hRn dZddlmZmZmZmZddlmZddlm Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlmZddlmZmZdd lmZdd lmZmZmZdd lmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>ddl?m@Z@mAZAmBZBmCZCGdde*ZDGdde*ZEGdde*ZFGdde0ZGGdde3ZHGdde4ZIGdde"ZJGdde3ZKGdd e7ZLed!ZMGd"d#e%ZNGd$d%e.ZOGd&d'e3ZPGd(d)e6ZQGd*d+e4ZRGd,d-e%ZSGd.d/e3ZTGd0d1e%ZUGd2d3e%ZVGd4d5e%ZWGd6d7e5ZXGd8d9e5ZYGd:d;e4ZZGd<d=e4Z[Gd>d?e3Z\Gd@dAe3Z]GdBdCe4Z^GdDdEe3Z_GdFdGe4Z`GdHdIe%ZaGdJdKe%ZbGdLdMe5ZcGdNdOe4ZdGdPdQe5ZeGdRdSe3ZfGdTdUe6ZgGdVdWe3ZhGdXdYe%ZiGdZd[e+ZjGd\d]e+ZkGd^d_e3ZlGd`dae4ZmGdbdce3ZnGdddee3ZoGdfdge%ZpGdhdie4ZqGdjdke%ZrGdldme3ZsGdndoe3ZtGdpdqe3ZuGdrdse%ZvGdtdue"ZwGdvdwe3ZxGdxdye4ZyGdzd{e3ZzGd|d}e3Z{Gd~de4Z|Gdde%Z}Gdde4Z~Gdde3ZGdde3ZGdde.ZGdde3ZGdde4ZGdde.ZGdde3ZGdde4ZGdde3ZGdde4ZGdde3ZGdde.ZGdde4ZGdde.ZGdde3ZGdde4ZGdde4ZGdde4ZGdde3ZGdde"ZGdde+ZGdde3ZGdde6ZGdde3ZGdde3ZGdde6ZGdde'ZGdde'ZGdde'ZGdde'ZGdde'ZGd„de'ZGdĄde3ZGdƄde3ZGdȄde'ZGdʄde3ZGd̄de3ZGd΄de6ZGdЄde.ZGd҄de6ZGdԄde6ZGdքde6ZGd؄de3ZGdڄde6ZGd܄de3ZGdބde4ZGdde.ZGdde3ZGdde4ZGdde3ZGdde3ZGdde4ZGdde4ZGdde3ZGdde&ZdS)z ASN.1 type classes for X.509 certificates. Exports the following items: - Attributes() - Certificate() - Extensions() - GeneralName() - GeneralNames() - Name() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)contextmanager)idnaN)unwrap) iri_to_uri uri_to_iri) OrderedDict) type_namestr_cls bytes_to_list)AlgorithmIdentifierAnyAlgorithmIdentifierDigestAlgorithmSignedDigestAlgorithm)Any BitString BMPStringBooleanChoiceConcat EnumeratedGeneralizedTime GeneralString IA5StringIntegerNull NumericStringObjectIdentifierOctetBitString OctetStringParsableOctetStringPrintableStringSequence SequenceOfSetSetOf TeletexStringUniversalStringUTCTime UTF8String VisibleStringVOID) PublicKeyInfo) int_to_bytesint_from_bytes inet_ntop inet_ptonc(eZdZdZdZdZdZdZdS)DNSNamer c||k SNselfothers K/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/asn1crypto/x509.py__ne__zDNSName.__ne__L5=  ct|tsdS||kS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.2 :param other: Another DNSName object :return: A boolean F) isinstancer7 __unicode__lowerr>s rA__eq__zDNSName.__eq__OsV%)) 5!!''))U->->-@-@-F-F-H-HHHrDc t|ts8ttdt |t ||dr&d|dd|jz}n||j}||_||_ d|_ |j dkr d|_ dSdS)zd Sets the value of the DNS name :param value: A unicode string K %s value must be a unicode string, not %s ..r NrD) rFr TypeErrorr r startswithencode _encoding_unicodecontents_header_trailer)r?value encoded_values rAsetz DNSName.set_s%)) F$%      C  9 59#3#3DN#C#CCMM!LL88M %  =C  DMMM rDN)__name__ __module__ __qualname__rQ_bad_tagrBrIrXr=rDrAr7r7GsNIH!!!III      rDr7c&eZdZdZdZdZdZdS)URIc  t|ts8ttdt |t |||_t ||_d|_|j dkr d|_ dSdS)b Sets the value of the string :param value: A unicode string rKNrD) rFrrNr rrRr rSrTrUr?rVs rArXzURI.set~s%)) F$%    "5))  =C  DMMM rDc||k Sr<r=r>s rArBz URI.__ne__rCrDct|tsdSt|jdt|jdkS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.4 :param other: Another URI object :return: A boolean FT)rFr^r nativer>s rArIz URI.__eq__s>%%% 5$+t,, 5<0N0NNNrDc||jdS|j&t||_|jS7 :return: A unicode string N)rSrRr _merge_chunksr?s rArGzURI.__unicode__s< = 2 = &t'9'9';';<QWAXAX X }rDc||k Sr<r=r>s rArBzEmailAddress.__ne__rCrDc0t|tsdS|js||j|js||j|jddks|jddkr|j|jkS|jdd\}}|jdd\}}||krdS||krdSdS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.5 :param other: Another EmailAddress object :return: A boolean Frursr T) rFrlrprXrdrnrvrwrH)r?r@ other_mailboxother_hostnamerxrys rArIzEmailAddress.__eq__s%.. 5 " HHT[ ! ! !  $ IIel # # # >  t $ $ * *eo.B.B4.H.HB.N.N>U_4 4(-(>(>tQ(G(G% ~ N11$:: m # #5 >>  ~3355 5 55trD) rYrZr[rnrpr\propertyrSsetterrXrGrBrIr=rDrArlrlsIKH X__   <"!!!rDrlc>eZdZddZdZedZdZdZdS) IPAddressNc:ttd)z? This method is not applicable to IP addresses z= IP address values can not be parsed ) ValueErrorr )r?spec spec_paramss rAparsezIPAddress.parse's'       rDc t|ts8ttdt |t ||}|ddk}d}|rc|dd}|d}t|d}|dkr*ttdt ||ddkr?tj }|dkr*ttd t |d}n>tj }|d kr*ttd t |d }d }|rUd |z} | d|t| z zz } tt| d}d|dzt|z z|z}||_t|||z|_|j|_d|_|jd kr d |_dSdS)z Sets the value of the object :param value: A unicode string containing an IPv4 address, IPv4 address with CIDR, an IPv6 address or IPv6 address with CIDR rK/rsrr zT %s value contains a CIDR range less than 0 :z %s value contains a CIDR range bigger than 128, the maximum value for an IPv6 address z %s value contains a CIDR range bigger than 32, the maximum value for an IPv4 address rD10N)rFrrNr rrvsplitintrsocketAF_INET6AF_INETlenr2_nativer5rS_bytesrTrU) r?rVoriginal_valuehas_cidrcidrpartsfamily cidr_size cidr_bytes cidr_masks rArXz IPAddress.set2s/%)) F$%   ::c??b(  KKQ''E!HEuQx==Daxx dOO "" ::c??b _Fczz dOO ""II^Fbyy dOO ""I  Wd I  C NN :; ;I%c)Q&7&788J!i1nJ%GHJVJ% !&%00:= m  =C  DMMM rDct|jdS|j!|}t|}d}d}|t ddgvr@t t j|dd}|dkrt|dd}nR|t ddgvr?t t j |dd}|dkrt|dd}|Ld |}t| d}|d zt|z}||_|jS) z The native Python datatype representation of this value :return: A unicode string or None Nrrrz{0:b}rr) rSr __bytes__rrXr4rrr3rformatrstripr)r? byte_stringbyte_lenrVcidr_int cidr_bitsrs rArdzIPAddress.nativeys0 = 4 < ..**K;''HEH3Bx==((!&/;qt3DEEb==-k"##.>??HS!Q[[((!&.+ac2BCCa<<-k!""o>>H##NN844 9++C0011 gdmm3 DL|rDc||k Sr<r=r>s rArBzIPAddress.__ne__rCrDct|tsdS||kS)zl :param other: Another IPAddress object :return: A boolean F)rFrrr>s rArIzIPAddress.__eq__s:%++ 5~~5??#4#444rD)NN) rYrZr[rrXrrdrBrIr=rDrArr&st     E E E NX>!!! 5 5 5 5 5rDrc$eZdZdefdedeifgZdS) AttributetypevaluesrN)rYrZr[r"r*r_fieldsr=rDrArrs, !" 563-(GGGrDrceZdZeZdS) AttributesN)rYrZr[r _child_specr=rDrArrKKKrDrc &eZdZddddddddd d Zd S) KeyUsagedigital_signaturenon_repudiationkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_only rr rrrNrYrZr[_mapr=rDrArrs5           DDDrDrc.eZdZdedddfdedddfgZdS)PrivateKeyUsagePeriod not_beforerTimplicitoptional not_afterr N)rYrZr[rrr=rDrArrs9 QD(I(IJ oA4'H'HIGGGrDrceZdZdZdZdZdS)NotReallyTeletexStringa6 OpenSSL (and probably some other libraries) puts ISO-8859-1 into TeletexString instead of ITU T.61. We use Windows-1252 when decoding since it is a superset of ISO-8859-1, and less likely to cause encoding issues, but we stay strict with encoding to prevent us from creating bad data. r{c|jdS|j1||j|_|jSrf)rSrRrir|_decoding_encodingrjs rArGz"NotReallyTeletexString.