hPJdZddlmZmZmZmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZdd lmZm Z m!Z!m"Z"Gd d eZ#Gd d eZ$GddeZ%GddeZ&GddeZ'GddeZ(GddeZ)GddeZ*GddeZ+GddeZ,GddeZ-Gd d!eZ.Gd"d#eZ/Gd$d%eZ0Gd&d'eZ1Gd(d)eZ2Gd*d+eZ3Gd,d-eZ4Gd.d/eZ5Gd0d1eZ6Gd2d3e Z7Gd4d5eZ8Gd6d7eZ9Gd8d9eZ:Gd:d;e Z;Gd<d=eZ<Gd>d?eZ=Gd@dAeZ>GdBdCeZ?GdDdEeZ@GdFdGeZAGdHdIeZBGdJdKeZCGdLdMeZDGdNdOeZEGdPdQeZFGdRdSeZGGdTdUeZHdVS)Wz ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)unwrap)DigestAlgorithmSignedDigestAlgorithm) BooleanChoice EnumeratedGeneralizedTime IA5StringIntegerNullObjectIdentifierOctetBitString OctetStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntax CRLReason)PublicKeyAlgorithm) Certificate GeneralName GeneralNamesNameceZdZddiZdS)Versionrv1N__name__ __module__ __qualname___mapK/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/asn1crypto/ocsp.pyr r (s 4 DDDr(r c*eZdZdefdefdefdefgZdS)CertIdhash_algorithmissuer_name_hashissuer_key_hash serial_numberN)r#r$r%r rr_fieldsr'r(r)r+r+.s5 ?+ [) K( '" GGGr(r+ceZdZdefdefgZdS)ServiceLocatorissuerlocatorN)r#r$r%rrr0r'r(r)r2r27s& 4 -.GGGr(r2ceZdZddiZdS)RequestExtensionIdz1.3.6.1.5.5.7.48.1.7service_locatorNr"r'r(r)r6r6>s 1 DDDr(r6c6eZdZdefdeddifdefgZdZdeiZ dS) RequestExtensionextn_idcriticaldefaultF extn_valuer:r=r7N) r#r$r%r6r rr0 _oid_pairr2 _oid_specsr'r(r)r9r9DsI &' Wy%01 *+G *I>JJJr(r9ceZdZeZdS)RequestExtensionsN)r#r$r%r9 _child_specr'r(r)rBrBQs"KKKr(rBcdeZdZdefdedddfgZdZdZdZdZ e d Z e d Z dS) Requestreq_certsingle_request_extensionsrTexplicitoptionalFNct|_|dD]g}|dj}d|z}t||rt |||dj|djr|j|hd|_dS)v Sets common named extensions to private attributes and creates a list of critical extensions rGr: _%s_valuer=r;TNset_critical_extensionsnativehasattrsetattrparsedadd_processed_extensionsself extensionnameattribute_names r)_set_extensionszRequest._set_extensions_s %(EE!9: 4 4IY'.D(4/Nt^,, Nni .E.LMMM$+ 4)--d333%)"""r(cF|js||jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rVr\rPrXs r)critical_extensionszRequest.critical_extensionsq*) #  " " "((r(cJ|jdur||jS)z This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object F)rVr\_service_locator_valuer`s r)service_locator_valuezRequest.service_locator_value-  % . .  " " "**r() r#r$r%r+rBr0rVrPrdr\propertyrarer'r(r)rErEUs V $&7aUY9Z9Z[G "!***$ ) )X ) + +X + + +r(rEceZdZeZdS)RequestsN)r#r$r%rErCr'r(r)ririsKKKr(riceZdZddiZdS) ResponseTypez1.3.6.1.5.5.7.48.1.1basic_ocsp_responseNr"r'r(r)rkrks 5 DDDr(rkceZdZeZdS)AcceptableResponsesN)r#r$r%rkrCr'r(r)rnrnsKKKr(rnc$eZdZdefdeddifgZdS)PreferredSignatureAlgorithmsig_identifiercert_identifierrJTN)r#r$r%r rr0r'r(r)rprps. 01 .T0BCGGGr(rpceZdZeZdS)PreferredSignatureAlgorithmsN)r#r$r%rprCr'r(r)rtrts-KKKr(rtceZdZddddZdS)TBSRequestExtensionIdnonceacceptable_responsespreferred_signature_algorithms)1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8Nr"r'r(r)rvrvs# ' 6 @  DDDr(rvc:eZdZdefdeddifdefgZdZee e dZ dS) TBSRequestExtensionr:r;r<Fr=r>)rwrxryN) r#r$r%rvr rr0r?rrnrtr@r'r(r)r|r|sR )* Wy%01 *+G *I 3*FJJJr(r|ceZdZeZdS)TBSRequestExtensionsN)r#r$r%r|rCr'r(r)r~r~s%KKKr(r~cBeZdZdedddfdedddfd efd ed ddfgZd S) TBSRequestversionrr!rIr<requestor_namerTrH request_listrequest_extensionsN)r#r$r%r rrir~r0r'r(r)rrsU G!