3 Te>@sddlmZmZmZddlZddlZddlZddlZddlm Z ddl Z ddl m Z ddl mZmZmZmZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd lm Z dd l!m"Z"m#Z#m$Z$m%Z%d dZ&ddZ'Gddde(Z)Gddde(Z*e j+ej,Gddde-Z.Gddde-Z/e j0e.Gddde-Z1e j0e.Gddde-Z2e j0e.Gddde-Z3e j0e.Gdd d e-Z4e j0e.Gd!d"d"e-Z5Gd#d$d$e-Z6e j0e.Gd%d&d&e-Z7e j0e.Gd'd(d(e-Z8e j0e.Gd)d*d*e-Z9e j0e.Gd+d,d,e-Z:Gd-d.d.e-Z;Gd/d0d0e ZGd5d6d6e-Z?Gd7d8d8e-Z@Gd9d:d:e-ZAe j0e.Gd;d<dd>e-ZCe j0e.Gd?d@d@e-ZDe j0e.GdAdBdBe-ZEGdCdDdDe ZFdEdFeFDZGe j0e.GdGdHdHe-ZHe j0e.GdIdJdJe-ZIe j0e.GdKdLdLe-ZJGdMdNdNe-ZKGdOdPdPe-ZLe j0e.GdQdRdRe-ZMe j0e.GdSdTdTe-ZNe j0e.GdUdVdVe-ZOe j0e.GdWdXdXe-ZPe j0e.GdYdZdZe-ZQe j0e.Gd[d\d\e-ZRe j0e.Gd]d^d^e-ZSe j0e.Gd_d`d`e-ZTe j0e.Gdadbdbe-ZUe j0e.Gdcdddde-ZVdS)e)absolute_importdivisionprint_functionN)Enum)utils) BIT_STRING DERReaderOBJECT_IDENTIFIERSEQUENCE) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)SignedCertificateTimestamp) GeneralName IPAddress OtherName)RelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifiercCst|tr |jtjjtjj}nt|tr@|jtjj tjj }n|jtjjtjj }t |}|j t}|jt}|jt}WdQRX| |jt|js|jWdQRX|jdkrtd|j}tj|jS)NrzInvalid public key encoding) isinstancerZ public_bytesr ZEncodingZDERZ PublicFormatZPKCS1r ZX962ZUncompressedPointZSubjectPublicKeyInforZread_single_elementr Z read_elementrr Zis_emptyZread_any_elementZ read_byte ValueErrordatahashlibZsha1digest) public_keyrZ serializedreaderZpublic_key_info algorithmr "/usr/lib64/python3.6/extensions.py_key_identifier_from_public_key&s.         r"cs.fdd}fdd}fdd}|||fS)Ncstt|S)N)lengetattr)self) field_namer r! len_methodOsz*_make_sequence_methods..len_methodcstt|S)N)iterr$)r%)r&r r! iter_methodRsz+_make_sequence_methods..iter_methodcst||S)N)r$)r%idx)r&r r!getitem_methodUsz._make_sequence_methods..getitem_methodr )r&r'r)r+r )r&r!_make_sequence_methodsNs   r,cseZdZfddZZS)DuplicateExtensioncstt|j|||_dS)N)superr-__init__oid)r%msgr0) __class__r r!r/\szDuplicateExtension.__init__)__name__ __module__ __qualname__r/ __classcell__r r )r2r!r-[sr-cseZdZfddZZS)ExtensionNotFoundcstt|j|||_dS)N)r.r7r/r0)r%r1r0)r2r r!r/bszExtensionNotFound.__init__)r3r4r5r/r6r r )r2r!r7asr7c@seZdZejddZdS) ExtensionTypecCsdS)zK Returns the oid associated with the given extension type. Nr )r%r r r!r0iszExtensionType.oidN)r3r4r5abcabstractpropertyr0r r r r!r8gsr8c@s:eZdZddZddZddZed\ZZZ dd Z d S) ExtensionscCs ||_dS)N) _extensions)r% extensionsr r r!r/qszExtensions.__init__cCs0x|D]}|j|kr|SqWtdj||dS)NzNo {} extension was found)r0r7format)r%r0extr r r!get_extension_for_oidts  z Extensions.get_extension_for_oidcCsD|tkrtdx|D]}t|j|r|SqWtdj||jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.zNo {} extension was found)UnrecognizedExtension TypeErrorrvaluer7r>r0)r%Zextclassr?r r r!get_extension_for_class{s  z"Extensions.get_extension_for_classr<cCs dj|jS)Nz)r>r<)r%r r r!__repr__szExtensions.__repr__N) r3r4r5r/r@rDr,__len____iter__ __getitem__rEr r r r!r;ps r;c@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) CRLNumbercCst|tjstd||_dS)Nzcrl_number must be an integer)rsix integer_typesrB _crl_number)r% crl_numberr r r!r/s zCRLNumber.__init__cCst|tstS|j|jkS)N)rrINotImplementedrM)r%otherr r r!