B f]]@sddlmZmZmZddlZddlZddlZddlZddlZddl m Z ddl Z ddl m Z ddlmZmZmZmZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd l m!Z!dd l"m#Z#m$Z$m%Z%m&Z&d dZ'ddZ(Gddde)Z*Gddde)Z+e ,ej-Gddde.Z/Gddde.Z0e 1e/Gddde.Z2e 1e/Gddde.Z3e 1e/Gddde.Z4e 1e/Gdd d e.Z5Gd!d"d"e.Z6e 1e/Gd#d$d$e.Z7e 1e/Gd%d&d&e.Z8e 1e/Gd'd(d(e.Z9e 1e/Gd)d*d*e.Z:Gd+d,d,e.Z;Gd-d.d.e ZGd3d4d4e.Z?Gd5d6d6e.Z@Gd7d8d8e.ZAe 1e/Gd9d:d:e.ZBe 1e/Gd;d<dd>e.ZDe 1e/Gd?d@d@e.ZEGdAdBdBe ZFeGdCdDeFDZHe 1e/GdEdFdFe.ZIe 1e/GdGdHdHe.ZJe 1e/GdIdJdJe.ZKGdKdLdLe.ZLGdMdNdNe.ZMe 1e/GdOdPdPe.ZNe 1e/GdQdRdRe.ZOe 1e/GdSdTdTe.ZPe 1e/GdUdVdVe.ZQe 1e/GdWdXdXe.ZRe 1e/GdYdZdZe.ZSe 1e/Gd[d\d\e.ZTe 1e/Gd]d^d^e.ZUe 1e/Gd_d`d`e.ZVdS)a)absolute_importdivisionprint_functionN)Enum)utils) BIT_STRING DERReaderOBJECT_IDENTIFIERSEQUENCE) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)SignedCertificateTimestamp) GeneralName IPAddress OtherName)RelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDOCSPExtensionOIDObjectIdentifierc Cst|tr |tjjtjj}nt|tr@|tjj tjj }n|tjjtjj }t |}| t}|t}|t}WdQRX| |t|s|WdQRX|dkrtd|j}t|S)NrzInvalid public key encoding) isinstancerZ public_bytesr ZEncodingZDERZ PublicFormatZPKCS1r ZX962ZUncompressedPointZSubjectPublicKeyInforZread_single_elementr Z read_elementrr Zis_emptyZread_any_elementZ read_byte ValueErrordatahashlibZsha1digest) public_keyrZ serializedreaderZpublic_key_info algorithmr ;lib/python3.7/site-packages/cryptography/x509/extensions.py_key_identifier_from_public_key!s.         r"cs.fdd}fdd}fdd}|||fS)Ncstt|S)N)lengetattr)self) field_namer r! len_methodJsz*_make_sequence_methods..len_methodcstt|S)N)iterr$)r%)r&r r! iter_methodMsz+_make_sequence_methods..iter_methodcst||S)N)r$)r%idx)r&r r!getitem_methodPsz._make_sequence_methods..getitem_methodr )r&r'r)r+r )r&r!_make_sequence_methodsIs   r,cseZdZfddZZS)DuplicateExtensioncstt||||_dS)N)superr-__init__oid)r%msgr0) __class__r r!r/WszDuplicateExtension.__init__)__name__ __module__ __qualname__r/ __classcell__r r )r2r!r-Vsr-cseZdZfddZZS)ExtensionNotFoundcstt||||_dS)N)r.r7r/r0)r%r1r0)r2r r!r/]szExtensionNotFound.__init__)r3r4r5r/r6r r )r2r!r7\sr7c@seZdZejddZdS) ExtensionTypecCsdS)zK Returns the oid associated with the given extension type. Nr )r%r r r!r0dszExtensionType.oidN)r3r4r5abcabstractpropertyr0r r r r!r8bsr8c@s:eZdZddZddZddZed\ZZZ dd Z d S) ExtensionscCs ||_dS)N) _extensions)r% extensionsr r r!r/lszExtensions.__init__cCs0x|D]}|j|kr|SqWtd||dS)NzNo {} extension was found)r0r7format)r%r0extr r r!get_extension_for_oidos  z Extensions.get_extension_for_oidcCsD|tkrtdx|D]}t|j|r|SqWtd||jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.zNo {} extension was found)UnrecognizedExtension TypeErrorrvaluer7r>r0)r%Zextclassr?r r r!get_extension_for_classvs  z"Extensions.get_extension_for_classr<cCs d|jS)Nz)r>r<)r%r r r!__repr__szExtensions.__repr__N) r3r4r5r/r@rDr,__len____iter__ __getitem__rEr r r r!r;ks r;c@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLNumbercCst|tjstd||_dS)Nzcrl_number must be an integer)rsix integer_typesrB _crl_number)r% crl_numberr r r!r/s zCRLNumber.