.__eq__cCs ||k S)Nr)r#rErrrrGPszExtendedKeyUsage.__ne__cCstt|jS)N)rHr[r)r#rrrrISszExtendedKeyUsage.__hash__N) r&r'r(rZEXTENDED_KEY_USAGEr"r!r9r;r>rFrGrIrrrrr4s rc@seZdZejZdS) OCSPNoCheckN)r&r'r(rZ OCSP_NO_CHECKr"rrrrrWsrc@seZdZejZdS) PrecertPoisonN)r&r'r(rZPRECERT_POISONr"rrrrr\src@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS) TLSFeaturecCs8t|}tdd|Dr&t|dkr.td||_dS)Ncss|]}t|tVqdS)N)rTLSFeatureType)rLrMrrrrNhsz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rPrQr:r5 _features)r#Zfeaturesrrrr!es  zTLSFeature.__init__cCs t|jS)N)r8r)r#rrrr9rszTLSFeature.__iter__cCs t|jS)N)r:r)r#rrrr;uszTLSFeature.__len__cCs d|S)Nz$)r1)r#rrrr>xszTLSFeature.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrF{s zTLSFeature.__eq__cCs |j|S)N)r)r#r<rrrr=szTLSFeature.__getitem__cCs ||k S)Nr)r#rErrrrGszTLSFeature.__ne__cCstt|jS)N)rHr[r)r#rrrrIszTLSFeature.__hash__N)r&r'r(rZ TLS_FEATUREr"r!r9r;r>rFr=rGrIrrrrras rc@seZdZdZdZdS)rN)r&r'r(Zstatus_requestZstatus_request_v2rrrrrsrccs|]}|j|fVqdS)N)r6)rLrMrrrrNsrNc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InhibitAnyPolicycCs.t|tjstd|dkr$td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)rr@rAr5rO _skip_certs)r# skip_certsrrrr!s  zInhibitAnyPolicy.__init__cCs d|S)Nz-)r1)r#rrrr>szInhibitAnyPolicy.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zInhibitAnyPolicy.__eq__cCs ||k S)Nr)r#rErrrrGszInhibitAnyPolicy.__ne__cCs t|jS)N)rHr)r#rrrrIszInhibitAnyPolicy.__hash__rN)r&r'r(rZINHIBIT_ANY_POLICYr"r!r>rFrGrIrrJrrrrrrs rc@seZdZejZddZedZ edZ edZ edZ edZ edZed Zed d Zed d ZddZddZddZddZdS)KeyUsagec CsN|s|s | rtd||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) rO_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r#digital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyrrrr!s zKeyUsage.__init__rrrrrrrcCs|jstdn|jSdS)Nz7encipher_only is undefined unless key_agreement is true)rrOr)r#rrrrszKeyUsage.encipher_onlycCs|jstdn|jSdS)Nz7decipher_only is undefined unless key_agreement is true)rrOr)r#rrrrszKeyUsage.decipher_onlycCs<y|j}|j}Wntk r,d}d}YnXd|||S)Na-)rrrOr1)r#rrrrrr>s  zKeyUsage.__repr__cCszt|tstS|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j |j kox|j |j kox|j |j kS)N) rrrDrrrrrrrrr)r#rErrrrFs         zKeyUsage.__eq__cCs ||k S)Nr)r#rErrrrG szKeyUsage.__ne__c Cs,t|j|j|j|j|j|j|j|j|j f S)N) rHrrrrrrrrr)r#rrrrI s zKeyUsage.__hash__N)r&r'r(rZ KEY_USAGEr"r!rrJrrrrrrrpropertyrrr>rFrGrIrrrrrs        rc@sVeZdZejZddZddZddZddZ d d Z d d Z e d Ze dZdS)NameConstraintscCs|dk r4t|}tdd|Ds*td|||dk rht|}tdd|Ds^td|||dkr|dkrtd||_||_dS)Ncss|]}t|tVqdS)N)rr )rLrMrrrrNsz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonecss|]}t|tVqdS)N)rr )rLrMrrrrN+sz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rPrQr5_validate_ip_namerO_permitted_subtrees_excluded_subtrees)r#permitted_subtreesexcluded_subtreesrrrr!s&  zNameConstraints.