o e] @sddlmZddlZddlZddlZddlZddlmZddlm Z ddl m Z m Z ddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZmZdd l m!Z!m"Z"dd l#m$Z$ed d d Z%ej&e j'e j(e j)e j*e j+e j,e j-e j.fZ/Gd dde0Z1dRddZ2dSddZ3dTdd Z4Gd!d"d"Z5Gd#d$d$Z6Gd%d&d&ej7Z8Gd'd(d(e0Z9Gd)d*d*ej:d+Z;e;Gd0d1d1ej:d+Z?e?ZC dUdXd?d@ZD dUdXdAdBZE dUdYdCdDZF dUdYdEdFZGGdGdHdHZHGdIdJdJZIGdKdLdLZJGdMdNdNZKdZdPdQZLdS)[) annotationsN)utils)x509)hashes serialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifiericeZdZd fdd ZZS) AttributeNotFoundmsgstroidrreturnNonect|||_dSN)super__init__r)selfrr __class__FD:\Projects\ConvertPro\env\Lib\site-packages\cryptography/x509/base.pyr$8  zAttributeNotFound.__init__)rrrrrr __name__ __module__ __qualname__r$ __classcell__r(r(r&r)r7r extensionExtension[ExtensionType] extensions%typing.List[Extension[ExtensionType]]rr cCs"|D] }|j|jkrtdqdS)Nz$This extension has already been set.)r ValueError)r1r3er(r(r)_reject_duplicate_extension=s  r7rr attributesHtyping.List[typing.Tuple[ObjectIdentifier, bytes, typing.Optional[int]]]cCs$|D] \}}}||krtdqdS)Nz$This attribute has already been set.)r5)rr8Zattr_oid_r(r(r)_reject_duplicate_attributeGs r;timedatetime.datetimecCs6|jdur|}|r |nt}|jdd|S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. N)tzinfo)r> utcoffsetdatetime timedeltareplace)r<offsetr(r(r)_convert_to_naive_utc_timeSs rDc@sXeZdZejjfdd d Zedd d Zedd dZdddZ dddZ dddZ dS) Attributerrvaluebytes_typeintrr cC||_||_||_dSr")_oid_valuerH)r%rrFrHr(r(r)r$b zAttribute.__init__cC|jSr")rKr%r(r(r)rlz Attribute.oidcCrNr")rLrOr(r(r)rFprPzAttribute.valuercCsd|jd|jdS)Nz)rrFrOr(r(r)__repr__tzAttribute.__repr__otherobjectboolcCs2t|tstS|j|jko|j|jko|j|jkSr") isinstancerENotImplementedrrFrHr%rTr(r(r)__eq__ws    zAttribute.__eq__cCst|j|j|jfSr")hashrrFrHrOr(r(r)__hash__szAttribute.__hash__N)rrrFrGrHrIrr rrrrGrrrTrUrrVrrI) r,r-r.rZ UTF8StringrFr$propertyrrRrZr\r(r(r(r)rEas      rEc@s8eZdZdddZed\ZZZdd d ZdddZ dS) Attributesr8typing.Iterable[Attribute]rr cCst||_dSr")list _attributes)r%r8r(r(r)r$szAttributes.__init__rfrcCsd|jdS)Nz d d Zejd?ddZ eejd@ddZ eejd@ddZ eejdAddZ eejdAddZ eejdBddZeejdCddZeejdDd!d"ZeejdEd$d%ZeejdFd&d'ZeejdFd(d)ZeejdFd*d+ZejdGd/d0Zejd=d1d2ZejdHd5d6ZejdId9d:Zd;S)J Certificate algorithmhashes.HashAlgorithmrrGcCdSz4 Returns bytes using digest passed. Nr(r%rsr(r(r) fingerprintzCertificate.fingerprintrIcCru)z3 Returns certificate serial number Nr(rOr(r(r) serial_numberryzCertificate.serial_numberrlcCru)z1 Returns the certificate version Nr(rOr(r(r)versionryzCertificate.versionrcCruz( Returns the public key Nr(rOr(r(r) public_keyryzCertificate.public_keyr=cCru)z? Not before time (represented as UTC datetime) Nr(rOr(r(r)not_valid_beforeryzCertificate.not_valid_beforecCru)z> Not after time (represented as UTC datetime) Nr(rOr(r(r)not_valid_afterryzCertificate.not_valid_afterrcCru)z1 Returns the issuer name object. Nr(rOr(r(r)issuerryzCertificate.issuercCruz2 Returns the subject name