__unicode__sE = 2 =  ..00778OPPDM}rDN)rYrZr[__doc__rrGr=rDrArrs5"     rDrc#fK dt_dVdt_dS#dt_wxYw)Nteletexr{)rrr=rDrAstrict_teletexrsA=4=1 4<111H1<<<d?d@dAdBdCdDZgdEZedFZedGZdHS)INameTypez2.5.4.3 common_namez2.5.4.4surnamez2.5.4.5 serial_numberz2.5.4.6 country_namez2.5.4.7 locality_namez2.5.4.8state_or_province_namez2.5.4.9street_addressz2.5.4.10organization_namez2.5.4.11organizational_unit_namez2.5.4.12titlez2.5.4.15business_categoryz2.5.4.17 postal_codez2.5.4.20telephone_numberz2.5.4.41namez2.5.4.42 given_namez2.5.4.43initialsz2.5.4.44generation_qualifierz2.5.4.45unique_identifierz2.5.4.46 dn_qualifierz2.5.4.65 pseudonymz2.5.4.97organization_identifierz 2.23.133.2.1tpm_manufacturerz 2.23.133.2.2 tpm_modelz 2.23.133.2.3 tpm_versionz 2.23.133.2.4platform_manufacturerz 2.23.133.2.5platform_modelz 2.23.133.2.6platform_versionz1.2.840.113549.1.9.1 email_addressz1.3.6.1.4.1.311.60.2.1.1incorporation_localityz1.3.6.1.4.1.311.60.2.1.2incorporation_state_or_provincez1.3.6.1.4.1.311.60.2.1.3incorporation_countryz0.9.2342.19200300.100.1.1user_idz0.9.2342.19200300.100.1.25domain_componentz0.2.262.1.10.7.20name_distinguisher)!rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrc||}||jvr|j|}nt|j}||fS)z Returns an ordering value for a particular attribute key. Unrecognized attributes and OIDs will be sorted lexically at the end. :return: An orderable value. )mappreferred_orderindexr)cls attr_nameordinals rApreferred_ordinalzNameType.preferred_ordinalKsVGGI&& + + +)// ::GG#-..G##rDciddddddddd d d d d ddddddddddddddddddd d!d"id#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdD|j|jS)EzZ :return: A human-friendly unicode string to display to users rz Common NamerSurnamerz Serial NumberrCountryrLocalityrzState/ProvincerzStreet Addressr OrganizationrzOrganizational UnitrTitlerzBusiness Categoryrz Postal CoderzTelephone NumberrNamerz Given NamerInitialsrzGeneration QualifierrzUnique Identifierrz DN Qualifierr Pseudonymrz Email AddressrzIncorporation LocalityrzIncorporation State/ProvincerzIncorporation CountryrzDomain ComponentrzName DistinguisherrzOrganization IdentifierrzTPM Manufacturerrz TPM Modelrz TPM VersionrzPlatform ManufacturerrzPlatform ModelrzPlatform VersionrzUser ID)getrdrjs rAhuman_friendlyzNameType.human_friendly_s# =# y#  _#  I # Z # %&6 #  .#  #  '(=#  W#  !4#  =#   2#  F#  ,#  !# " #$:## # $ !4%# & N'# ( )# * _+# , %&>-# . ./M/# 0 $%<1# 2  23# 4 !"65# 6 &'@7# 8  29# : ;# < ==# > $% )  ? )  + )  #)  ')  .)  G)  ')  M)  &)  F)  L)  J!) " *#) ) $ '%) & N') ( K)) * -+) . */) 0  1) 2  3) 4 /5) 6 (7) 8 *9) < =) @ #$s rArBzNameTypeAndValue.__ne__rCrDct|tsdS|dj|djkrdS|j|jkS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another NameTypeAndValue object :return: A boolean Fr)rFrrdr!r>s rArIzNameTypeAndValue.__eq__sK%!122 5 = 4<#6 6 65"d&888rDctjdd|}tjdd|}tjdkrtjdd|}ntjdd|}tjdd|}|d d}tjd d|}dt tj|}tj d |}|D]}tj |rttd tj|rttd tj|rttdtj|rttdtj|rttd|dkrttdd}d}|D]/}tj|rd}tj|rd}0|rVtj|d}tj|d}|s|r|sttddtjdd|zdz}|S)a" Implements the internationalized string preparation algorithm from RFC 4518. https://tools.ietf.org/html/rfc4518#section-2 :param string: A unicode string to prepare :return: A prepared unicode string, ready for comparison u[­᠆͏᠋-᠍️-＀]+rhu [ …] iu[-]|[-]|󠀁u[𝅳-𝅺󠀠-󠁿󠀁]u?[---„†-Ÿ۝܏᠎‌-‏‪-‮⁠-⁣--]+u​u[   - 
-
   ]NFKCzc X.509 Name objects may not contain unassigned code points z X.509 Name objects may not contain change display or zzzzdeprecated characters zc X.509 Name objects may not contain private use characters zf X.509 Name objects may not contain non-character code points zb X.509 Name objects may not contain surrogate code points u�zf X.509 Name objects may not contain the replacement character FTrrsz{ X.509 Name object contains a malformed bidirectional sequence z +z )resubsys maxunicodereplacejoinr stringprep map_table_b2 unicodedata normalize in_table_a1rr in_table_c8 in_table_c3 in_table_c4 in_table_c5 in_table_d1 in_table_d2strip)r?stringcharhas_r_and_al_cat has_l_catfirst_is_r_and_allast_is_r_and_als rAr z"NameTypeAndValue._ldap_string_preps/OQSU[\\@#vNN >V # #VTVXZ`aaFFVTVXZ`aaF K      "--TVY[abbZ4f==>>&vv66* * D%d++  "" %d++  ""%d++  "" %d++  "" %d++  "" x "" !  ! !D%d++ !#'  '-- !   * 6vay A A )5fRjAA   1 9I  ""rvdD&1177999C? rD)rYrZr[rrr _oid_pairrr&r#rlr7r. _oid_specsrrr!rBrIr r=rDrArrs3  #G "I%%?% %  %  % !/ % /% _% #O% % _% % O% % o% O!%" #%%$ ^%%& '%( _)%, -%0 !/1%2 *?3%4 5%6 G7%8 o9%: "?;%< J=%> Z?%@ zA%B C%D *E%F JG%H ?I%%JNH   X !!!999&jjjjjrDrc@eZdZeZedZdZdZdZ dZ dS)RelativeDistinguishedNamecg}||}t|D]"}||d||#d|S)b :return: A unicode string that can be used as a dict key or in a set : ) _get_valuessortedkeysappendr,)r?outputrkeys rAhashablez"RelativeDistinguishedName.hashablePss!!$''&++--(( 9 9C MMccc6#;;7 8 8 8 8{{6"""rDc||k Sr<r=r>s rArBz RelativeDistinguishedName.__ne__`rCrDcdt|tsdSt|t|krdS||}||}||krdS||}||}|D]}||||krdSdS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another RelativeDistinguishedName object :return: A boolean FT)rFrBr _get_typesrG)r?r@ self_types other_types self_values other_values type_name_s rArIz RelativeDistinguishedName.__eq__cs%!:;; 5 t99E " "5__T** ooe,,  $ $5&&t,, ''.. $  J:&,z*BBBuuCtrDc4td|DS)z Returns a set of types contained in an RDN :param rdn: A RelativeDistinguishedName object :return: A set object with unicode strings of NameTypeAndValue type field values c(g|]}|djSrrd).0ntvs rA z8RelativeDistinguishedName._get_types..s6663CK&666rD)rX)r?rdns rArPz$RelativeDistinguishedName._get_typess!66#666777rDc(ifd|DS)a$ Returns a dict of prepped values contained in an RDN :param rdn: A RelativeDistinguishedName object :return: A dict object with unicode strings of NameTypeAndValue value field values that have been prepped for comparison c`g|]*}|dj|jfg+SrX)updaterdr!)rZr[rKs rAr\z9RelativeDistinguishedName._get_values..s7QQQcV+S->?@ A AQQQrDr=)r?r]rKs @rArGz%RelativeDistinguishedName._get_valuess)QQQQSQQQQ rDN) rYrZr[rrrrMrBrIrPrGr=rDrArBrBMso"K  # #X #!!!