3 K^)\@sddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZddZd d Zd d Zd dZddZddZddZddZddZddZddZddZdd Z d!d"Z!d#d$Z"d%d&Z#d'd(Z$d)d*Z%d+d,Z&d-d.Z'd/d0Z(d1d2Z)d3d4Z*d5d6Z+d7d8Z,d9d:Z-d;d<Z.d=d>Z/d?d@Z0e j1j2dAe j1j3dBe j1j4dCe j1j5dDe j1j6dEe j1j7dFe j1j8dGe j1j9dHiZ:dIdJZ;dKdLZdQdRZ?dSdTZ@dUdVZAdWdXZBejCe)ejDe-ejEe'ejFe,ejGe,ejHe0ejIe(ejJe"ejKe*ejLe>ejMe>ejNeejOe&ejPe?ejQe@iZRejGe,ejIe(ejKe*ejSeejTeejUeejMe>iZVejWe,ejXe ejYe!iZZej[eBiZ\ej[eBiZ]dS)Y)absolute_importdivisionprint_functionN)utilsx509)_CRL_ENTRY_REASON_ENUM_TO_CODE_DISTPOINT_TYPE_FULLNAME_DISTPOINT_TYPE_RELATIVENAME) _ASN1Type)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDcCsD|j|}|jj||jj}|jj||jj}|j||jjk|S)a Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. )Z _int_to_bn_ffigc_libZBN_freeZBN_to_ASN1_INTEGERNULLopenssl_assert)backendxirT/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/hazmat/backends/openssl/encode_asn1.py_encode_asn1_ints rcCs t||}|jj||jj}|S)N)rrrrZASN1_INTEGER_free)rrrrrr_encode_asn1_int_gc+s rcCs0|jj}|jj||t|}|j|dk|S)z@ Create an ASN1_OCTET_STRING from a Python byte string. )rZASN1_OCTET_STRING_newZASN1_OCTET_STRING_setlenr)rdatasresrrr_encode_asn1_str1s rcCs<|jj}|jj||jdt|jd}|j|dk|S)z Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. utf8r)rZASN1_UTF8STRING_newASN1_STRING_setencoderr)rstringrrrrr_encode_asn1_utf8_str;s  r$cCs t||}|jj||jj}|S)N)rrrrZASN1_OCTET_STRING_free)rrrrrr_encode_asn1_str_gcIs r%cCs t||jS)N)rZ skip_certs)rZinhibit_any_policyrrr_encode_inhibit_any_policyOsr&cCsp|jj}x`|jD]V}d}xL|D]D}t||}|jj||jj}|jj||d|}|j|dkd}q WqW|S)zP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. rrr') rZ X509_NAME_newZrdns_encode_name_entryrrZX509_NAME_ENTRY_freeZX509_NAME_add_entryr)rnamesubjectZrdnZset_flag attribute name_entryrrrr _encode_nameSs       r-cCs t||}|jj||jj}|S)N)r-rrrZX509_NAME_free)r attributesr*rrr_encode_name_gcgs r/cCsB|jj}x2|D]*}t||}|jj||}|j|dkqW|S)z: The sk_X509_NAME_ENTRY created will not be gc'd. r)rZsk_X509_NAME_ENTRY_new_nullr(Zsk_X509_NAME_ENTRY_pushr)rr.stackr+r,rrrr_encode_sk_name_entryms    r1cCsr|jtjkr|jjd}n&|jtjkr4|jjd}n |jjd}t||jj}|j j |j j ||jj|t |}|S)N utf_16_be utf_32_ber )_typer Z BMPStringvaluer"ZUniversalString _txt2obj_gcoid dotted_stringrZX509_NAME_ENTRY_create_by_OBJrrr)rr+r5objr,rrrr(ys   r(cCs t||jS)N)rZ crl_number)rextrrr&_encode_crl_number_delta_crl_indicatorsr;cCs|jj}|j||jjk|jj||jj}|jr8dnd|_|j rHdnd|_ |j rXdnd|_ |j rhdnd|_|jrt||j|_|jrt||j|_|jrt||j|_|S)Nr)rZISSUING_DIST_POINT_newrrrrZISSUING_DIST_POINT_freeZonly_contains_user_certsZonlyuserZonly_contains_ca_certsZonlyCAZ indirect_crlZ indirectCRLZonly_contains_attribute_certsZonlyattrZonly_some_reasons_encode_reasonflagsZonlysomereasons full_name_encode_full_name distpoint relative_name_encode_relative_name)rr:Zidprrr_encode_issuing_dist_points  rCcCsT|jj}|j||jjk|jj||jj}|jj|t|j }|j|dk|S)Nr) rZASN1_ENUMERATED_newrrrrZASN1_ENUMERATED_freeZASN1_ENUMERATED_setrreason)rZ crl_reasonZasn1enumrrrr_encode_crl_reasons rEcCsF|jj|jjtj|jj}|j||jjk|jj ||jj }|S)N) rZASN1_GENERALIZEDTIME_setrrcalendartimegminvalidity_date timetuplerrZASN1_GENERALIZEDTIME_free)rrHtimerrr_encode_invalidity_dates  rKc Cs|jj}|j||jjk|jj||jj}xh|D]^}|jj}|j||jjk|jj||}|j|dkt ||j j }||_ |j r6|jj}|j||jjkx|j D]}|jj} |j| |jjk|jj|| }|j|dkt|tjr"t |tjj | _t||jd| j_qt|tjs4tt |tjj | _|jj} |j| |jjk| | j_|j r~t!