__eq__s zCRLNumber.__eq__cCs ||k S)Nr )r%rOr r r!__ne__szCRLNumber.__ne__cCs t|jS)N)hashrM)r%r r r!__hash__szCRLNumber.__hash__cCs dj|jS)Nz)r>rM)r%r r r!rEszCRLNumber.__repr__rLN)r3r4r5rZ CRL_NUMBERr0r/rPrQrSrErread_only_propertyrMr r r r!rIsrIc@speZdZejZddZeddZeddZ ddZ d d Z d d Z d dZ ejdZejdZejdZdS)AuthorityKeyIdentifiercCsv|dk|dkkrtd|dk rBt|}tdd|DsBtd|dk r`t|tj r`td||_||_||_ dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecss|]}t|tVqdS)N)rr).0xr r r! sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) rlistallrBrrJrK_key_identifier_authority_cert_issuer_authority_cert_serial_number)r%key_identifierauthority_cert_issuerauthority_cert_serial_numberr r r!r/s    zAuthorityKeyIdentifier.__init__cCst|}||dddS)N)r^r_r`)r")clsrrr r r!from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keycCs(t|tr|j}n|jj}||dddS)N)r^r_r`)rSubjectKeyIdentifierrrC)raZskirr r r!"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercCs dj|S)Nz)r>)r%r r r!rEszAuthorityKeyIdentifier.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrUrNr^r_r`)r%rOr r r!rPs    zAuthorityKeyIdentifier.__eq__cCs ||k S)Nr )r%rOr r r!rQszAuthorityKeyIdentifier.__ne__cCs,|jdkrd}n t|j}t|j||jfS)N)r_tuplerRr^r`)r%Zacir r r!rSs   zAuthorityKeyIdentifier.__hash__r[r\r]N)r3r4r5rZAUTHORITY_KEY_IDENTIFIERr0r/ classmethodrbrdrErPrQrSrrTr^r_r`r r r r!rUs!    rUc@sPeZdZejZddZeddZe j dZ ddZ dd Z d d Zd d ZdS)rccCs ||_dS)N)_digest)r%rr r r!r/szSubjectKeyIdentifier.__init__cCs |t|S)N)r")rarr r r!from_public_keysz$SubjectKeyIdentifier.from_public_keyrgcCs dj|jS)Nz$)r>r)r%r r r!rEszSubjectKeyIdentifier.__repr__cCst|tstStj|j|jS)N)rrcrNr Zbytes_eqr)r%rOr r r!rPs zSubjectKeyIdentifier.__eq__cCs ||k S)Nr )r%rOr r r!rQ#szSubjectKeyIdentifier.__ne__cCs t|jS)N)rRr)r%r r r!rS&szSubjectKeyIdentifier.__hash__N)r3r4r5rZSUBJECT_KEY_IDENTIFIERr0r/rfrhrrTrrErPrQrSr r r r!rc s  rcc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) AuthorityInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rAccessDescription)rVrWr r r!rX0sz6AuthorityInformationAccess.__init__..z@Every item in the descriptions list must be an AccessDescription)rYrZrB _descriptions)r% descriptionsr r r!r/.s z#AuthorityInformationAccess.__init__rkcCs dj|jS)Nz )r>rk)r%r r r!rE:sz#AuthorityInformationAccess.__repr__cCst|tstS|j|jkS)N)rrirNrk)r%rOr r r!rP=s z!AuthorityInformationAccess.__eq__cCs ||k S)Nr )r%rOr r r!rQCsz!AuthorityInformationAccess.__ne__cCstt|jS)N)rRrerk)r%r r r!rSFsz#AuthorityInformationAccess.__hash__N)r3r4r5rZAUTHORITY_INFORMATION_ACCESSr0r/r,rFrGrHrErPrQrSr r r r!ri*s ric@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) SubjectInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rrj)rVrWr r r!rXPsz4SubjectInformationAccess.__init__..z@Every item in the descriptions list must be an AccessDescription)rYrZrBrk)r%rlr r r!r/Ns z!SubjectInformationAccess.__init__rkcCs dj|jS)Nz)r>rk)r%r r r!rEZsz!SubjectInformationAccess.__repr__cCst|tstS|j|jkS)N)rrmrNrk)r%rOr r r!rP]s zSubjectInformationAccess.__eq__cCs ||k S)Nr )r%rOr r r!rQcszSubjectInformationAccess.__ne__cCstt|jS)N)rRrerk)r%r r r!rSfsz!SubjectInformationAccess.