==> ;QD(I(IJ " 3!QU5V5VW GGGr(rceZdZeZdS) CertificatesN)r#r$r%rrCr'r(r)rrsKKKr(rc,eZdZdefdefdedddfgZdS) Signaturesignature_algorithm signaturecertsrTrHN)r#r$r%r rrr0r'r(r)rrs8  56 n% ,QD A ABGGGr(rceZdZdefdedddfgZdZdZdZdZ dZ dZ e d Z e d Ze d Ze d ZdS) OCSPRequest tbs_requestoptional_signaturerTrHFNc&t|_|ddD]g}|dj}d|z}t||rt |||dj|djr|j|hd|_dS) rLrrr:rMr=r;TNrNrWs r)r\zOCSPRequest._set_extensionss %(EE!m,-AB 4 4IY'.D(4/Nt^,, Nni .E.LMMM$+ 4)--d333%)"""r(cF|js||jSr^r_r`s r)razOCSPRequest.critical_extensionsrbr(cJ|jdur||jS)z This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object FrVr\ _nonce_valuer`s r) nonce_valuezOCSPRequest.nonce_value-  % . .  " " "  r(cJ|jdur||jS)a( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object F)rVr\_acceptable_responses_valuer`s r)acceptable_responses_valuez&OCSPRequest.acceptable_responses_values-  % . .  " " "//r(cJ|jdur||jS)aj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object F)rVr\%_preferred_signature_algorithms_valuer`s r)$preferred_signature_algorithms_valuez0OCSPRequest.preferred_signature_algorithms_value s-  % . .  " " "99r()r#r$r%rrr0rVrPrrrr\rgrarrrr'r(r)rrs  # yqd*K*KLG "L"&,0)***$ ) )X ) ! !X ! 0 0X 0 : :X : : :r(rc eZdZdddddddZdS) OCSPResponseStatus successfulmalformed_requestinternal_error try_later sign_required unauthorized)rrrNr"r'r(r)rr1s,         DDDr(rc*eZdZdeddifdeddifgZdS) ResponderIdby_namerIrby_keyrN)r#r$r%rr _alternativesr'r(r)rr<s1 D:q/* ;Q0MMMr(rc*eZdZdZedZdS) StatusGoodc|E|dkr?t|ts*ttdt |d|_dS)z` Sets the value of the object :param value: None or 'good' NgoodzK value must be one of None, "good", not %s r( isinstancer ValueErrorrreprcontentsrXvalues r)rOzStatusGood.setEs[  &E49P9PVU   r(cdS)Nrr'r`s r)rQzStatusGood.nativeWsvr(Nr#r$r%rOrgrQr'r(r)rrDs>$Xr(rc*eZdZdZedZdS) StatusUnknownc|E|dkr?t|ts*ttdt |d|_dS)zc Sets the value of the object :param value: None or 'unknown' NunknownzN value must be one of None, "unknown", not %s r(rrs r)rOzStatusUnknown.set^s^  )!3!3Jud$Xr(rc&eZdZdefdedddfgZdS) RevokedInforevocation_timerevocation_reasonrTrHN)r#r$r%rrr0r'r(r)rrus/ O, iaT)J)JKGGGr(rc6eZdZdeddifdeddifdeddifgZdS) CertStatusrimplicitrrevokedrrrN)r#r$r%rrrrr'r(r)rr|s? j!_- K*a1 MJ?3MMMr(rc<eZdZdedddfdedddfdedddfgZd S) CrlIdcrl_urlrTrHcrl_numrcrl_timerN)r#r$r%rrrr0r'r(r)rrsK IA4@@A G!>>? _1$&G&GHGGGr(rc eZdZdddddddZdS) SingleResponseExtensionIdcrlarchive_cutoff crl_reasoninvalidity_datecertificate_issuer!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z 2.5.29.21z 2.5.29.24z 2.5.29.29z1.3.6.1.4.1.11129.2.4.5Nr"r'r(r)rrs. % 0"&)#F  DDDr(rc@eZdZdefdeddifdefgZdZee e e e e dZ dS) SingleResponseExtensionr:r;r<Fr=r>)rrrrrrN)r#r$r%rr rr0r?rrrrrr@r'r(r)rrs[ -. Wy%01 *+G *I)**-8 JJJr(rceZdZeZdS)SingleResponseExtensionsN)r#r$r%rrCr'r(r)rrs)KKKr(rc eZdZdefdefdefdedddfded ddfgZd Zd Z d Z d Z d Z d Z d Zd Zed ZedZedZedZedZedZd S)SingleResponsecert_id cert_status this_update next_updaterTrHsingle_extensionsrFNct|_|dD]g}|dj}d|z}t||rt |||dj|djr|j|hd|_dS)rLrr:rMr=r;TNrNrWs r)r\zSingleResponse._set_extensionss %(EE!12 4 4IY'.D(4/Nt^,, Nni .E.LMMM$+ 4)--d333%)"""r(cF|js||jSr^r_r`s r)raz"SingleResponse.critical_extensionsrbr(cJ|jdur||jS)z This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object F)rVr\ _crl_valuer`s r) crl_valuezSingleResponse.crl_values,  % . .  " " "r(cJ|jdur||jS)z This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object F)rVr\_archive_cutoff_valuer`s r)archive_cutoff_valuez#SingleResponse.archive_cutoff_values-  % . .  " " "))r(cJ|jdur||jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)rVr\_crl_reason_valuer`s r)crl_reason_valuezSingleResponse.crl_reason_values-  % . .  " " "%%r(cJ|jdur||jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)rVr\_invalidity_date_valuer`s r)invalidity_date_valuez$SingleResponse.invalidity_date_value s-  % . .  " " "**r(cJ|jdur||jS)z This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object F)rVr\_certificate_issuer_valuer`s r)certificate_issuer_valuez'SingleResponse.certificate_issuer_values-  % . .  " " "--r()r#r$r%r+rrrr0rVrPrrrrrr\rgrarrrrrr'r(r)rrs5 F  # ( aT)J)JK 6QTX8Y8YZ G"J ! $***$ ) )X )  X  * *X * & &X & + +X + . .X . . .r(rceZdZeZdS) ResponsesN)r#r$r%rrCr'r(r)rr(s KKKr(rceZdZdddZdS)ResponseDataExtensionIdrwextended_revoke)rzz1.3.6.1.5.5.7.48.1.9Nr"r'r(r)rr,s ' 1  DDDr(rc8eZdZdefdeddifdefgZdZee dZ dS) ResponseDataExtensionr:r;r<Fr=r>)rwrN) r#r$r%rr rr0r?rrr@r'r(r)rr3sO +, Wy%01 *+G *IJJJr(rceZdZeZdS)ResponseDataExtensionsN)r#r$r%rrCr'r(r)rrAs'KKKr(rc @eZdZdedddfdefdefdefded d d fgZd S) ResponseDatarrr!r responder_id produced_at responsesresponse_extensionsrTrHN) r#r$r%r rrrrr0r'r(r)rrEsS G!==> % ( i  6QTX8Y8YZ GGGr(rc2eZdZdefdefdefdedddfgZdS) BasicOCSPResponsetbs_response_datarrrrTrHN)r#r$r%rr rrr0r'r(r)rrOs@ l+  56 n% ,QD A AB GGGr(rc*eZdZdefdefgZdZdeiZdS) ResponseBytes response_typeresponse)rrrlN) r#r$r%rkrr0r?rr@r'r(r)rrXs: ,' ()G .I0JJJr(rceZdZdefdedddfgZdZdZdZdZ dZ e d Z e d Z e d Ze d Ze d ZdS) OCSPResponseresponse_statusresponse_bytesrTrHFNcHt|_|ddjddD]g}|dj}d|z}t ||rt |||dj|djr|j|hd |_d S) rLr rrrr:rMr=r;TN)rOrPrTrQrRrSrUrVrWs r)r\zOCSPResponse._set_extensionsos %(EE!./ ;BCVWXmn 4 4IY'.D(4/Nt^,, Nni .E.LMMM$+ 4)--d333%)"""r(cF|js||jSr^r_r`s r)raz OCSPResponse.critical_extensionsrbr(cJ|jdur||jS)z This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object Frr`s r)rzOCSPResponse.nonce_valuerr(cJ|jdur||jS)z This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) F)rVr\_extended_revoke_valuer`s r)extended_revoke_valuez"OCSPResponse.extended_revoke_valuerfr(c(|ddjS)z A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object r rrTr`s r)rlz OCSPResponse.basic_ocsp_responses$%j188r(c4|ddjdS)z A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object r rrrr`s r) response_datazOCSPResponse.response_datas$%j189LMMr()r#r$r%rrr0rVrPrrr\rgrarrrlrr'r(r)r r ds ./ =qd*K*KLG "L!***$ ) )X ) ! !X ! + +X +99X9NNXNNNr(r N)I__doc__ __future__rrrr_errorsralgosr r corer r r rrrrrrrrrrrrrkeysrx509rrrrr r+r2r6r9rBrErirkrnrprtrvr|r~rrrrrrrrrrrrrrrrrrrrrrr r'r(r)rsSRRRRRRRRRRR9999999965555555$$$$$$>>>>>>>>>>>> g XX)     x   ##### ###6+6+6+6+6+h6+6+6+rz# *(.....:...,     (   &&&&&:&&&:W:W:W:W:W:(W:W:W:t&2D0(H      0   h$*****z***u.u.u.u.u.Xu.u.u.p!!!!! !!!.     H   (((((Z(((8     H   [N[N[N[N[N8[N[N[N[N[Nr(