@ 8 8 8rDrBc4eZdZeZedZdZdZdS) RDNSequencec@dd|DS)rDc3$K|] }|jV dSr<)rM)rZr]s rA z'RDNSequence.hashable..s$88C3<888888rD)r,rjs rArMzRDNSequence.hashables%{{884888888rDc||k Sr<r=r>s rArBzRDNSequence.__ne__rCrDct|tsdSt|t|krdSt|D]\}}|||krdSdS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another RDNSequence object :return: A boolean FT)rFrbr enumerate)r?r@r self_rdns rArIzRDNSequence.__eq__sr%-- 5 t99E " "5(  OE8U|x''uu(trDN) rYrZr[rBrrrMrBrIr=rDrArbrbsP+K  9 9X 9!!!rDrbceZdZdefgZdZdZdZeddZ e dZ dZ dZ dZe d Ze d Zd Ze d Ze d ZdS)rrhNFc g}|s d}t}n d}t}tt|d}|D]\}}t |}|dkrt|}nb|dkrt|}nL|tgdvrtdt|}nt|||}| tt||d g|d t|S) aY Creates a Name object from a dict of unicode string keys and values. The keys should be from NameType._map, or a dotted-integer OID unicode string. :param name_dict: A dict of name information, e.g. {"common_name": "Will Bond", "country_name": "US", "organization_name": "Codex Non Sufficit LC"} :param use_printable: A bool - if PrintableString should be used for encoding instead of UTF8String. This is for backwards compatibility with old software. :return: An x509.Name object rrcBt|dS)Nr)rr)items rAzName.build..s!;!;DG!D!DrD)rLrr)rrr)rrVrrh)r.r&r rHitemsrrrlr7rXrrJrBrrb) r  name_dict use_printablerdns encoding_nameencoding_classattribute_nameattribute_valuerVs rAbuildz Name.builds& -)M'NN.M,N !!DD     09/@/@   +NO%\\.99N00$_55#555003'X'X'X#Y#YYY'+)/:: (&(.99 KK1 *"""3    s+d"3"34444rDc|jjS)rD)chosenrMrjs rArMz Name.hashables{##rDc*t|jSr<)rrzrjs rA__len__z Name.__len__s4;rDc||k Sr<r=r>s rArBz Name.__ne__rCrDcPt|tsdS|j|jkS)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another Name object :return: A boolean F)rFrrzr>s rArIz Name.__eq__!s*%&& 5{el**rDcD|jt|_|jjD]s}|D]n}|d}||jvrK|j|}t |t s |gx}|j|<||d^|d|j|<ot|jS)NrrV)rr rzrdrFlistrJ)r?r]type_val field_nameexistings rArdz Name.native0s < &==DL{) E E #EEH!)&!1J!T\11#'< #;)(D99MCK*LHt|J'? (9::::3;G3D Z00E|rDcx|j,t}d}|jD]S}|D]N}|dj}|}||vr.||g||<|||dC|d||<OTg}|}|dkrt t|}|D]9}||} || } ||d| :d} |D]} | ddkrd } n | sd nd } | |ddd|_|jS) zg :return: A human-friendly unicode string containing the parts of the name NrrVrrEF,rsT, z; ) _human_friendlyr rzrrJrIreversedr_recursive_humanizervr,)r?data last_fieldr]rrto_joinrIrLrV native_value has_commaelement separators rArzName.human_friendly@s   '==DJ{ = = #==H!)&!1!@J!+J!T)),0,<+=Z(Z(//0ABBBB+3G+<Z((=G99;;DY&&T ++ ? ?S #77>> 333 =>>>>I"  <<$$** $IE+%.74I#,>>'$$B$-#@#@D ##rDct|tr.dtfd|DS|jS)z Recursively serializes data compiled from the RDNSequence :param value: An Asn1Value object, or a list of Asn1Value objects :return: A unicode string rc:g|]}|Sr=)r)rZ sub_valuer?s rAr\z,Name._recursive_humanize..ts'UUU)$229==UUUrD)rFrr,rrdras` rArzName._recursive_humanizegsW eT " " 99UUUUuUUUVV |rDc|j=tj||_|jS)zZ :return: The SHA1 hash of the DER-encoded bytes of this name _sha1hashlibsha1dumpdigestrjs rArz Name.sha1x9 :  diikk2299;;DJzrDc|j=tj||_|jS)z] :return: The SHA-256 hash of the DER-encoded bytes of this name _sha256rsha256rrrjs rArz Name.sha256s9 < ">$))++66==??DL|rD)F)rYrZr[rbrrrrrrxrrMr|rBrIrdrrrrr=rDrArrs [MO EG:5:5:5[:5x$$X$   !!! + + +  X $$$$X$$L"XXrDrc$eZdZdefdeddifgZdS) AnotherNametype_idrVexplicitrN)rYrZr[r"rrr=rDrArrs, $% # A'GGGrDrc&eZdZdZdZdefdefgZdS) CountryNamer x121_dcc_codeiso_3166_alpha2_codeNrYrZr[class_tagr!r&rr=rDrArrs1 F C -( 1MMMrDrc&eZdZdZdZdefdefgZdS)AdministrationDomainNamer rnumeric printableNrr=rDrArrs1 F C M" o&MMMrDrceZdZdefdefgZdS)PrivateDomainNamerrNrYrZr[r!r&rr=rDrArrs% M" o&MMMrDrcHeZdZdeddifdedddfded ddfd ed ddfgZd S) PersonalNamerrrrr TrrrrrNrYrZr[r&rr=rDrArrsY Oj!_5 QD(I(IJ _1$&G&GH qd2S2ST GGGrDrcHeZdZdeddifdedddfded ddfd ed ddfgZd S) TeletexPersonalNamerrrrr TrrrrrNrYrZr[r+rr=rDrArrsY MJ?3 }1$&G&GH ]$E$EF QD0Q0QR GGGrDrceZdZeZdS)OrganizationalUnitNamesNrYrZr[r&rr=rDrArr!KKKrDrceZdZeZdS)TeletexOrganizationalUnitNamesN)rYrZr[r+rr=rDrArrKKKrDrc eZdZdeddifdeddifdedddfded ddfd ed dd fd edddfdedddfdedddfde dddfg Z dS)BuiltInStandardAttributesrrTadministration_domain_namenetwork_addressrrterminal_identifierr private_domain_namerrrrrnumeric_user_identifierr personal_namerorganizational_unit_namesrN) rYrZr[rrr!r&rrrrr=rDrArrs z4&89 %'?*dAST Mt+L+LM aT1R1RS  1t3T3TU oA4/P/PQ "Mt3T3TU ,QD(I(IJ $&=A[_?`?`a GGGrDrceZdZdefdefgZdS)BuiltInDomainDefinedAttributerrVNrr=rDrArrs% ! /"GGGrDrceZdZeZdS)BuiltInDomainDefinedAttributesN)rYrZr[rrr=rDrArr/KKKrDrceZdZdefdefgZdS)TeletexDomainDefinedAttributerrVNrr=rDrArrs%  - GGGrDrceZdZeZdS)TeletexDomainDefinedAttributesN)rYrZr[rrr=rDrArrrrDrceZdZdefdefgZdS)PhysicalDeliveryCountryNamerrNrr=rDrArrs% -( 1MMMrDrceZdZdefdefgZdS) PostalCode numeric_codeprintable_codeNrr=rDrArrs% ' ?+MMMrDrc*eZdZdeddifdeddifgZdS) PDSParameterrrTrN)rYrZr[r&r+rr=rDrArrs3 _z4.@A =:t*<=GGGrDrceZdZeZdS)PrintableAddressNrr=rDrArrrrDrc*eZdZdeddifdeddifgZdS)UnformattedPostalAddressprintable_addressrTrN)rYrZr[rr+rr=rDrArrs4 .T0BC =:t*<=GGGrDrc,eZdZdeddifdedddfgZdS) E1634Addressnumberrr sub_addressr TrN)rYrZr[r!rr=rDrArrs5 =:q/2  A4'H'HIGGGrDrceZdZeZdS) NAddressesN)rYrZr[r$rr=rDrArrKKKrDrcHeZdZdedddfdedddfdedddfd ed d ifgZd S) PresentationAddress p_selectorrTr s_selectorr t_selectorr n_addressesrrN)rYrZr[r$rrr=rDrArrsY {$E$EF {$E$EF {$E$EF  ZO4 GGGrDrc$eZdZdefdeddifgZdS)ExtendedNetworkAddresse163_4_address psap_addressrrN)rYrZr[rrrr=rDrArr#s, <( ,z1o>MMMrDrc eZdZdddddddZdS) TerminalTypetelexr g3_facsimile g4_facsimile ia5_terminalvideotex)rrrrrrNrr=rDrArr*s,         DDDrDrceZdZiddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)Zd*S)+ExtensionAttributeTyper rrteletex_common_namerteletex_organization_namerteletex_personal_namerteletex_organization_unit_namesr!teletex_domain_defined_attributesrpds_namerphysical_delivery_country_name r physical_delivery_office_name physical_delivery_office_numberr9extension_of_address_components physical_delivery_personal_name#physical_delivery_organization_name.extension_physical_delivery_address_componentsrunformatted_postal_addressrpost_office_box_addressposte_restante_addressunique_postal_namelocal_postal_attributesextended_network_address terminal_type)r:Nrr=rDrArr5s  =    &  "   ,   .   :  +  =  +  -  -  -  1  <  (! " # $ & $ % & /   DDDrDrceZdZdeddifdeddifgZdZided ed ed e d e d e dede de dedededededededeeeeeeedZdS)ExtensionAttributeextension_attribute_typerrextension_attribute_valuerr )rrrrrrrrrrrrrrrr r r r)rrrrrrN)rYrZr[rrrr?r&r+rrrrrrrrrr@r=rDrArrQs1 #%;j!_M $cJ?;G JI} $] !4  *+I  ,-K  O )*E z ( *< *< *< .| 9, %&>!" ,#$$0".*#/$:%/JJJrDrceZdZeZdS)ExtensionAttributesN)rYrZr[rrr=rDrArrs$KKKrDrc0eZdZdefdeddifdeddifgZdS) ORAddressbuilt_in_standard_attributes"built_in_domain_defined_attributesrTextension_attributesN)rYrZr[rrrrr=rDrAr!r!ws@ ')BC -/MPZ\`Oab !4z46HIGGGrDr!c,eZdZdedddfdeddifgZdS) EDIPartyName name_assignerrTr party_namerr N)rYrZr[rrr=rDrAr&r&s5 /t+L+LM Q8GGGrDr&c eZdZdeddifdeddifdeddifdedd ifd ed d ifd eddifde ddifde ddifde ddifg Z dZ dZdS) GeneralName other_namerr rfc822_namer dns_namer x400_addressrdirectory_namerredi_party_nameruniform_resource_identifierr ip_addressr registered_idrc||k Sr<r=r>s rArBzGeneralName.__ne__rCrDc|jdvr"ttd|j|jdvr"ttd|j|j|jkrdS|j|jkS)z Does not support other_name, x400_address or edi_party_name :param other: The other GeneralName to compare to :return: A boolean )r+r.r0zr Comparison is not supported for GeneralName objects of choice %s za Comparison is not supported for GeneralName objects of choice %sF)rrr rzr>s rArIzGeneralName.__eq__s 9H H HV   :I I IV   9 " "5{el**rDN)rYrZr[rrlr7r!rr&r^rr"rrBrIr=rDrAr*r*s {ZO4  z1o6 Wz1o. ZO4 4*a1 <*a9 &j!_= y:q/2 *ZO< M!!!+++++rDr*ceZdZeZdS) GeneralNamesN)rYrZr[r*rr=rDrAr7r7rrDr7ceZdZdefdefgZdS)Timeutc_time general_timeN)rYrZr[r-rrr=rDrAr9r9s% W )MMMrDr9ceZdZdefdefgZdS)ValidityrrN)rYrZr[r9rr=rDrAr=r=s% t dGGGrDr=c*eZdZdeddifdeddifgZdS)BasicConstraintscadefaultFpath_len_constraintrTN)rYrZr[rrrr=rDrAr?r?s3 wE*+ *d);<GGGrDr?c<eZdZdedddfdedddfdedddfgZd S) AuthorityKeyIdentifierkey_identifierrTrauthority_cert_issuerr authority_cert_serial_numberrN)rYrZr[r$r7rrr=rDrArDrDsK ;QD(I(IJ ,QD0Q0QR 'qd2S2STGGGrDrDc*eZdZdeddifdeddifgZdS)DistributionPointName full_namerrname_relative_to_crl_issuerr N)rYrZr[r7rBrr=rDrArIrIs3 lZO4 &(AJPQ?SMMMrDrIc &eZdZddddddddd d Zd S) ReasonFlagsunusedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserNrr=rDrArMrMs5     #    DDDrDrMc4eZdZdefdedddfdedddfgZd S) GeneralSubtreebaseminimumrrrAmaximumr TrN)rYrZr[r*rrr=rDrArXrXsA  G!::; G!>>?GGGrDrXceZdZeZdS)GeneralSubtreesN)rYrZr[rXrr=rDrAr^r^s KKKrDr^c.eZdZdedddfdedddfgZdS)NameConstraintspermitted_subtreesrTrexcluded_subtreesr N)rYrZr[r^rr=rDrAr`r`s9 QD0Q0QR oA4/P/PQGGGrDr`cVeZdZdedddfdedddfded ddfgZd Zed Z d S) DistributionPointdistribution_pointrTrreasonsr r crl_issuerrFc&|jdurd|_|d}|jdkrttd|jD]D}|jdkr7|j}|dr ||_nE|jS)z_ :return: None or a unicode string of the distribution point's URL FNrerJz CRL distribution points that are relative to the issuer are not supported r1zhttp://zhttps://zldap://zldaps://)_urlrrr rzrdrHrO)r?r general_nameurls rArlzDistributionPoint.url s 9  DI,-DyK'' ""!%    $(EEE&-Cyy{{--.\]]$' yrDN) rYrZr[rIrMr7rrjrrlr=rDrArdrdss 41RV6W6WX KaT!B!BC |!%F%FGG D XrDrdceZdZeZdS)CRLDistributionPointsN)rYrZr[rdrr=rDrArnrn&#KKKrDrnc*eZdZdefdefdefdefgZdS) DisplayTextrvisible_stringrrN)rYrZr[rr/rr.rr=rDrArqrq*s5 y! =) y!  # MMMrDrqceZdZeZdS) NoticeNumbersNrYrZr[rrr=rDrArtrt3KKKrDrtceZdZdefdefgZdS)NoticeReference organizationnotice_numbersN)rYrZr[rqrtrr=rDrArxrx7s% % =)GGGrDrxc*eZdZdeddifdeddifgZdS) UserNotice notice_refrT explicit_textN)rYrZr[rxrqrr=rDrAr|r|>s3 T(:; + D'9:GGGrDr|ceZdZdddZdS)PolicyQualifierId certification_practice_statement user_notice)z1.3.6.1.5.5.7.2.1z1.3.6.1.5.5.7.2.2Nrr=rDrArrEs ?*  DDDrDrc,eZdZdefdefgZdZeedZ dS)PolicyQualifierInfopolicy_qualifier_id qualifier)rr)rrN) rYrZr[rrrr?rr|r@r=rDrArrLs?  12 cG 5I,5!JJJrDrceZdZeZdS)PolicyQualifierInfosN)rYrZr[rrr=rDrArrY%KKKrDrceZdZddiZdS)PolicyIdentifierz 2.5.29.32.0 any_policyNrr=rDrArr]s| DDDrDrc$eZdZdefdeddifgZdS)PolicyInformationpolicy_identifierpolicy_qualifiersrTN)rYrZr[rrrr=rDrArrcs. ./ 2Z4FGGGGrDrceZdZeZdS)CertificatePoliciesN)rYrZr[rrr=rDrArrjrorDrceZdZdefdefgZdS) PolicyMappingissuer_domain_policysubject_domain_policyN)rYrZr[rrr=rDrArrns' !12 "23GGGrDrceZdZeZdS)PolicyMappingsN)rYrZr[rrr=rDrArrurrDrc.eZdZdedddfdedddfgZdS)PolicyConstraintsrequire_explicit_policyrTrinhibit_policy_mappingr NrYrZr[rrr=rDrArrys9 "G!-N-NO !7,M,MNGGGrDrc eZdZiddddddddd d d d d ddddddddddddddddddd d!d"id#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDidEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfidgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~ddddddddddiddddddddddddddddddddddddddddddddddZdS) KeyPurposeIdz 2.5.29.37.0any_extended_key_usagez1.3.6.1.5.5.7.3.1 server_authz1.3.6.1.5.5.7.3.2 client_authz1.3.6.1.5.5.7.3.3 code_signingz1.3.6.1.5.5.7.3.4email_protectionz1.3.6.1.5.5.7.3.5ipsec_end_systemz1.3.6.1.5.5.7.3.6 ipsec_tunnelz1.3.6.1.5.5.7.3.7 ipsec_userz1.3.6.1.5.5.7.3.8 time_stampingz1.3.6.1.5.5.7.3.9 ocsp_signingz1.3.6.1.5.5.7.3.10dvcsz1.3.6.1.5.5.7.3.13 eap_over_pppz1.3.6.1.5.5.7.3.14 eap_over_lanz1.3.6.1.5.5.7.3.15 scvp_serverz1.3.6.1.5.5.7.3.16 scvp_clientz1.3.6.1.5.5.7.3.17 ipsec_ikez1.3.6.1.5.5.7.3.18 capwap_acz1.3.6.1.5.5.7.3.19 capwap_wtpz1.3.6.1.5.5.7.3.20 sip_domainz1.3.6.1.5.5.7.3.21secure_shell_clientz1.3.6.1.5.5.7.3.22secure_shell_serverz1.3.6.1.5.5.7.3.23 send_routerz1.3.6.1.5.5.7.3.24send_proxied_routerz1.3.6.1.5.5.7.3.25 send_ownerz1.3.6.1.5.5.7.3.26send_proxied_ownerz1.3.6.1.5.5.7.3.27cmc_caz1.3.6.1.5.5.7.3.28cmc_raz1.3.6.1.5.5.7.3.29 cmc_archivez1.3.6.1.5.5.7.3.30bgpspec_routerz1.3.6.1.5.5.8.2.2ike_intermediatez1.3.6.1.4.1.311.10.3.1microsoft_trust_list_signingz1.3.6.1.4.1.311.10.3.2microsoft_time_stamp_signingz1.3.6.1.4.1.311.10.3.3microsoft_server_gatedz1.3.6.1.4.1.311.10.3.3.1microsoft_serializedz1.3.6.1.4.1.311.10.3.4 microsoft_efsz1.3.6.1.4.1.311.10.3.4.1microsoft_efs_recoveryz1.3.6.1.4.1.311.10.3.5microsoft_whqlz1.3.6.1.4.1.311.10.3.6 microsoft_nt5z1.3.6.1.4.1.311.10.3.7microsoft_oem_whqlz1.3.6.1.4.1.311.10.3.8microsoft_embedded_ntz1.3.6.1.4.1.311.10.3.9microsoft_root_list_signerz1.3.6.1.4.1.311.10.3.10!microsoft_qualified_subordinationz1.3.6.1.4.1.311.10.3.11microsoft_key_recoveryz1.3.6.1.4.1.311.10.3.12microsoft_document_signingz1.3.6.1.4.1.311.10.3.13microsoft_lifetime_signingz1.3.6.1.4.1.311.10.3.14 