3 K^;6@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZmZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d Z d d Z!d dZ"ddZ#ddZ$ej%eGddde&Z'ej%eGddde&Z(dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm) _CRL_ENTRY_REASON_CODE_TO_ENUM_OCSP_BASICRESP_EXT_PARSER_OCSP_REQ_EXT_PARSER_OCSP_SINGLERESP_EXT_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate) serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcstjfdd}|S)Ncs(|jtjkrtdn|f|SdS)NzCOCSP response status is not successful so the property has no value)response_statusr SUCCESSFUL ValueError)selfargs)funcM/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/hazmat/backends/openssl/ocsp.pywrappers z._requires_successful_response..wrapper) functoolswraps)rr"r )rr!_requires_successful_responses r%cCs^|jjd}|jj|jj|jj||jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r)_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr )backendcert_idZkey_hashresr r r!_issuer_key_hash(s  r0cCs^|jjd}|jj||jj|jj|jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r&r)r'r(r)r*r+r,r )r-r.Z name_hashr/r r r!_issuer_name_hash3s r1cCs^|jjd}|jj|jj|jj|jj||}|j|dk|j|d|jjkt||dS)NzASN1_INTEGER **r&r)r'r(r)r*r+r,r )r-r.numr/r r r!_serial_number>s  r3c Cs|jjd}|jj|jj||jj|jj|}|j|dk|j|d|jjkt||d}yt|Stk rt dj |YnXdS)NzASN1_OBJECT **r&rz*Signature algorithm OID: {} not recognized) r'r(r)r*r+r,rrKeyErrorrformat)r-r.Zasn1objr/oidr r r!_hash_algorithmIs r7c@sbeZdZddZejdZeeddZ eeddZ eedd Z eed d Z eed d Z eeddZeeddZddZeeddZeeddZeeddZeeddZeeddZeeddZeed d!Zeed"d#Zeed$d%Zeed&d'Zejed(d)Zejed*d+Zd,d-Zd.S)/ _OCSPResponsecCs||_||_|jjj|j}|jj|tkt||_|jtjkr|jjj |j}|jj||jj j k|jj j ||jjj |_|jj|jjj|jdk|jjj|jd|_|jj|j|jj j k|jjj|j|_|jj|j|jj j kdS)Nr&r)_backend_ocsp_responser)ZOCSP_response_statusr,r_statusrrZOCSP_response_get1_basicr'r+gcZOCSP_BASICRESP_free_basicZOCSP_resp_countZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)rr-Z ocsp_responsestatusbasicr r r!__init__\s(   z_OCSPResponse.__init__r;cCs>|jjj|j}|jj||jjjkt|j|j}t j |S)N) r9r)ZOCSP_resp_get0_tbs_sigalgr=r,r'r+r algorithmrZObjectIdentifier)rZalgr6r r r!signature_algorithm_oidzsz%_OCSPResponse.signature_algorithm_oidc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rDrZ_SIG_OIDS_TO_HASHr4rr5)rr6r r r!signature_hash_algorithms  z&_OCSPResponse.signature_hash_algorithmcCs2|jjj|j}|jj||jjjkt|j|S)N)r9r)ZOCSP_resp_get0_signaturer=r,r'r+r )rsigr r r! signaturesz_OCSPResponse.signaturecsjjjj}jj|jjjkjjjd}jjj||}jj|djjjkjjj |fdd}jj|dkjjj |d|ddS)Nzunsigned char **rcsjjj|dS)Nr)r9r)Z OPENSSL_free)pointer)rr r!sz2_OCSPResponse.tbs_response_bytes..) r9r)ZOCSP_resp_get0_respdatar=r,r'r+r(Zi2d_OCSP_RESPDATAr<buffer)rZrespdatappr/r )rr!tbs_response_bytessz _OCSPResponse.tbs_response_bytescCsz|jjj|j}|jjj|}g}xRt|D]F}|jjj||}|jj||jjj kt |j|}||_ |j |q,W|S)N) r9r)ZOCSP_resp_get0_certsr=Z sk_X509_numrangeZ sk_X509_valuer,r'r+rZ _ocsp_respappend)rZsk_x509r2certsircertr r r! certificatess z_OCSPResponse.certificatescCs.