o Df#N@sbddlmZddlZddlZddlZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZGdd d ejZGd d d ejZe je je je je jfZd!ddZGdddejZGdddZGdddejdZ GdddejdZ!GdddejdZ"e #e j e"#e j"e!#e j!GdddZ$Gdd d Z%e j&Z&e j'Z'dS)") annotationsN)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrO/home/ubuntu/webapp/venv/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r rr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)r rrr_verify_algorithm/s r'c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r rrGOODREVOKEDUNKNOWNrrrrr(6sr(c@seZdZdddZdS)_SingleResponsecertx509.Certificateissuerr r! cert_statusr( this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|tjr t|tjstdt|t|tjstd|dur,t|tjs,td||_||_||_||_ ||_ t|t sDtd|t j urZ|durQt d|durYt dn$t|tjsdtdt|}|tkrpt d|dur~t|tjs~td ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r$r Certificate TypeErrorr'datetime_cert_issuer _algorithm _this_update _next_updater(r*r&r r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr-r/r r0r1r3r5r6rrr__init__=s\        z_SingleResponse.__init__N)r-r.r/r.r r!r0r(r1r2r3r4r5r4r6r7)r rrrFrrrrr,<sr,c@seZdZeejdddZeejdddZeejddd Zeejdd d Z ejdddZ eejdddZ dS) OCSPRequestr"bytescCdSz3 The hash of the issuer public key NrrErrrissuer_key_hashzOCSPRequest.issuer_key_hashcCrIz- The hash of the issuer name NrrKrrrissuer_name_hashrMzOCSPRequest.issuer_name_hashr!cCrIzK The hash algorithm used in the issuer name and key hashes NrrKrrrhash_algorithmrMzOCSPRequest.hash_algorithmintcCrIzM The serial number of the cert whose status is being checked NrrKrrr serial_numberrMzOCSPRequest.serial_numberencodingserialization.EncodingcCrI)z/ Serializes the request to DER NrrErUrrr public_bytesrMzOCSPRequest.public_bytesx509.ExtensionscCrI)zP The list of request extensions. Not single request extensions. NrrKrrr extensionsrMzOCSPRequest.extensionsNr"rHr"r!r"rRrUrVr"rHr"rY) r rrpropertyabcabstractmethodrLrOrQrTrXrZrrrrrGs$ rG) metaclassc@seZdZeejd"ddZeejd#ddZeejd#dd Zeejd$d d Z eejd%ddZ eejd%ddZ eejd#ddZ eejd#ddZ eejd&ddZeejd&ddZeejd'ddZeejd(dd Zd!S))OCSPSingleResponser"r(cCrIzY The status of the certificate (an element from the OCSPCertStatus enum) NrrKrrrcertificate_statusrMz%OCSPSingleResponse.certificate_statusr4cCrIz^ The date of when the certificate was revoked or None if not revoked. NrrKrrrr5rMz"OCSPSingleResponse.revocation_timecCrIz The date of when the certificate was revoked or None if not revoked. Represented as a non-naive UTC datetime. NrrKrrrrevocation_time_utcrMz&OCSPSingleResponse.revocation_time_utcr7cCrIzi The reason the certificate was revoked or None if not specified or not revoked. NrrKrrrr6rMz$OCSPSingleResponse.revocation_reasonr2cCrIz The most recent time at which the status being indicated is known by the responder to have been correct NrrKrrrr1rMzOCSPSingleResponse.this_updatecCrIz The most recent time at which the status being indicated is known by the responder to have been correct. Represented as a non-naive UTC datetime. NrrKrrrthis_update_utcrMz"OCSPSingleResponse.this_update_utccCrIzC The time when newer information will be available NrrKrrrr3rMzOCSPSingleResponse.next_updatecCrIzu The time when newer information will be available. Represented as a non-naive UTC datetime. NrrKrrrnext_update_utcrMz"OCSPSingleResponse.next_update_utcrHcCrIrJrrKrrrrLrMz"OCSPSingleResponse.issuer_key_hashcCrIrNrrKrrrrOrMz#OCSPSingleResponse.issuer_name_hashr!cCrIrPrrKrrrrQrMz!OCSPSingleResponse.hash_algorithmrRcCrIrSrrKrrrrTrMz OCSPSingleResponse.serial_numberNr"r(r"r4r"r7r"r2r[r\r])r rrr`rarbrfr5rir6r1rmr3rprLrOrQrTrrrrrdsJrdc@seZdZeejdHddZeejdIddZeejdJd d ZeejdKd d Z eejdLddZ eejdLddZ eejdMddZ eejdNddZ eejdOddZeejdPddZeejdPdd ZeejdQd"d#ZeejdRd%d&ZeejdRd'd(ZeejdSd*d+ZeejdPd,d-ZeejdPd.d/ZeejdRd0d1ZeejdRd2d3ZeejdLd4d5ZeejdLd6d7ZeejdTd9d:ZeejdUdpsz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rr&listrallr:rrrr)rErrrrrhs  z OCSPResponseBuilder.certificatesrrrrcCsNt|tjs tdt|j||}t||jt|j |j |j g|j|Sr) r$rrr:rrr rrrrrrrrrrys   z!OCSPResponseBuilder.add_extension private_keyrr{rucCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr&rrcreate_ocsp_responserr)rErr rrrsigns   zOCSPResponseBuilder.signrxrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r$rr:rr&rr)clsrxrrrbuild_unsuccessfuls  z&OCSPResponseBuilder.build_unsuccessful)rrrrrrrZr)r-r.r/r.r r!r0r(r1r2r3r4r5r4r6r7r"r)rUr rr.r"r)rrr"r)rrrrr"r)rrr r{r"ru)rxrr"ru) r rrrFrrrrr classmethodrrrrrr(s    r)r r!r"r#)( __future__rrar;typing cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesrr/cryptography.hazmat.primitives.asymmetric.typesrcryptography.x509.baser r r Enumr rSHA1SHA224SHA256SHA384SHA512r%r'r(r,ABCMetarGrdruregisterrrload_der_ocsp_requestload_der_ocsp_responserrrrs>     F+] F  T}