__hash__N)r3r4r5rZSUBJECT_INFORMATION_ACCESSr0r/r,rFrGrHrErPrQrSr r r r!rmJs rmc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rjcCs4t|tstdt|ts$td||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)rrrBr_access_method_access_location)r% access_methodaccess_locationr r r!r/ks   zAccessDescription.__init__cCs dj|S)NzY)r>)r%r r r!rEuszAccessDescription.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrjrNrprq)r%rOr r r!rP{s  zAccessDescription.__eq__cCs ||k S)Nr )r%rOr r r!rQszAccessDescription.__ne__cCst|j|jfS)N)rRrprq)r%r r r!rSszAccessDescription.__hash__rnroN) r3r4r5r/rErPrQrSrrTrprqr r r r!rjjs   rjc@sNeZdZejZddZejdZ ejdZ ddZ ddZ d d Z d d Zd S)BasicConstraintscCs^t|tstd|dk r(| r(td|dk rNt|tj sF|dkrNtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)rboolrBrrJrK_ca _path_length)r%ca path_lengthr r r!r/s zBasicConstraints.__init__rtrucCs dj|S)Nz:)r>)r%r r r!rEszBasicConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrrNrvrw)r%rOr r r!rPs zBasicConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQszBasicConstraints.__ne__cCst|j|jfS)N)rRrvrw)r%r r r!rSszBasicConstraints.__hash__N)r3r4r5rZBASIC_CONSTRAINTSr0r/rrTrvrwrErPrQrSr r r r!rrs  rrc@sDeZdZejZddZejdZ ddZ ddZ dd Z d d Z d S) DeltaCRLIndicatorcCst|tjstd||_dS)Nzcrl_number must be an integer)rrJrKrBrL)r%rMr r r!r/s zDeltaCRLIndicator.__init__rLcCst|tstS|j|jkS)N)rrxrNrM)r%rOr r r!rPs zDeltaCRLIndicator.__eq__cCs ||k S)Nr )r%rOr r r!rQszDeltaCRLIndicator.__ne__cCs t|jS)N)rRrM)r%r r r!rSszDeltaCRLIndicator.__hash__cCs dj|S)Nz.)r>)r%r r r!rEszDeltaCRLIndicator.__repr__N)r3r4r5rZDELTA_CRL_INDICATORr0r/rrTrMrPrQrSrEr r r r!rxs rxc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CRLDistributionPointscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rDistributionPoint)rVrWr r r!rXsz1CRLDistributionPoints.__init__..z?distribution_points must be a list of DistributionPoint objects)rYrZrB_distribution_points)r%distribution_pointsr r r!r/s zCRLDistributionPoints.__init__r{cCs dj|jS)Nz)r>r{)r%r r r!rEszCRLDistributionPoints.__repr__cCst|tstS|j|jkS)N)rryrNr{)r%rOr r r!rPs zCRLDistributionPoints.__eq__cCs ||k S)Nr )r%rOr r r!rQszCRLDistributionPoints.__ne__cCstt|jS)N)rRrer{)r%r r r!rSszCRLDistributionPoints.__hash__N)r3r4r5rZCRL_DISTRIBUTION_POINTSr0r/r,rFrGrHrErPrQrSr r r r!rys  ryc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) FreshestCRLcCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rrz)rVrWr r r!rXsz'FreshestCRL.__init__..z?distribution_points must be a list of DistributionPoint objects)rYrZrBr{)r%r|r r r!r/s zFreshestCRL.__init__r{cCs dj|jS)Nz)r>r{)r%r r r!rE szFreshestCRL.__repr__cCst|tstS|j|jkS)N)rr}rNr{)r%rOr r r!rPs zFreshestCRL.__eq__cCs ||k S)Nr )r%rOr r r!rQszFreshestCRL.__ne__cCstt|jS)N)rRrer{)r%r r r!rSszFreshestCRL.