microsoft_mobile_device_softwarez1.3.6.1.4.1.311.20.2.2microsoft_smart_card_logonz1.2.840.113635.100.1.2apple_x509_basicz1.2.840.113635.100.1.3 apple_sslz1.2.840.113635.100.1.4apple_local_cert_genz1.2.840.113635.100.1.5 apple_csr_genz1.2.840.113635.100.1.6apple_revocation_crlz1.2.840.113635.100.1.7apple_revocation_ocspz1.2.840.113635.100.1.8 apple_smimez1.2.840.113635.100.1.9 apple_eapz1.2.840.113635.100.1.10apple_software_update_signingz1.2.840.113635.100.1.11 apple_ipsecz1.2.840.113635.100.1.12 apple_ichatz1.2.840.113635.100.1.13apple_resource_signingz1.2.840.113635.100.1.14apple_pkinit_clientz1.2.840.113635.100.1.15apple_pkinit_serverz1.2.840.113635.100.1.16apple_code_signingz1.2.840.113635.100.1.17apple_package_signingz1.2.840.113635.100.1.18apple_id_validationz1.2.840.113635.100.1.20apple_time_stampingz1.2.840.113635.100.1.21apple_revocationz1.2.840.113635.100.1.22apple_passbook_signingz1.2.840.113635.100.1.23apple_mobile_storez1.2.840.113635.100.1.24apple_escrow_servicez1.2.840.113635.100.1.25apple_profile_signerz1.2.840.113635.100.1.26apple_qa_profile_signerz1.2.840.113635.100.1.27apple_test_mobile_storez1.2.840.113635.100.1.28apple_otapki_signerz1.2.840.113635.100.1.29apple_test_otapki_signerz1.2.840.113625.100.1.30)apple_id_validation_record_signing_policyz1.2.840.113625.100.1.31apple_smp_encryptionz1.2.840.113625.100.1.32apple_test_smp_encryptionz1.2.840.113635.100.1.33apple_server_authenticationz1.2.840.113635.100.1.34apple_pcs_escrow_servicez2.16.840.1.101.3.6.8piv_card_authenticationz2.16.840.1.101.3.6.7piv_content_signingz1.3.6.1.5.2.3.4pkinit_kpclientauthz1.3.6.1.5.2.3.5 pkinit_kpkdcz1.2.840.113583.1.1.5adobe_authentic_documents_trustz2.16.840.1.101.3.8.7fpki_pivi_content_signingNrr=rDrArrsJl /l  ]l  ] l  ^ l  / l  /l  ^l  \l  _l  ^l  fl  nl  n!l $ m%l & m'l * k+l . k/l l 0 l1l 4 l5l 8 39l : 3;l > m?l @ 3Al B lCl D 2El H hIl J hKl L mMl P .Ql T /Ul Z !"@[l \ !"@]l ^ !":_l ` #$:al l l b !/cl d #$ol p "#Fql r "#;sl t "#?ul v "#?wl x "#Eyl | !">}l D !"4El F !+Gl H !"8Il J !/Kl l l L !"8Ml N !"9Ol P !-Ql R !+Sl T "#BUl V "=Wl X "=Yl Z "#;[l \ "#8]l ^ "#8_l ` "#7al b "#:cl d "#8el f "#8gl h "#5il j "#;kl l "#7ml l l n "#9ol p "#9ql r "#l @ "#@Al B "#=Cl F  9Gl H  5Il L 0Ml N >Ol R  ASl V  ;Wl l DDDrDrceZdZeZdS)ExtKeyUsageSyntaxNrYrZr[rrr=rDrArrKKKrDrceZdZdddddZdS) AccessMethodocsp ca_issuersr ca_repository)z1.3.6.1.5.5.7.48.1z1.3.6.1.5.5.7.48.2z1.3.6.1.5.5.7.48.3z1.3.6.1.5.5.7.48.5Nrr=rDrArrs&$*--   DDDrDrceZdZdefdefgZdS)AccessDescription access_methodaccess_locationN)rYrZr[rr*rr=rDrArrs% ,' K(GGGrDrceZdZeZdS)AuthorityInfoAccessSyntaxNrYrZr[rrr=rDrArrrorDrceZdZeZdS)SubjectInfoAccessSyntaxNrr=rDrArrrorDrceZdZeZdS)FeaturesNrur=rDrArr rvrDrceZdZdefdefgZdS)EntrustVersionInfo entrust_versentrust_info_flagsN)rYrZr[rrrr=rDrAr r s% ' y)GGGrDr c $eZdZddddddddd Zd S) NetscapeCertificateType ssl_client ssl_serveremailobject_signingreservedssl_caemail_caobject_signing_ca)rr rrrrrrNrr=rDrArrs2          DDDrDrceZdZddddZdS)Versionv1v2v3rr rNrr=rDrArr%s#     DDDrDrc$eZdZdefdefdefgZdS)TPMSpecificationrlevelrevisionN)rYrZr[r.rrr=rDrArr-s- : ' WGGGrDrceZdZeZdS)SetOfTPMSpecificationN)rYrZr[rrr=rDrAr"r"5s"KKKrDr"c$eZdZdefdefdefgZdS)TCGSpecificationVersion major_version minor_versionr Nrr=rDrAr$r$9s- '" '" WGGGrDr$ceZdZdefdefgZdS)TCGPlatformSpecificationversionplatform_classN)rYrZr[r$r$rr=rDrAr(r(As& +, ;'GGGrDr(ceZdZeZdS)SetOfTCGPlatformSpecificationN)rYrZr[r(rr=rDrAr,r,Hs*KKKrDr,ceZdZdddddZdS)EKGenerationTypeinternalinjectedinternal_revocableinjected_revocable)rr rrNrr=rDrAr.r.Ls&       DDDrDr.ceZdZddddZdS)EKGenerationLocationrrek_cert_signerrNrr=rDrAr4r4U#  "   DDDrDr4ceZdZddddZdS)EKCertificateGenerationLocationrrr5rNrr=rDrAr8r8]r6rDr8c"eZdZddddddddZd S) EvaluationAssuranceLevellevel1level2level3level4level5level6level7)r rrrrrrNrr=rDrAr:r:es/         DDDrDr:ceZdZddddZdS)EvaluationStatusdesigned_to_meetevaluation_in_progressevaluation_completedrNrr=rDrArCrCqs#  # !  DDDrDrCceZdZddddZdS)StrengthOfFunctionbasicmediumhighrNrr=rDrArHrHys#     DDDrDrHc0eZdZdefdeddifdeddifgZdS) URIReferencer1hash_algorithmrT hash_valueN)rYrZr[rrrrr=rDrArMrMs; & 2 ?Z,>? y:t"45GGGrDrMc veZdZdefdefdefdeddifdedd d fd ed d d fd e dd d fdedd d fde dd d fg Z dS)CommonCriteriaMeasuresr)assurance_levelevaluation_statusplusrAFstrengh_of_functionrTr profile_oidr profile_urlr target_oidr target_urirN) rYrZr[rr:rCrrHr"rMrr=rDrArQrQs I 45 ./ 9e,-  2PT4U4UV (qd*K*KL  1$&G&GH 'aT)J)JK |!%F%FG GGGrDrQceZdZdddddZdS) SecurityLevelr;r<r=r>)r rrrNrr=rDrAr[r[s&       DDDrDr[c*eZdZdefdefdeddifgZdS) FIPSLevelr)rrTrAFN)rYrZr[rr[rrr=rDrAr]r]s4 I - 9e,-GGGrDr]c eZdZdeddifdeddifdeddd fd ed dd fd ed dd fdeddd fde ddd fdedddfde ddifg Z dS)TPMSecurityAssertionsr)rArfield_upgradableFek_generation_typerTrek_generation_locationr "ek_certificate_generation_locationrcc_infor fips_levelriso_9000_certifiedrr[ iso_9000_urirN) rYrZr[rrr.r4r8rQr]rrr=rDrAr_r_s Gi./ Wy%&89 /aT1R1RS !#7aUY9Z9Z[ -/N]^lpPqPqr *,M,MN yqd"C"CD wQ5(I(IJ Z$67 GGGrDr_ceZdZeZdS)SetOfTPMSecurityAssertionsN)rYrZr[r_rr=rDrAriris'KKKrDric (eZdZddddddddd d d Zd S) SubjectDirectoryAttributeIdsupported_algorithmstpm_specificationtcg_platform_specificationtpm_security_assertionspda_date_of_birthpda_place_of_birth pda_genderpda_country_of_citizenshippda_country_of_residenceentrust_user_role) z2.5.4.52z 2.23.133.2.16z 2.23.133.2.17z 2.23.133.2.18z1.3.6.1.5.5.7.9.1z1.3.6.1.5.5.7.9.2z1.3.6.1.5.5.7.9.3z1.3.6.1.5.5.7.9.4z1.3.6.1.5.5.7.9.5z1.2.840.113533.7.68.29Nrr=rDrArkrks:+,5201)97"5  DDDrDrkceZdZeZdS)SetOfGeneralizedTimeN)rYrZr[rrr=rDrArwrwrrDrwceZdZeZdS)SetOfDirectoryStringN)rYrZr[rrr=rDrAryryrrDryceZdZeZdS)SetOfPrintableStringNrr=rDrAr{r{rrDr{c4eZdZdefdedddfdedddfgZdS) SupportedAlgorithmalgorithm_identifierintended_usagerTrintended_certificate_policiesr N)rYrZr[rrrrr=rDrAr}r}sD !78 8!%F%FG (*=A[_?`?