3 K^N@s2ddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZmZmZmZmZmZddlmZddlmZmZddlmZmZmZejej Gd d d e!Z"ejej#Gd d d e!Z$ejej%Gd dde!Z&ejej'Gddde!Z(ejej)j*Gddde!Z+dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm) _CERTIFICATE_EXTENSION_PARSER$_CERTIFICATE_EXTENSION_PARSER_NO_SCT_CRL_EXTENSION_PARSER_CSR_EXTENSION_PARSER%_REVOKED_CERTIFICATE_EXTENSION_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc)hashes serialization)dsaecrsac@seZdZddZddZddZddZd d Zd d Ze d dZ e ddZ ddZ e ddZ e ddZe ddZe ddZe ddZe ddZejdd Ze d!d"Ze d#d$Zd%d&Zd'S)( _CertificatecCs||_||_dS)N)_backend_x509)selfbackendrrM/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/hazmat/backends/openssl/x509.py__init__sz_Certificate.__init__cCs dj|jS)Nz)formatsubject)rrrr__repr__sz_Certificate.__repr__cCs,t|tjstS|jjj|j|j}|dkS)Nr) isinstancer CertificateNotImplementedr_libZX509_cmpr)rotherresrrr__eq__"s z_Certificate.__eq__cCs ||k S)Nr)rr'rrr__ne__)sz_Certificate.__ne__cCst|jtjjS)N)hash public_bytesrEncodingDER)rrrr__hash__,sz_Certificate.__hash__cCs*tj||j}|j|jtjj|jS)N) rHashrupdater,rr-r.finalize)r algorithmhrrr fingerprint/sz_Certificate.fingerprintcCsF|jjj|j}|dkr tjjS|dkr0tjjStjdj ||dS)Nrz{} is not a valid X509 version) rr&ZX509_get_versionrrVersionv1Zv3InvalidVersionr )rversionrrrr:4sz_Certificate.versioncCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_get_serialNumberropenssl_assert_ffiNULLr )rasn1_intrrr serial_number@sz_Certificate.serial_numbercCsR|jjj|j}||jjjkr0|jjtd|jjj||jjj }|jj |S)Nz,Certificate public key is of an unknown type) rr&ZX509_get_pubkeyrr<r=_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_key)rpkeyrrr public_keyFs  z_Certificate.public_keycCs|jjj|j}t|j|S)N)rr&ZX509_getm_notBeforerr)r asn1_timerrrnot_valid_beforeQsz_Certificate.not_valid_beforecCs|jjj|j}t|j|S)N)rr&ZX509_getm_notAfterrr)rrGrrrnot_valid_afterVsz_Certificate.not_valid_aftercCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_get_issuer_namerr;r<r=r)rissuerrrrrJ[sz_Certificate.issuercCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_get_subject_namerr;r<r=r)rr!rrrr!asz_Certificate.subjectc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)signature_algorithm_oidr_SIG_OIDS_TO_HASHKeyErrorrr )roidrrrsignature_hash_algorithmgs  z%_Certificate.signature_hash_algorithmcCs^|jjjd}|jjj|jjj||j|jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr<newr&X509_get0_signaturer=rr;rr3rObjectIdentifier)ralgrNrrrrKqs z$_Certificate.signature_algorithm_oidcCs.|jjjrtj|j|jStj|j|jSdS)N)rr&Z#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERrparserr )rrrr extensions{s   z_Certificate.extensionscCsR|jjjd}|jjj||jjj|j|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr<rPr&rQr=rr;r)rsigrrr signatures z_Certificate.signaturecsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rr& OPENSSL_free)pointer)rrrsz4_Certificate.tbs_certificate_bytes..) rr<rPr&Zi2d_re_X509_tbsrr;rBbuffer)rppr(r)rrtbs_certificate_bytess z"_Certificate.tbs_certificate_bytescCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr-PEMr&ZPEM_write_bio_X509rr.Z i2d_X509_bio TypeErrorr; _read_mem_bio)rencodingbior(rrrr,s   z_Certificate.public_bytesN)__name__ __module__ __qualname__rr"r)r*r/r5propertyr:r?rFrHrIrJr!rOrKrcached_propertyrUrWr]r,rrrrrs&       rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecCs||_||_||_dS)N)rZ_crl _x509_revoked)rrZcrlZ x509_revokedrrrrsz_RevokedCertificate.__init__cCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_REVOKED_get0_serialNumberrkr;r<r=r )rr>rrrr?sz!