__init__cCst|tstS|j|jkS)N)rrINotImplementedrM)r%otherr r r!__eq__s zCRLNumber.__eq__cCs ||k S)Nr )r%rOr r r!__ne__szCRLNumber.__ne__cCs t|jS)N)hashrM)r%r r r!__hash__szCRLNumber.__hash__cCs d|jS)Nz)r>rM)r%r r r!rEszCRLNumber.__repr__rLN)r3r4r5rZ CRL_NUMBERr0r/rPrQrSrErread_only_propertyrMr r r r!rIsrIc@speZdZejZddZeddZeddZ ddZ d d Z d d Z d dZ edZedZedZdS)AuthorityKeyIdentifiercCst|dk|dkkrtd|dk rBt|}tdd|DsBtd|dk r^t|tjs^td||_||_||_ dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecss|]}t|tVqdS)N)rr).0xr r r! sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) rlistallrBrrJrK_key_identifier_authority_cert_issuer_authority_cert_serial_number)r%key_identifierauthority_cert_issuerauthority_cert_serial_numberr r r!r/s"   zAuthorityKeyIdentifier.__init__cCst|}||dddS)N)r^r_r`)r")clsrrr r r!from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keycCs:t|tr|j}n|jj}tjdtjdd||dddS)NzExtension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly.) stacklevel)r^r_r`)rSubjectKeyIdentifierrrCwarningswarnrZDeprecatedIn27)raZskirr r r!"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifiercCs d|S)Nz)r>)r%r r r!rEszAuthorityKeyIdentifier.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrUrNr^r_r`)r%rOr r r!rPs    zAuthorityKeyIdentifier.__eq__cCs ||k S)Nr )r%rOr r r!rQszAuthorityKeyIdentifier.__ne__cCs,|jdkrd}n t|j}t|j||jfS)N)r_tuplerRr^r`)r%Zacir r r!rSs   zAuthorityKeyIdentifier.__hash__r[r\r]N)r3r4r5rZAUTHORITY_KEY_IDENTIFIERr0r/ classmethodrbrhrErPrQrSrrTr^r_r`r r r r!rUs    rUc@sPeZdZejZddZeddZe dZ ddZ dd Z d d Zd d ZdS)recCs ||_dS)N)_digest)r%rr r r!r/szSubjectKeyIdentifier.__init__cCs |t|S)N)r")rarr r r!from_public_keysz$SubjectKeyIdentifier.from_public_keyrkcCs d|jS)Nz$)r>r)r%r r r!rEszSubjectKeyIdentifier.__repr__cCst|tstSt|j|jS)N)rrerNr Zbytes_eqr)r%rOr r r!rP!s zSubjectKeyIdentifier.__eq__cCs ||k S)Nr )r%rOr r r!rQ'szSubjectKeyIdentifier.__ne__cCs t|jS)N)rRr)r%r r r!rS*szSubjectKeyIdentifier.__hash__N)r3r4r5rZSUBJECT_KEY_IDENTIFIERr0r/rjrlrrTrrErPrQrSr r r r!res  rec@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) AuthorityInformationAccesscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rAccessDescription)rVrWr r r!rX4sz6AuthorityInformationAccess.__init__..z@Every item in the descriptions list must be an AccessDescription)rYrZrB _descriptions)r%Z descriptionsr r r!r/2s z#AuthorityInformationAccess.__init__rocCs d|jS)Nz )r>ro)r%r r r!rE>sz#AuthorityInformationAccess.__repr__cCst|tstS|j|jkS)N)rrmrNro)r%rOr r r!rPAs z!AuthorityInformationAccess.__eq__cCs ||k S)Nr )r%rOr r r!rQGsz!AuthorityInformationAccess.__ne__cCstt|jS)N)rRriro)r%r r r!rSJsz#AuthorityInformationAccess.__hash__N)r3r4r5rZAUTHORITY_INFORMATION_ACCESSr0r/r,rFrGrHrErPrQrSr r r r!rm.s rmc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rncCs4t|tstdt|ts$td||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)rrrBr_access_method_access_location)r% access_methodaccess_locationr r r!r/Os   zAccessDescription.