3 K^W@sddlmZmZmZddlZddlZddlZddlZddlZddl m Z ddl Z ddl m Z ddlmZmZmZmZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd l m!Z!dd l"m#Z#m$Z$m%Z%m&Z&d dZ'ddZ(Gddde)Z*Gddde)Z+e j,ej-Gddde.Z/Gddde.Z0e j1e/Gddde.Z2e j1e/Gddde.Z3e j1e/Gddde.Z4e j1e/Gdd d e.Z5Gd!d"d"e.Z6e j1e/Gd#d$d$e.Z7e j1e/Gd%d&d&e.Z8e j1e/Gd'd(d(e.Z9e j1e/Gd)d*d*e.Z:Gd+d,d,e.Z;Gd-d.d.e ZGd3d4d4e.Z?Gd5d6d6e.Z@Gd7d8d8e.ZAe j1e/Gd9d:d:e.ZBe j1e/Gd;d<dd>e.ZDe j1e/Gd?d@d@e.ZEGdAdBdBe ZFdCdDeFDZGe j1e/GdEdFdFe.ZHe j1e/GdGdHdHe.ZIe j1e/GdIdJdJe.ZJGdKdLdLe.ZKGdMdNdNe.ZLe j1e/GdOdPdPe.ZMe j1e/GdQdRdRe.ZNe j1e/GdSdTdTe.ZOe j1e/GdUdVdVe.ZPe j1e/GdWdXdXe.ZQe j1e/GdYdZdZe.ZRe j1e/Gd[d\d\e.ZSe j1e/Gd]d^d^e.ZTe j1e/Gd_d`d`e.ZUdS)a)absolute_importdivisionprint_functionN)Enum)utils) BIT_STRING DERReaderOBJECT_IDENTIFIERSEQUENCE) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)SignedCertificateTimestamp) GeneralName IPAddress OtherName)RelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifiercCst|tr |jtjjtjj}nt|tr@|jtjj tjj }n|jtjjtjj }t |}|j t}|jt}|jt}WdQRX| |jt|js|jWdQRX|jdkrtd|j}tj|jS)NrzInvalid public key encoding) isinstancerZ public_bytesr EncodingZDERZ PublicFormatZPKCS1r ZX962ZUncompressedPointZSubjectPublicKeyInforZread_single_elementr Z read_elementrr Zis_emptyZread_any_elementZ read_byte ValueErrordatahashlibsha1digest) public_keyrZ serializedreaderZpublic_key_info algorithmr"@/tmp/pip-unpacked-wheel-vvkwn1hz/cryptography/x509/extensions.py_key_identifier_from_public_key!s.         r$cs.fdd}fdd}fdd}|||fS)Ncstt|S)N)lengetattr)self) field_namer"r# len_methodJsz*_make_sequence_methods..len_methodcstt|S)N)iterr&)r')r(r"r# iter_methodMsz+_make_sequence_methods..iter_methodcst||S)N)r&)r'idx)r(r"r#getitem_methodPsz._make_sequence_methods..getitem_methodr")r(r)r+r-r")r(r#_make_sequence_methodsIs   r.cseZdZfddZZS)DuplicateExtensioncstt|j|||_dS)N)superr/__init__oid)r'msgr2) __class__r"r#r1WszDuplicateExtension.__init__)__name__ __module__ __qualname__r1 __classcell__r"r")r4r#r/Vsr/cseZdZfddZZS)ExtensionNotFoundcstt|j|||_dS)N)r0r9r1r2)r'r3r2)r4r"r#r1]szExtensionNotFound.__init__)r5r6r7r1r8r"r")r4r#r9\sr9c@seZdZejddZdS) ExtensionTypecCsdS)zK Returns the oid associated with the given extension type. Nr")r'r"r"r#r2dszExtensionType.oidN)r5r6r7abcabstractpropertyr2r"r"r"r#r:bsr:c@s:eZdZddZddZddZed\ZZZ dd Z d S) ExtensionscCs ||_dS)N) _extensions)r' extensionsr"r"r#r1lszExtensions.__init__cCs0x|D]}|j|kr|SqWtdj||dS)NzNo {} extension was found)r2r9format)r'r2extr"r"r#get_extension_for_oidos  z Extensions.get_extension_for_oidcCsD|tkrtdx|D]}t|j|r|SqWtdj||jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.zNo {} extension was found)UnrecognizedExtension TypeErrorrvaluer9r@r2)r'ZextclassrAr"r"r#get_extension_for_classvs  z"Extensions.get_extension_for_classr>cCs dj|jS)Nz)r@r>)r'r"r"r#__repr__szExtensions.__repr__N) r5r6r7r1rBrFr.__len____iter__ __getitem__rGr"r"r"r#r=ks r=c@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) CRLNumbercCst|tjstd||_dS)Nzcrl_number must be an integer)rsix integer_typesrD _crl_number)r' crl_numberr"r"r#r1s zCRLNumber.