3 l_c @sddlmZmZmZddlmZddlZddlmZddl m Z ddl m Z m Z GdddeZd d eDZeZe jeje jeje jeje jeje jeje jejiZe jd e jd e jd e jde jde jde j de jde j!di Z"ddZ#GdddeZ$GdddeZ%GdddeZ&dS))absolute_importdivisionprint_function)EnumN)utils) _get_backend)NameOIDObjectIdentifierc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) _ASN1Type N) __name__ __module__ __qualname__ UTF8StringZ NumericStringPrintableStringZ T61String IA5StringZUTCTimeZGeneralizedTimeZ VisibleStringZUniversalStringZ BMPStringrr/usr/lib64/python3.6/name.pyr sr cCsi|] }||jqSr)value).0irrr sr ZCNLZSTOZOUCZSTREETZDCZUIDcCs|sdS|jdd}|jdd}|jdd}|jdd }|jd d }|jd d }|jdd}|jdd}|ddkr|d|}|ddkr|ddd}|S)z>Escape special characters in RFC4514 Distinguished Name value.\z\\"z\"+z\+,z\,;z\;z\>z\00r# Nz\ )r-r.r0)replace)valrrr_escape_dn_value7s          r3c@sTeZdZefddZejdZejdZddZ ddZ d d Z d d Z d dZ dS) NameAttributecCst|tstdt|tjs&td|tjks:|tjkrTt|j ddkrTt d|t krjt j |tj}t|ts|td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z#value argument must be a text type.utf8z/Country name must be a 2 character country codez%_type must be from the _ASN1Type enum) isinstancer TypeErrorsixZ text_typer COUNTRY_NAMEJURISDICTION_COUNTRY_NAMElenencode ValueError _SENTINEL_NAMEOID_DEFAULT_TYPEgetr r_oid_value_type)selfoidrrDrrr__init__Ps"      zNameAttribute.__init__rBrCcCs$tj|j|jj}d|t|jfS)z Format as RFC4514 Distinguished Name string. Use short attribute name if available, otherwise fall back to OID dotted string. z%s=%s)_NAMEOID_TO_NAMErArFZ dotted_stringr3r)rEkeyrrrrfc4514_stringuszNameAttribute.rfc4514_stringcCs&t|tstS|j|jko$|j|jkS)N)r7r4NotImplementedrFr)rEotherrrr__eq__s zNameAttribute.__eq__cCs ||k S)Nr)rErLrrr__ne__szNameAttribute.__ne__cCst|j|jfS)N)hashrFr)rErrr__hash__szNameAttribute.__hash__cCs dj|S)Nz/)format)rErrr__repr__szNameAttribute.__repr__N)rrrr?rGrZread_only_propertyrFrrJrMrNrPrRrrrrr4Os "   r4c@sTeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ dS)RelativeDistinguishedNamecCs\t|}|stdtdd|Ds.td||_t||_t|jt|krXtddS)Nz-a relative distinguished name cannot be emptycss|]}t|tVqdS)N)r7r4)rxrrr sz5RelativeDistinguishedName.__init__..z/attributes must be an iterable of NameAttributez$duplicate attributes are not allowed)listr>allr8 _attributes frozenset_attribute_setr<)rE attributesrrrrGs z"RelativeDistinguishedName.