__init__cCs&t|tstS|j|jko$|j|jkS)N)rrrDrr)r#rErrrrF=s  zNameConstraints.__eq__cCs ||k S)Nr)r#rErrrrGFszNameConstraints.__ne__cCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdS)N)rrr6 ipaddressZ IPv4NetworkZ IPv6Network)rLnamerrrrNJsz4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyr5)r#ZtreerrrrIs z!NameConstraints._validate_ip_namecCs d|S)Nze)r1)r#rrrr>RszNameConstraints.__repr__cCs@|jdk rt|j}nd}|jdk r0t|j}nd}t||fS)N)rr[rrH)r#ZpsZesrrrrIXs    zNameConstraints.__hash__rrN)r&r'r(rZNAME_CONSTRAINTSr"r!rFrGrr>rIrrJrrrrrrrs"   rc@sReZdZddZedZedZedZddZ dd Z d d Z d d Z dS) ExtensioncCs:t|tstdt|ts$td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)rrr5rh_oid _critical_value)r#r"criticalr6rrrr!js  zExtension.__init__rrrcCs d|S)Nz@)r1)r#rrrr>{szExtension.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrrDr"rr6)r#rErrrrFs    zExtension.__eq__cCs ||k S)Nr)r#rErrrrGszExtension.__ne__cCst|j|j|jfS)N)rHr"rr6)r#rrrrIszExtension.__hash__N) r&r'r(r!rrJr"rr6r>rFrGrIrrrrris    rc@sTeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ dS) GeneralNamescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr )rLrMrrrrNsz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rPrQr5_general_names)r# general_namesrrrr!s zGeneralNames.__init__cCs t|jS)N)r8r)r#rrrr9szGeneralNames.__iter__cCs t|jS)N)r:r)r#rrrr;szGeneralNames.__len__cs0fdd|D}tkr(dd|D}t|S)Nc3s|]}t|r|VqdS)N)r)rLi)typerrrNsz3GeneralNames.get_values_for_type..css|] }|jVqdS)N)r6)rLrrrrrNs)rrP)r#rZobjsr)rrget_values_for_typesz GeneralNames.get_values_for_typecCs d|jS)Nz)r1r)r#rrrr>szGeneralNames.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zGeneralNames.__eq__cCs ||k S)Nr)r#rErrrrGszGeneralNames.__ne__cCs |j|S)N)r)r#r<rrrr=szGeneralNames.__getitem__cCstt|jS)N)rHr[r)r#rrrrIszGeneralNames.__hash__N) r&r'r(r!r9r;rr>rFrGr=rIrrrrrs  rc@sZeZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ ddZdS)SubjectAlternativeNamecCst||_dS)N)rr)r#rrrrr!szSubjectAlternativeName.__init__cCs t|jS)N)r8r)r#rrrr9szSubjectAlternativeName.__iter__cCs t|jS)N)r:r)r#rrrr;szSubjectAlternativeName.__len__cCs |j|S)N)rr)r#rrrrrsz*SubjectAlternativeName.get_values_for_typecCs d|jS)Nz)r1r)r#rrrr>szSubjectAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zSubjectAlternativeName.__eq__cCs |j|S)N)r)r#r<rrrr=sz"SubjectAlternativeName.__getitem__cCs ||k S)Nr)r#rErrrrGszSubjectAlternativeName.__ne__cCs t|jS)N)rHr)r#rrrrIszSubjectAlternativeName.__hash__N)r&r'r(rZSUBJECT_ALTERNATIVE_NAMEr"r!r9r;rr>rFr=rGrIrrrrrsrc@sZeZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ ddZdS)IssuerAlternativeNamecCst||_dS)N)rr)r#rrrrr!szIssuerAlternativeName.