o Df*@spddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZddlmZddlmZdd lmZmZdd lmZdd lmZmZmZmZmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'm(Z(m)Z)m*Z*ej+ddddZ,dddZ-dddZ.Gddde/Z0Gddde/Z1Gd ddej2d!Z3Gd"d#d#Z4Gd$d%d%e3Z5Gd&d'd'e3Z6Gd(d)d)e3Z7Gd*d+d+e3Z8Gd,d-d-e3Z9Gd.d/d/Z:Gd0d1d1e3Z;Gd2d3d3e3ZGd8d9d9Z?Gd:d;d;ej@ZAeAjBeAjCeAjDeAjEeAjFeAjGeAjHeAjId<ZJeAjBd=eAjCd>eAjDd?eAjEd@eAjFdAeAjGdBeAjHdCeAjIdDiZKeAjLdeAjBd=eAjCd>eAjDd?eAjEd@eAjFdAeAjGdBeAjMdDeAjHdEeAjIdFi ZNGdGdHdHe3ZOGdIdJdJe3ZPGdKdLdLZQGdMdNdNZRGdOdPdPZSGdQdRdRe3ZTGdSdTdTe3ZUGdUdVdVe3ZVGdWdXdXe3ZWGdYdZdZej@ZXd[d\eXDZYGd]d^d^e3ZZGd_d`d`e3Z[Gdadbdbe3Z\Gdcddddej]e,Z^GdedfdfZ_Gdgdhdhe3Z`Gdidjdje3ZaGdkdldle3ZbGdmdndne3ZcGdodpdpe3ZdGdqdrdre3ZeGdsdtdte3ZfGdudvdve3ZgGdwdxdxe3ZhGdydzdze3ZiGd{d|d|e3ZjGd}d~d~e3ZkdS)) annotationsN)utils)asn1)x509) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)CertificateIssuerPublicKeyTypesCertificatePublicKeyTypes)SignedCertificateTimestamp) DirectoryNameDNSName GeneralName IPAddress OtherName RegisteredID RFC822NameUniformResourceIdentifier_IPAddressTypes)NameRelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDObjectIdentifierOCSPExtensionOIDExtensionTypeVar ExtensionTypeT)bound covariant public_keyr returnbytescCslt|tr|tjjtjj}nt|tr |tjj tjj }n|tjjtjj }t |}t|SN) isinstancer public_bytesrEncodingDER PublicFormatPKCS1rX962UncompressedPointSubjectPublicKeyInforparse_spki_for_datahashlibsha1digest)r data serializedr3U/home/ubuntu/webapp/venv/lib/python3.10/site-packages/cryptography/x509/extensions.py_key_identifier_from_public_key2s   r5 field_namestrcs0d fdd }fdd}fdd}|||fS) Nr!intctt|Sr#)lengetattrselfr6r3r4 len_methodKz*_make_sequence_methods..len_methodcr9r#)iterr;r<r>r3r4 iter_methodNr@z+_make_sequence_methods..iter_methodcst||Sr#)r;)r=idxr>r3r4getitem_methodQr@z._make_sequence_methods..getitem_methodr!r8r3)r6r?rBrDr3r>r4_make_sequence_methodsJs   rFceZdZd fdd ZZS) DuplicateExtensionmsgr7oidrr!Nonect|||_dSr#super__init__rJr=rIrJ __class__r3r4rOX  zDuplicateExtension.__init__rIr7rJrr!rK__name__ __module__ __qualname__rO __classcell__r3r3rQr4rHWrHcrG) ExtensionNotFoundrIr7rJrr!rKcrLr#rMrPrQr3r4rO^rSzExtensionNotFound.__init__rTrUr3r3rQr4r[]rZr[c@s eZdZUded<dddZdS) rz!typing.ClassVar[ObjectIdentifier]rJr!r"cCstd|)z7 Serializes the extension type to DER. z3public_bytes is not implemented for extension type )NotImplementedErrorr<r3r3r4r%fszExtensionType.public_bytesNr!r")rVrWrX__annotations__r%r3r3r3r4rcs ) metaclassc@sBeZdZdddZdd d ZdddZed\ZZZ dddZ dS) Extensions extensions)typing.Iterable[Extension[ExtensionType]]r!rKcCt||_dSr#)list _extensions)r=rar3r3r4rOpszExtensions.__init__rJrExtension[ExtensionType]cCs.