object. Nr(rOr(r(r)subjectryzCertificate.subject%typing.Optional[hashes.HashAlgorithm]cCruzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. Nr(rOr(r(r)signature_hash_algorithmryz$Certificate.signature_hash_algorithmrcCruzJ Returns the ObjectIdentifier of the signature algorithm. Nr(rOr(r(r)signature_algorithm_oidryz#Certificate.signature_algorithm_oid;typing.Union[None, padding.PSS, padding.PKCS1v15, ec.ECDSA]cCru)z= Returns the signature algorithm parameters. Nr(rOr(r(r)signature_algorithm_parametersryz*Certificate.signature_algorithm_parametersrcCru)z/ Returns an Extensions object. Nr(rOr(r(r)r3ryzCertificate.extensionscCruz. Returns the signature bytes. Nr(rOr(r(r) signatureryzCertificate.signaturecCru)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. Nr(rOr(r(r)tbs_certificate_bytesryz!Certificate.tbs_certificate_bytescCru)zh Returns the tbsCertificate payload bytes with the SCT list extension stripped. Nr(rOr(r(r)tbs_precertificate_bytes ryz$Certificate.tbs_precertificate_bytesrTrUrVcCruz" Checks equality. Nr(rYr(r(r)rZryzCertificate.__eq__cCruz" Computes a hash. Nr(rOr(r(r)r\ryzCertificate.__hash__encodingserialization.EncodingcCru)zB Serializes the certificate to PEM or DER format. Nr(r%rr(r(r) public_bytesryzCertificate.public_bytesrr cCru)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nr()r%rr(r(r)verify_directly_issued_by$ryz%Certificate.verify_directly_issued_byNrsrtrrGra)rrlrrrr=rrrrr])rrrrr^r`rrrrG)rrrrr )r,r-r.abcabstractmethodrxrbrzr{r}r~rrrrrrr3rrrrZr\rrr(r(r(r)rrsh     rr) metaclassc@sHeZdZeejd ddZeejd ddZeejdd d Zd S)RevokedCertificaterrIcCru)zG Returns the serial number of the revoked certificate. Nr(rOr(r(r)rz2ryz RevokedCertificate.serial_numberr=cCru)zH Returns the date of when this certificate was revoked. Nr(rOr(r(r)revocation_date9ryz"RevokedCertificate.revocation_datercCru)zW Returns an Extensions object containing a list of Revoked extensions. Nr(rOr(r(r)r3@ryzRevokedCertificate.extensionsNrarr) r,r-r.rbrrrzrr3r(r(r(r)r1src@s@eZdZdddZedd d Zedd d ZedddZdS)_RawRevokedCertificaterzrIrr=r3rcCrJr"_serial_number_revocation_date _extensionsr%rzrr3r(r(r)r$MrMz_RawRevokedCertificate.__init__rcCrNr")rrOr(r(r)rzWrPz$_RawRevokedCertificate.serial_numbercCrNr")rrOr(r(r)r[rPz&_RawRevokedCertificate.revocation_datecCrNr")rrOr(r(r)r3_rPz!_RawRevokedCertificate.extensionsN)rzrIrr=r3rrarr)r,r-r.r$rbrzrr3r(r(r(r)rLs   rc@sLeZdZejd?ddZejd@d d ZejdAddZeejdBddZ eejdCddZ eejdDddZ eejdEddZ eejdFddZ eejdGd d!ZeejdHd"d#ZeejdHd$d%ZejdId)d*ZejdJd+d,ZejdKd/d0ZejdLd3d0ZejdMd6d0ZejdNd8d9ZejdOdS)PCertificateRevocationListrrrrGcCru)z: Serializes the CRL to PEM or DER format. Nr(rr(r(r)reryz&CertificateRevocationList.public_bytesrsrtcCrurvr(rwr(r(r)rxkryz%CertificateRevocationList.fingerprintrzrI#typing.Optional[RevokedCertificate]cCru)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nr()r%rzr(r(r)(get_revoked_certificate_by_serial_numberqryzBCertificateRevocationList.get_revoked_certificate_by_serial_numberrcCrurr(rOr(r(r)rzryz2CertificateRevocationList.signature_hash_algorithmrcCrurr(rOr(r(r)rryz1CertificateRevocationList.signature_algorithm_oidrcCru)zC