ó /<õ\c@`sddlmZmZmZddlZddlZddlmZddlZddl m Z ddlmZddl mZmZmZiejƒd6ejƒd6ejƒd 6ejƒd 6ejƒd6Zdefd „ƒYZdefd„ƒYZed„eDƒƒZejejejejejfZd„Zdefd„ƒYZed„eDƒƒZd„Zd„Z de!fd„ƒYZ"de!fd„ƒYZ#de!fd„ƒYZ$ej%ej&ƒde!fd„ƒYƒZ'ej%ej&ƒde!fd „ƒYƒZ(dS(!i(tabsolute_importtdivisiontprint_functionN(tEnum(tx509(thashes(t_EARLIEST_UTC_TIMEt_convert_to_naive_utc_timet_reject_duplicate_extensions 1.3.14.3.2.26s2.16.840.1.101.3.4.2.4s2.16.840.1.101.3.4.2.1s2.16.840.1.101.3.4.2.2s2.16.840.1.101.3.4.2.3tOCSPResponderEncodingcB`seZdZdZRS(sBy HashsBy Name(t__name__t __module__tHASHtNAME(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR stOCSPResponseStatuscB`s,eZdZdZdZdZdZdZRS(iiiiii(R Rt SUCCESSFULtMALFORMED_REQUESTtINTERNAL_ERRORt TRY_LATERtSIG_REQUIREDtUNAUTHORIZED(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR"scc`s|]}|j|fVqdS(N(tvalue(t.0tx((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pys +scC`s"t|tƒstdƒ‚ndS(Ns9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512(t isinstancet_ALLOWED_HASHESt ValueError(t algorithm((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyt_verify_algorithm2stOCSPCertStatuscB`seZdZdZdZRS(iii(R RtGOODtREVOKEDtUNKNOWN(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR9scc`s|]}|j|fVqdS(N(R(RR((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pys ?scC`sddlm}|j|ƒS(Ni(tbackend(t,cryptography.hazmat.backends.openssl.backendR!tload_der_ocsp_request(tdataR!((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR#BscC`sddlm}|j|ƒS(Ni(R!(R"R!tload_der_ocsp_response(R$R!((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR%GstOCSPRequestBuildercB`s2eZdgd„Zd„Zd„Zd„ZRS(cC`s||_||_dS(N(t_requestt_extensions(tselftrequestt extensions((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyt__init__Ms cC`sv|jdk rtdƒ‚nt|ƒt|tjƒsNt|tjƒr]tdƒ‚nt|||f|j ƒS(Ns.Only one certificate can be added to a requests%cert and issuer must be a Certificate( R'tNoneRRRRtCertificatet TypeErrorR&R((R)tcerttissuerR((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytadd_certificateQs cC`sct|tjƒs!tdƒ‚ntj|j||ƒ}t||jƒt|j |j|gƒS(Ns"extension must be an ExtensionType( RRt ExtensionTypeR/t ExtensiontoidRR(R&R'(R)t extensiontcritical((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyt add_extension^scC`s;ddlm}|jdkr.tdƒ‚n|j|ƒS(Ni(R!s*You must add a certificate before building(R"R!R'R-Rtcreate_ocsp_request(R)R!((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytbuildisN(R RR-R,R2R8R:(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR&Ls t_SingleResponsecB`seZd„ZRS(c C`s¶t|tjƒs&t|tjƒr5tdƒ‚nt|ƒt|tjƒs`tdƒ‚n|dk rŽt|tjƒrŽtdƒ‚n||_||_||_ ||_ ||_t|tƒsÙtdƒ‚n|tj k r!|dk rtdƒ‚n|dk r—tdƒ‚q—nvt|tjƒsBtdƒ‚nt|ƒ}|tkritdƒ‚n|dk r—t|tjƒr—td ƒ‚n||_||_||_dS( Ns%cert and issuer must be a Certificates%this_update must be a datetime objects-next_update must be a datetime object or Nones8cert_status must be an item from the OCSPCertStatus enumsBrevocation_time can only be provided if the certificate is revokedsDrevocation_reason can only be provided if the certificate is revokeds)revocation_time must be a datetime objects7The revocation_time must be on or after 1950 January 1.sCrevocation_reason must be an item from the ReasonFlags enum or None(RRR.R/RtdatetimeR-t_certt_issuert _algorithmt_this_updatet_next_updateRRRRRtReasonFlagst_cert_statust_revocation_timet_revocation_reason( R)R0R1Rtcert_statustthis_updatetnext_updatetrevocation_timetrevocation_reason((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR,rsH (R RR,(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR;qstOCSPResponseBuildercB`sYeZdddgd„Zd„Zd„Zd„Zd„Zd„Ze d„ƒZ RS(cC`s(||_||_||_||_dS(N(t _responset _responder_idt_certsR((R)tresponsetresponder_idtcertsR+((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR,°s c C`s[|jdk rtdƒ‚nt||||||||ƒ} t| |j|j|jƒS(Ns#Only one response per OCSPResponse.(RLR-RR;RKRMRNR(( R)R0R1RRFRGRHRIRJt singleresp((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytadd_response·s cC`s|jdk rtdƒ‚nt|tjƒs?tdƒ‚nt|tƒs]tdƒ‚nt|j ||f|j |jƒS(Ns!responder_id can only be set onces$responder_cert must be a Certificates6encoding must be an element from OCSPResponderEncoding(RMR-RRRR.R/R RKRLRNR((R)tencodingtresponder_cert((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRPÅscC`sŒ|jdk rtdƒ‚nt|ƒ}t|ƒdkrKtdƒ‚ntd„|Dƒƒsptdƒ‚nt|j|j ||j ƒS(Ns!certificates may only be set onceiscerts must not be an empty listcs`s!|]}t|tjƒVqdS(N(RRR.(RR((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pys Úss$certs must be a list of Certificates(RNR-RtlisttlentallR/RKRLRMR((R)RQ((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytcertificatesÔscC`sot|tjƒs!tdƒ‚ntj|j||ƒ}t||jƒt|j |j |j|j|gƒS(Ns"extension must be an ExtensionType(RRR3R/R4R5RR(RKRLRMRN(R)R6R7((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR8áscC`s†ddlm}|jdkr.tdƒ‚n|jdkrLtdƒ‚nt|tjƒsmt dƒ‚n|j tj|||ƒS(Ni(R!s&You must add a response before signings*You must add a responder_id before signings.Algorithm must be a registered hash algorithm.