3 TeT@s.ddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZddlmZmZddlmZmZddlmZmZmZdd lmZejejGd d d eZ ejej!Gd d d eZ"ejej#GdddeZ$ejej%GdddeZ&ejej'j(GdddeZ)dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc _txt2obj_gc)hashes serialization)dsaecrsa) _ASN1Typec@seZdZddZddZddZddZd d Zd d Zd dZ e j dZ e ddZe ddZddZe ddZe ddZe ddZe ddZe ddZe d d!Ze jd"d#Ze d$d%Ze d&d'Zd(d)Zd*S)+ _CertificatecCsZ||_||_|jjj|j}|dkr0tjj|_n&|dkrDtjj|_ntj dj ||dS)Nrz{} is not a valid X509 version) _backend_x509_libZX509_get_versionrVersionv1_versionZv3ZInvalidVersionformat)selfbackendZ x509_certversionr!/usr/lib64/python3.6/x509.py__init__s  z_Certificate.__init__cCs dj|jS)Nz)rsubject)rr!r!r"__repr__,sz_Certificate.__repr__cCs,t|tjstS|jjj|j|j}|dkS)Nr) isinstancer CertificateNotImplementedrrZX509_cmpr)rotherresr!r!r"__eq__/s z_Certificate.__eq__cCs ||k S)Nr!)rr)r!r!r"__ne__6sz_Certificate.__ne__cCst|jtjjS)N)hash public_bytesrEncodingDER)rr!r!r"__hash__9sz_Certificate.__hash__cCs|S)Nr!)rmemor!r!r" __deepcopy__<sz_Certificate.__deepcopy__cCs*tj||j}|j|jtjj|jS)N) rHashrupdater.rr/r0finalize)r algorithmhr!r!r" fingerprint?sz_Certificate.fingerprintrcCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_get_serialNumberropenssl_assert_ffiNULLr)rasn1_intr!r!r" serial_numberFsz_Certificate.serial_numbercCs|jS)N)r>)rr!r!r"serialLsz_Certificate.serialcCsR|jjj|j}||jjjkr0|jjtd|jjj||jjj }|jj |S)Nz,Certificate public key is of an unknown type) rrZX509_get_pubkeyrr;r<_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_key)rpkeyr!r!r" public_keyPs  z_Certificate.public_keycCs|jjj|j}t|j|S)N)rrZX509_getm_notBeforerr )r asn1_timer!r!r"not_valid_before[sz_Certificate.not_valid_beforecCs|jjj|j}t|j|S)N)rrZX509_getm_notAfterrr )rrGr!r!r"not_valid_after`sz_Certificate.not_valid_aftercCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_get_issuer_namerr:r;r<r )rissuerr!r!r"rJesz_Certificate.issuercCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_get_subject_namerr:r;r<r )rr$r!r!r"r$ksz_Certificate.subjectc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)signature_algorithm_oidr_SIG_OIDS_TO_HASHKeyErrorrr)roidr!r!r"signature_hash_algorithmqs  z%_Certificate.signature_hash_algorithmcCs^|jjjd}|jjj|jjj||j|jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr;newrX509_get0_signaturer<rr:r r7rObjectIdentifier)ralgrNr!r!r"rK{s z$_Certificate.signature_algorithm_oidcCs|jjj|jS)N)rZ_certificate_extension_parserparser)rr!r!r" extensionssz_Certificate.extensionscCsR|jjjd}|jjj||jjj|j|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr;rPrrQr<rr:r )rsigr!r!r" signatures z_Certificate.signaturecsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rr OPENSSL_free)pointer)rr!r"sz4_Certificate.tbs_certificate_bytes..) rr;rPrZi2d_re_X509_tbsrr:rBbuffer)rppr*r!)rr"tbs_certificate_bytess z"_Certificate.tbs_certificate_bytescCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr/PEMrZPEM_write_bio_X509rr0Z i2d_X509_bio TypeErrorr: _read_mem_bio)rencodingbior*r!r!r"r.s   z_Certificate.public_bytesN)__name__ __module__ __qualname__r#r%r+r,r1r3r9rZread_only_propertyr propertyr>r?rFrHrIrJr$rOrKcached_propertyrUrWr]r.r!r!r!r"rs*         rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecCs||_||_||_dS)N)rZ_crl _x509_revoked)rrZcrlZ x509_revokedr!r!r"r#sz_RevokedCertificate.