|D] }|j|kr |Sqtd|d|)NNo  extension was found)rJr[)r=rJextr3r3r4get_extension_for_oidus  z Extensions.get_extension_for_oidextclasstype[ExtensionTypeVar]Extension[ExtensionTypeVar]cCsB|turtd|D] }t|j|r|Sq td|d|j)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.rgrh)UnrecognizedExtension TypeErrorr$valuer[rJ)r=rkrir3r3r4get_extension_for_class~s z"Extensions.get_extension_for_classrer7cCd|jdS)Nz )rer<r3r3r4__repr__r@zExtensions.__repr__N)rarbr!rK)rJrr!rf)rkrlr!rmr!r7) rVrWrXrOrjrqrF__len____iter__ __getitem__rtr3r3r3r4r`os    r`c@sReZdZejZdddZdd d Zdd d ZdddZ e dddZ dddZ dS) CRLNumber crl_numberr8r!rKcCt|ts td||_dSNzcrl_number must be an integerr$r8ro _crl_numberr=rzr3r3r4rO  zCRLNumber.__init__otherobjectboolcCt|tstS|j|jkSr#)r$ryNotImplementedrzr=rr3r3r4__eq__  zCRLNumber.__eq__cC t|jSr#hashrzr<r3r3r4__hash__ zCRLNumber.__hash__r7cCrr)Nz   z2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) ValueErrorrdallror$r8_key_identifier_authority_cert_issuer_authority_cert_serial_number)r=rrrr3r3r4rOs*  zAuthorityKeyIdentifier.__init__r r cCst|}||dddSNrrrr5)clsr r0r3r3r4from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keyskiSubjectKeyIdentifiercCs||jdddSrr0)rrr3r3r4"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifierr7cCsd|jd|jd|jdS)Nz'.@Every item in the descriptions list must be an AccessDescriptionrdrro _descriptionsr=rr3r3r4rOF  z#AuthorityInformationAccess.__init__rr7cCrr)Nz.rrrr3r3r4rOgrz!SubjectInformationAccess.__init__rr7cCrr)Nz.?distribution_points must be a list of DistributionPoint objectsrdrro_distribution_pointsr=rr3r3r4rO zCRLDistributionPoints.__init__rr7cCrr)Nz.rrrr3r3r4rO!rzFreshestCRL.__init__rr7cCrr)Nz .z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecsrr#rrr3r3r4rerz2crl_issuer must be None or a list of general namescsrr#r$ ReasonFlagsrr3r3r4rlrz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPoint)rrdrror$r frozensetr  unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r=rrrr r3r3r4rODsR     zDistributionPoint.__init__r7cC d|S)Nz}formatr<r3r3r4rt~zDistributionPoint.__repr__rrrcCs>t|tstS|j|jko|j|jko|j|jko|j|jkSr#)r$rrrrrr rr3r3r4rs     zDistributionPoint.__eq__r8cCsH|jdur t|j}nd}|jdurt|j}nd}t||j|j|fSr#)rrr rrr)r=fnr r3r3r4rs    zDistributionPoint.__hash__rcCrr#rr<r3r3r4rrzDistributionPoint.full_namecCrr#rr<r3r3r4rrzDistributionPoint.relative_namecCrr#)rr<r3r3r4rrzDistributionPoint.reasonscCrr#)rr<r3r3r4r rzDistributionPoint.crl_issuerN) rrrrrrr rr!rKrurrErr!rr!r) rVrWrXrOrtrrrrrrr r3r3r3r4rCs  :     rc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) r r  keyCompromise cACompromiseaffiliationChanged supersededcessationOfOperationcertificateHoldprivilegeWithdrawn aACompromise removeFromCRLN) rVrWrXr key_compromise ca_compromiseaffiliation_changedrcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserr3r3r3r4r sr )r,r-r.r/r0r1r2r3 c@s`eZdZejZdddZdd d ZdddZdddZ e dddZ e dddZ d ddZ dS)!PolicyConstraintsrequire_explicit_policyrinhibit_policy_mappingr!rKcCs\|dur t|ts td|durt|tstd|dur&|dur&td||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)r$r8ror_require_explicit_policy_inhibit_policy_mapping)r=r7r8r3r3r4rOs$   zPolicyConstraints.