a `mgi @s4ddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddlmZmZmZmZmZmZmZmZddlmZmZddlmZmZmZmZdd lm Z m!Z!dd l"m#Z#ed d d Z$ej%e j&e j'e j(e j)e j*e j+e j,e j-fZ.Gd dde/Z0ddddddZ1ddddddZ2dddddZ3GdddZ4Gd d!d!Z5Gd"d#d#ej6Z7Gd$d%d%e/Z8e j9Z9Gd&d'd'ej:d(Z;e;Z>e j?Z?e j@Z@e jAZAe jBZBe jCZCe jDZDe jEZEe jFZFGd+d,d,ZGGd-d.d.ZHGd/d0d0ZIGd1d2d2ZJd3d4d5d6ZKdS)7) annotationsN)utils)x509)hashes)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifierics&eZdZddddfdd ZZS)AttributeNotFoundstrrNone)msgoidreturncst|||_dSN)super__init__r)selfrr __class__O/var/www/html/idle/venv/lib64/python3.9/site-packages/cryptography/x509/base.pyr 8s zAttributeNotFound.__init____name__ __module__ __qualname__r __classcell__r$r$r"r%r7srzExtension[ExtensionType]list[Extension[ExtensionType]]r) extension extensionsrcCs"|D]}|j|jkrtdqdS)Nz$This extension has already been set.)r ValueError)r,r-er$r$r%_reject_duplicate_extension=s r0r0list[tuple[ObjectIdentifier, bytes, int | None]])r attributesrcCs$|D]\}}}||krtdqdS)Nz$This attribute has already been set.)r.)rr2Zattr_oid_r$r$r%_reject_duplicate_attributeGsr4datetime.datetimetimercCs:|jdur2|}|r|nt}|jdd|S|SdS)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)r9 utcoffsetdatetime timedeltareplace)r7offsetr$r$r%_convert_to_naive_utc_timeQs  r?c@sxeZdZejjfdddddddZeddd d Zeddd d Zd dddZ dddddZ ddddZ dS) Attributerbytesintr)rvalue_typercCs||_||_||_dSr)_oid_valuerD)r!rrCrDr$r$r%r `szAttribute.__init__rcCs|jSr)rEr!r$r$r%rjsz Attribute.oidcCs|jSr)rFrHr$r$r%rCnszAttribute.valuercCsd|jd|jdS)Nz)rrCrHr$r$r%__repr__rszAttribute.__repr__objectbool)otherrcCs2t|tstS|j|jko0|j|jko0|j|jkSr) isinstancer@NotImplementedrrCrD)r!rMr$r$r%__eq__us    zAttribute.__eq__cCst|j|j|jfSr)hashrrCrDrHr$r$r%__hash__szAttribute.__hash__N) r'r(r)rZ UTF8StringrCr propertyrrJrPrRr$r$r$r%r@_s  r@c@sHeZdZdddddZed\ZZZddd d Zd d d ddZ dS) Attributesztyping.Iterable[Attribute]r)r2rcCst||_dSr)list _attributes)r!r2r$r$r%r szAttributes.__init__rVrrGcCsd|jdS)Nz t|ts>tdt||j|durZ|j}nd}t|j |j g|j|||fS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) rNrr}rArr4rVrCrurxrn)r!rrCrtagr$r$r% add_attribute&s   z.CertificateSigningRequestBuilder.add_attribute rsa_paddingr_AllowedHashTypes | None typing.Any%padding.PSS | padding.PKCS1v15 | NoneCertificateSigningRequest private_key algorithmbackendrrcCsX|jdurtd|durHt|tjtjfs4tdt|tjsHtdt ||||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys) rxr.rNr PSSPKCS1v15r}r RSAPrivateKey rust_x509Zcreate_x509_csrr!rrrrr$r$r%signFs  z%CertificateSigningRequestBuilder.sign)N)r'r(r)r rwrrrr$r$r$r%rus  $ruc @seZdZUded<ddddddgfddddddddd d d Zd dd ddZd dd ddZdddddZdddddZdddddZ dddddZ d d!dd"d#d$Z d.dd%d&d'd(d)d*d+d,d-Z dS)/CertificateBuilderr+rnNrvz CertificatePublicKeyTypes | None int | Nonedatetime.datetime | Noner) issuer_namerw public_keyrcnot_valid_beforenot_valid_afterr-rcCs6tj|_||_||_||_||_||_||_||_ dSr) r\r__version _issuer_namerx _public_keyrl_not_valid_before_not_valid_afterrn)r!rrwrrcrrr-r$r$r%r bs zCertificateBuilder.