__init__cCst|tstS|j|jkS)N)rrKNotImplementedrO)r'otherr"r"r#__eq__s zCRLNumber.__eq__cCs ||k S)Nr")r'rQr"r"r#__ne__szCRLNumber.__ne__cCs t|jS)N)hashrO)r'r"r"r#__hash__szCRLNumber.__hash__cCs dj|jS)Nz)r@rO)r'r"r"r#rGszCRLNumber.__repr__rNN)r5r6r7rZ CRL_NUMBERr2r1rRrSrUrGrread_only_propertyrOr"r"r"r#rKsrKc@speZdZejZddZeddZeddZ ddZ d d Z d d Z d dZ ejdZejdZejdZdS)AuthorityKeyIdentifiercCsv|dk|dkkrtd|dk rBt|}tdd|DsBtd|dk r`t|tj r`td||_||_||_ dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecss|]}t|tVqdS)N)rr).0xr"r"r# sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) rlistallrDrrLrM_key_identifier_authority_cert_issuer_authority_cert_serial_number)r'key_identifierauthority_cert_issuerauthority_cert_serial_numberr"r"r#r1s"   zAuthorityKeyIdentifier.__init__cCst|}||dddS)N)r`rarb)r$)clsrrr"r"r#from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keycCs:t|tr|j}n|jj}tjdtjdd||dddS)NzExtension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly.) stacklevel)r`rarb)rSubjectKeyIdentifierrrEwarningswarnrZDeprecatedIn27)rcZskirr"r"r#"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercCs dj|S)Nz)r@)r'r"r"r#rGszAuthorityKeyIdentifier.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrWrPr`rarb)r'rQr"r"r#rRs    zAuthorityKeyIdentifier.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszAuthorityKeyIdentifier.__ne__cCs,|jdkrd}n t|j}t|j||jfS)N)ratuplerTr`rb)r'Zacir"r"r#rUs   zAuthorityKeyIdentifier.__hash__r]r^r_N)r5r6r7rZAUTHORITY_KEY_IDENTIFIERr2r1 classmethodrdrjrGrRrSrUrrVr`rarbr"r"r"r#rWs    rWc@sPeZdZejZddZeddZe j dZ ddZ dd Z d d Zd d ZdS)rgcCs ||_dS)N)_digest)r'rr"r"r#r1szSubjectKeyIdentifier.__init__cCs |t|S)N)r$)rcrr"r"r#from_public_keysz$SubjectKeyIdentifier.from_public_keyrmcCs dj|jS)Nz$)r@r)r'r"r"r#rGszSubjectKeyIdentifier.__repr__cCst|tstStj|j|jS)N)rrgrPr Zbytes_eqr)r'rQr"r"r#rR!s zSubjectKeyIdentifier.__eq__cCs ||k S)Nr")r'rQr"r"r#rS'szSubjectKeyIdentifier.__ne__cCs t|jS)N)rTr)r'r"r"r#rU*szSubjectKeyIdentifier.__hash__N)r5r6r7rZSUBJECT_KEY_IDENTIFIERr2r1rlrnrrVrrGrRrSrUr"r"r"r#rgs  rgc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) AuthorityInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rAccessDescription)rXrYr"r"r#rZ4sz6AuthorityInformationAccess.__init__..z@Every item in the descriptions list must be an AccessDescription)r[r\rD _descriptions)r'Z descriptionsr"r"r#r12s z#AuthorityInformationAccess.__init__rqcCs dj|jS)Nz )r@rq)r'r"r"r#rG>sz#AuthorityInformationAccess.__repr__cCst|tstS|j|jkS)N)rrorPrq)r'rQr"r"r#rRAs z!AuthorityInformationAccess.__eq__cCs ||k S)Nr")r'rQr"r"r#rSGsz!AuthorityInformationAccess.__ne__cCstt|jS)N)rTrkrq)r'r"r"r#rUJsz#AuthorityInformationAccess.__hash__N)r5r6r7rZAUTHORITY_INFORMATION_ACCESSr2r1r.rHrIrJrGrRrSrUr"r"r"r#ro.s roc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rpcCs4t|tstdt|ts$td||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)rrrDr_access_method_access_location)r' access_methodaccess_locationr"r"r#r1Os   zAccessDescription.