_RevokedCertificate.serial_numbercCst|j|jjj|jS)N)rrr&Z X509_REVOKED_get0_revocationDaterk)rrrrrevocation_datesz#_RevokedCertificate.revocation_datecCstj|j|jS)N)r rTrrk)rrrrrUsz_RevokedCertificate.extensionsN) rerfrgrrhr?rlrrirUrrrrrjs  rjc@seZdZddZddZddZddZejd d Z d d Z e d dZ e ddZ e ddZe ddZe ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zejd%d&Zd'd(Zd)S)*_CertificateRevocationListcCs||_||_dS)N)r _x509_crl)rrZx509_crlrrrrsz#_CertificateRevocationList.__init__cCs,t|tjstS|jjj|j|j}|dkS)Nr)r#rCertificateRevocationListr%rr&Z X509_CRL_cmprn)rr'r(rrrr)s z!_CertificateRevocationList.__eq__cCs ||k S)Nr)rr'rrrr*sz!_CertificateRevocationList.__ne__cCsXtj||j}|jj}|jjj||j}|jj|dk|jj|}|j ||j S)Nr^) rr0rr_r&i2d_X509_CRL_biornr;rbr1r2)rr3r4rdr(Zderrrrr5s    z&_CertificateRevocationList.fingerprintcCs@|jjj|j}|jj||jjjk|jjj||jjj}|S)N) rr&Z X509_CRL_duprnr;r<r=rBZ X509_CRL_free)rduprrr _sorted_crlsz&_CertificateRevocationList._sorted_crlcCsl|jjjd}t|j|}|jjj|j||}|dkr:dS|jj|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rr<rPrr&ZX509_CRL_get0_by_serialrrr;r=rj)rr?revokedr>r(rrr(get_revoked_certificate_by_serial_numbers  zC_CertificateRevocationList.get_revoked_certificate_by_serial_numberc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rKrrLrMrr )rrNrrrrOs  z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjjd}|jjj|j|jjj||jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr<rPr&X509_CRL_get0_signaturernr=r;rr3rrR)rrSrNrrrrK s z2_CertificateRevocationList.signature_algorithm_oidcCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_CRL_get_issuerrnr;r<r=r)rrJrrrrJsz!_CertificateRevocationList.issuercCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_CRL_get_nextUpdaternr;r<r=r)rnurrr next_updatesz&_CertificateRevocationList.next_updatecCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_CRL_get_lastUpdaternr;r<r=r)rZlurrr last_update!sz&_CertificateRevocationList.last_updatecCsR|jjjd}|jjj|j||jjj|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr<rPr&rurnr=r;r)rrVrrrrW's z$_CertificateRevocationList.signaturecsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rr&rX)rY)rrrrZ6sz?_CertificateRevocationList.tbs_certlist_bytes..) rr<rPr&Zi2d_re_X509_CRL_tbsrnr;rBr[)rr\r(r)rrtbs_certlist_bytes0s z-_CertificateRevocationList.tbs_certlist_bytescCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enumr^) rr_rr-r`r&ZPEM_write_bio_X509_CRLrnr.rprar;rb)rrcrdr(rrrr,:s    z'_CertificateRevocationList.public_bytescCsD|jjj|j}|jjj||}|jj||jjjkt|j||S)N) rr&X509_CRL_get_REVOKEDrnZsk_X509_REVOKED_valuer;r<r=rj)ridxrsrrrr _revoked_certHsz(_CertificateRevocationList._revoked_certccs&x tt|D]}|j|VqWdS)N)rangelenr})rirrr__iter__Nsz#_CertificateRevocationList.__iter__cst|tr8|jt\}}}fddt|||DStj|}|dkrV|t7}d|koltknsvtj|SdS)Ncsg|]}j|qSr)r}).0r)rrr Usz:_CertificateRevocationList.__getitem__..r) r#sliceindicesrr~operatorindex IndexErrorr})rr{startstopstepr)rr __getitem__Rs   z&_CertificateRevocationList.__getitem__cCs4|jjj|j}||jjjkr"dS|jjj|SdS)Nr)rr&rzrnr<r=Zsk_X509_REVOKED_num)rrsrrr__len__^sz"_CertificateRevocationList.__len__cCstj|j|jS)N)r rTrrn)rrrrrUesz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj j |j |j }|dkrH|jj dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.r^FT)r#rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrarr&ZX509_CRL_verifyrnZ _evp_pkeyr@)rrFr(rrris_signature_validis    z-_CertificateRevocationList.is_signature_validN)rerfrgrr)r*r5rrirrrtrhrOrKrJrwrxrWryr,r}rrrrUrrrrrrms(       rmc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZdS)_CertificateSigningRequestcCs||_||_dS)N)r _x509_req)rrZx509_reqrrrr{sz#_CertificateSigningRequest.