__hash__N)r3r4r5rZ FRESHEST_CRLr0r/r,rFrGrHrErPrQrSr r r r!r}s  r}c@s\eZdZddZddZddZddZd d Zej d Z ej d Z ej d Z ej dZ dS)rzcCs|r|rtd|r6t|}tdd|Ds6td|rLt|tsLtd|rrt|}tdd|Dsrtd|rt|t stdd|D rtd |rtj|kstj |krtd |r| r|p| rtd ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.css|]}t|tVqdS)N)rr)rVrWr r r!rX&sz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdS)N)rr)rVrWr r r!rX3sz2crl_issuer must be None or a list of general namescss|]}t|tVqdS)N)r ReasonFlags)rVrWr r r!rX:sz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rrYrZrBrr frozensetr~ unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r% full_name relative_namereasons crl_issuerr r r!r/sB    zDistributionPoint.__init__cCs dj|S)Nz})r>)r%r r r!rERszDistributionPoint.__repr__cCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkS)N)rrzrNrrrr)r%rOr r r!rPYs     zDistributionPoint.__eq__cCs ||k S)Nr )r%rOr r r!rQdszDistributionPoint.__ne__cCsH|jdk rt|j}nd}|jdk r0t|j}nd}t||j|j|fS)N)rrerrRrr)r%fnrr r r!rSgs    zDistributionPoint.__hash__rrrrN)r3r4r5r/rErPrQrSrrTrrrrr r r r!rzs5    rzc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) r~rZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) r3r4r5rZkey_compromiseZ ca_compromiseZaffiliation_changedrZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr r r r!r~zsr~c@sNeZdZejZddZddZddZddZ d d Z e j d Z e j d Zd S)PolicyConstraintscCsd|dk rt|tj rtd|dk rrequire_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)rrJrKrBr_require_explicit_policy_inhibit_policy_mapping)r%require_explicit_policyinhibit_policy_mappingr r r!r/s    zPolicyConstraints.__init__cCs dj|S)Nz{)r>)r%r r r!rEszPolicyConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPs  zPolicyConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQszPolicyConstraints.__ne__cCst|j|jfS)N)rRrr)r%r r r!rSszPolicyConstraints.__hash__rrN)r3r4r5rZPOLICY_CONSTRAINTSr0r/rErPrQrSrrTrrr r r r!rs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CertificatePoliciescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rPolicyInformation)rVrWr r r!rXsz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rYrZrB _policies)r%Zpoliciesr r r!r/s zCertificatePolicies.__init__rcCs dj|jS)Nz)r>r)r%r r r!rEszCertificatePolicies.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zCertificatePolicies.__eq__cCs ||k S)Nr )r%rOr r r!rQszCertificatePolicies.__ne__cCstt|jS)N)rRrer)r%r r r!rSszCertificatePolicies.__hash__N)r3r4r5rZCERTIFICATE_POLICIESr0r/r,rFrGrHrErPrQrSr r r r!rs rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCsHt|tstd||_|r>t|}tdd|Ds>td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|]}t|tjtfVqdS)N)rrJZ text_type UserNotice)rVrWr r r!rXsz-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)rrrB_policy_identifierrYrZ_policy_qualifiers)r%policy_identifierpolicy_qualifiersr r r!r/s  zPolicyInformation.__init__cCs dj|S)Nze)r>)r%r r r!rEszPolicyInformation.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPs  zPolicyInformation.__eq__cCs ||k S)Nr )r%rOr r r!rQszPolicyInformation.__ne__cCs(|jdk rt|j}nd}t|j|fS)N)rrerRr)r%Zpqr r r!rS s  zPolicyInformation.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!rs  rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCs(|rt|t rtd||_||_dS)Nz2notice_reference must be None or a NoticeReference)rNoticeReferencerB_notice_reference_explicit_text)r%notice_reference explicit_textr r r!r/s  zUserNotice.__init__cCs dj|S)NzV)r>)r%r r r!rE"szUserNotice.