__init__r7cCr)Nz{rr<r3r3r4rtrzPolicyConstraints.__repr__rrrcCrr#)r$r6rr7r8rr3r3r4rrzPolicyConstraints.__eq__r8cCrr#)rr7r8r<r3r3r4r's zPolicyConstraints.__hash__cCrr#)r9r<r3r3r4r7,rz)PolicyConstraints.require_explicit_policycCrr#)r:r<r3r3r4r80rz(PolicyConstraints.inhibit_policy_mappingr"cCrr#rr<r3r3r4r%4rzPolicyConstraints.public_bytesN)r7rr8rr!rKrurrErr])rVrWrXrPOLICY_CONSTRAINTSrJrOrtrrrr7r8r%r3r3r3r4r6s      r6c@r)CertificatePoliciespolicies"typing.Iterable[PolicyInformation]r!rKcCr)Ncsrr#)r$PolicyInformationrr3r3r4r=rz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rdrro _policies)r=r=r3r3r4rO;  zCertificatePolicies.__init__r@r7cCrr)Nzr!rKrurrEr])rVrWrXrCERTIFICATE_POLICIESrJrOrFrvrwrxrtrrr%r3r3r3r4r<8s    r<c@PeZdZdddZdd d ZdddZdddZedddZedddZ dS) r?policy_identifierrpolicy_qualifiers(typing.Iterable[str | UserNotice] | Noner!rKcCsLt|ts td||_|dur!t|}tdd|Ds!td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|] }t|ttfVqdSr#)r$r7 UserNoticerr3r3r4rds z-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)r$rro_policy_identifierrdr_policy_qualifiers)r=rDrEr3r3r4rOXs  zPolicyInformation.__init__r7cCr)Nz%.z)notice_numbers must be a list of integers) _organizationrdrro_notice_numbers)r=rUrVr3r3r4rOs  zNoticeReference.__init__r7cCsd|jd|jdS)Nz.z9Every item in the usages list must be an ObjectIdentifier)rdrro_usages)r=r]r3r3r4rOs  zExtendedKeyUsage.__init__r`r7cCrr)Nzr3r<r3r3r4rtzOCSPNoCheck.__repr__r"cCrr#rr<r3r3r4r%rzOCSPNoCheck.public_bytesNrrErur]) rVrWrXr OCSP_NO_CHECKrJrrrtr%r3r3r3r4rc    rcc@rb) PrecertPoisonrrr!rcCrdre)r$rmrrr3r3r4rrfzPrecertPoison.__eq__r8cCrgr#)rrmr<r3r3r4rrhzPrecertPoison.__hash__r7cCri)Nzr3r<r3r3r4rt"rjzPrecertPoison.__repr__r"cCrr#rr<r3r3r4r%%rzPrecertPoison.public_bytesNrrErur]) rVrWrXrPRECERT_POISONrJrrrtr%r3r3r3r4rmrlrmc@r) TLSFeaturefeaturestyping.Iterable[TLSFeatureType]r!rKcCs8t|}tdd|Drt|dkrtd||_dS)Ncsrr#)r$TLSFeatureTyperr3r3r4r/rz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rdrr:ro _features)r=rpr3r3r4rO,s  zTLSFeature.__init__rsr7cCrr)NzrzTLSFeature.__eq__r8cCrr#)rrrsr<r3r3r4rDr@zTLSFeature.__hash__r"cCrr#rr<r3r3r4r%GrzTLSFeature.public_bytesN)rprqr!rKrurrEr])rVrWrXr TLS_FEATURErJrOrFrvrwrxrtrrr%r3r3r3r4ro)s    roc@seZdZdZdZdS)rrr0N)rVrWrXstatus_requeststatus_request_v2r3r3r3r4rrKsrrcCsi|]}|j|qSr3rprr3r3r4 Vryc@sReZdZejZdddZddd Zdd dZdddZ e dddZ dddZ dS)InhibitAnyPolicy skip_certsr8r!rKcCs,t|ts td|dkrtd||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)r$r8ror _skip_certs)r=r|r3r3r4rO\s  zInhibitAnyPolicy.