__init__cCs t|jS)N)r8r)r#rrrr9szIssuerAlternativeName.__iter__cCs t|jS)N)r:r)r#rrrr;szIssuerAlternativeName.__len__cCs |j|S)N)rr)r#rrrrrsz)IssuerAlternativeName.get_values_for_typecCs d|jS)Nz)r1r)r#rrrr>szIssuerAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zIssuerAlternativeName.__eq__cCs ||k S)Nr)r#rErrrrGszIssuerAlternativeName.__ne__cCs |j|S)N)r)r#r<rrrr=sz!IssuerAlternativeName.__getitem__cCs t|jS)N)rHr)r#rrrrIszIssuerAlternativeName.__hash__N)r&r'r(rZISSUER_ALTERNATIVE_NAMEr"r!r9r;rr>rFrGr=rIrrrrrsrc@sZeZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ ddZdS)CertificateIssuercCst||_dS)N)rr)r#rrrrr!szCertificateIssuer.__init__cCs t|jS)N)r8r)r#rrrr9 szCertificateIssuer.__iter__cCs t|jS)N)r:r)r#rrrr; szCertificateIssuer.__len__cCs |j|S)N)rr)r#rrrrrsz%CertificateIssuer.get_values_for_typecCs d|jS)Nz)r1r)r#rrrr>szCertificateIssuer.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zCertificateIssuer.__eq__cCs ||k S)Nr)r#rErrrrGszCertificateIssuer.__ne__cCs |j|S)N)r)r#r<rrrr=szCertificateIssuer.__getitem__cCs t|jS)N)rHr)r#rrrrI"szCertificateIssuer.__hash__N)r&r'r(rZCERTIFICATE_ISSUERr"r!r9r;rr>rFrGr=rIrrrrrsrc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLReasoncCst|tstd||_dS)Nz*reason must be an element from ReasonFlags)rrsr5_reason)r#reasonrrrr!*s zCRLReason.__init__cCs d|jS)Nz)r1r)r#rrrr>0szCRLReason.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrF3s zCRLReason.__eq__cCs ||k S)Nr)r#rErrrrG9szCRLReason.__ne__cCs t|jS)N)rHr)r#rrrrI<szCRLReason.__hash__rN)r&r'r(rZ CRL_REASONr"r!r>rFrGrIrrJrrrrrr&src@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InvalidityDatecCst|tjstd||_dS)Nz+invalidity_date must be a datetime.datetime)rdatetimer5_invalidity_date)r#invalidity_daterrrr!Fs zInvalidityDate.__init__cCs d|jS)Nz$)r1r)r#rrrr>LszInvalidityDate.__repr__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFQs zInvalidityDate.__eq__cCs ||k S)Nr)r#rErrrrGWszInvalidityDate.__ne__cCs t|jS)N)rHr)r#rrrrIZszInvalidityDate.__hash__rN)r&r'r(rZINVALIDITY_DATEr"r!r>rFrGrIrrJrrrrrrBsrc@sReZdZejZddZddZddZddZ d d Z d d Z d dZ ddZ dS))PrecertificateSignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr )rLZsctrrrrNgszEPrecertificateSignedCertificateTimestamps.__init__..zYEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamp)rPrQr5_signed_certificate_timestamps)r#Zsigned_certificate_timestampsrrrr!ds z2PrecertificateSignedCertificateTimestamps.__init__cCs t|jS)N)r8r)r#rrrr9psz2PrecertificateSignedCertificateTimestamps.__iter__cCs t|jS)N)r:r)r#rrrr;ssz1PrecertificateSignedCertificateTimestamps.__len__cCs |j|S)N)r)r#r<rrrr=vsz5PrecertificateSignedCertificateTimestamps.__getitem__cCsdt|S)Nz/)r1rP)r#rrrr>ysz2PrecertificateSignedCertificateTimestamps.