__init__cCs dj|S)NzY)r@)r'r"r"r#rGYszAccessDescription.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrprPrtru)r'rQr"r"r#rR_s  zAccessDescription.__eq__cCs ||k S)Nr")r'rQr"r"r#rShszAccessDescription.__ne__cCst|j|jfS)N)rTrtru)r'r"r"r#rUkszAccessDescription.__hash__rrrsN) r5r6r7r1rGrRrSrUrrVrtrur"r"r"r#rpNs   rpc@sNeZdZejZddZejdZ ejdZ ddZ ddZ d d Z d d Zd S)BasicConstraintscCs^t|tstd|dk r(| r(td|dk rNt|tj sF|dkrNtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)rboolrDrrLrM_ca _path_length)r'ca path_lengthr"r"r#r1vs zBasicConstraints.__init__rxrycCs dj|S)Nz:)r@)r'r"r"r#rGszBasicConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrvrPrzr{)r'rQr"r"r#rRs zBasicConstraints.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszBasicConstraints.__ne__cCst|j|jfS)N)rTrzr{)r'r"r"r#rUszBasicConstraints.__hash__N)r5r6r7rZBASIC_CONSTRAINTSr2r1rrVrzr{rGrRrSrUr"r"r"r#rvrs  rvc@sDeZdZejZddZejdZ ddZ ddZ dd Z d d Z d S) DeltaCRLIndicatorcCst|tjstd||_dS)Nzcrl_number must be an integer)rrLrMrDrN)r'rOr"r"r#r1s zDeltaCRLIndicator.__init__rNcCst|tstS|j|jkS)N)rr|rPrO)r'rQr"r"r#rRs zDeltaCRLIndicator.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszDeltaCRLIndicator.__ne__cCs t|jS)N)rTrO)r'r"r"r#rUszDeltaCRLIndicator.__hash__cCs dj|S)Nz.)r@)r'r"r"r#rGszDeltaCRLIndicator.__repr__N)r5r6r7rZDELTA_CRL_INDICATORr2r1rrVrOrRrSrUrGr"r"r"r#r|s r|c@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CRLDistributionPointscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rDistributionPoint)rXrYr"r"r#rZsz1CRLDistributionPoints.__init__..z?distribution_points must be a list of DistributionPoint objects)r[r\rD_distribution_points)r'distribution_pointsr"r"r#r1s zCRLDistributionPoints.__init__rcCs dj|jS)Nz)r@r)r'r"r"r#rGszCRLDistributionPoints.__repr__cCst|tstS|j|jkS)N)rr}rPr)r'rQr"r"r#rRs zCRLDistributionPoints.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszCRLDistributionPoints.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rUszCRLDistributionPoints.__hash__N)r5r6r7rZCRL_DISTRIBUTION_POINTSr2r1r.rHrIrJrGrRrSrUr"r"r"r#r}s  r}c@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) FreshestCRLcCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr~)rXrYr"r"r#rZsz'FreshestCRL.__init__..z?distribution_points must be a list of DistributionPoint objects)r[r\rDr)r'rr"r"r#r1s zFreshestCRL.__init__rcCs dj|jS)Nz)r@r)r'r"r"r#rGszFreshestCRL.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zFreshestCRL.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszFreshestCRL.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rUszFreshestCRL.__hash__N)r5r6r7rZ FRESHEST_CRLr2r1r.rHrIrJrGrRrSrUr"r"r"r#rs  rc@s\eZdZddZddZddZddZd d Zej d Z ej d Z ej d Z ej dZ dS)r~cCs|r|rtd|r6t|}tdd|Ds6td|rLt|tsLtd|rrt|}tdd|Dsrtd|rt|t stdd|D rtd |rtj|kstj |krtd |r| r|p| rtd ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.css|]}t|tVqdS)N)rr)rXrYr"r"r#rZ sz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdS)N)rr)rXrYr"r"r#rZsz2crl_issuer must be None or a list of general namescss|]}t|tVqdS)N)r ReasonFlags)rXrYr"r"r#rZsz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rr[r\rDrr frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r' full_name relative_namereasons crl_issuerr"r"r#r1s@   zDistributionPoint.