__init__cCs d|S)NzY)r>)r%r r r!rEYszAccessDescription.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrnrNrrrs)r%rOr r r!rP_s  zAccessDescription.__eq__cCs ||k S)Nr )r%rOr r r!rQhszAccessDescription.__ne__cCst|j|jfS)N)rRrrrs)r%r r r!rSkszAccessDescription.__hash__rprqN) r3r4r5r/rErPrQrSrrTrrrsr r r r!rnNs   rnc@sNeZdZejZddZedZ edZ ddZ ddZ d d Z d d Zd S)BasicConstraintscCsZt|tstd|dk r&|s&td|dk rJt|tjrB|dkrJtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)rboolrBrrJrK_ca _path_length)r%ca path_lengthr r r!r/vs  zBasicConstraints.__init__rvrwcCs d|S)Nz:)r>)r%r r r!rEszBasicConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrtrNrxry)r%rOr r r!rPs zBasicConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQszBasicConstraints.__ne__cCst|j|jfS)N)rRrxry)r%r r r!rSszBasicConstraints.__hash__N)r3r4r5rZBASIC_CONSTRAINTSr0r/rrTrxryrErPrQrSr r r r!rtrs  rtc@sDeZdZejZddZedZ ddZ ddZ dd Z d d Z d S) DeltaCRLIndicatorcCst|tjstd||_dS)Nzcrl_number must be an integer)rrJrKrBrL)r%rMr r r!r/s zDeltaCRLIndicator.__init__rLcCst|tstS|j|jkS)N)rrzrNrM)r%rOr r r!rPs zDeltaCRLIndicator.__eq__cCs ||k S)Nr )r%rOr r r!rQszDeltaCRLIndicator.__ne__cCs t|jS)N)rRrM)r%r r r!rSszDeltaCRLIndicator.__hash__cCs d|S)Nz.)r>)r%r r r!rEszDeltaCRLIndicator.__repr__N)r3r4r5rZDELTA_CRL_INDICATORr0r/rrTrMrPrQrSrEr r r r!rzs rzc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CRLDistributionPointscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rDistributionPoint)rVrWr r r!rXsz1CRLDistributionPoints.__init__..z?distribution_points must be a list of DistributionPoint objects)rYrZrB_distribution_points)r%distribution_pointsr r r!r/s zCRLDistributionPoints.__init__r}cCs d|jS)Nz)r>r})r%r r r!rEszCRLDistributionPoints.__repr__cCst|tstS|j|jkS)N)rr{rNr})r%rOr r r!rPs zCRLDistributionPoints.__eq__cCs ||k S)Nr )r%rOr r r!rQszCRLDistributionPoints.__ne__cCstt|jS)N)rRrir})r%r r r!rSszCRLDistributionPoints.__hash__N)r3r4r5rZCRL_DISTRIBUTION_POINTSr0r/r,rFrGrHrErPrQrSr r r r!r{s  r{c@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) FreshestCRLcCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr|)rVrWr r r!rXsz'FreshestCRL.__init__..z?distribution_points must be a list of DistributionPoint objects)rYrZrBr})r%r~r r r!r/s zFreshestCRL.__init__r}cCs d|jS)Nz)r>r})r%r r r!rEszFreshestCRL.__repr__cCst|tstS|j|jkS)N)rrrNr})r%rOr r r!rPs zFreshestCRL.__eq__cCs ||k S)Nr )r%rOr r r!rQszFreshestCRL.__ne__cCstt|jS)N)rRrir})r%r r r!rSszFreshestCRL.__hash__N)r3r4r5rZ FRESHEST_CRLr0r/r,rFrGrHrErPrQrSr r r r!rs  rc@s\eZdZddZddZddZddZd d Ze d Z e d Z e d Z e dZ dS)r|cCs|r|rtd|r6t|}tdd|Ds6td|rLt|tsLtd|rrt|}tdd|Dsrtd|rt|trtdd|Dstd |rtj|kstj |krtd |r|s|s|std ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.css|]}t|tVqdS)N)rr)rVrWr r r!rX sz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdS)N)rr)rVrWr r r!rXsz2crl_issuer must be None or a list of general namescss|]}t|tVqdS)N)r ReasonFlags)rVrWr r r!rXsz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPointzPYou must supply crl_issuer, full_name, or relative_name when reasons is not None)rrYrZrBrr frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r% full_name relative_namereasons crl_issuerr r r!r/s@   zDistributionPoint.