__init__csfdd|DS)Ncsg|]}|jkr|qSr)rF)rr)rFrr szDRelativeDistinguishedName.get_attributes_for_oid..r)rErFr)rFrget_attributes_for_oidsz0RelativeDistinguishedName.get_attributes_for_oidcCsdjdd|jDS)z Format as RFC4514 Distinguished Name string. Within each RDN, attributes are joined by '+', although that is rarely used in certificates. r'css|]}|jVqdS)N)rJ)rattrrrrrUsz;RelativeDistinguishedName.rfc4514_string..)joinrX)rErrrrJsz(RelativeDistinguishedName.rfc4514_stringcCst|tstS|j|jkS)N)r7rSrKrZ)rErLrrrrMs z RelativeDistinguishedName.__eq__cCs ||k S)Nr)rErLrrrrNsz RelativeDistinguishedName.__ne__cCs t|jS)N)rOrZ)rErrrrPsz"RelativeDistinguishedName.__hash__cCs t|jS)N)iterrX)rErrr__iter__sz"RelativeDistinguishedName.__iter__cCs t|jS)N)r<rX)rErrr__len__sz!RelativeDistinguishedName.__len__cCsdj|jS)Nz)rQrJ)rErrrrRsz"RelativeDistinguishedName.__repr__N) rrrrGr]rJrMrNrPrarbrRrrrrrSs rSc@sjeZdZddZddZddZeddZdd d Zd d Z ddZ ddZ ddZ ddZ ddZd S)NamecCsRt|}tdd|Dr,dd|D|_n"tdd|DrF||_ntddS)Ncss|]}t|tVqdS)N)r7r4)rrTrrrrUsz Name.__init__..cSsg|]}t|gqSr)rS)rrTrrrr\sz!Name.__init__..css|]}t|tVqdS)N)r7rS)rrTrrrrUszNattributes must be a list of NameAttribute or a list RelativeDistinguishedName)rVrWrXr8)rEr[rrrrGsz Name.__init__cCsdjddt|jDS)a Format as RFC4514 Distinguished Name string. For example 'CN=foobar.com,O=Foo Corp,C=US' An X.509 name is a two-level structure: a list of sets of attributes. Each list element is separated by ',' and within each list element, set elements are separated by '+'. The latter is almost never used in real world certificates. According to RFC4514 section 2.1 the RDNSequence must be reversed when converting to string representation. r(css|]}|jVqdS)N)rJ)rr^rrrrUsz&Name.rfc4514_string..)r_reversedrX)rErrrrJs zName.rfc4514_stringcsfdd|DS)Ncsg|]}|jkr|qSr)rF)rr)rFrrr\sz/Name.get_attributes_for_oid..r)rErFr)rFrr]szName.get_attributes_for_oidcCs|jS)N)rX)rErrrrdnssz Name.rdnsNcCst|}|j|S)N)rZx509_name_bytes)rEZbackendrrr public_bytesszName.public_bytescCst|tstS|j|jkS)N)r7rcrKrX)rErLrrrrMs z Name.__eq__cCs ||k S)Nr)rErLrrrrNsz Name.__ne__cCstt|jS)N)rOtuplerX)rErrrrPsz Name.__hash__ccs(x"|jD]}x|D] }|VqWqWdS)N)rX)rErdnZavarrrras  z Name.__iter__cCstdd|jDS)Ncss|]}t|VqdS)N)r<)rrhrrrrUszName.__len__..)sumrX)rErrrrbsz Name.__len__cCs:djdd|jD}tjr,dj|jdSdj|SdS)Nr(css|]}|jVqdS)N)rJ)rr^rrrrUsz Name.__repr__..z r5)r_rXr9ZPY2rQr=)rErerrrrRsz Name.__repr__)N)rrrrGrJr]propertyrerfrMrNrPrarbrRrrrrrcs  rc)'Z __future__rrrenumrr9Z cryptographyrZcryptography.hazmat.backendsrZcryptography.x509.oidrr r Z_ASN1_TYPE_TO_ENUMobjectr?r:rr;Z SERIAL_NUMBERZ DN_QUALIFIERZ EMAIL_ADDRESSrZDOMAIN_COMPONENTr@Z COMMON_NAMEZ LOCALITY_NAMEZSTATE_OR_PROVINCE_NAMEZORGANIZATION_NAMEZORGANIZATIONAL_UNIT_NAMEZSTREET_ADDRESSZUSER_IDrHr3r4rSrcrrrrs6      @1