__init__cCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_REVOKED_get0_serialNumberrkr:r;r<r)rr=r!r!r"r>sz!_RevokedCertificate.serial_numbercCst|j|jjj|jS)N)r rrZ X509_REVOKED_get0_revocationDaterk)rr!r!r"revocation_datesz#_RevokedCertificate.revocation_datecCs|jjj|jS)N)rZ_revoked_cert_extension_parserrTrk)rr!r!r"rUsz_RevokedCertificate.extensionsN) rerfrgr#rhr>rlrrirUr!r!r!r"rjs  rjc@seZdZddZddZddZddZejd d Z d d Z e d dZ e ddZ e ddZe ddZe ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zejd%d&Zd'd(Zd)S)*_CertificateRevocationListcCs||_||_dS)N)r _x509_crl)rrZx509_crlr!r!r"r#sz#_CertificateRevocationList.__init__cCs,t|tjstS|jjj|j|j}|dkS)Nr)r&rCertificateRevocationListr(rrZ X509_CRL_cmprn)rr)r*r!r!r"r+s z!_CertificateRevocationList.__eq__cCs ||k S)Nr!)rr)r!r!r"r,sz!_CertificateRevocationList.__ne__cCsXtj||j}|jj}|jjj||j}|jj|dk|jj|}|j ||j S)Nr^) rr4rr_ri2d_X509_CRL_biornr:rbr5r6)rr7r8rdr*Zderr!r!r"r9s   z&_CertificateRevocationList.fingerprintcCs@|jjj|j}|jj||jjjk|jjj||jjj}|S)N) rrZ X509_CRL_duprnr:r;r<rBZ X509_CRL_free)rdupr!r!r" _sorted_crlsz&_CertificateRevocationList._sorted_crlcCsl|jjjd}t|j|}|jjj|j||}|dkr:dS|jj|d|jjjkt |j|j|dSdS)NzX509_REVOKED **r) rr;rPr rZX509_CRL_get0_by_serialrrr:r<rj)rr>revokedr=r*r!r!r"(get_revoked_certificate_by_serial_numbers  zC_CertificateRevocationList.get_revoked_certificate_by_serial_numberc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rKrrLrMrr)rrNr!r!r"rOs  z3_CertificateRevocationList.signature_hash_algorithmcCs^|jjjd}|jjj|j|jjj||jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr;rPrX509_CRL_get0_signaturernr<r:r r7rrR)rrSrNr!r!r"rK s z2_CertificateRevocationList.signature_algorithm_oidcCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_CRL_get_issuerrnr:r;r<r )rrJr!r!r"rJsz!_CertificateRevocationList.issuercCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_CRL_get_nextUpdaternr:r;r<r )rZnur!r!r" next_updatesz&_CertificateRevocationList.next_updatecCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_CRL_get_lastUpdaternr:r;r<r )rZlur!r!r" last_update sz&_CertificateRevocationList.last_updatecCsR|jjjd}|jjj|j||jjj|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr;rPrrurnr<r:r )rrVr!r!r"rW&s z$_CertificateRevocationList.signaturecsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rrrX)rY)rr!r"rZ5sz?_CertificateRevocationList.tbs_certlist_bytes..) rr;rPrZi2d_re_X509_CRL_tbsrnr:rBr[)rr\r*r!)rr"tbs_certlist_bytes/s z-_CertificateRevocationList.tbs_certlist_bytescCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enumr^) rr_rr/r`rZPEM_write_bio_X509_CRLrnr0rprar:rb)rrcrdr*r!r!r"r.9s    z'_CertificateRevocationList.public_bytescCsD|jjj|j}|jjj||}|jj||jjjkt|j||S)N) rrX509_CRL_get_REVOKEDrnZsk_X509_REVOKED_valuer:r;r<rj)ridxrsrr!r!r" _revoked_certGsz(_CertificateRevocationList._revoked_certccs&x tt|D]}|j|VqWdS)N)rangelenr|)rir!r!r"__iter__Msz#_CertificateRevocationList.