__init__cCs d|S)Nz})r>)r%r r r!rE5szDistributionPoint.__repr__cCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkS)N)rr|rNrrrr)r%rOr r r!rP<s     zDistributionPoint.__eq__cCs ||k S)Nr )r%rOr r r!rQGszDistributionPoint.__ne__cCsH|jdk rt|j}nd}|jdk r0t|j}nd}t||j|j|fS)N)rrirrRrr)r%fnrr r r!rSJs    zDistributionPoint.__hash__rrrrN)r3r4r5r/rErPrQrSrrTrrrrr r r r!r|s4    r|c@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) r3r4r5rZkey_compromiseZ ca_compromiseZaffiliation_changedrZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserr r r r!r]src@sNeZdZejZddZddZddZddZ d d Z e d Z e d Zd S)PolicyConstraintscCs`|dk rt|tjstd|dk r8t|tjs8td|dkrP|dkrPtd||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)rrJrKrBr_require_explicit_policy_inhibit_policy_mapping)r%require_explicit_policyinhibit_policy_mappingr r r!r/ns    zPolicyConstraints.__init__cCs d|S)Nz{)r>)r%r r r!rEszPolicyConstraints.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPs  zPolicyConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQszPolicyConstraints.__ne__cCst|j|jfS)N)rRrr)r%r r r!rSszPolicyConstraints.__hash__rrN)r3r4r5rZPOLICY_CONSTRAINTSr0r/rErPrQrSrrTrrr r r r!rjs rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) CertificatePoliciescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rPolicyInformation)rVrWr r r!rXsz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rYrZrB _policies)r%Zpoliciesr r r!r/s zCertificatePolicies.__init__rcCs d|jS)Nz)r>r)r%r r r!rEszCertificatePolicies.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zCertificatePolicies.__eq__cCs ||k S)Nr )r%rOr r r!rQszCertificatePolicies.__ne__cCstt|jS)N)rRrir)r%r r r!rSszCertificatePolicies.__hash__N)r3r4r5rZCERTIFICATE_POLICIESr0r/r,rFrGrHrErPrQrSr r r r!rs rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCsHt|tstd||_|r>t|}tdd|Ds>td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|]}t|tjtfVqdS)N)rrJZ text_type UserNotice)rVrWr r r!rXsz-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)rrrB_policy_identifierrYrZ_policy_qualifiers)r%policy_identifierpolicy_qualifiersr r r!r/s  zPolicyInformation.__init__cCs d|S)Nze)r>)r%r r r!rEszPolicyInformation.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rPs  zPolicyInformation.__eq__cCs ||k S)Nr )r%rOr r r!rQszPolicyInformation.__ne__cCs(|jdk rt|j}nd}t|j|fS)N)rrirRr)r%Zpqr r r!rSs  zPolicyInformation.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!rs  rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs&|rt|tstd||_||_dS)Nz2notice_reference must be None or a NoticeReference)rNoticeReferencerB_notice_reference_explicit_text)r%notice_reference explicit_textr r r!r/s zUserNotice.