__init__cCs dj|S)Nz})r@)r'r"r"r#rG5szDistributionPoint.__repr__cCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkS)N)rr~rPrrrr)r'rQr"r"r#rR<s     zDistributionPoint.__eq__cCs ||k S)Nr")r'rQr"r"r#rSGszDistributionPoint.__ne__cCsH|jdk rt|j}nd}|jdk r0t|j}nd}t||j|j|fS)N)rrkrrTrr)r'fnrr"r"r#rUJs    zDistributionPoint.__hash__rrrrN)r5r6r7r1rGrRrSrUrrVrrrrr"r"r"r#r~s4    r~c@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) r5r6r7rZkey_compromiseZ ca_compromiseZaffiliation_changedrZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr"r"r"r#r]src@sNeZdZejZddZddZddZddZ d d Z e j d Z e j d Zd S)PolicyConstraintscCsd|dk rt|tj rtd|dk rrequire_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)rrLrMrDr_require_explicit_policy_inhibit_policy_mapping)r'require_explicit_policyinhibit_policy_mappingr"r"r#r1ns    zPolicyConstraints.__init__cCs dj|S)Nz{)r@)r'r"r"r#rGszPolicyConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrPrr)r'rQr"r"r#rRs  zPolicyConstraints.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszPolicyConstraints.__ne__cCst|j|jfS)N)rTrr)r'r"r"r#rUszPolicyConstraints.__hash__rrN)r5r6r7rZPOLICY_CONSTRAINTSr2r1rGrRrSrUrrVrrr"r"r"r#rjs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CertificatePoliciescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rPolicyInformation)rXrYr"r"r#rZsz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)r[r\rD _policies)r'Zpoliciesr"r"r#r1s zCertificatePolicies.__init__rcCs dj|jS)Nz)r@r)r'r"r"r#rGszCertificatePolicies.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zCertificatePolicies.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszCertificatePolicies.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rUszCertificatePolicies.__hash__N)r5r6r7rZCERTIFICATE_POLICIESr2r1r.rHrIrJrGrRrSrUr"r"r"r#rs rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCsHt|tstd||_|r>t|}tdd|Ds>td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|]}t|tjtfVqdS)N)rrL text_type UserNotice)rXrYr"r"r#rZsz-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)rrrD_policy_identifierr[r\_policy_qualifiers)r'policy_identifierpolicy_qualifiersr"r"r#r1s  zPolicyInformation.__init__cCs dj|S)Nze)r@)r'r"r"r#rGszPolicyInformation.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrPrr)r'rQr"r"r#rRs  zPolicyInformation.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszPolicyInformation.__ne__cCs(|jdk rt|j}nd}t|j|fS)N)rrkrTr)r'Zpqr"r"r#rUs  zPolicyInformation.__hash__rrN) r5r6r7r1rGrRrSrUrrVrrr"r"r"r#rs  rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCs(|rt|t rtd||_||_dS)Nz2notice_reference must be None or a NoticeReference)rNoticeReferencerD_notice_reference_explicit_text)r'notice_reference explicit_textr"r"r#r1s  zUserNotice.