( R"R!RLR-RRMRRt HashAlgorithmR/tcreate_ocsp_responseRR(R)tprivate_keyRR!((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytsigníscC`sbddlm}t|tƒs.tdƒ‚n|tjkrLtdƒ‚n|j|dddƒS(Ni(R!s7response_status must be an item from OCSPResponseStatuss$response_status cannot be SUCCESSFUL( R"R!RRR/RRR[R-(tclstresponse_statusR!((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytbuild_unsuccessfulûsN(R RR-R,RSRPRYR8R]tclassmethodR`(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRK¯s tOCSPRequestcB`steZejd„ƒZejd„ƒZejd„ƒZejd„ƒZejd„ƒZ ejd„ƒZ RS(cC`sdS(s3 The hash of the issuer public key N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytissuer_key_hash tcC`sdS(s- The hash of the issuer name N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytissuer_name_hashRdcC`sdS(sK The hash algorithm used in the issuer name and key hashes N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pythash_algorithmRdcC`sdS(sM The serial number of the cert whose status is being checked N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyt serial_numberRdcC`sdS(s/ Serializes the request to DER N((R)RT((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytpublic_bytes!RdcC`sdS(sP The list of request extensions. Not single request extensions. N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR+'Rd(R RtabctabstractpropertyRcReRfRgtabstractmethodRhR+(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRbstOCSPResponsecB`s^eZejd„ƒZejd„ƒZejd„ƒZejd„ƒZejd„ƒZejd„ƒZ ejd„ƒZ ejd„ƒZejd„ƒZejd „ƒZ ejd „ƒZejd„ƒZejd„ƒZejd „ƒZejd„ƒZejd„ƒZejd„ƒZejd„ƒZejd„ƒZRS(cC`sdS(sm The status of the response. This is a value from the OCSPResponseStatus enumeration N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR_0RdcC`sdS(sA The ObjectIdentifier of the signature algorithm N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytsignature_algorithm_oid7RdcC`sdS(sX Returns a HashAlgorithm corresponding to the type of the digest signed N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytsignature_hash_algorithm=RdcC`sdS(s% The signature bytes N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyt signatureCRdcC`sdS(s+ The tbsResponseData bytes N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyttbs_response_bytesIRdcC`sdS(s» A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRYORdcC`sdS(s2 The responder's key hash or None N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytresponder_key_hashWRdcC`sdS(s. The responder's Name or None N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytresponder_name]RdcC`sdS(s4 The time the response was produced N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytproduced_atcRdcC`sdS(sY The status of the certificate (an element from the OCSPCertStatus enum) N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pytcertificate_statusiRdcC`sdS(s^ The date of when the certificate was revoked or None if not revoked. N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRIoRdcC`sdS(si The reason the certificate was revoked or None if not specified or not revoked. N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRJvRdcC`sdS(s The most recent time at which the status being indicated is known by the responder to have been correct N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRG}RdcC`sdS(sC The time when newer information will be available N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRH„RdcC`sdS(s3 The hash of the issuer public key N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRcŠRdcC`sdS(s- The hash of the issuer name N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyReRdcC`sdS(sK The hash algorithm used in the issuer name and key hashes N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRf–RdcC`sdS(sM The serial number of the cert whose status is being checked N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRgœRdcC`sdS(sR The list of response extensions. Not single response extensions. N((R)((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyR+¢Rd(R RRiRjR_RmRnRoRpRYRqRrRsRtRIRJRGRHRcReRfRgR+(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyRl.s&()t __future__RRRRiR<tenumRtsixtcryptographyRtcryptography.hazmat.primitivesRtcryptography.x509.baseRRRtSHA1tSHA224tSHA256tSHA384tSHA512t _OIDS_TO_HASHR Rtdictt_RESPONSE_STATUS_TO_ENUMRRRt_CERT_STATUS_TO_ENUMR#R%tobjectR&R;RKt add_metaclasstABCMetaRbRl(((s5lib/python2.7/site-packages/cryptography/x509/ocsp.pyts< %>Y%