__init__cCs d|S)NzV)r>)r%r r r!rEszUserNotice.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rP s  zUserNotice.__eq__cCs ||k S)Nr )r%rOr r r!rQszUserNotice.__ne__cCst|j|jfS)N)rRrr)r%r r r!rSszUserNotice.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!rs   rc@sHeZdZddZddZddZddZd d Ze d Z e d Z d S)rcCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdS)N)rint)rVrWr r r!rX"sz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrYrZrB_notice_numbers)r% organizationnotice_numbersr r r!r/s zNoticeReference.__init__cCs d|S)NzU)r>)r%r r r!rE)szNoticeReference.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rP/s  zNoticeReference.__eq__cCs ||k S)Nr )r%rOr r r!rQ8szNoticeReference.__ne__cCst|jt|jfS)N)rRrrir)r%r r r!rS;szNoticeReference.__hash__rrN) r3r4r5r/rErPrQrSrrTrrr r r r!rs   rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) ExtendedKeyUsagecCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXHsz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rYrZrB_usages)r%Zusagesr r r!r/Fs zExtendedKeyUsage.__init__rcCs d|jS)Nz)r>r)r%r r r!rEQszExtendedKeyUsage.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPTs zExtendedKeyUsage.__eq__cCs ||k S)Nr )r%rOr r r!rQZszExtendedKeyUsage.__ne__cCstt|jS)N)rRrir)r%r r r!rS]szExtendedKeyUsage.__hash__N)r3r4r5rZEXTENDED_KEY_USAGEr0r/r,rFrGrHrErPrQrSr r r r!rBs rc@s2eZdZejZddZddZddZddZ d S) OCSPNoCheckcCst|tstSdS)NT)rrrN)r%rOr r r!rPes zOCSPNoCheck.__eq__cCs ||k S)Nr )r%rOr r r!rQkszOCSPNoCheck.__ne__cCsttS)N)rRr)r%r r r!rSnszOCSPNoCheck.__hash__cCsdS)Nzr )r%r r r!rEqszOCSPNoCheck.__repr__N) r3r4r5rZ OCSP_NO_CHECKr0rPrQrSrEr r r r!ras rc@s2eZdZejZddZddZddZddZ d S) PrecertPoisoncCst|tstSdS)NT)rrrN)r%rOr r r!rPys zPrecertPoison.__eq__cCs ||k S)Nr )r%rOr r r!rQszPrecertPoison.__ne__cCsttS)N)rRr)r%r r r!rSszPrecertPoison.__hash__cCsdS)Nzr )r%r r r!rEszPrecertPoison.__repr__N) r3r4r5rZPRECERT_POISONr0rPrQrSrEr r r r!rus rc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) TLSFeaturecCs8t|}tdd|Dr&t|dkr.td||_dS)Ncss|]}t|tVqdS)N)rTLSFeatureType)rVrWr r r!rXsz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rYrZr#rB _features)r%Zfeaturesr r r!r/s  zTLSFeature.__init__rcCs d|S)Nz$)r>)r%r r r!rEszTLSFeature.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zTLSFeature.__eq__cCs ||k S)Nr )r%rOr r r!rQszTLSFeature.__ne__cCstt|jS)N)rRrir)r%r r r!rSszTLSFeature.__hash__N)r3r4r5rZ TLS_FEATUREr0r/r,rFrGrHrErPrQrSr r r r!rs rc@seZdZdZdZdS)rN)r3r4r5Zstatus_requestZstatus_request_v2r r r r!rsrccs|]}|j|fVqdS)N)rC)rVrWr r r!rXsrXc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InhibitAnyPolicycCs.t|tjstd|dkr$td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)rrJrKrBr _skip_certs)r% skip_certsr r r!r/s  zInhibitAnyPolicy.__init__cCs d|S)Nz-)r>)r%r r r!rEszInhibitAnyPolicy.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zInhibitAnyPolicy.__eq__cCs ||k S)Nr )r%rOr r r!rQszInhibitAnyPolicy.