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rP(s  zUserNotice.__eq__cCs ||k S)Nr )r%rOr r r!rQ1szUserNotice.__ne__cCst|j|jfS)N)rRrr)r%r r r!rS4szUserNotice.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!rs   rc@sHeZdZddZddZddZddZd d Zej d Z ej d Z d S)rcCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdS)N)rint)rVrWr r r!rX?sz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrYrZrB_notice_numbers)r% organizationnotice_numbersr r r!r/<s zNoticeReference.__init__cCs dj|S)NzU)r>)r%r r r!rEDszNoticeReference.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPJs  zNoticeReference.__eq__cCs ||k S)Nr )r%rOr r r!rQSszNoticeReference.__ne__cCst|jt|jfS)N)rRrrer)r%r r r!rSVszNoticeReference.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!r;s  rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) ExtendedKeyUsagecCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXcsz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rYrZrB_usages)r%Zusagesr r r!r/as zExtendedKeyUsage.__init__rcCs dj|jS)Nz)r>r)r%r r r!rElszExtendedKeyUsage.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPos zExtendedKeyUsage.__eq__cCs ||k S)Nr )r%rOr r r!rQuszExtendedKeyUsage.__ne__cCstt|jS)N)rRrer)r%r r r!rSxszExtendedKeyUsage.__hash__N)r3r4r5rZEXTENDED_KEY_USAGEr0r/r,rFrGrHrErPrQrSr r r r!r]s rc@s2eZdZejZddZddZddZddZ d S) OCSPNoCheckcCst|tstSdS)NT)rrrN)r%rOr r r!rPs zOCSPNoCheck.__eq__cCs ||k S)Nr )r%rOr r r!rQszOCSPNoCheck.__ne__cCsttS)N)rRr)r%r r r!rSszOCSPNoCheck.__hash__cCsdS)Nzr )r%r r r!rEszOCSPNoCheck.__repr__N) r3r4r5rZ OCSP_NO_CHECKr0rPrQrSrEr r r r!r|s rc@s2eZdZejZddZddZddZddZ d S) PrecertPoisoncCst|tstSdS)NT)rrrN)r%rOr r r!rPs zPrecertPoison.__eq__cCs ||k S)Nr )r%rOr r r!rQszPrecertPoison.__ne__cCsttS)N)rRr)r%r r r!rSszPrecertPoison.__hash__cCsdS)Nzr )r%r r r!rEszPrecertPoison.__repr__N) r3r4r5rZPRECERT_POISONr0rPrQrSrEr r r r!rs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) TLSFeaturecCs:t|}tdd|D s(t|dkr0td||_dS)Ncss|]}t|tVqdS)N)rTLSFeatureType)rVrWr r r!rXsz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rYrZr#rB _features)r%Zfeaturesr r r!r/s  zTLSFeature.__init__rcCs dj|S)Nz$)r>)r%r r r!rEszTLSFeature.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zTLSFeature.__eq__cCs ||k S)Nr )r%rOr r r!rQszTLSFeature.__ne__cCstt|jS)N)rRrer)r%r r r!rSszTLSFeature.__hash__N)r3r4r5rZ TLS_FEATUREr0r/r,rFrGrHrErPrQrSr r r r!rs rc@seZdZdZdZdS)rN)r3r4r5Zstatus_requestZstatus_request_v2r r r r!rsrcCsi|] }||jqSr )rC)rVrWr r r! src@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) InhibitAnyPolicycCs.t|tjstd|dkr$td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)rrJrKrBr _skip_certs)r% skip_certsr r r!r/s  zInhibitAnyPolicy.__init__cCs dj|S)Nz-)r>)r%r r r!rEszInhibitAnyPolicy.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zInhibitAnyPolicy.__eq__cCs ||k S)Nr )r%rOr r r!rQszInhibitAnyPolicy.__ne__cCs t|jS)N)rRr)r%r r r!rSszInhibitAnyPolicy.__hash__rN)r3r4r5rZINHIBIT_ANY_POLICYr0r/rErPrQrSrrTrr r r r!rs rc@seZdZejZddZejdZ ejdZ ejdZ ejdZ ejdZ ejdZejd Zed d Zed d ZddZddZddZddZdS)KeyUsagec CsP| r|s| rtd||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r%digital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyr r r!r/s zKeyUsage.