__init__cCs dj|S)NzV)r@)r'r"r"r#rGszUserNotice.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrPrr)r'rQr"r"r#rR s  zUserNotice.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszUserNotice.__ne__cCst|j|jfS)N)rTrr)r'r"r"r#rUszUserNotice.__hash__rrN) r5r6r7r1rGrRrSrUrrVrrr"r"r"r#rs   rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdS)N)rint)rXrYr"r"r#rZ"sz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationr[r\rD_notice_numbers)r' organizationnotice_numbersr"r"r#r1s zNoticeReference.__init__cCs dj|S)NzU)r@)r'r"r"r#rG)szNoticeReference.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrPrr)r'rQr"r"r#rR/s  zNoticeReference.__eq__cCs ||k S)Nr")r'rQr"r"r#rS8szNoticeReference.__ne__cCst|jt|jfS)N)rTrrkr)r'r"r"r#rU;szNoticeReference.__hash__rrN) r5r6r7r1rGrRrSrUrrVrrr"r"r"r#rs   rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) ExtendedKeyUsagecCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rXrYr"r"r#rZHsz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)r[r\rD_usages)r'Zusagesr"r"r#r1Fs zExtendedKeyUsage.__init__rcCs dj|jS)Nz)r@r)r'r"r"r#rGQszExtendedKeyUsage.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRTs zExtendedKeyUsage.__eq__cCs ||k S)Nr")r'rQr"r"r#rSZszExtendedKeyUsage.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rU]szExtendedKeyUsage.__hash__N)r5r6r7rZEXTENDED_KEY_USAGEr2r1r.rHrIrJrGrRrSrUr"r"r"r#rBs rc@s2eZdZejZddZddZddZddZ d S) OCSPNoCheckcCst|tstSdS)NT)rrrP)r'rQr"r"r#rRes zOCSPNoCheck.__eq__cCs ||k S)Nr")r'rQr"r"r#rSkszOCSPNoCheck.__ne__cCsttS)N)rTr)r'r"r"r#rUnszOCSPNoCheck.__hash__cCsdS)Nzr")r'r"r"r#rGqszOCSPNoCheck.__repr__N) r5r6r7rZ OCSP_NO_CHECKr2rRrSrUrGr"r"r"r#ras rc@s2eZdZejZddZddZddZddZ d S) PrecertPoisoncCst|tstSdS)NT)rrrP)r'rQr"r"r#rRys zPrecertPoison.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszPrecertPoison.__ne__cCsttS)N)rTr)r'r"r"r#rUszPrecertPoison.__hash__cCsdS)Nzr")r'r"r"r#rGszPrecertPoison.__repr__N) r5r6r7rZPRECERT_POISONr2rRrSrUrGr"r"r"r#rus rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) TLSFeaturecCs:t|}tdd|D s(t|dkr0td||_dS)Ncss|]}t|tVqdS)N)rTLSFeatureType)rXrYr"r"r#rZsz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)r[r\r%rD _features)r'featuresr"r"r#r1s  zTLSFeature.__init__rcCs dj|S)Nz$)r@)r'r"r"r#rGszTLSFeature.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zTLSFeature.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszTLSFeature.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rUszTLSFeature.__hash__N)r5r6r7rZ TLS_FEATUREr2r1r.rHrIrJrGrRrSrUr"r"r"r#rs rc@seZdZdZdZdS)rN)r5r6r7Zstatus_requestZstatus_request_v2r"r"r"r#rsrcCsi|] }||jqSr")rE)rXrYr"r"r# src@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) InhibitAnyPolicycCs.t|tjstd|dkr$td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)rrLrMrDr _skip_certs)r' skip_certsr"r"r#r1s  zInhibitAnyPolicy.__init__cCs dj|S)Nz-)r@)r'r"r"r#rGszInhibitAnyPolicy.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zInhibitAnyPolicy.