||j | _"t#||j$| _%qW||_&q6W|S)Nrascii)'rZsk_POLICYINFO_new_nullrrrrZsk_POLICYINFO_freeZPOLICYINFO_newZsk_POLICYINFO_push_txt2objZpolicy_identifierr8ZpolicyidZpolicy_qualifiersZsk_POLICYQUALINFO_new_nullZPOLICYQUALINFO_newZsk_POLICYQUALINFO_push isinstancesix text_typerZOID_CPS_QUALIFIERZpqualidrr"dZcpsuriZ UserNoticeAssertionErrorZOID_CPS_USER_NOTICEZUSERNOTICE_newZ usernoticeZ explicit_textr$Zexptext_encode_notice_referenceZnotice_referenceZ noticerefZ qualifiers) rZcertificate_policiescpZ policy_infopirr7ZpqisZ qualifierZpqiZunrrr_encode_certificate_policiessJ        rVcCs|dkr|jjS|jj}|j||jjkt||j|_|jj}||_x4|j D]*}t ||}|jj ||}|j|dkqRW|SdS)Nr) rrrZ NOTICEREF_newrr$Z organizationZsk_ASN1_INTEGER_new_nullZ noticenosZnotice_numbersrZsk_ASN1_INTEGER_push)rnoticenrZ notice_stacknumbernumrrrrrSs    rScCs.|jd}|jj|d}|j||jjk|S)z_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. rLr)r"r OBJ_txt2objrrr)rr)r9rrrrMs rMcCs t||}|jj||jj}|S)N)rMrrrZASN1_OBJECT_free)rr)r9rrrr6 s r6cCs |jjS)N)rZ ASN1_NULL_new)rr:rrr_encode_ocsp_nochecksr\cCsb|jj}|jj}|jj||jj}||d|j}|j|dk||d|j}|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk||d|j }|j|dk|j r*||d|j}|j|dk||d |j}|j|dkn4||dd}|j|dk||d d}|j|dk|S) Nrr)rASN1_BIT_STRING_set_bitASN1_BIT_STRING_newrrZASN1_BIT_STRING_freeZdigital_signaturerZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_only)rZ key_usageZset_bitZkurrrr_encode_key_usages6   rfcCsz|jj}|j||jjk|jj||jj}|jdk rFt||j|_ |j dk r^t ||j |_ |j dk rvt||j |_|S)N)rZAUTHORITY_KEYID_newrrrrZAUTHORITY_KEYID_freeZkey_identifierrZkeyidZauthority_cert_issuer_encode_general_namesZissuerZauthority_cert_serial_numberrserial)rZauthority_keyidZakidrrr _encode_authority_key_identifier5s       ricCsN|jj}|jj||jj}|jr&dnd|_|jrJ|jdk rJt||j|_|S)Nr<r) rZBASIC_CONSTRAINTS_newrrZBASIC_CONSTRAINTS_freecaZ path_lengthrpathlen)rZbasic_constraints constraintsrrr_encode_basic_constraintsLs   rmcsjj}j|jjkjj|fdd}xV|D]N}jj}t|jj }t |j |j ||_ jj||}j|dkq8W|S)Ncsjj|jjjjdS)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freer addressofZ _original_lib)r)rrr_sz6_encode_authority_information_access..r)rZsk_ACCESS_DESCRIPTION_new_nullrrrrZACCESS_DESCRIPTION_newrMZ access_methodr8!_encode_general_name_preallocatedZaccess_locationlocationmethodZsk_ACCESS_DESCRIPTION_push)rZauthority_info_accessZaiaZaccess_descriptionadrrrr)rr$_encode_authority_information_accessZs    rtcCsT|jj}|j||jjkx2|D]*}t||}|jj||}|j|dkq"W|S)Nr)rZGENERAL_NAMES_newrrr_encode_general_nameZsk_GENERAL_NAME_push)rnames general_namesr)gnrrrrrgts   rgcCs t||}|jj||jj}|S)N)rgrrrZGENERAL_NAMES_free)rsanrwrrr_encode_alt_names  rzcCs t||jS)N)r%digest)rZskirrr_encode_subject_key_identifiersr|cCs|jj}t||||S)N)rZGENERAL_NAME_newrp)rr)rxrrrrus  rucCsRt|tjr~|j||jjk|jj|_|jj }|j||jjk|j j d}|jj ||t |}|j|dk||j_nt|tjr|j||jjk|jj|_|jj|j jj dd}|j||jjk||j_nrt|tjr|j||jjkt||j }|jj|_||j_n0t|tjr|j||jjkt|j tjrn|j jjtjd |j j d}n|j j d}n|j j}t"||} |jj#|_| |j_$nt|tj%r|j||jjk|jj&} |j| |jjk|jj|j'jj dd} |j| |jjk|jj(d|j } |jj(d } | | d <|jj)|jj| t |j }||jjkr|j*t+d | | _'|| _ |jj,|_| |j_-nt|tj.r|j||jjk|j j d} t"|| }|jj/|_||j_0nXt|tj1r@|j||jjk|j j d} t"|| }|jj2|_||j_3nt+d j4|dS)Nr rrL r_zunsigned char[]zunsigned char **rzInvalid ASN.1 dataz!