.Ph1ddlmZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZGd d ejZGd d ejZe je je je je jfZddZGddejZGddZe jZe jZe jZGddZGddZ e j!Z!e j"Z"dS)) annotationsN)Iterable)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_reject_duplicate_extensionceZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMEV/var/www/html/test/jupyter/venv/lib/python3.11/site-packages/cryptography/x509/ocsp.pyr r s D DDDrr c&eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r rr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrs-JNILLLLrr algorithmhashes.HashAlgorithmreturnNonecNt|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)r"s r_verify_algorithmr**s3 i 1 1  G     rceZdZdZdZdZdS)OCSPCertStatusrrrN)r rrGOODREVOKEDUNKNOWNrrrr,r,1s DGGGGrr,ceZdZddZdS)_SingleResponseresp0tuple[x509.Certificate, x509.Certificate] | None resp_hashtuple[bytes, bytes, int] | Noner"r# cert_statusr, this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec t|t|tjstd|)t|tjstd||_||_||_||_||_t|tstd|tj ur#|td|tdnTt|tjstd|)t|tj std||_||_||_dS)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)r*r'datetime TypeError_resp _resp_hash _algorithm _this_update _next_updater,r.r)r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr2r4r"r6r7r9r;r<s r__init__z_SingleResponse.__init__8s )$$$+x'899 ECDD D  ": *, , "KLL L ##''+~66 J  n4 4 4* !!, "- ox/@AA M KLLL ,Z!4#366, # ( /"3rN)r2r3r4r5r"r#r6r,r7r8r9r:r;r:r<r=)r rrrKrrrr1r17s(646464646464rr1c>eZdZddgfdd ZddZd dZd!dZd"dZdS)#OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]r$r%c0||_||_||_dSN)_request _request_hash _extensions)rJrNrPrRs rrKzOCSPRequestBuilder.__init__ws!  )%rcertx509.Certificateissuerr"r#c|j|jtdt|t |t jrt |t jstdt|||f|j|j S)N.Only one certificate can be added to a request%cert and issuer must be a Certificate) rVrWr)r*r'r Certificater@rMrX)rJrYr[r"s radd_certificatez"OCSPRequestBuilder.add_certificates = $(:(FMNN N)$$$$ 011 E D$: :  ECDD D! 69 %t'94;K   rissuer_name_hashbytesissuer_key_hash serial_numberintc|j|jtdt|tst dt |tjd|tjd||j t|ks|j t|krtdt|j||||f|j S)Nr] serial_number must be an integerrarc`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rVrWr)r'rer@r*r _check_bytes digest_sizelenrMrX)rJrarcrdr"s radd_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hashs = $(:(FMNN N--- @>?? ?)$$$ -/?@@@ ,o>>>  C % %    "c/&:&: : :6  " M  y I     rextvalx509.ExtensionTypecriticalboolct|tjstdtj|j||}t ||jt|j |j g|j|SNz"extension must be an ExtensionType) r'r ExtensionTyper@ Extensionoidr rXrMrVrWrJrmro extensions r add_extensionz OCSPRequestBuilder.add_extensions}&$"455 B@AA AN6:x@@ #It/?@@@! M4-/M1A/M9/M   r OCSPRequestcd|j|jtdtj|S)Nz*You must add a certificate before building)rVrWr)rcreate_ocsp_request)rJs rbuildzOCSPRequestBuilder.builds2 = T%7%?IJJ J'---r)rNrOrPrQrRrSr$r%)rYrZr[rZr"r#r$rM) rarbrcrbrdrer"r#r$rM)rmrnrorpr$rM)r$ry)r rrrKr`rlrxr|rrrrMrMvs ?A & & & & &    &    <     ......rrMcheZdZdddgfd4d Zd5dZd6d Zd7d$Zd8d&Zd9d+Zd:d0Z e d;d3Z dS)<OCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | NonerRrSc>||_||_||_||_dSrU) _response _responder_id_certsrX)rJrrrrRs rrKzOCSPResponseBuilder.__init__s(") %rrYrZr[r"r#r6r,r7r8r9r:r;r<r=r$c &|jtdt|tjrt|tjst dt ||fd||||||} t| |j|j |j S)N#Only one response per OCSPResponse.r^) rr)r'rr_r@r1r~rrrX) rJrYr[r"r6r7r9r;r< singleresps r add_responsez OCSPResponseBuilder.add_responses > %BCC C$ 011 E D$: :  ECDD D$ 6N          #    K      rrarbrcrdrec |jtdt|tst dt jd|t jd|t||jt|ks|jt|krtdtd|||f|||||| } t| |j |j |jS)Nrrgrarcrh)rr)r'rer@rrir*rjrkr1r~rrrX) rJrarcrdr"r6r7r9r;r<rs radd_response_by_hashz(OCSPResponseBuilder.add_response_by_hashs > %BCC C--- @>?? ? -/?@@@ ,o>>>)$$$  C % %    "c/&:&: : :6  %   >         #    K      rencodingr responder_certc|jtdt|tjst dt|t st dt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr)r'rr_r@r r~rrrX)rJrrs rrz OCSPResponseBuilder.responder_id*s   )@AA A.$*:;; DBCC C($9:: H # N X & K      rIterable[x509.Certificate]c"|jtdt|}t|dkrtdt d|Dst dt |j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listc3JK|]}t|tjVdSrU)r'rr_).0xs r z3OCSPResponseBuilder.certificates..Es/BBq:a!122BBBBBBrz$certs must be a list of Certificates) rr)listrkallr@r~rrrX)rJrs r certificatesz OCSPResponseBuilder.certificates=s ; "@AA AU  u::??>?? ?BBEBBBBB DBCC C" N         rrmrnrorpct|tjstdtj|j||}t ||jt|j |j |j g|j|Srr) r'rrsr@rtrur rXr~rrrrvs rrxz!OCSPResponseBuilder.add_extensionNs&$"455 B@AA AN6:x@@ #It/?@@@" N   K *d * *    r private_keyr hashes.HashAlgorithm | None OCSPResponsec|jtd|jtdtjt j|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr)rrcreate_ocsp_responserr)rJrr"s rsignzOCSPResponseBuilder.sign^sT > !EFF F   %IJJ J(  )4i   rresponse_statusrct|tstd|tjurt dt j|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r'rr@rr)rr)clsrs rbuild_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfullsc/+=>> I  0; ; ;CDD D($dKKKr)rrrrrrrRrS)rYrZr[rZr"r#r6r,r7r8r9r:r;r:r<r=r$r~)rarbrcrbrdrer"r#r6r,r7r8r9r:r;r:r<r=r$r~)rr rrZr$r~)rrr$r~)rmrnrorpr$r~)rr r"rr$r)rrr$r) r rrrKrrrrrxr classmethodrrrrr~r~s,0/3?A & & & & &" " " " H, , , , \    &    "         L L L[ L L Lrr~)r"r#r$r%)# __future__rr?collections.abcr cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesr/cryptography.hazmat.primitives.asymmetric.typesr cryptography.x509.baser Enumr rSHA1SHA224SHA256SHA384SHA512r(r*r,r1ryrOCSPSingleResponserMr~load_der_ocsp_requestload_der_ocsp_responserrrrs$ #"""""$$$$$$$$$$$$$$333333111111?>>>>>EJ  K M M M M     UZ 7474747474747474t  ,Q.Q.Q.Q.Q.Q.Q.Q.hmLmLmLmLmLmLmLmL`24r