o h~,@sddlmZddlZddlZddlmZmZddlmZddl m Z ddl m Z ddl mZmZmZGdd d ejZGd d d ejZe je je je je jfZdddZGdddejZGdddZejZejZejZGdddZ GdddZ!ej"Z"ej#Z#dS)) annotationsN)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrI/var/www/html/venv/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm.s r#c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r rZGOODREVOKEDUNKNOWNrrrrr$5sr$c@seZdZdddZdS)_SingleResponsecertx509.Certificateissuerrr cert_statusr$ this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|tjr t|tjstdt|t|tjstd|dur,t|tjs,td||_||_||_||_ ||_ t|t sDtd|t j urZ|durQt d|durYt dn$t|tjsdtdt|}|tkrpt d|dur~t|tjs~td ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r r Certificate TypeErrorr#datetimeZ_certZ_issuer _algorithmZ _this_updateZ _next_updater$r%r"r rZ ReasonFlagsZ _cert_statusZ_revocation_timeZ_revocation_reason) selfr(r*rr+r,r.r0r1rrr__init__<s\        z_SingleResponse.__init__N)r(r)r*r)rrr+r$r,r-r.r/r0r/r1r2)r r rr9rrrrr';sr'c@sFeZdZddgfd#d d Zd$ddZd%ddZd&ddZd'd!d"ZdS)(OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]rrcCs||_||_||_dSN)_request _request_hash _extensions)r8r;r=r?rrrr9s  zOCSPRequestBuilder.__init__r(r)r*rrcCsZ|jdus |jdurtdt|t|tjrt|tjs"tdt|||f|j|j S)N.Only one certificate can be added to a requestr3) rBrCr"r#r rr4r5r:rD)r8r(r*rrrradd_certificatesz"OCSPRequestBuilder.add_certificateissuer_name_hashbytesissuer_key_hash serial_numberintcCs|jdus |jdurtdt|tstdt|td|td||j t |ks5|j t |kr9tdt |j||||f|j S)NrEz serial_number must be an integerrGrIz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rBrCr"r rKr5r#r _check_bytes digest_sizelenr:rD)r8rGrIrJrrrradd_certificate_by_hashs&    z*OCSPRequestBuilder.add_certificate_by_hashextvalx509.ExtensionTypecriticalboolcCsJt|tjs tdt|j||}t||jt|j |j g|j|SNz"extension must be an ExtensionType) r r ExtensionTyper5 Extensionoidr rDr:rBrCr8rPrR extensionrrr add_extensions  z OCSPRequestBuilder.add_extension OCSPRequestcCs&|jdur|jdurtdt|S)Nz*You must add a certificate before building)rBrCr"rZcreate_ocsp_request)r8rrrbuilds zOCSPRequestBuilder.build)r;r<r=r>r?r@rr)r(r)r*r)rrrr:) rGrHrIrHrJrKrrrr:)rPrQrRrSrr:)rr[)r r rr9rFrOrZr\rrrrr:s    r:c@s`eZdZdddgfd5d d Zd6ddZd7d d!Zd8d#d$Zd9d)d*Zd:d/d0Ze d;d3d4Z dS)<OCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | Noner?r@cCs||_||_||_||_dSrA) _response _responder_id_certsrD)r8r^r`rbr?rrrr9s zOCSPResponseBuilder.__init__r(r)r*rrr+r$r,r-r.r/r0r1r2rc Cs<|jdur tdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rdr"r'r]rerfrD) r8r(r*rr+r,r.r0r1Z singleresprrr add_responses$  z OCSPResponseBuilder.add_responseencodingr responder_certcCsP|jdur tdt|tjstdt|tstdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rer"r rr4r5r r]rdrfrD)r8rhrirrrr`s   z OCSPResponseBuilder.responder_id!typing.Iterable[x509.Certificate]cCs\|jdur tdt|}t|dkrtdtdd|Ds$tdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjVqdSrA)r rr4).0xrrr "sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rfr"listrNallr5r]rdrerD)r8rbrrr certificatess  z OCSPResponseBuilder.certificatesrPrQrRrScCsNt|tjs tdt|j||}t||jt|j |j |j g|j|SrT) r rrUr5rVrWr rDr]rdrerfrXrrrrZ+s   z!OCSPResponseBuilder.add_extension private_keyrhashes.HashAlgorithm | None OCSPResponsecCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rdr"rercreate_ocsp_responserr)r8rqrrrrsign;s   zOCSPResponseBuilder.signresponse_statusrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r rr5rr"rrt)clsrvrrrbuild_unsuccessfulIs  z&OCSPResponseBuilder.build_unsuccessful)r^r_r`rarbrcr?r@)r(r)r*r)rrr+r$r,r-r.r/r0r/r1r2rr])rhr rir)rr])rbrjrr])rPrQrRrSrr])rqrrrrrrs)rvrrrs) r r rr9rgr`rprZru classmethodrxrrrrr]s    r])rrrr)$ __future__rr6typingZ cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baserr r Enumr rSHA1SHA224SHA256SHA384SHA512r!r#r$r'r[rsZOCSPSingleResponser:r]Zload_der_ocsp_requestZload_der_ocsp_responserrrrs4      FT}