__init__rrycCsDt|tstd|jdur$tdt||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. r{N%The issuer name may only be set once.) rNrr}rr.rrxrrlrrrnr~r$r$r%rus  zCertificateBuilder.issuer_namecCsDt|tstd|jdur$tdt|j||j|j|j |j |j S)z: Sets the requestor's distinguished name. r{Nr|) rNrr}rxr.rrrrlrrrnr~r$r$r%rws  zCertificateBuilder.subject_namer)keyrc Cs`t|tjtjtjtjt j t j t jfs.td|jdur@tdt|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rNrZ DSAPublicKeyr Z RSAPublicKeyrZEllipticCurvePublicKeyr ZEd25519PublicKeyrZEd448PublicKeyr ZX25519PublicKeyr Z X448PublicKeyr}rr.rrrxrlrrrn)r!rr$r$r%rs2  zCertificateBuilder.public_keyrBnumberrcCsht|tstd|jdur$td|dkr4td|dkrHtdt|j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) rNrBr}rlr. bit_lengthrrrxrrrrnr!rr$r$r%rcs&   z CertificateBuilder.serial_numberr5r6cCszt|tjstd|jdur&tdt|}|tkr>td|jdurZ||jkrZtdt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rNr;r}rr.r?_EARLIEST_UTC_TIMErrrrxrrlrnr!r7r$r$r%rs,  z#CertificateBuilder.not_valid_beforecCszt|tjstd|jdur&tdt|}|tkr>td|jdurZ||jkrZtdt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rNz)The not valid after may only be set once.ztd|jdurZ||jkrZtdt|j ||j|j |j S)Nr!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) rNr;r}rr.r?rrrrrnr)r!rr$r$r%rus(  z,CertificateRevocationListBuilder.last_update)rrcCsrt|tjstd|jdur&tdt|}|tkr>td|jdurZ||jkrZtdt|j |j||j |j S)Nrrrz8The next update date must be after the last update date.) rNr;r}rr.r?rrrrrnr)r!rr$r$r%rs(  z,CertificateRevocationListBuilder.next_updaterrLrcCsNt|tstdt|j||}t||jt|j|j |j g|j||j S)zM Adds an X.509 extension to the certificate revocation list. r) rNrr}rrr0rnrrrrrrr$r$r%rs   z.CertificateRevocationListBuilder.add_extensionrb)revoked_certificatercCs4t|tstdt|j|j|j|jg|j|S)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) rNrbr}rrrrrnr)r!rr$r$r%add_revoked_certificates  z8CertificateRevocationListBuilder.add_revoked_certificaterrrrrCertificateRevocationListrcCs||jdurtd|jdur$td|jdur6td|durlt|tjtjfsXtdt|t j sltdt ||||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timerr) rr.rrrNr rrr}r rrZcreate_x509_crlrr$r$r%rs    z%CertificateRevocationListBuilder.sign)N) r'r(r)rr rrrrrrr$r$r$r%rTs" rc@sjeZdZddgfddddddZddd d d Zd dd ddZddddddZddddddZdS)RevokedCertificateBuilderNrrr+rjcCs||_||_||_dSrrkror$r$r%r sz"RevokedCertificateBuilder.__init__rBrcCsXt|tstd|jdur$td|dkr4td|dkrHtdt||j|jS)Nrrrz$The serial number should be positiverr) rNrBr}rlr.rrrmrnrr$r$r%rcs    z'RevokedCertificateBuilder.serial_numberr5r6cCsNt|tjstd|jdur&tdt|}|tkr>tdt|j||j S)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rNr;r}rmr.r?rrrlrnrr$r$r%rds   z)RevokedCertificateBuilder.revocation_daterrLrcCsFt|tstdt|j||}t||jt|j|j g|j|S)Nr) rNrr}rrr0rnrrlrmrr$r$r%rs   z'RevokedCertificateBuilder.add_extensionrrb)rrcCs:|jdurtd|jdur$tdt|j|jt|jS)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rlr.rmrirrn)r!rr$r$r%build s  zRevokedCertificateBuilder.build)N)r'r(r)r rcrdrrr$r$r$r%rs rrBrGcCsttddd?S)Nbigr)rB from_bytesosurandomr$r$r$r%random_serial_number.sr)L __future__rrfr;rtypingrqZ cryptographyrZ"cryptography.hazmat.bindings._rustrrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrrrr r r r r Z/cryptography.hazmat.primitives.asymmetric.typesrrZcryptography.x509.extensionsrrrrZcryptography.x509.namerrZcryptography.x509.oidrrUnionSHA224SHA256SHA384SHA512ZSHA3_224ZSHA3_256ZSHA3_384ZSHA3_512Z_AllowedHashTypes Exceptionrr0r4r?r@rTEnumr\r`rABCMetarbregisterrirrZload_pem_x509_certificateZload_der_x509_certificateZload_pem_x509_certificatesZload_pem_x509_csrZload_der_x509_csrZload_pem_x509_crlZload_der_x509_crlrurrrrr$r$r$r%sj    (     $ "evI