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszInhibitAnyPolicy.__ne__cCs t|jS)N)rTr)r'r"r"r#rUszInhibitAnyPolicy.__hash__rN)r5r6r7rZINHIBIT_ANY_POLICYr2r1rGrRrSrUrrVrr"r"r"r#rs rc@seZdZejZddZejdZ ejdZ ejdZ ejdZ ejdZ ejdZejd Zed d Zed d ZddZddZddZddZdS)KeyUsagec CsP| r|s| rtd||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r'digital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyr"r"r#r1szKeyUsage.__init__rrrrrrrcCs|jstdn|jSdS)Nz7encipher_only is undefined unless key_agreement is true)rrr)r'r"r"r#rszKeyUsage.encipher_onlycCs|jstdn|jSdS)Nz7decipher_only is undefined unless key_agreement is true)rrr)r'r"r"r#rszKeyUsage.decipher_onlyc Cs<y|j}|j}Wntk r,d}d}YnXdj|||S)Na-)rrrr@)r'rrr"r"r#rG s  zKeyUsage.__repr__cCszt|tstS|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j |j kox|j |j kox|j |j kS)N) rrrPrrrrrrrrr)r'rQr"r"r#rRs         zKeyUsage.__eq__cCs ||k S)Nr")r'rQr"r"r#rS+szKeyUsage.__ne__c Cs,t|j|j|j|j|j|j|j|j|j f S)N) rTrrrrrrrrr)r'r"r"r#rU.s zKeyUsage.__hash__N)r5r6r7rZ KEY_USAGEr2r1rrVrrrrrrrpropertyrrrGrRrSrUr"r"r"r#rs        rc@sVeZdZejZddZddZddZddZ d d Z d d Z e j d Ze j dZdS)NameConstraintscCs|dk r4t|}tdd|Ds*td|j||dk rht|}tdd|Ds^td|j||dkr|dkrtd||_||_dS)Ncss|]}t|tVqdS)N)rr)rXrYr"r"r#rZ@sz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonecss|]}t|tVqdS)N)rr)rXrYr"r"r#rZLsz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)r[r\rD_validate_ip_namer_permitted_subtrees_excluded_subtrees)r'permitted_subtreesexcluded_subtreesr"r"r#r1<s&  zNameConstraints.__init__cCs&t|tstS|j|jko$|j|jkS)N)rrrPrr)r'rQr"r"r#rR^s  zNameConstraints.__eq__cCs ||k S)Nr")r'rQr"r"r#rSgszNameConstraints.__ne__cCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdS)N)rrrE ipaddress IPv4Network IPv6Network)rXnamer"r"r#rZksz4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrD)r'treer"r"r#rjs z!NameConstraints._validate_ip_namecCs dj|S)Nze)r@)r'r"r"r#rGsszNameConstraints.__repr__cCs@|jdk rt|j}nd}|jdk r0t|j}nd}t||fS)N)rrkrrT)r'Zpsesr"r"r#rUys    zNameConstraints.__hash__rrN)r5r6r7rZNAME_CONSTRAINTSr2r1rRrSrrGrUrrVrrr"r"r"r#r8s"   rc@sReZdZddZejdZejdZejdZddZ dd Z d d Z d d Z dS) ExtensioncCs:t|tstdt|ts$td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)rrrDrw_oid _critical_value)r'r2criticalrEr"r"r#r1s  zExtension.__init__rrrcCs dj|S)Nz@)r@)r'r"r"r#rGszExtension.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrrPr2rrE)r'rQr"r"r#rRs    zExtension.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszExtension.__ne__cCst|j|j|jfS)N)rTr2rrE)r'r"r"r#rUszExtension.__hash__N) r5r6r7r1rrVr2rrErGrRrSrUr"r"r"r#rs    rc@sJeZdZddZed\ZZZddZddZ dd Z d d Z d d Z dS) GeneralNamescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rXrYr"r"r#rZsz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)r[r\rD_general_names)r' general_namesr"r"r#r1s zGeneralNames.__init__rcs0fdd|D}tkr(dd|D}t|S)Nc3s|]}t|r|VqdS)N)r)rXi)typer"r#rZsz3GeneralNames.get_values_for_type..css|] }|jVqdS)N)rE)rXrr"r"r#rZs)rr[)r'robjsr")rr#get_values_for_typesz GeneralNames.get_values_for_typecCs dj|jS)Nz)r@r)r'r"r"r#rGszGeneralNames.