__ne__cCs t|jS)N)rRr)r%r r r!rSszInhibitAnyPolicy.__hash__rN)r3r4r5rZINHIBIT_ANY_POLICYr0r/rErPrQrSrrTrr r r r!rs rc@seZdZejZddZedZ edZ edZ edZ edZ edZed Zed d Zed d ZddZddZddZddZdS)KeyUsagec CsN|s|s | rtd||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r%digital_signaturecontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyr r r!r/s zKeyUsage.__init__rrrrrrrcCs|jstdn|jSdS)Nz7encipher_only is undefined unless key_agreement is true)rrr)r%r r r!rszKeyUsage.encipher_onlycCs|jstdn|jSdS)Nz7decipher_only is undefined unless key_agreement is true)rrr)r%r r r!rszKeyUsage.decipher_onlycCs<y|j}|j}Wntk r,d}d}YnXd|||S)Na-)rrrr>)r%rrr r r!rE s  zKeyUsage.__repr__cCszt|tstS|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j|jkox|j |j kox|j |j kox|j |j kS)N) rrrNrrrrrrrrr)r%rOr r r!rPs         zKeyUsage.__eq__cCs ||k S)Nr )r%rOr r r!rQ+szKeyUsage.__ne__c Cs,t|j|j|j|j|j|j|j|j|j f S)N) rRrrrrrrrrr)r%r r r!rS.s zKeyUsage.__hash__N)r3r4r5rZ KEY_USAGEr0r/rrTrrrrrrrpropertyrrrErPrQrSr r r r!rs        rc@sVeZdZejZddZddZddZddZ d d Z d d Z e d Ze dZdS)NameConstraintscCs|dk r4t|}tdd|Ds*td|||dk rht|}tdd|Ds^td|||dkr|dkrtd||_||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rX@sz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonecss|]}t|tVqdS)N)rr)rVrWr r r!rXLsz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rYrZrB_validate_ip_namer_permitted_subtrees_excluded_subtrees)r%permitted_subtreesexcluded_subtreesr r r!r/<s&  zNameConstraints.__init__cCs&t|tstS|j|jko$|j|jkS)N)rrrNrr)r%rOr r r!rP^s  zNameConstraints.__eq__cCs ||k S)Nr )r%rOr r r!rQgszNameConstraints.__ne__cCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdS)N)rrrC ipaddressZ IPv4NetworkZ IPv6Network)rVnamer r r!rXksz4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrB)r%Ztreer r r!rjs z!NameConstraints._validate_ip_namecCs d|S)Nze)r>)r%r r r!rEsszNameConstraints.__repr__cCs@|jdk rt|j}nd}|jdk r0t|j}nd}t||fS)N)rrirrR)r%ZpsZesr r r!rSys    zNameConstraints.__hash__rrN)r3r4r5rZNAME_CONSTRAINTSr0r/rPrQrrErSrrTrrr r r r!r8s"   rc@sReZdZddZedZedZedZddZ dd Z d d Z d d Z dS) ExtensioncCs:t|tstdt|ts$td||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)rrrBru_oid _critical_value)r%r0criticalrCr r r!r/s  zExtension.__init__rrrcCs d|S)Nz@)r>)r%r r r!rEszExtension.__repr__cCs2t|tstS|j|jko0|j|jko0|j|jkS)N)rrrNr0rrC)r%rOr r r!rPs    zExtension.__eq__cCs ||k S)Nr )r%rOr r r!rQszExtension.__ne__cCst|j|j|jfS)N)rRr0rrC)r%r r r!rSszExtension.__hash__N) r3r4r5r/rrTr0rrCrErPrQrSr r r r!rs    rc@sJeZdZddZed\ZZZddZddZ dd Z d d Z d d Z dS) GeneralNamescCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXsz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rYrZrB_general_names)r% general_namesr r r!r/s zGeneralNames.__init__rcs0fdd|D}tkr(dd|D}t|S)Nc3s|]}t|r|VqdS)N)r)rVi)typer r!rXsz3GeneralNames.get_values_for_type..css|] }|jVqdS)N)rC)rVrr r r!rXs)rrY)r%rZobjsr )rr!get_values_for_typesz GeneralNames.get_values_for_typecCs d|jS)Nz)r>r)r%r r r!rEszGeneralNames.