`aGGGrDr}ceZdZeZdS)SetOfSupportedAlgorithmN)rYrZr[r}rr=rDrArrrrDrc HeZdZdefdefgZdZeee e e e e e e d ZdZdeiZdS)SubjectDirectoryAttributerr)rr) rlrmrnrorprqrrrsrtcV|dj}||jvr |j|StS)Nr)rdr@r*)r?type_s rA _values_specz&SubjectDirectoryAttribute._values_specs-V # DO # #?5) ) rDN)rYrZr[rkrrr?rr"r,rirwryr{r@r_spec_callbacksr=rDrArrsp ,- 3G #I 72&C#=12*&:$8  J ,OOOrDrceZdZeZdS)SubjectDirectoryAttributesN)rYrZr[rrr=rDrArrs+KKKrDrc eZdZiddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*Zd+S), ExtensionIdz2.5.29.9subject_directory_attributesz 2.5.29.14rEz 2.5.29.15 key_usagez 2.5.29.16private_key_usage_periodz 2.5.29.17subject_alt_namez 2.5.29.18issuer_alt_namez 2.5.29.19basic_constraintsz 2.5.29.30name_constraintsz 2.5.29.31crl_distribution_pointsz 2.5.29.32certificate_policiesz 2.5.29.33policy_mappingsz 2.5.29.35authority_key_identifierz 2.5.29.36policy_constraintsz 2.5.29.37extended_key_usagez 2.5.29.46 freshest_crlz 2.5.29.54inhibit_any_policyz1.3.6.1.5.5.7.1.1authority_information_accesssubject_information_access tls_feature ocsp_no_checkentrust_version_extensionnetscape_certificate_type!signed_certificate_timestamp_listmicrosoft_enroll_certtype)z1.3.6.1.5.5.7.1.11z1.3.6.1.5.5.7.1.24z1.3.6.1.5.5.7.48.1.5z1.2.840.113533.7.65.0z2.16.840.1.113730.1.1z1.3.6.1.4.1.11129.2.4.2z1.3.6.1.4.1.311.20.2Nrr=rDrArrs 2 %  [  /   '   &   (  '  .  +  &  /  )  )  ^  )! " ;# $;+ /! #$: / / - g!" '(A#$'>%7%<-8&/5JJJrDrceZdZeZdS) ExtensionsN)rYrZr[rrr=rDrArrMrrDrcneZdZdedddfdefdefdefdefd efd efd e d d dfde dd dfde dd dfg Z dS)TbsCertificater)rr)rrAr signatureissuervaliditysubjectsubject_public_key_infoissuer_unique_idr Trsubject_unique_idr extensionsrrN) rYrZr[rrrrr=r1r#rrr=rDrArrQs G!==> '" +, 4 X D "M2 ^!-N-NO n1$.O.OP zt#D#DE GGGrDrceZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'e(dZ)e(dZ*e(d Z+e(d Z,e(d Z-e(d Z.e(d Z/e(dZ0e(dZ1e(dZ2e(dZ3e(dZ4e(dZ5e(dZ6e(dZ7e(dZ8e(dZ9e(dZ:e(dZ;e(dZe(dZ?e(dZ@e(dZAe(d ZBe(d!ZCe(d"ZDe(d#ZEe(d$ZFe(d%ZGe(d&ZHe(d'ZIe(d(ZJe(d)ZKe(d*ZLd+ZMe(d,ZNe(d-ZOe(d.ZPe(d/ZQe(d0ZRe(d1ZSe(d2ZTe(d3ZUe(d4ZVe(d5ZWe(d6ZXd7ZYd8ZZd9Z[dS): Certificatetbs_certificatesignature_algorithmsignature_valueFNc&t|_|ddD]g}|dj}d|z}t||rt |||dj|djr|j|hd|_dS) zv Sets common named extensions to private attributes and creates a list of critical extensions rrrz _%s_valuerrTN)rX_critical_extensionsrdhasattrsetattrparsedadd_processed_extensions)r? extensionrrvs rA_set_extensionszCertificate._set_extensionss %(EE!/0> 4 4IY'.D(4/Nt^,, Nni .E.LMMM$+ 4)--d333%)"""rDcF|js||jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )rrrrjs rAcritical_extensionszCertificate.critical_extensionss*) #  " " "((rDcF|js||jS)z This extension is used to constrain the period over which the subject private key may be used :return: None or a PrivateKeyUsagePeriod object )rr_private_key_usage_period_valuerjs rAprivate_key_usage_period_valuez*Certificate.private_key_usage_period_value*) #  " " "33rDcF|js||jS)z This extension is used to contain additional identification attributes about the subject. :return: None or a SubjectDirectoryAttributes object )rr#_subject_directory_attributes_valuerjs rA"subject_directory_attributes_valuez.Certificate.subject_directory_attributes_value*) #  " " "77rDcF|js||jS)z This extension is used to help in creating certificate validation paths. It contains an identifier that should generally, but is not guaranteed to, be unique. :return: None or an OctetString object )rr_key_identifier_valuerjs rAkey_identifier_valuez Certificate.key_identifier_values*) #  " " "))rDcF|js||jS)z This extension is used to define the purpose of the public key contained within the certificate. :return: None or a KeyUsage )rr_key_usage_valuerjs rAkey_usage_valuezCertificate.key_usage_values*) #  " " "$$rDcF|js||jS)aT This extension allows for additional names to be associate with the subject of the certificate. While it may contain a whole host of possible names, it is usually used to allow certificates to be used with multiple different domain names. :return: None or a GeneralNames object )rr_subject_alt_name_valuerjs rAsubject_alt_name_valuez"Certificate.subject_alt_name_values*) #  " " "++rDcF|js||jS)z This extension allows associating one or more alternative names with the issuer of the certificate. :return: None or an x509.GeneralNames object )rr_issuer_alt_name_valuerjs rAissuer_alt_name_valuez!Certificate.issuer_alt_name_values*) #  " " "**rDcF|js||jS)a' This extension is used to determine if the subject of the certificate is a CA, and if so, what the maximum number of intermediate CA certs after this are, before an end-entity certificate is found. :return: None or a BasicConstraints object )rr_basic_constraints_valuerjs rAbasic_constraints_valuez#Certificate.basic_constraints_values*) #  " " ",,rDcF|js||jS)z This extension is used in CA certificates, and is used to limit the possible names of certificates issued. :return: None or a NameConstraints object )rr_name_constraints_valuerjs rAname_constraints_valuez"Certificate.name_constraints_value s*) #  " " "++rDcF|js||jS)z This extension is used to help in locating the CRL for this certificate. :return: None or a CRLDistributionPoints object extension )rr_crl_distribution_points_valuerjs rAcrl_distribution_points_valuez)Certificate.crl_distribution_points_value s*) #  " " "22rDcF|js||jS)a; This extension defines policies in CA certificates under which certificates may be issued. In end-entity certificates, the inclusion of a policy indicates the issuance of the certificate follows the policy. :return: None or a CertificatePolicies object )rr_certificate_policies_valuerjs rAcertificate_policies_valuez&Certificate.certificate_policies_value* s*) #  " " "//rDcF|js||jS)z This extension allows mapping policy OIDs to other OIDs. This is used to allow different policies to be treated as equivalent in the process of validation. :return: None or a PolicyMappings object )rr_policy_mappings_valuerjs rApolicy_mappings_valuez!Certificate.policy_mappings_value: s*) #  " " "**rDcF|js||jS)z This extension helps in identifying the public key with which to validate the authenticity of the certificate. :return: None or an AuthorityKeyIdentifier object )rr_authority_key_identifier_valuerjs rAauthority_key_identifier_valuez*Certificate.authority_key_identifier_valueI rrDcF|js||jS)z This extension