__init__r7cCrr)Nz.z@permitted_subtrees must be a list of GeneralName objects or Nonez2excluded_subtrees must be a non-empty list or Nonecsrr#rrr3r3r4rrz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rdrrro_validate_tree_permitted_subtrees_excluded_subtrees)r=rrr3r3r4rOs8   zNameConstraints.__init__rrrcCrr#)r$rrrrrr3r3r4r+rzNameConstraints.__eq__treetyping.Iterable[GeneralName]cCs||||dSr#)_validate_ip_name_validate_dns_namer=rr3r3r4r4s zNameConstraints._validate_treecCtdd|Dr tddS)Ncss0|]}t|tot|jtjtjf VqdSr#)r$rrp ipaddress IPv4Network IPv6Networkrnamer3r3r4r9s  z4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrorr3r3r4r8sz!NameConstraints._validate_ip_namecCr)Ncss$|] }t|to d|jvVqdS)*N)r$rrprr3r3r4rFs z5NameConstraints._validate_dns_name..zDDNSName name constraints must not contain the '*' wildcard character)rrrr3r3r4rEsz"NameConstraints._validate_dns_namer7cCr)Nz$.z^Every item in the general_names list must be an object conforming to the GeneralName interface)rdrro_general_namesr=rr3r3r4rOrAzGeneralNames.__init__rtypeBtype[DNSName] | type[UniformResourceIdentifier] | type[RFC822Name] list[str]cCdSr#r3r=rr3r3r4get_values_for_typez GeneralNames.get_values_for_typetype[DirectoryName] list[Name]cCrr#r3rr3r3r4rtype[RegisteredID]list[ObjectIdentifier]cCrr#r3rr3r3r4rrtype[IPAddress]list[_IPAddressTypes]cCrr#r3rr3r3r4rtype[OtherName]list[OtherName]cCrr#r3rr3r3r4rrtype[DNSName] | type[DirectoryName] | type[IPAddress] | type[OtherName] | type[RFC822Name] | type[RegisteredID] | type[UniformResourceIdentifier]Ylist[_IPAddressTypes] | list[str] | list[OtherName] | list[Name] | list[ObjectIdentifier]cs0fdd|D}tkrdd|DSt|S)Nc3s|] }t|r|VqdSr#)r$rirr3r4rsz3GeneralNames.get_values_for_type..cSsg|]}|jqSr3rxrr3r3r4 sz4GeneralNames.get_values_for_type..)rrd)r=robjsr3rr4rsr7cCrr)Nz.YEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamprdrro_signed_certificate_timestampsr=rr3r3r4rO  z2PrecertificateSignedCertificateTimestamps.__init__rr7cCdt|dS)Nz+.rrrr3r3r4rO8rz$SignedCertificateTimestamps.__init__rr7cCr )Nz.z'All responses must be ObjectIdentifiers)rdrro _responses)r=rr3r3r4rOs z OCSPAcceptableResponses.__init__rrrcCrr#)r$rrrrr3r3r4rrzOCSPAcceptableResponses.__eq__r8cCrr#)rrrr<r3r3r4rr@z OCSPAcceptableResponses.__hash__r7cCrr)Nz#.z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|]}|r|qSr3r3rr3r3r4rrzz5IssuingDistributionPoint.__init__..r,zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rdr$r rror r rrrr:r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r=rrrrrr r!crl_constraintsr3r3r4rOsp     z!IssuingDistributionPoint.__init__r7cCs>d|jd|jd|jd|jd|jd|jd|jdS) Nz$s       ,     'l$!!(/%%k A;+("  s0PHHH$++!;