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zGeneralNames.__eq__cCs ||k S)Nr )r%rOr r r!rQszGeneralNames.__ne__cCstt|jS)N)rRrir)r%r r r!rSszGeneralNames.__hash__N) r3r4r5r/r,rFrGrHrrErPrQrSr r r r!rs  rc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)SubjectAlternativeNamecCst||_dS)N)rr)r%rr r r!r/szSubjectAlternativeName.__init__rcCs |j|S)N)rr)r%rr r r!rsz*SubjectAlternativeName.get_values_for_typecCs d|jS)Nz)r>r)r%r r r!rEszSubjectAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zSubjectAlternativeName.__eq__cCs ||k S)Nr )r%rOr r r!rQszSubjectAlternativeName.__ne__cCs t|jS)N)rRr)r%r r r!rSszSubjectAlternativeName.__hash__N)r3r4r5rZSUBJECT_ALTERNATIVE_NAMEr0r/r,rFrGrHrrErPrQrSr r r r!rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)IssuerAlternativeNamecCst||_dS)N)rr)r%rr r r!r/szIssuerAlternativeName.__init__rcCs |j|S)N)rr)r%rr r r!rsz)IssuerAlternativeName.get_values_for_typecCs d|jS)Nz)r>r)r%r r r!rEszIssuerAlternativeName.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zIssuerAlternativeName.__eq__cCs ||k S)Nr )r%rOr r r!rQszIssuerAlternativeName.__ne__cCs t|jS)N)rRr)r%r r r!rS szIssuerAlternativeName.__hash__N)r3r4r5rZISSUER_ALTERNATIVE_NAMEr0r/r,rFrGrHrrErPrQrSr r r r!rsrc@sPeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd d ZdS)CertificateIssuercCst||_dS)N)rr)r%rr r r!r/szCertificateIssuer.__init__rcCs |j|S)N)rr)r%rr r r!rsz%CertificateIssuer.get_values_for_typecCs d|jS)Nz)r>r)r%r r r!rEszCertificateIssuer.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zCertificateIssuer.__eq__cCs ||k S)Nr )r%rOr r r!rQ#szCertificateIssuer.__ne__cCs t|jS)N)rRr)r%r r r!rS&szCertificateIssuer.__hash__N)r3r4r5rZCERTIFICATE_ISSUERr0r/r,rFrGrHrrErPrQrSr r r r!rsrc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) CRLReasoncCst|tstd||_dS)Nz*reason must be an element from ReasonFlags)rrrB_reason)r%reasonr r r!r/.s zCRLReason.__init__cCs d|jS)Nz)r>r)r%r r r!rE4szCRLReason.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rP7s zCRLReason.__eq__cCs ||k S)Nr )r%rOr r r!rQ=szCRLReason.__ne__cCs t|jS)N)rRr)r%r r r!rS@szCRLReason.__hash__rN)r3r4r5rZ CRL_REASONr0r/rErPrQrSrrTrr r r r!r*src@sDeZdZejZddZddZddZddZ d d Z e d Z d S) InvalidityDatecCst|tjstd||_dS)Nz+invalidity_date must be a datetime.datetime)rdatetimerB_invalidity_date)r%invalidity_dater r r!r/Js zInvalidityDate.__init__cCs d|jS)Nz$)r>r)r%r r r!rEPszInvalidityDate.__repr__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPUs zInvalidityDate.__eq__cCs ||k S)Nr )r%rOr r r!rQ[szInvalidityDate.__ne__cCs t|jS)N)rRr)r%r r r!rS^szInvalidityDate.__hash__rN)r3r4r5rZINVALIDITY_DATEr0r/rErPrQrSrrTrr r r r!rFsrc@sHeZdZejZddZed\ZZ Z ddZ ddZ dd Z d d Zd S) )PrecertificateSignedCertificateTimestampscCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdS)N)rr)rVZsctr r r!rXkszEPrecertificateSignedCertificateTimestamps.__init__..zYEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamp)rYrZrB_signed_certificate_timestamps)r%Zsigned_certificate_timestampsr r r!r/hs z2PrecertificateSignedCertificateTimestamps.