__init__rrrrrrrcCs|jstdn|jSdS)Nz7encipher_only is undefined unless key_agreement is true)rrr)r%r r r!rszKeyUsage.encipher_onlycCs|jstdn|jSdS)Nz7decipher_only is undefined unless key_agreement is true)rrr)r%r r r!r%szKeyUsage.decipher_onlyc Cs<y|j}|j}Wntk r,d}d}YnXdj|||S)NFa-)rrrr>)r%rrr r r!rE.s  zKeyUsage.__repr__cCszt|tstS|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j |j kox|j |j kox|j |j kS)N) rrrNrrrrrrrrr)r%rOr r r!rPCs         zKeyUsage.__eq__cCs ||k S)Nr )r%rOr r r!rQSszKeyUsage.__ne__c Cs,t|j|j|j|j|j|j|j|j|j f S)N) rRrrrrrrrrr)r%r r r!rSVszKeyUsage.__hash__N)r3r4r5rZ KEY_USAGEr0r/rrTrrrrrrrpropertyrrrErPrQrSr r r r!rs        rc@sVeZdZejZddZddZddZddZ d d Z d d Z e j d Ze j dZdS)NameConstraintscCs|dk r4t|}tdd|Ds*td|j||dk rht|}tdd|Ds^td|j||dkr|dkrtd||_||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXmsz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonecss|]}t|tVqdS)N)rr)rVrWr r r!rXwsz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rYrZrB_validate_ip_namer_permitted_subtrees_excluded_subtrees)r%permitted_subtreesexcluded_subtreesr r r!r/js"  zNameConstraints.__init__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPs  zNameConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQszNameConstraints.__ne__cCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdS)N)rrrC ipaddressZ IPv4NetworkZ IPv6Network)rVnamer r r!rXsz4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrB)r%Ztreer r r!rs  z!NameConstraints._validate_ip_namecCs dj|S)Nze)r>)r%r r r!rEszNameConstraints.__repr__cCs@|jdk rt|j}nd}|jdk r0t|j}nd}t||fS)N)rrerrR)r%ZpsZesr r r!rSs    zNameConstraints.__hash__rrN)r3r4r5rZNAME_CONSTRAINTSr0r/rPrQrrErSrrTrrr r r r!rfs   rc@sReZdZddZejdZejdZejdZddZ dd Z d d Z d d Z dS) ExtensioncCs:t|tstdt|ts$td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)rrrBrs_oid _critical_value)r%r0criticalrCr r r!r/s  zExtension.__init__rrrcCs dj|S)Nz@)r>)r%r r r!rEszExtension.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrrNr0rrC)r%rOr r r!rPs    zExtension.__eq__cCs ||k S)Nr )r%rOr r r!rQszExtension.__ne__cCst|j|j|jfS)N)rRr0rrC)r%r r r!rSszExtension.__hash__N) r3r4r5r/rrTr0rrCrErPrQrSr r r r!rs    rc@sJeZdZddZed\ZZZddZddZ dd Z d d Z d d Z dS) GeneralNamescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXsz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rYrZrB_general_names)r% general_namesr r r!r/s zGeneralNames.__init__rcs0fdd|D}tkr(dd|D}t|S)Nc3s|]}t|r|VqdS)N)r)rVi)typer r!rXsz3GeneralNames.get_values_for_type..css|] }|jVqdS)N)rC)rVrr r r!rXs)rrY)r%rZobjsr )rr!get_values_for_typesz GeneralNames.get_values_for_typecCs dj|jS)Nz)r>r)r%r r r!rEszGeneralNames.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zGeneralNames.__eq__cCs ||k S)Nr )r%rOr r r!rQszGeneralNames.__ne__cCstt|jS)N)rRrer)r%r r r!rSszGeneralNames.__hash__N) r3r4r5r/r,rFrGrHrrErPrQrSr r r r!rs  rc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)SubjectAlternativeNamecCst||_dS)N)rr)r%rr r r!r/ szSubjectAlternativeName.