__init__cCs2t|tstS|jtjj}|jtjj}||kS)N)r#rr%r,rr-r.)rr'Z self_bytesZ other_bytesrrrr)s  z!_CertificateSigningRequest.__eq__cCs ||k S)Nr)rr'rrrr*sz!_CertificateSigningRequest.__ne__cCst|jtjjS)N)r+r,rr-r.)rrrrr/sz#_CertificateSigningRequest.__hash__cCsH|jjj|j}|jj||jjjk|jjj||jjj}|jj |S)N) rr&X509_REQ_get_pubkeyrr;r<r=rBrCrD)rrErrrrFsz%_CertificateSigningRequest.public_keycCs2|jjj|j}|jj||jjjkt|j|S)N)rr&ZX509_REQ_get_subject_namerr;r<r=r)rr!rrrr!sz"_CertificateSigningRequest.subjectc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rKrrLrMrr )rrNrrrrOs  z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjjd}|jjj|j|jjj||jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr<rPr&X509_REQ_get0_signaturerr=r;rr3rrR)rrSrNrrrrKs z2_CertificateSigningRequest.signature_algorithm_oidcs6jjjj}jjj|fdd}tjj|S)Ncs"jjj|jjjjjjdS)NZX509_EXTENSION_free)rr&Zsk_X509_EXTENSION_pop_freer< addressofZ _original_lib)x)rrrrZs z7_CertificateSigningRequest.extensions..)rr&ZX509_REQ_get_extensionsrr<rBr rT)rZ x509_extsr)rrrUs z%_CertificateSigningRequest.extensionscCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enumr^) rr_rr-r`r&ZPEM_write_bio_X509_REQrr.Zi2d_X509_REQ_biorar;rb)rrcrdr(rrrr,s    z'_CertificateSigningRequest.public_bytescsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rr&rX)rY)rrrrZszB_CertificateSigningRequest.tbs_certrequest_bytes..) rr<rPr&Zi2d_re_X509_REQ_tbsrr;rBr[)rr\r(r)rrtbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjjd}|jjj|j||jjj|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr<rPr&rrr=r;r)rrVrrrrWs z$_CertificateSigningRequest.signaturecCsh|jjj|j}|jj||jjjk|jjj||jjj}|jjj |j|}|dkrd|jj dSdS)Nr^FT) rr&rrr;r<r=rBrCZX509_REQ_verifyr@)rrEr(rrrrs z-_CertificateSigningRequest.is_signature_validN)rerfrgrr)r*r/rFrhr!rOrKrrirUr,rrWrrrrrrys    rc@sheZdZddZeddZeddZeddZed d Zed d Z d dZ ddZ ddZ dS)_SignedCertificateTimestampcCs||_||_||_dS)N)rZ _sct_list_sct)rrZsct_listZsctrrrrsz$_SignedCertificateTimestamp.__init__cCs,|jjj|j}||jjjks"ttjjj S)N) rr&ZSCT_get_versionrZSCT_VERSION_V1AssertionErrorrcertificate_transparencyr7r8)rr:rrrr:sz#_SignedCertificateTimestamp.versioncCsH|jjjd}|jjj|j|}|dks,t|jjj|d|ddS)Nzunsigned char **r)rr<rPr&ZSCT_get0_log_idrrr[)routZ log_id_lengthrrrlog_ids z"_SignedCertificateTimestamp.log_idcCs4|jjj|j}|d}tjj|dj|ddS)Ni) microsecond)rr&ZSCT_get_timestamprdatetimeutcfromtimestampreplace)r timestampZ millisecondsrrrrs  z%_SignedCertificateTimestamp.timestampcCs,|jjj|j}||jjjks"ttjjj S)N) rr&ZSCT_get_log_entry_typerZCT_LOG_ENTRY_TYPE_PRECERTrrrZ LogEntryTypeZPRE_CERTIFICATE)r entry_typerrrrsz&_SignedCertificateTimestamp.entry_typecCsf|jjjd}|jjj|j|}|jj|dk|jj|d|jjjk|jjj|d|ddS)Nzunsigned char **r) rr<rPr&ZSCT_get0_signaturerr;r=r[)rZptrptrr(rrr _signatures z&_SignedCertificateTimestamp._signaturecCs t|jS)N)r+r)rrrrr/sz$_SignedCertificateTimestamp.__hash__cCst|tstS|j|jkS)N)r#rr%r)rr'rrrr)s z"_SignedCertificateTimestamp.__eq__cCs ||k S)Nr)rr'rrrr*!sz"_SignedCertificateTimestamp.__ne__N) rerfrgrrhr:rrrrr/r)r*rrrrrs     r), __future__rrrrrZ cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrrrZ0cryptography.hazmat.backends.openssl.encode_asn1rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZregister_interfacer$objectrZRevokedCertificaterjrormZCertificateSigningRequestrrZSignedCertificateTimestamprrrrrs* 0  %-o