hQHddlZddlZddlZddlmZmZddlmZddlm Z m Z ddl m Z ddl mZmZmZGddejZGd d ejZe je je je je jfZd e jd dfd ZGddejZGddZGddejZGddejZ GddejZ!GddZ"GddZ#de$d efdZ%de$d e!fdZ&dS) N)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionceZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMER/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/cryptography/x509/ocsp.pyr r s D DDDrr c&eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) rrr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrs-JNILLLLrr algorithmreturncNt|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)r#s r_verify_algorithmr).s3 i 1 1  G     rceZdZdZdZdZdS)OCSPCertStatusrrrN)rrrGOODREVOKEDUNKNOWNrrrr+r+5s DGGGGrr+ceZdZdejdejdejdedejde j ejde j ejde j ej fd Z d S) _SingleResponsecertissuerr# cert_status this_update next_updaterevocation_timerevocation_reasonc ft|tjrt|tjstdt |t|t jstd|)t|t jstd||_||_||_||_ ||_ t|tstd|tj ur#|td|tdn}t|t jstdt|}|tkrtd|)t|tjstd ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r&r Certificate TypeErrorr)datetime_cert_issuer _algorithm _this_update _next_updater+r-r(r r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr1r2r#r3r4r5r6r7s r__init__z_SingleResponse.__init__<s$ 011 E D$: :  ECDD D)$$$+x'899 ECDD D  ": *, , "KLL L  #''+~66 J  n4 4 4* !!, "- ox/@AA M KLLL8IIO!333 ' !,Z!4#366, # ( /"3rN) rrrrr:r HashAlgorithmr+r<typingOptionalrBrGrrrr0r0;sB4B4 B4' B4 $ B4 & B4_X%67B4 ):;B4"?4+;<B4B4B4B4B4B4rr0cdeZdZeejdefdZeejdefdZeejde j fdZ eejde fdZ ejdejdefdZeejdejfdZd S) OCSPRequestr$cdSz3 The hash of the issuer public key NrrFs rissuer_key_hashzOCSPRequest.issuer_key_hashrcdSz- The hash of the issuer name NrrOs rissuer_name_hashzOCSPRequest.issuer_name_hashrQrcdSzK The hash algorithm used in the issuer name and key hashes NrrOs rhash_algorithmzOCSPRequest.hash_algorithmrQrcdSzM The serial number of the cert whose status is being checked NrrOs r serial_numberzOCSPRequest.serial_numberrQrencodingcdS)z/ Serializes the request to DER NrrFr[s r public_byteszOCSPRequest.public_bytesrQrcdS)zP The list of request extensions. Not single request extensions. NrrOs r extensionszOCSPRequest.extensionsrQrN)rrrpropertyabcabstractmethodbytesrPrTrrHrWintrZrEncodingr^r Extensionsr`rrrrLrLsU     X  %   X   4   X  s   X   ]%;      DO   X   rrL) metaclasscheZdZeejdefdZeejdej e j fdZ eejdej e j fdZeejde j fdZeejdej e j fdZeejdefdZeejdefdZeejdejfd Zeejdefd Zd S) OCSPSingleResponser$cdSzY The status of the certificate (an element from the OCSPCertStatus enum) NrrOs rcertificate_statusz%OCSPSingleResponse.certificate_statusrQrcdSz^ The date of when the certificate was revoked or None if not revoked. NrrOs rr6z"OCSPSingleResponse.revocation_timerQrcdSzi The reason the certificate was revoked or None if not specified or not revoked. NrrOs rr7z$OCSPSingleResponse.revocation_reasonrQrcdSz The most recent time at which the status being indicated is known by the responder to have been correct NrrOs rr4zOCSPSingleResponse.this_updaterQrcdSzC The time when newer information will be available NrrOs rr5zOCSPSingleResponse.next_updaterQrcdSrNrrOs rrPz"OCSPSingleResponse.issuer_key_hashrQrcdSrSrrOs rrTz#OCSPSingleResponse.issuer_name_hashrQrcdSrVrrOs rrWz!OCSPSingleResponse.hash_algorithmrQrcdSrYrrOs rrZz OCSPSingleResponse.serial_numberrQrN)rrrrarbrcr+rmrIrJr<r6rrBr7r4r5rdrPrTrrHrWrerZrrrrjrjs  N   X  1B!C   X  6?43C#D   X  X.   