is used to control if policy mapping is allowed and when policies are required. :return: None or a PolicyConstraints object )rr_policy_constraints_valuerjs rApolicy_constraints_valuez$Certificate.policy_constraints_valueW *) #  " " "--rDcF|js||jS)z This extension is used to help locate any available delta CRLs :return: None or an CRLDistributionPoints object )rr_freshest_crl_valuerjs rAfreshest_crl_valuezCertificate.freshest_crl_valuee s*) #  " " "''rDcF|js||jS)z This extension is used to prevent mapping of the any policy to specific requirements :return: None or a Integer object )rr_inhibit_any_policy_valuerjs rAinhibit_any_policy_valuez$Certificate.inhibit_any_policy_valuer rrDcF|js||jS)z This extension is used to define additional purposes for the public key beyond what is contained in the basic constraints. :return: None or an ExtKeyUsageSyntax object )rr_extended_key_usage_valuerjs rAextended_key_usage_valuez$Certificate.extended_key_usage_value rrDcF|js||jS)z This extension is used to locate the CA certificate used to sign this certificate, or the OCSP responder for this certificate. :return: None or an AuthorityInfoAccessSyntax object )rr#_authority_information_access_valuerjs rA"authority_information_access_valuez.Certificate.authority_information_access_value rrDcF|js||jS)z This extension is used to access information about the subject of this certificate. :return: None or a SubjectInfoAccessSyntax object )rr!_subject_information_access_valuerjs rA subject_information_access_valuez,Certificate.subject_information_access_value s*) #  " " "55rDcF|js||jS)z This extension is used to list the TLS features a server must respond with if a client initiates a request supporting them. :return: None or a Features object )rr_tls_feature_valuerjs rAtls_feature_valuezCertificate.tls_feature_value s*) #  " " "&&rDcF|js||jS)a- This extension is used on certificates of OCSP responders, indicating that revocation information for the certificate should never need to be verified, thus preventing possible loops in path validation. :return: None or a Null object (if present) )rr_ocsp_no_check_valuerjs rAocsp_no_check_valuezCertificate.ocsp_no_check_value s*) #  " " "((rDc|djS)zE :return: A byte string of the signature rrYrjs rArzCertificate.signature s%&--rDc|djS)zj :return: A unicode string of "rsassa_pkcs1v15", "rsassa_pss", "dsa", "ecdsa" r)signature_algorjs rArzCertificate.signature_algo s)*99rDc|djS)z :return: A unicode string of "md2", "md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sha512_224", "sha512_256" r) hash_algorjs rArzCertificate.hash_algo s)*44rDc|ddS)zT :return: The PublicKeyInfo object for this certificate rrr=rjs rA public_keyzCertificate.public_key s%&'@AArDc|ddS)zZ :return: The Name object for the subject of this certificate rrr=rjs rArzCertificate.subject s%&y11rDc|ddS)zY :return: The Name object for the issuer of this certificate rrr=rjs rArzCertificate.issuer s%&x00rDc(|ddjS)zT :return: An integer of the certificate's serial number rrrYrjs rArzCertificate.serial_number s%&7>>rDc,|jsdS|jjS)z :return: None or a byte string of the certificate's key identifier from the key identifier extension N)rrdrjs rArEzCertificate.key_identifier s ( 4(//rDc|j<|jjdzt|jdz|_|jS)z :return: A byte string of the SHA-256 hash of the issuer concatenated with the ascii character ":", concatenated with the serial number as an ascii string N:rt)_issuer_serialrrrrrPrjs rA issuer_serialzCertificate.issuer_serial sG   &"&+"4t";gdFX>Y>Y>`>`ah>i>i"iD ""rDc4|dddjS)zd :return: A datetime of latest time when the certificate is still valid rrrrYrjs rAnot_valid_afterzCertificate.not_valid_after! s %&z2;?FFrDc4|dddjS)zd :return: A datetime of the earliest time when the certificate is valid rrrrYrjs rAnot_valid_beforezCertificate.not_valid_before) s %&z2<@GGrDc8|jsdS|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension NrE)rrdrjs rArz$Certificate.authority_key_identifier1 s&2 423CDKKrDc>|jdur|j}|r~|djrq|jddj}|}|jdj}|jdzt |dz|_nd|_|jS)a; :return: None or a byte string of the SHA-256 hash of the isser from the authority key identifier extension concatenated with the ascii character ":", concatenated with the serial number from the authority key identifier extension as an ascii string FrFrrGrrtN)_authority_issuer_serialrrdrzuntagrrrP)r?akivrauthority_serials rAauthority_issuer_serialz#Certificate.authority_issuer_serial> s  (E 1 16D 545< 5<=TUVWX_#'#FGe#f#m 06 0DwO_G`G`GgGghoGpGp0p--04-,,rDc\|j||j|_|jS)z Returns complete CRL URLs - does not include delta CRLs :return: A list of zero or more DistributionPoint objects )_crl_distribution_points!_get_http_crl_distribution_pointsrrjs rArz#Certificate.crl_distribution_pointsT s0  ( 0,0,R,RSWSu,v,vD ),,rDc\|j||j|_|jS)z Returns delta CRL URLs - does not include complete CRLs :return: A list of zero or more DistributionPoint objects )_delta_crl_distribution_pointsr rrjs rAdelta_crl_distribution_pointsz)Certificate.delta_crl_distribution_pointsa s0  . 6262X2XY]Yp2q2qD /22rDcg}|gS|D]J}|d}|tur|jdkr |jD]"}|jdkr||#K|S)a? Fetches the DistributionPoint object for non-relative, HTTP CRLs referenced by the certificate :param crl_distribution_points: A CRLDistributionPoints object to grab the DistributionPoints from :return: A list of zero or more DistributionPoint objects NrerKr1)r0rrzrJ)r?rrKredistribution_point_namerks rAr z-Certificate._get_http_crl_distribution_pointsn s " *I"9 6 6 &89M&N #&$..&+/LLL 7 > 6 6 $(EEEMM"4555 6 rDc|jsgSg}|jD]j}|djdkrW|d}|jdkr'|j}|dr||k|S)zx :return: A list of zero or more unicode strings of the OCSP URLs for this cert rrrr1ri)rrdrrHrOrJ)r?rKentrylocationrls rA ocsp_urlszCertificate.ocsp_urls s6 I< ' 'E_%,66 !23=$AAAo99;;))*XYY'MM#&&& rDc|jg|_|jrC|jD]:}|jdkr-|j|jvr|j|j;nut jd}|jjD]T}|D]O}|djdkr<|dj}| |r|j|PU|jS)z :return: A list of unicode strings of valid domain names for the certificate. Wildcard certificates will have a domain in the form: *.example.com Nr-zE^(\*\.)?