__init__rcCs |jj|S)N)rr)r%rr r r!rsz*SubjectAlternativeName.get_values_for_typecCs dj|jS)Nz)r>r)r%r r r!rEszSubjectAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zSubjectAlternativeName.__eq__cCs ||k S)Nr )r%rOr r r!rQszSubjectAlternativeName.__ne__cCs t|jS)N)rRr)r%r r r!rSszSubjectAlternativeName.__hash__N)r3r4r5rZSUBJECT_ALTERNATIVE_NAMEr0r/r,rFrGrHrrErPrQrSr r r r!rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)IssuerAlternativeNamecCst||_dS)N)rr)r%rr r r!r/'szIssuerAlternativeName.__init__rcCs |jj|S)N)rr)r%rr r r!r,sz)IssuerAlternativeName.get_values_for_typecCs dj|jS)Nz)r>r)r%r r r!rE/szIssuerAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rP2s zIssuerAlternativeName.__eq__cCs ||k S)Nr )r%rOr r r!rQ8szIssuerAlternativeName.__ne__cCs t|jS)N)rRr)r%r r r!rS;szIssuerAlternativeName.__hash__N)r3r4r5rZISSUER_ALTERNATIVE_NAMEr0r/r,rFrGrHrrErPrQrSr r r r!r#src@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)CertificateIssuercCst||_dS)N)rr)r%rr r r!r/CszCertificateIssuer.__init__rcCs |jj|S)N)rr)r%rr r r!rHsz%CertificateIssuer.get_values_for_typecCs dj|jS)Nz)r>r)r%r r r!rEKszCertificateIssuer.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPNs zCertificateIssuer.__eq__cCs ||k S)Nr )r%rOr r r!rQTszCertificateIssuer.__ne__cCs t|jS)N)rRr)r%r r r!rSWszCertificateIssuer.__hash__N)r3r4r5rZCERTIFICATE_ISSUERr0r/r,rFrGrHrrErPrQrSr r r r!r?src@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) CRLReasoncCst|tstd||_dS)Nz*reason must be an element from ReasonFlags)rr~rB_reason)r%reasonr r r!r/_s zCRLReason.__init__cCs dj|jS)Nz)r>r)r%r r r!rEeszCRLReason.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPhs zCRLReason.__eq__cCs ||k S)Nr )r%rOr r r!rQnszCRLReason.__ne__cCs t|jS)N)rRr)r%r r r!rSqszCRLReason.__hash__rN)r3r4r5rZ CRL_REASONr0r/rErPrQrSrrTrr r r r!r[src@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) InvalidityDatecCst|tjstd||_dS)Nz+invalidity_date must be a datetime.datetime)rdatetimerB_invalidity_date)r%invalidity_dater r r!r/{s zInvalidityDate.__init__cCs dj|jS)Nz$)r>r)r%r r r!rEszInvalidityDate.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zInvalidityDate.__eq__cCs ||k S)Nr )r%rOr r r!rQszInvalidityDate.__ne__cCs t|jS)N)rRr)r%r r r!rSszInvalidityDate.__hash__rN)r3r4r5rZINVALIDITY_DATEr0r/rErPrQrSrrTrr r r r!rwsrc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) )PrecertificateSignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVsctr r r!rXszEPrecertificateSignedCertificateTimestamps.__init__..zYEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamp)rYrZrB_signed_certificate_timestamps)r%signed_certificate_timestampsr r r!r/s z2PrecertificateSignedCertificateTimestamps.__init__rcCsdjt|S)Nz/)r>rY)r%r r r!rEsz2PrecertificateSignedCertificateTimestamps.__repr__cCstt|jS)N)rRrer)r%r r r!rSsz2PrecertificateSignedCertificateTimestamps.__hash__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs z0PrecertificateSignedCertificateTimestamps.__eq__cCs ||k S)Nr )r%rOr r r!rQsz0PrecertificateSignedCertificateTimestamps.