__iter__cst|tr8|jt\}}}fddt|||DStj|}|dkrV|t7}d|koltknsvtj|SdS)Ncsg|]}j|qSr!)r|).0r)rr!r" Tsz:_CertificateRevocationList.__getitem__..r) r&sliceindicesr~r}operatorindex IndexErrorr|)rrzstartstopstepr!)rr" __getitem__Qs   z&_CertificateRevocationList.__getitem__cCs4|jjj|j}||jjjkr"dS|jjj|SdS)Nr)rrryrnr;r<Zsk_X509_REVOKED_num)rrsr!r!r"__len__]sz"_CertificateRevocationList.__len__cCs|jjj|jS)N)rZ_crl_extension_parserrTrn)rr!r!r"rUdsz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj j |j |j }|dkrH|jj dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.r^FT)r&rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrarrZX509_CRL_verifyrnZ _evp_pkeyr@)rrFr*r!r!r"is_signature_validhs  z-_CertificateRevocationList.is_signature_validN)rerfrgr#r+r,r9rrirrrtrhrOrKrJrvrwrWrxr.r|rrrrUrr!r!r!r"rms(       rmc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZddZdS)_CertificateSigningRequestcCs||_||_dS)N)r _x509_req)rrZx509_reqr!r!r"r#~sz#_CertificateSigningRequest.__init__cCs2t|tstS|jtjj}|jtjj}||kS)N)r&rr(r.rr/r0)rr)Z self_bytesZ other_bytesr!r!r"r+s  z!_CertificateSigningRequest.__eq__cCs ||k S)Nr!)rr)r!r!r"r,sz!_CertificateSigningRequest.__ne__cCst|jtjjS)N)r-r.rr/r0)rr!r!r"r1sz#_CertificateSigningRequest.__hash__cCsH|jjj|j}|jj||jjjk|jjj||jjj}|jj |S)N) rrX509_REQ_get_pubkeyrr:r;r<rBrCrD)rrEr!r!r"rFsz%_CertificateSigningRequest.public_keycCs2|jjj|j}|jj||jjjkt|j|S)N)rrZX509_REQ_get_subject_namerr:r;r<r )rr$r!r!r"r$sz"_CertificateSigningRequest.subjectc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)rKrrLrMrr)rrNr!r!r"rOs  z3_CertificateSigningRequest.signature_hash_algorithmcCs^|jjjd}|jjj|j|jjj||jj|d|jjjkt|j|dj }t j |S)Nz X509_ALGOR **r) rr;rPrX509_REQ_get0_signaturerr<r:r r7rrR)rrSrNr!r!r"rKs z2_CertificateSigningRequest.signature_algorithm_oidcs6jjjj}jjj|fdd}jjj|S)Ncs"jjj|jjjjjjdS)NZX509_EXTENSION_free)rrZsk_X509_EXTENSION_pop_freer;Z addressofZ _original_lib)x)rr!r"rZsz7_CertificateSigningRequest.extensions..)rrZX509_REQ_get_extensionsrr;rBZ_csr_extension_parserrT)rZ x509_extsr!)rr"rUs z%_CertificateSigningRequest.extensionscCsn|jj}|tjjkr*|jjj||j}n(|tjjkrJ|jjj ||j}nt d|jj |dk|jj |S)Nz/encoding must be an item from the Encoding enumr^) rr_rr/r`rZPEM_write_bio_X509_REQrr0Zi2d_X509_REQ_biorar:rb)rrcrdr*r!r!r"r.s    z'_CertificateSigningRequest.public_bytescsdjjjd}jjjj|}jj|dkjjj|fdd}jjj|d|ddS)Nzunsigned char **rcsjjj|dS)Nr)rrrX)rY)rr!r"rZszB_CertificateSigningRequest.tbs_certrequest_bytes..) rr;rPrZi2d_re_X509_REQ_tbsrr:rBr[)rr\r*r!)rr"tbs_certrequest_bytess z0_CertificateSigningRequest.tbs_certrequest_bytescCsR|jjjd}|jjj|j||jjj|jj|d|jjjkt|j|dS)NzASN1_BIT_STRING **r) rr;rPrrrr<r:r )rrVr!r!r"rWs z$_CertificateSigningRequest.signaturecCsh|jjj|j}|jj||jjjk|jjj||jjj}|jjj |j|}|dkrd|jj dSdS)Nr^FT) rrrrr:r;r<rBrCZX509_REQ_verifyr@)rrEr*r!r!r"rs z-_CertificateSigningRequest.is_signature_validcCs t|j|j}|jjj|j|d}|dkrs.   %-