__init__rcCsdt|S)Nz/)r>rY)r%r r r!rExsz2PrecertificateSignedCertificateTimestamps.__repr__cCstt|jS)N)rRrir)r%r r r!rSsz2PrecertificateSignedCertificateTimestamps.__hash__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs z0PrecertificateSignedCertificateTimestamps.__eq__cCs ||k S)Nr )r%rOr r r!rQsz0PrecertificateSignedCertificateTimestamps.__ne__N)r3r4r5rZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSr0r/r,rFrGrHrErSrPrQr r r r!rds   rc@sDeZdZejZddZddZddZddZ d d Z e d Z d S) OCSPNoncecCst|tstd||_dS)Nznonce must be bytes)rbytesrB_nonce)r%noncer r r!r/s zOCSPNonce.__init__cCst|tstS|j|jkS)N)rrrNr)r%rOr r r!rPs zOCSPNonce.__eq__cCs ||k S)Nr )r%rOr r r!rQszOCSPNonce.__ne__cCs t|jS)N)rRr)r%r r r!rSszOCSPNonce.__hash__cCs d|S)Nz)r>)r%r r r!rEszOCSPNonce.__repr__rN)r3r4r5rZNONCEr0r/rPrQrSrErrTrr r r r!rsrc@seZdZejZddZddZddZddZ d d Z e d Z e d Ze d Ze dZe dZe dZe dZdS)IssuingDistributionPointc Cs|r(t|tr tdd|Ds(td|rHtj|ks@tj|krHtdt|trpt|trpt|trpt|tsxtd||||g}t dd|Ddkrtd t |||||||gstd ||_ ||_ ||_ ||_||_||_||_dS) Ncss|]}t|tVqdS)N)rr)rVrWr r r!rXsz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSr r )rVrWr r r! sz5IssuingDistributionPoint.__init__..zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rrrZrBrrrrrur#r_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r%rronly_contains_user_certsonly_contains_ca_certsonly_some_reasons indirect_crlonly_contains_attribute_certsZcrl_constraintsr r r!r/sD        z!IssuingDistributionPoint.__init__cCs d|S)NaG)r>)r%r r r!rEsz!IssuingDistributionPoint.__repr__cCsbt|tstS|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j|jko`|j |j kS)N) rrrNrrrrrrr)r%rOr r r!rPs       zIssuingDistributionPoint.__eq__cCs ||k S)Nr )r%rOr r r!rQszIssuingDistributionPoint.__ne__cCs$t|j|j|j|j|j|j|jfS)N)rRrrrrrrr)r%r r r!rSsz!IssuingDistributionPoint.__hash__rrrrrrrN)r3r4r5rZISSUING_DISTRIBUTION_POINTr0r/rErPrQrSrrTrrrrrrrr r r r!rs F     rc@sHeZdZddZedZedZddZddZ d d Z d d Z d S)rAcCs"t|tstd||_||_dS)Nzoid must be an ObjectIdentifier)rrrBrr)r%r0rCr r r!r//s zUnrecognizedExtension.__init__rrcCs d|S)Nz7)r>)r%r r r!rE8szUnrecognizedExtension.__repr__cCs&t|tstS|j|jko$|j|jkS)N)rrArNr0rC)r%rOr r r!rP?s zUnrecognizedExtension.__eq__cCs ||k S)Nr )r%rOr r r!rQEszUnrecognizedExtension.__ne__cCst|j|jfS)N)rRr0rC)r%r r r!rSHszUnrecognizedExtension.__hash__N) r3r4r5r/rrTr0rCrErPrQrSr r r r!rA-s  rA)WZ __future__rrrr9rrrrfenumrrJZ cryptographyrZcryptography.hazmat._derrrr r Zcryptography.hazmat.primitivesr r Z,cryptography.hazmat.primitives.asymmetric.ecr Z-cryptography.hazmat.primitives.asymmetric.rsarZ*cryptography.x509.certificate_transparencyrZcryptography.x509.general_namerrrZcryptography.x509.namerZcryptography.x509.oidrrrrr"r, Exceptionr-r7Z add_metaclassABCMetaobjectr8r;Zregister_interfacerIrUrermrnrtrzr{rr|rrrrrrrrrrrdictZ_TLS_FEATURE_TYPE_TO_ENUMrrrrrrrrrrrrrrAr r r r!s      ( #f$)##] <2%$" ^Q'%*