__repr__cCstt|jS)N)rHr[r)r#rrrrIsz2PrecertificateSignedCertificateTimestamps.__hash__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs z0PrecertificateSignedCertificateTimestamps.__eq__cCs ||k S)Nr)r#rErrrrGsz0PrecertificateSignedCertificateTimestamps.__ne__N)r&r'r(rZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr"r!r9r;r=r>rIrFrGrrrrr`s  rc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) OCSPNoncecCst|tstd||_dS)Nznonce must be bytes)rrr5_nonce)r#noncerrrr!s zOCSPNonce.__init__cCst|tstS|j|jkS)N)rrrDr)r#rErrrrFs zOCSPNonce.__eq__cCs ||k S)Nr)r#rErrrrGszOCSPNonce.__ne__cCs t|jS)N)rHr)r#rrrrIszOCSPNonce.__hash__cCs d|S)Nz)r1)r#rrrr>szOCSPNonce.__repr__rN)r&r'r(rZNONCEr"r!rFrGrIr>rrJrrrrrrsrc@seZdZejZddZddZddZddZ d d Z e d Z e d Ze d Ze dZe dZe dZe dZdS)IssuingDistributionPointc Cs|r(t|tr tdd|Ds(td|rHtj|ks@tj|krHtdt|trpt|trpt|trpt|tsxtd||||g}t dd|Ddkrtd t |||||||gstd ||_ ||_ ||_ ||_||_||_||_dS) Ncss|]}t|tVqdS)N)rrs)rLrMrrrrNsz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSrr)rLrMrrr sz5IssuingDistributionPoint.__init__..zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rrtrQr5rsrurvrOrhr:r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrwrx) r#r{r|only_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsZcrl_constraintsrrrr!sD        z!IssuingDistributionPoint.__init__cCs d|S)NaG)r1)r#rrrr>sz!IssuingDistributionPoint.__repr__cCsbt|tstS|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j |j kS)N) rrrDr{r|rrrrr)r#rErrrrFs       zIssuingDistributionPoint.__eq__cCs ||k S)Nr)r#rErrrrGszIssuingDistributionPoint.__ne__cCs$t|j|j|j|j|j|j|jfS)N)rHr{r|rrrrr)r#rrrrIsz!IssuingDistributionPoint.__hash__rwrxrrrrrN)r&r'r(rZISSUING_DISTRIBUTION_POINTr"r!r>rFrGrIrrJr{r|rrrrrrrrrrs F     rc@sHeZdZddZedZedZddZddZ d d Z d d Z d S)r4cCs"t|tstd||_||_dS)Nzoid must be an ObjectIdentifier)rrr5rr)r#r"r6rrrr!0s zUnrecognizedExtension.__init__rrcCs d|S)Nz7)r1)r#rrrr>9szUnrecognizedExtension.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rr4rDr"r6)r#rErrrrF@s zUnrecognizedExtension.__eq__cCs ||k S)Nr)r#rErrrrGFszUnrecognizedExtension.__ne__cCst|j|jfS)N)rHr"r6)r#rrrrIIszUnrecognizedExtension.__hash__N) r&r'r(r!rrJr"r6r>rFrGrIrrrrr4.s  r4)RZ __future__rrrr,rrrenumrZasn1crypto.keysrr@Z cryptographyrZcryptography.hazmat.primitivesrr Z,cryptography.hazmat.primitives.asymmetric.ecr Z-cryptography.hazmat.primitives.asymmetric.rsar Z*cryptography.x509.certificate_transparencyr Zcryptography.x509.general_namer rrZcryptography.x509.namerZcryptography.x509.oidrrrrr Exceptionrr*Z add_metaclassABCMetaobjectr+r.Zregister_interfacer?rKr]r`rargrmrnrrrorsrrrrrrrrrrdictZ_TLS_FEATURE_TYPE_TO_ENUMrrrrrrrrrrrrrr4rrrrs       *Y&$)((] <&2%$") ^Q'-"""/