(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$rrrV) _valid_domainsrrrdrJr'compilerrzmatch)r?rkpatternr]name_type_valuerVs rA valid_domainszCertificate.valid_domains s   &"$D  * B$($?HHL#(J66<;NVZVi;i;i+22<3FGGGH*%pqq<.BBC+.BB*629]JJ$3G$<$CE&}}U33B $ 3 : :5 A A A B ""rDc|jBg|_|jr4|jD],}|jdkr|j|j-|jS)zj :return: A list of unicode strings of valid IP addresses for the certificate Nr2) _valid_ipsrrrJrd)r?rks rA valid_ipszCertificate.valid_ips sc ? " DO* D$($?DDL#(L88..|/BCCCrDc4|jo|jdjS)zW :return; A boolean - if the certificate is marked as a CA r@)rrdrjs rAr@zCertificate.ca s+Y0LT0R0YYrDc8|jsdS|jdjS)zT :return; None or an integer of the maximum path length NrB)r@rrdrjs rAmax_path_lengthzCertificate.max_path_length s%w 4+,ABIIrDcH|j|j|jk|_|jS)zx :return: A boolean - if the certificate is self-issued, as defined by RFC 5280 ) _self_issuedrrrjs rA self_issuedzCertificate.self_issued s'   $ $  ;D   rDc|jCd|_|jr5|jr'|jsd|_n|j|jkrd|_nd|_|jS)a :return: A unicode string of "no" or "maybe". The "maybe" result will be returned if the certificate issuer and subject are the same. If a key identifier and authority key identifier are present, they will need to match otherwise "no" will be returned. To verify is a certificate is truly self-signed, the signature will need to be verified. See the certvalidator package for one possible solution. Nnomaybe) _self_signedr9rErrjs rA self_signedzCertificate.self_signed sl   $ $D  0&084,3))6$:MMM,3)(/D%  rDc|j=tj||_|jS)zk :return: The SHA-1 hash of the DER-encoded bytes of this complete certificate rrjs rArzCertificate.sha1 rrDcdddt|jDS)z :return: A unicode string of the SHA-1 hash, formatted using hex encoding with a space between each pair of characters, all uppercase r%c3 K|] }d|zV dSz%02XNr=rZcs rArfz/Certificate.sha1_fingerprint..$ s&EEq EEEEEErD)r,rrrjs rAsha1_fingerprintzCertificate.sha1_fingerprint s/xxEEM$),D,DEEEEEErDc|j=tj||_|jS)zy :return: The SHA-256 hash of the DER-encoded bytes of this complete certificate rrjs rArzCertificate.sha256& s9 < ">$))++66==??DL|rDcdddt|jDS)z :return: A unicode string of the SHA-256 hash, formatted using hex encoding with a space between each pair of characters, all uppercase r%c3 K|] }d|zV dSrBr=rCs rArfz1Certificate.sha256_fingerprint..: s&GGq GGGGGGrD)r,rrrjs rAsha256_fingerprintzCertificate.sha256_fingerprint2 s/xxGGM$+,F,FGGGGGGrDct|ts*ttdt ||dd}|ddk}| otj d|}| o| }|r|j sdS| d}|j D]}|dd}| d} t| t|krr| |krd S||} | r||| rd SdS|jsdS|r t"jn t"j} t)| |} |jD]L} | ddkr t"jn t"j}t)|| }|| krd SMdS) a Check if a domain name or IP address is valid according to the certificate :param domain_ip: A unicode string of a domain name or IP address :return: A boolean - if the domain or IP is valid for the certificate zL domain_ip must be a unicode string, not %s rrtrrsz^\d+\.\d+\.\d+\.\d+$FrLT)rFrrNr rrPr|rHrvr'r-r0rr_is_wildcard_domain_is_wildcard_matchr3rrrr5)r? domain_ipencoded_domain_ipis_ipv6is_ipv4 is_domain domain_labels valid_domainencoded_valid_domainvalid_domain_labels is_wildcardr normalized_ipvalid_ip valid_familynormalized_valid_ips rAis_valid_domain_ipzCertificate.is_valid_domain_ip< s@)W-- F)$$  &,,V44;;GDDJJLL#((--3+\"(+HJ["\"\K/K   % u-33C88M $ 2 '3':':6'B'B'I'I''R'R'X'X'Z'Z$&:&@&@&E&E#*++s=/A/AAA&-7744"667KLL  4#:#:=J]#^#^ 445~ 5#*?!&*;<<   H-5]]3-?-?2-E-E6>>6?L"+L("C"C "m33tt4urDc|ddkrdS|d}|sdS|dddkrdS|ddddkrdSd S) af Checks if a domain is a valid wildcard according to https://tools.ietf.org/html/rfc6125#section-6.4.3 :param domain: A unicode string of the domain name, where any U-labels from an IDN have been converted to A-labels :return: A boolean - if the domain is a valid wildcard domain *r FrLrrsrzxn--T)countrHrrv)r?domainlabelss rArKzCertificate._is_wildcard_domain~ s <<   ! !5%%c** 5 !9>>#  " $ $5 !9QqS>V # #5trDc|d}|dd}|d}|dd}||krdS|dkrdStjd|ddzd z}||rdSdS) a Determines if the labels in a domain are a match for labels from a wildcard valid domain name :param domain_labels: A list of unicode strings, with A-label form for IDNs, of the labels in the domain name to check :param valid_domain_labels: A list of unicode strings, with A-label form for IDNs, of the labels in a wildcard domain pattern :return: A boolean - if the domain matches the valid domain rr NFr]T^z.*$)r'r,r+r-)r?rRrUfirst_domain_labelother_domain_labelswildcard_labelother_valid_domain_labelswildcard_regexs rArLzCertificate._is_wildcard_match s"+1-+ABB/,Q/$7$;! "; ; ;5 S 4C.*@*@d*K*K$Kc$QRR    2 3 3 4urD)\rYrZr[rrr#rrrrrrrrrrrrrrrrrrrrrrrrrrr"r+r2r8r=rrrrrrrrrrrrrrrrrrrrrrrrrrrrr rrrrErrrrrrr#r r)r0r3r@r6r9r>rrErrIr[rKrLr=rDrArr`sM N+  56 N+G "*.' "!#"%)""&!&*# $ $ $*.'(,%&*#N$#%)"NJLL EG***$ ) )X ) 4 4X 4 8 8X 8 * *X * % %X % , ,X , + +X + - -X - , ,X , 3 3X 3 0 0X 0 + +X + 4 4X 4 . .X . ( (X ( . .X . . .X . 8 8X 8 6 6X 6 ' 'X ' ) )X )..X.::X:55X5BBXB22X211X1??X? 0 0X 0 # #X #GGXGHHXH L LX L--X-* - -X - 3 3X 3>X* # #X #DX ZZXZJJXJ ! !X !!!X!2XFFXF  X HHXH@@@DB#####rDrceZdZeZdS)KeyPurposeIdentifiersNrr=rDrArjrj rrDrjceZdZeZdS)SequenceOfAlgorithmIdentifiersN)rYrZr[rrr=rDrArlrl rrDrlc ReZdZdeddifdedddfdeddifdeddifd ed ddfgZd S) CertificateAuxtrustrTrejectrraliaskeyidr@r N)rYrZr[rjr.r$rlrr=rDrArnrn si '*d);< (qd*K*KL *z401 + D12 0qd2S2ST GGGrDrnceZdZeegZdS)TrustedCertificateN)rYrZr[rrn _child_specsr=rDrArtrt s0LLLrDrt)r __future__rrrr contextlibr encodingsrrr'rr-r)r/_errorsr _irir r _ordereddictr _typesrrralgosrrrrcorerrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0rIr1utilr2r3r4r5r7r^rlrrrrrrrrrrrBrbrrrrrrrrrrrrrrrrrrrrrrrrrrrr!r&r*r7r9r=r?rDrIrMrXr^r`rdrnrqrtrxr|rrrrrrrrrrrrrrrrr rrrr"r$r(r,r.r4r8r:rCrHrMrQr[r]r_rirkrwryr{r}rrrrrrrrrjrlrnrtr=rDrArs~  SRRRRRRRRRRR%%%%%%  ((((((((%%%%%%5555555555ffffffffffff< DDDDDDDDDDDD2 2 2 2 2 i2 2 2 j66666)666rnnnnn9nnnbB5B5B5B5B5 B5B5B5J     y   H]0===     f   Q(Q(Q(Q(Q(Q(Q(Q(h~~~~~x~~~BRRRRRRRRj'''''*'''T@@@@@6@@@F(&v3#"""""j"""     Z           H00000Z000H00000Z000&3"""""z"""s8(V7W8D%%%%%*%%%8/+/+/+/+/+&/+/+/+d:6xxXF     )   X!!!!!j!!!h""""""""J$$$$$J$$$&Jh(     (   &&&&&:&&&' $$$$$*$$$H     Z   mmmmm#mmm` #$$$$$ $$$$$$$$j$$$ z     i   gx#####E###hx+++++E+++z:j     z   z8     X   J     H   (((((((("2&"""""5""""""""5""""""""5"""%%%%%e%%%<,,,,,,,,"@########L     X   b b b b b (b b b RJ&&&&&Z&&&X1111111111rD