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zGeneralNames.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszGeneralNames.__ne__cCstt|jS)N)rTrkr)r'r"r"r#rUszGeneralNames.__hash__N) r5r6r7r1r.rHrIrJrrGrRrSrUr"r"r"r#rs  rc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)SubjectAlternativeNamecCst||_dS)N)rr)r'rr"r"r#r1szSubjectAlternativeName.__init__rcCs |jj|S)N)rr)r'rr"r"r#rsz*SubjectAlternativeName.get_values_for_typecCs dj|jS)Nz)r@r)r'r"r"r#rGszSubjectAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zSubjectAlternativeName.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszSubjectAlternativeName.__ne__cCs t|jS)N)rTr)r'r"r"r#rUszSubjectAlternativeName.__hash__N)r5r6r7rZSUBJECT_ALTERNATIVE_NAMEr2r1r.rHrIrJrrGrRrSrUr"r"r"r#rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)IssuerAlternativeNamecCst||_dS)N)rr)r'rr"r"r#r1szIssuerAlternativeName.__init__rcCs |jj|S)N)rr)r'rr"r"r#rsz)IssuerAlternativeName.get_values_for_typecCs dj|jS)Nz)r@r)r'r"r"r#rGszIssuerAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zIssuerAlternativeName.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszIssuerAlternativeName.__ne__cCs t|jS)N)rTr)r'r"r"r#rU szIssuerAlternativeName.__hash__N)r5r6r7rZISSUER_ALTERNATIVE_NAMEr2r1r.rHrIrJrrGrRrSrUr"r"r"r#rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)CertificateIssuercCst||_dS)N)rr)r'rr"r"r#r1szCertificateIssuer.__init__rcCs |jj|S)N)rr)r'rr"r"r#rsz%CertificateIssuer.get_values_for_typecCs dj|jS)Nz)r@r)r'r"r"r#rGszCertificateIssuer.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zCertificateIssuer.__eq__cCs ||k S)Nr")r'rQr"r"r#rS#szCertificateIssuer.__ne__cCs t|jS)N)rTr)r'r"r"r#rU&szCertificateIssuer.__hash__N)r5r6r7rZCERTIFICATE_ISSUERr2r1r.rHrIrJrrGrRrSrUr"r"r"r#rsrc@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) CRLReasoncCst|tstd||_dS)Nz*reason must be an element from ReasonFlags)rrrD_reason)r'reasonr"r"r#r1.s zCRLReason.__init__cCs dj|jS)Nz)r@r)r'r"r"r#rG4szCRLReason.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rR7s zCRLReason.__eq__cCs ||k S)Nr")r'rQr"r"r#rS=szCRLReason.__ne__cCs t|jS)N)rTr)r'r"r"r#rU@szCRLReason.__hash__rN)r5r6r7rZ CRL_REASONr2r1rGrRrSrUrrVrr"r"r"r#r*src@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) InvalidityDatecCst|tjstd||_dS)Nz+invalidity_date must be a datetime.datetime)rdatetimerD_invalidity_date)r'invalidity_dater"r"r#r1Js zInvalidityDate.__init__cCs dj|jS)Nz$)r@r)r'r"r"r#rGPszInvalidityDate.__repr__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRUs zInvalidityDate.__eq__cCs ||k S)Nr")r'rQr"r"r#rS[szInvalidityDate.__ne__cCs t|jS)N)rTr)r'r"r"r#rU^szInvalidityDate.__hash__rN)r5r6r7rZINVALIDITY_DATEr2r1rGrRrSrUrrVrr"r"r"r#rFsrc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) )PrecertificateSignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rXZsctr"r"r#rZkszEPrecertificateSignedCertificateTimestamps.