X  V_X->?   X     X  %   X   4   X  s   X   rrjceZdZeejdejefdZ eejde fdZ eejde j fdZeejdejejfdZeejdefdZeejdefdZeejdeje jfdZeejdejefd Zeejdeje jfd Zeejdejfd Zeejdefd Zeejdejejfd Z eejdeje j!fdZ"eejdejfdZ#eejdejejfdZ$eejdefdZ%eejdefdZ&eejdejfdZ'eejde(fdZ)eejde j*fdZ+eejde j*fdZ,ejde-j.defdZ/dS) OCSPResponser$cdS)z_ An iterator over the individual SINGLERESP structures in the response NrrOs r responseszOCSPResponse.responsesrQrcdS)zm The status of the response. This is a value from the OCSPResponseStatus enumeration NrrOs rresponse_statuszOCSPResponse.response_statusrQrcdS)zA The ObjectIdentifier of the signature algorithm NrrOs rsignature_algorithm_oidz$OCSPResponse.signature_algorithm_oidrQrcdS)zX Returns a HashAlgorithm corresponding to the type of the digest signed NrrOs rsignature_hash_algorithmz%OCSPResponse.signature_hash_algorithmrQrcdS)z% The signature bytes NrrOs r signaturezOCSPResponse.signaturerQrcdS)z+ The tbsResponseData bytes NrrOs rtbs_response_byteszOCSPResponse.tbs_response_bytesrQrcdS)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. NrrOs r certificateszOCSPResponse.certificatesrQrcdS)z2 The responder's key hash or None NrrOs rresponder_key_hashzOCSPResponse.responder_key_hash(rQrcdS)z. The responder's Name or None NrrOs rresponder_namezOCSPResponse.responder_name/rQrcdS)z4 The time the response was produced NrrOs r produced_atzOCSPResponse.produced_at6rQrcdSrlrrOs rrmzOCSPResponse.certificate_status=rQrcdSrorrOs rr6zOCSPResponse.revocation_timeDrQrcdSrqrrOs rr7zOCSPResponse.revocation_reasonLrQrcdSrsrrOs rr4zOCSPResponse.this_updateTrQrcdSrurrOs rr5zOCSPResponse.next_update\rQrcdSrNrrOs rrPzOCSPResponse.issuer_key_hashcrQrcdSrSrrOs rrTzOCSPResponse.issuer_name_hashjrQrcdSrVrrOs rrWzOCSPResponse.hash_algorithmqrQrcdSrYrrOs rrZzOCSPResponse.serial_numberxrQrcdS)zR The list of response extensions. Not single response extensions. NrrOs rr`zOCSPResponse.extensionsrQrcdS)zR The list of single response extensions. Not response extensions. NrrOs rsingle_extensionszOCSPResponse.single_extensionsrQrr[cdS)z0 Serializes the response to DER Nrr]s rr^zOCSPResponse.public_bytesrQrN)0rrrrarbrcrIIteratorrjr}rrrObjectIdentifierrrJrrHrrdrrListr:rrNamerr<rr+rmr6rBr7r4r5rPrTrWrerZrgr`rrrfr^rrrr{r{s  6?+=>   X  !3   X  )>   X  - .   X  5   X  E   X  fk$*:;   X  FOE$:   X   :   X  X.   X  N   X  1B!C   X  6?43C#D   X  X.   X  V_X->?   X     X  %   X   4   X  s   X  DO   X  4?   X   ]%;       rr{c xeZdZddgfdejejejejej fdejeje e e ej fdej ej ejddfdZdejdejd ej ddfd Zd e d e d e d ej ddf dZdejdeddfdZdefdZdS)OCSPRequestBuilderNrequest request_hashr`r$c0||_||_||_dSN)_request _request_hash _extensions)rFrrr`s rrGzOCSPRequestBuilder.__init__s!  )%rr1r2r#c|j|jtdt|t |t jrt |t jstdt|||f|j|j S)N.Only one certificate can be added to a requestr9) rrr(r)r&rr:r;rr)rFr1r2r#s radd_certificatez"OCSPRequestBuilder.add_certificates = $(:(FMNN N)$$$$ 011 E D$: :  ECDD D! 69 %t'94;K   rrTrPrZc|j|jtdt|tst dt |tjd|tjd||j t|ks|j t|krtdt|j||||f|j S)Nrz serial_number must be an integerrTrPz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rrr(r&rer;r)r _check_bytes digest_sizelenrr)rFrTrPrZr#s radd_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hashs = $(:(FMNN N--- @>?? ?)$$$ -/?@@@ ,o>>>  C % %    "c/&:&: : :6  " M  y I     rextvalcriticalct|tjstdtj|j||}t ||jt|j |j |j|gzSNz"extension must be an ExtensionType) r&r ExtensionTyper; Extensionoidr rrrrrFrr extensions r add_extensionz OCSPRequestBuilder.add_extensionsy&$"455 B@AA AN6:x@@ #It/?@@@! M4-t/?9+/M   rcd|j|jtdtj|S)Nz*You must add a certificate before building)rrr(rcreate_ocsp_requestrOs rbuildzOCSPRequestBuilder.builds2 = T%7%?IJJ J'---r)rrrrIrJTuplerr:rrHrdrerrrrGrrboolrrLrrrrrrs  FH&& L $"2F4HH  &o LsF,@@ A &Kt/A BC& &&&&     '       &     '       <  (  48       .{......rrc`eZdZdddgfdejedejejeje fdejej ejdej ej ej fdZ dejdejd ejd ed ejd ejejd ejejdejejddfdZde dejddfdZdejejddfdZdej deddfdZded ejejdefdZededefdZdS)OCSPResponseBuilderNresponse responder_idcertsr`c>||_||_||_||_dSr) _response _responder_id_certsr)rFrrrr`s rrGzOCSPResponseBuilder.__init__s(") %rr1r2r#r3r4r5r6r7r$c |jtdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rr(r0rrrr) rFr1r2r#r3r4r5r6r7 singleresps r add_responsez OCSPResponseBuilder.add_responsesj > %BCC C$           #    K      rr[responder_certc|jtdt|tjst dt|t st dt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr(r&rr:r;r rrrr)rFr[rs rrz OCSPResponseBuilder.responder_ids   )@AA A.$*:;; DBCC C($9:: H # N X & K      rc"|jtdt|}t|dkrtdt d|Dst dt |j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listc3JK|]}t|tjVdSr)r&rr:).0xs r z3OCSPResponseBuilder.certificates..3s/BBq:a!122BBBBBBrz$certs must be a list of Certificates) rr(listrallr;rrrr)rFrs rrz OCSPResponseBuilder.certificates+s ; "@AA AU  u::??>?? ?BBEBBBBB DBCC C" N         rrrct|tjstdtj|j||}t ||jt|j |j |j |j|gzSr) r&rrr;rrr rrrrrrs rrz!OCSPResponseBuilder.add_extension<s&$"455 B@AA AN6:x@@ #It/?@@@" N   K   { *    r private_keyc|jtd|jtdtjt j|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr(rrcreate_ocsp_responserr)rFrr#s rsignzOCSPResponseBuilder.signLsT > !EFF F   %IJJ J(  )4i   rrct|tstd|tjurt dt j|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r&rr;rr(rr)clsrs rbuild_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfulZsc/+=>> I  0; ; ;CDD D($dKKKr)rrrrIrJr0rrr:r rrrrGrrHr+r<rBrrIterablerrrrr{r classmethodrrrrrrrs:6: @DFH & &//2 &o L)+@@ A  & v{4+;<= &Kt/A BC & & & &    '  $  &  _X%67  ):; "?4+;<      > - ?C?O     & _T%56     " ( 48      5  ?6#78         L0 L  L L L[ L L Lrrdatac*tj|Sr)rload_der_ocsp_requestrs rrrhs  %d + ++rc*tj|Sr)rload_der_ocsp_responsers rrrls  &t , ,,r)'rbr<rI cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesrr/cryptography.hazmat.primitives.asymmetric.typesrcryptography.x509.baser r r Enumr rSHA1SHA224SHA256SHA384SHA512r'rHr)r+r0ABCMetarLrjr{rrrdrrrrrrs   $$$$$$$$333333@@@@@@@@EJ  K M M M M  !5 $    UZ C4C4C4C4C4C4C4C4L( ( ( ( ( CK( ( ( ( VA A A A A 3;A A A A Ha a a a a S[a a a a HS.S.S.S.S.S.S.S.l{L{L{L{L{L{L{L{L|,,+,,,,--<------r