Returns the X509Name with the issuer of this CRL. Nr(rOr(r(r)rryz CertificateRevocationList.issuer"typing.Optional[datetime.datetime]cCru)z? Returns the date of next update for this CRL. Nr(rOr(r(r) next_updateryz%CertificateRevocationList.next_updater=cCru)z? Returns the date of last update for this CRL. Nr(rOr(r(r) last_updateryz%CertificateRevocationList.last_updatercCru)zS Returns an Extensions object containing a list of CRL extensions. Nr(rOr(r(r)r3ryz$CertificateRevocationList.extensionscCrurr(rOr(r(r)rryz#CertificateRevocationList.signaturecCru)zO Returns the tbsCertList payload bytes as defined in RFC 5280. Nr(rOr(r(r)tbs_certlist_bytesryz,CertificateRevocationList.tbs_certlist_bytesrTrUrVcCrurr(rYr(r(r)rZryz CertificateRevocationList.__eq__cCru)z< Number of revoked certificates in the CRL. Nr(rOr(r(r)riryz!CertificateRevocationList.__len__idxrcCdSr"r(r%rr(r(r)rkz%CertificateRevocationList.__getitem__slicetyping.List[RevokedCertificate]cCrr"r(rr(r(r)rkrtyping.Union[int, slice]Atyping.Union[RevokedCertificate, typing.List[RevokedCertificate]]cCru)zS Returns a revoked certificate (or slice of revoked certificates). Nr(rr(r(r)rkry#typing.Iterator[RevokedCertificate]cCru)z8 Iterator over the revoked certificates Nr(rOr(r(r)rjryz"CertificateRevocationList.__iter__r}rcCru)zQ Verifies signature of revocation list against given public key. Nr()r%r}r(r(r)is_signature_validryz,CertificateRevocationList.is_signature_validNrr)rzrIrrrr]r)rrrrr^r`ra)rrIrr)rrrr)rrrr)rr)r}rrrV)r,r-r.rrrrxrrbrrrrrr3rrrZritypingoverloadrkrjrr(r(r(r)rdsZ         rc@seZdZejd+ddZejd,dd Zejd-d d Zeejd.ddZ eejd/ddZ eejd0ddZ eejd1ddZ eejd2ddZ ejd3dd Zeejd4d!d"Zeejd4d#d$Zeejd5d%d&Zejd6d(d)Zd*S)7CertificateSigningRequestrTrUrrVcCrurr(rYr(r(r)rZryz CertificateSigningRequest.__eq__rIcCrurr(rOr(r(r)r\ryz"CertificateSigningRequest.__hash__rcCrur|r(rOr(r(r)r}ryz$CertificateSigningRequest.public_keyrcCrurr(rOr(r(r)rryz!CertificateSigningRequest.subjectrcCrurr(rOr(r(r)rryz2CertificateSigningRequest.signature_hash_algorithmrcCrurr(rOr(r(r)rryz1CertificateSigningRequest.signature_algorithm_oidrcCru)z@ Returns the extensions in the signing request. Nr(rOr(r(r)r3ryz$CertificateSigningRequest.extensionsrccCru)z/ Returns an Attributes object. Nr(rOr(r(r)r8ryz$CertificateSigningRequest.attributesrrrGcCru)z; Encodes the request to PEM or DER format. Nr(rr(r(r)rryz&CertificateSigningRequest.public_bytescCrurr(rOr(r(r)r"ryz#CertificateSigningRequest.signaturecCru)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. Nr(rOr(r(r)tbs_certrequest_bytes)ryz/CertificateSigningRequest.tbs_certrequest_bytescCru)z8 Verifies signature of signing request. Nr(rOr(r(r)r1ryz,CertificateSigningRequest.is_signature_validrcCru)z: Get the attribute value for a given