|j\}}||jjjkrdSt|j|SdS)N)_responder_key_namer9r'r+r )r_ asn1_stringr r r!responder_key_hashs z _OCSPResponse.responder_key_hashcCs.|j\}}||jjjkrdSt|j|SdS)N)rSr9r'r+r)r x509_namerTr r r!responder_names z_OCSPResponse.responder_namecCsP|jjjd}|jjjd}|jjj|j||}|jj|dk|d|dfS)NzASN1_OCTET_STRING **z X509_NAME **r&r)r9r'r(r)ZOCSP_resp_get0_idr=r,)rrUrWr/r r r!rSs  z!_OCSPResponse._responder_key_namecCs|jjj|j}t|j|S)N)r9r)ZOCSP_resp_get0_produced_atr=r)r produced_atr r r!rYsz_OCSPResponse.produced_atcCsH|jjj|j|jjj|jjj|jjj|jjj}|jj|tkt|S)N)r9r)OCSP_single_get0_statusr>r'r+r,r)rr@r r r!certificate_statuss z _OCSPResponse.certificate_statuscCsr|jtjk rdS|jjjd}|jjj|j|jjj ||jjj |jjj |jj |d|jjj kt |j|dS)NzASN1_GENERALIZEDTIME **r) r[rREVOKEDr9r'r(r)rZr>r+r,r)r asn1_timer r r!revocation_times  z_OCSPResponse.revocation_timecCs||jtjk rdS|jjjd}|jjj|j||jjj |jjj |jjj |ddkrXdS|jj |dt kt |dSdS)Nzint *rr&) r[rr\r9r'r(r)rZr>r+r,r)rZ reason_ptrr r r!revocation_reasons   z_OCSPResponse.revocation_reasoncCsb|jjjd}|jjj|j|jjj|jjj||jjj|jj|d|jjjkt|j|dS)NzASN1_GENERALIZEDTIME **r) r9r'r(r)rZr>r+r,r)rr]r r r! this_update s z_OCSPResponse.this_updatecCsb|jjjd}|jjj|j|jjj|jjj|jjj||d|jjjkrZt|j|dSdSdS)NzASN1_GENERALIZEDTIME **r)r9r'r(r)rZr>r+r)rr]r r r! next_updatesz_OCSPResponse.next_updatecCst|j|jS)N)r0r9r?)rr r r!issuer_key_hash*sz_OCSPResponse.issuer_key_hashcCst|j|jS)N)r1r9r?)rr r r!issuer_name_hash/sz_OCSPResponse.issuer_name_hashcCst|j|jS)N)r7r9r?)rr r r!hash_algorithm4sz_OCSPResponse.hash_algorithmcCst|j|jS)N)r3r9r?)rr r r! serial_number9sz_OCSPResponse.serial_numbercCstj|j|jS)N)r parser9r=)rr r r! extensions>sz_OCSPResponse.extensionscCstj|j|jS)N)r rgr9r>)rr r r!single_extensionsCsz_OCSPResponse.single_extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rEncodingDERrr9_create_mem_bio_gcr)Zi2d_OCSP_RESPONSE_bior:r, _read_mem_bio)rencodingbior/r r r! public_bytesJs   z_OCSPResponse.public_bytesN)__name__ __module__ __qualname__rBrZread_only_propertyrpropertyr%rDrErGrLrRrVrXrSrYr[r^r`rarbrcrdrerfcached_propertyrhrirpr r r r!r8ZsT      r8c@sZeZdZddZeddZeddZeddZed d Ze j d d Z d dZ dS) _OCSPRequestcCs~|jj|dkrtd||_||_|jjj|jd|_|jj|j|jjj k|jjj |j|_ |jj|j |jjj kdS)Nr&z+OCSP request contains more than one requestr) r)ZOCSP_request_onereq_countNotImplementedErrorr9 _ocsp_requestZOCSP_request_onereq_get0_requestr,r'r+ZOCSP_onereq_get0_idr?)rr-Z ocsp_requestr r r!rBZs z_OCSPRequest.__init__cCst|j|jS)N)r0r9r?)rr r r!rchsz_OCSPRequest.issuer_key_hashcCst|j|jS)N)r1r9r?)rr r r!rdlsz_OCSPRequest.issuer_name_hashcCst|j|jS)N)r3r9r?)rr r r!rfpsz_OCSPRequest.serial_numbercCst|j|jS)N)r7r9r?)rr r r!retsz_OCSPRequest.hash_algorithmcCstj|j|jS)N)r rgr9rx)rr r r!rhxsz_OCSPRequest.extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rrjrkrr9rlr)Zi2d_OCSP_REQUEST_biorxr,rm)rrnror/r r r!rp|s  z_OCSPRequest.public_bytesN) rqrrrsrBrtrcrdrfrerrurhrpr r r r!rvXs    rv)) __future__rrrr#Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrrZ)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr%r0r1r3r7Zregister_interfaceobjectr8rvr r r r!s" ,  $   ~