__ne__N)r3r4r5rZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr0r/r,rFrGrHrErSrPrQr r r r!rs   rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) SignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVrr r r!rXsz7SignedCertificateTimestamps.__init__..zYEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamp)rYrZrBr)r%rr r r!r/s z$SignedCertificateTimestamps.__init__rcCsdjt|S)Nz!)r>rY)r%r r r!rEsz$SignedCertificateTimestamps.__repr__cCstt|jS)N)rRrer)r%r r r!rSsz$SignedCertificateTimestamps.__hash__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs z"SignedCertificateTimestamps.__eq__cCs ||k S)Nr )r%rOr r r!rQsz"SignedCertificateTimestamps.__ne__N)r3r4r5rZSIGNED_CERTIFICATE_TIMESTAMPSr0r/r,rFrGrHrErSrPrQr r r r!rs   rc@sDeZdZejZddZddZddZddZ d d Z e j d Z d S) OCSPNoncecCst|tstd||_dS)Nznonce must be bytes)rbytesrB_nonce)r%noncer r r!r/s zOCSPNonce.__init__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zOCSPNonce.__eq__cCs ||k S)Nr )r%rOr r r!rQszOCSPNonce.__ne__cCs t|jS)N)rRr)r%r r r!rSszOCSPNonce.__hash__cCs dj|S)Nz)r>)r%r r r!rEszOCSPNonce.__repr__rN)r3r4r5rZNONCEr0r/rPrQrSrErrTrr r r r!rsrc@seZdZejZddZddZddZddZ d d Z e j d Z e j d Ze j d Ze j dZe j dZe j dZe j dZdS)IssuingDistributionPointc Cs|r,t|t s$tdd|D r,td|rLtj|ksDtj|krLtdt|tort|tort|tort|ts|td||||g}t dd|Ddkrtd t |||||||gstd ||_ ||_ ||_ ||_||_||_||_dS) Ncss|]}t|tVqdS)N)rr~)rVrWr r r!rXsz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSr r )rVrWr r r! 3sz5IssuingDistributionPoint.__init__..zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rrrZrBr~rrrrsr#r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r%rronly_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsZcrl_constraintsr r r!r/sP        z!IssuingDistributionPoint.__init__cCs dj|S)NaG)r>)r%r r r!rEUsz!IssuingDistributionPoint.__repr__cCsbt|tstS|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j |j kS)N) rrrNrrrrrrr)r%rOr r r!rPas       zIssuingDistributionPoint.__eq__cCs ||k S)Nr )r%rOr r r!rQpszIssuingDistributionPoint.__ne__cCs$t|j|j|j|j|j|j|jfS)N)rRrrrrrrr)r%r r r!rSssz!IssuingDistributionPoint.__hash__rrrrrrrN)r3r4r5rZISSUING_DISTRIBUTION_POINTr0r/rErPrQrSrrTrrrrrrrr r r r!rs P     rc@sHeZdZddZejdZejdZddZddZ d d Z d d Z d S)rAcCs"t|tstd||_||_dS)Nzoid must be an ObjectIdentifier)rrrBrr)r%r0rCr r r!r/s zUnrecognizedExtension.__init__rrcCs dj|S)Nz7)r>)r%r r r!rEszUnrecognizedExtension.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrArNr0rC)r%rOr r r!rPs zUnrecognizedExtension.__eq__cCs ||k S)Nr )r%rOr r r!rQszUnrecognizedExtension.__ne__cCst|j|jfS)N)rRr0rC)r%r r r!rSszUnrecognizedExtension.__hash__N) r3r4r5r/rrTr0rCrErPrQrSr r r r!rAs  rA)WZ __future__rrrr9rrrenumrrJZ cryptographyrZcryptography.hazmat._derrrr r Zcryptography.hazmat.primitivesr r Z,cryptography.hazmat.primitives.asymmetric.ecr Z-cryptography.hazmat.primitives.asymmetric.rsarZ*cryptography.x509.certificate_transparencyrZcryptography.x509.general_namerrrZcryptography.x509.namerZcryptography.x509.oidrrrrr"r, Exceptionr-r7Z add_metaclassABCMetaobjectr8r;Zregister_interfacerIrUrcrirmrjrrrxryr}rzr~rrrrrrrrrrZ_TLS_FEATURE_TYPE_TO_ENUMrrrrrrrrrrrrrrrAr r r r!s      ( !_$)##^ <2%"" qQ)&(&