OID. Nr()r%rr(r(r)rh8ryz/CertificateSigningRequest.get_attribute_for_oidNr`rarrrr]r)rrcrr^)rrV)rrrrG)r,r-r.rrrZr\r}rbrrrr3r8rrrrrhr(r(r(r)rsF    rdatarGbackend typing.AnycC t|Sr") rust_x509load_pem_x509_certificaterrr(r(r)rD rtyping.List[Certificate]cCrr")rload_pem_x509_certificates)rr(r(r)rJs rcCrr")rload_der_x509_certificaterr(r(r)rOrrcCrr")rload_pem_x509_csrrr(r(r)rVrrcCrr")rload_der_x509_csrrr(r(r)r]rrcCrr")rload_pem_x509_crlrr(r(r)rdrrcCrr")rload_der_x509_crlrr(r(r)rkrrc@sPeZdZdggfd'dd Zd(d dZd)ddZddd*ddZ d+d,d%d&ZdS)- CertificateSigningRequestBuilderN subject_nametyping.Optional[Name]r3r4r8r9cCs||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_namerrf)r%rr3r8r(r(r)r$rs  z)CertificateSigningRequestBuilder.__init__namerrcCs4t|ts td|jdurtdt||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.)rWr TypeErrorrr5rrrfr%rr(r(r)rs   z-CertificateSigningRequestBuilder.subject_nameextvalrcriticalrVcCsDt|ts tdt|j||}t||jt|j|j|g|j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) rWrrrrr7rrrrfr%rrr1r(r(r) add_extensions   z.CertificateSigningRequestBuilder.add_extension)_tagrrrFrGrtyping.Optional[_ASN1Type]cCs|t|ts tdt|tstd|durt|tstdt||j|dur-|j}nd}t|j |j |j|||fgS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) rWrrrGrr;rfrFrrr)r%rrFrtagr(r(r) add_attributes   z.CertificateSigningRequestBuilder.add_attribute private_keyrrs"typing.Optional[_AllowedHashTypes]rrrcCs |jdur tdt|||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subject)rr5rZcreate_x509_csrr%rrsrr(r(r)signs z%CertificateSigningRequestBuilder.sign)rrr3r4r8r9)rrrr)rrrrVrr)rrrFrGrrrrr")rrrsrrrrr)r,r-r.r$rrrrr(r(r(r)rqs  $rc@seZdZUded<ddddddgfd9ddZd:ddZd:ddZd;ddZdd+d,Z d?dd-d@d7d8Z dS)ACertificateBuilderr4rN issuer_namerrr}*typing.Optional[CertificatePublicKeyTypes]rztyping.Optional[int]r~rrr3rr cCs6tj|_||_||_||_||_||_||_||_ dSr") rlro_version _issuer_namer _public_keyr_not_valid_before_not_valid_afterr)r%rrr}rzr~rr3r(r(r)r$s  zCertificateBuilder.__init__rrcCsDt|ts td|jdurtdt||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. rN%The issuer name may only be set once.) rWrrrr5rrrrrrrrr(r(r)rs  zCertificateBuilder.issuer_namecCsDt|ts td|jdurtdt|j||j|j|j |j |j S)z: Sets the requestor's distinguished name. rNr) rWrrrr5rrrrrrrrr(r(r)rs  zCertificateBuilder.subject_namekeyrc Cs`t|tjtjtjtjt j t j t jfstd|jdur tdt|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rWrZ DSAPublicKeyr Z RSAPublicKeyrZEllipticCurvePublicKeyr ZEd25519PublicKeyr ZEd448PublicKeyrZX25519PublicKeyr Z X448PublicKeyrrr5rrrrrrr)r%rr(r(r)r}s2  zCertificateBuilder.public_keynumberrIcCsht|ts td|jdurtd|dkrtd|dkr$tdt|j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) rWrIrrr5 bit_lengthrrrrrrrr%rr(r(r)rz,s&   z CertificateBuilder.serial_numberr<r=cCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rWr@rrr5rD_EARLIEST_UTC_TIMErrrrrrrr%r<r(r(r)r~Gs,  z#CertificateBuilder.not_valid_beforecCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rNz)The not valid after may only be set once.zs~   (    $   | ]      \xI