{} is an unknown GeneralName typel)5rNrZDNSNamerrrrZGEN_DNStypeZASN1_IA5STRING_newr5r"r!rrQZdNSNameZ RegisteredIDZGEN_RIDr[r8Z registeredIDZ DirectoryNamer-Z GEN_DIRNAMEZ directoryNameZ IPAddress ipaddress IPv4Networknetwork_addresspackedrZ int_to_bytes num_addresses IPv6NetworkrZ GEN_IPADDZ iPAddressZ OtherNameZ OTHERNAME_newtype_idnewZ d2i_ASN1_TYPEZ_consume_errors ValueErrorZ GEN_OTHERNAMEZ otherNameZ RFC822NameZ GEN_EMAILZ rfc822NameZUniformResourceIdentifierZGEN_URIZuniformResourceIdentifierformat)rr)rxZia5r5rr9Zdir_nameripaddrZ other_namerrZ data_ptr_ptrZasn1_strrrrrps                          rpcCsV|jj}|jj||jj}x4|D],}t||j}|jj||}|j|dkq"W|S)Nr) rZsk_ASN1_OBJECT_new_nullrrZsk_ASN1_OBJECT_freerMr8Zsk_ASN1_OBJECT_pushr)rZextended_key_usageZekur7r9rrrr_encode_extended_key_usages   rrr]r^r_r`rarbrccCsP|jj}|j||jjkx.|D]&}|jj|t|d}|j|dkq"W|S)Nr)rrerrrrd_CRLREASONFLAGS)rreasonsZbitmaskrDrrrrr=s  r=cCs4|jj}|j||jjkt|_t|||j_ |S)N) rDIST_POINT_NAME_newrrrrrrgr)fullname)rr>dpnrrrr? s  r?cCs4|jj}|j||jjkt|_t|||j_ |S)N) rrrrrr rr1r)Z relativename)rrArrrrrBs  rBcCs|jj}|jj||jj}x|D]}|jj}|j||jjk|jrVt ||j|_|j rjt ||j |_ |j r~t||j |_ |jrt||j|_|jj||}|j|dkq"W|S)Nr)rZsk_DIST_POINT_new_nullrrZsk_DIST_POINT_freeZDIST_POINT_newrrrr=r>r?r@rArBZ crl_issuerrgZ CRLissuerZsk_DIST_POINT_push)rZcdpsZcdpZpointZdprrrr_encode_cdps_freshest_crls    rcCsV|jj}|j||jjk|jj||jj}t||j}||_ t||j }||_ |S)N) rZNAME_CONSTRAINTS_newrrrrZNAME_CONSTRAINTS_free_encode_general_subtreeZpermitted_subtreesZpermittedSubtreesZexcluded_subtreesZexcludedSubtrees)rZname_constraintsZncZ permittedZexcludedrrr_encode_name_constraints5s   rcCsb|jj}|j||jjk|jj||jj}|jdk rFt||j|_ |j dk r^t||j |_ |S)N) rZPOLICY_CONSTRAINTS_newrrrrZPOLICY_CONSTRAINTS_freeZrequire_explicit_policyrZrequireExplicitPolicyZinhibit_policy_mappingZinhibitPolicyMapping)rZpolicy_constraintsZpcrrr_encode_policy_constraintsEs     rcCs`|dkr|jjS|jj}x<|D]4}|jj}t|||_|jj||}|dks tq W|SdS)Nr) rrrZsk_GENERAL_SUBTREE_new_nullZGENERAL_SUBTREE_newrubaseZsk_GENERAL_SUBTREE_pushrR)rZsubtreesZgeneral_subtreesr)ZgsrrrrrVs    rcCs t||jS)N)r%nonce)rrrrr _encode_noncedsr)^ __future__rrrrFrrOZ cryptographyrrZ0cryptography.hazmat.backends.openssl.decode_asn1rrr Zcryptography.x509.namer Zcryptography.x509.oidr r r rrrr$r%r&r-r/r1r(r;rCrErKrVrSrMr6r\rfrirmrtrgrzr|rurprZ ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr=r?rBrrrrrZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZISSUER_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZCERTIFICATE_POLICIESZAUTHORITY_INFORMATION_ACCESSZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZINHIBIT_ANY_POLICYZ OCSP_NO_CHECKZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_ENCODE_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_ENCODE_HANDLERSZCERTIFICATE_ISSUERZ CRL_REASONZINVALIDITY_DATEZ$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSZNONCEZ'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSZ)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSrrrrs     1   X