__init__..zYEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamp)r[r\rD_signed_certificate_timestamps)r'Zsigned_certificate_timestampsr"r"r#r1hs z2PrecertificateSignedCertificateTimestamps.__init__rcCsdjt|S)Nz/)r@r[)r'r"r"r#rGxsz2PrecertificateSignedCertificateTimestamps.__repr__cCstt|jS)N)rTrkr)r'r"r"r#rUsz2PrecertificateSignedCertificateTimestamps.__hash__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs z0PrecertificateSignedCertificateTimestamps.__eq__cCs ||k S)Nr")r'rQr"r"r#rSsz0PrecertificateSignedCertificateTimestamps.__ne__N)r5r6r7rZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr2r1r.rHrIrJrGrUrRrSr"r"r"r#rds   rc@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) OCSPNoncecCst|tstd||_dS)Nznonce must be bytes)rbytesrD_nonce)r'noncer"r"r#r1s zOCSPNonce.__init__cCst|tstS|j|jkS)N)rrrPr)r'rQr"r"r#rRs zOCSPNonce.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszOCSPNonce.__ne__cCs t|jS)N)rTr)r'r"r"r#rUszOCSPNonce.__hash__cCs dj|S)Nz)r@)r'r"r"r#rGszOCSPNonce.__repr__rN)r5r6r7rZNONCEr2r1rRrSrUrGrrVrr"r"r"r#rsrc@seZdZejZddZddZddZddZ d d Z e j d Z e j d Ze j d Ze j dZe j dZe j dZe j dZdS)IssuingDistributionPointc Cs|r,t|t s$tdd|D r,td|rLtj|ksDtj|krLtdt|tort|tort|tort|ts|td||||g}t dd|Ddkrtd t |||||||gstd ||_ ||_ ||_ ||_||_||_||_dS) Ncss|]}t|tVqdS)N)rr)rXrYr"r"r#rZsz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSr"r")rXrYr"r"r# sz5IssuingDistributionPoint.__init__..zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rrr\rDrrrrrwr%r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r'rronly_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsZcrl_constraintsr"r"r#r1sD       z!IssuingDistributionPoint.__init__cCs dj|S)NaG)r@)r'r"r"r#rGsz!IssuingDistributionPoint.__repr__cCsbt|tstS|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j |j kS)N) rrrPrrrrrrr)r'rQr"r"r#rRs       zIssuingDistributionPoint.__eq__cCs ||k S)Nr")r'rQr"r"r#rSszIssuingDistributionPoint.__ne__cCs$t|j|j|j|j|j|j|jfS)N)rTrrrrrrr)r'r"r"r#rUsz!IssuingDistributionPoint.__hash__rrrrrrrN)r5r6r7rZISSUING_DISTRIBUTION_POINTr2r1rGrRrSrUrrVrrrrrrrr"r"r"r#rs F     rc@sHeZdZddZejdZejdZddZddZ d d Z d d Z d S)rCcCs"t|tstd||_||_dS)Nzoid must be an ObjectIdentifier)rrrDrr)r'r2rEr"r"r#r1/s zUnrecognizedExtension.__init__rrcCs dj|S)Nz7)r@)r'r"r"r#rG8szUnrecognizedExtension.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrCrPr2rE)r'rQr"r"r#rR?s zUnrecognizedExtension.__eq__cCs ||k S)Nr")r'rQr"r"r#rSEszUnrecognizedExtension.__ne__cCst|j|jfS)N)rTr2rE)r'r"r"r#rUHszUnrecognizedExtension.__hash__N) r5r6r7r1rrVr2rErGrRrSrUr"r"r"r#rC-s  rC)V __future__rrrr;rrrrhenumrrLZ cryptographyrZcryptography.hazmat._derrrr r Zcryptography.hazmat.primitivesr r Z,cryptography.hazmat.primitives.asymmetric.ecr Z-cryptography.hazmat.primitives.asymmetric.rsarZ*cryptography.x509.certificate_transparencyrZcryptography.x509.general_namerrrZcryptography.x509.namerZcryptography.x509.oidrrrrr$r. Exceptionr/r9 add_metaclassABCMetaobjectr:r=Zregister_interfacerKrWrgrorprvr|r}rr~rrrrrrrrrrrZ_TLS_FEATURE_TYPE_TO_ENUMrrrrrrrrrrrrrrCr"r"r"r#s      ( #f$)##] <2%$" ^Q'%*