o STh1@sddlmZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZGd d d ejZGd d d ejZe je je je je jfZdddZGdddejZGdddZe jZe jZe jZGdddZGdddZ e j!Z!e j"Z"dS)) annotationsN)Iterable)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrW/home/air/segue/gemini/back/venv/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm*s r%c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r r GOODREVOKEDUNKNOWNrrrrr&1sr&c@seZdZdddZdS)_SingleResponseresp0tuple[x509.Certificate, x509.Certificate] | None resp_hashtuple[bytes, bytes, int] | Nonerr cert_statusr& this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|t|tjstd|durt|tjstd||_||_||_||_||_t|t s4td|t j urJ|durAt d|durIt dnt|tjsTtd|durbt|t j sbtd||_||_||_dS)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)r%r"datetime TypeError_resp _resp_hash _algorithm _this_update _next_updater&r(r$r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr+r-rr/r0r2r4r5rrr__init__8sJ       z_SingleResponse.__init__N)r+r,r-r.rrr/r&r0r1r2r3r4r3r5r6)r r r rCrrrrr*7sr*c@sFeZdZddgfd#d d Zd$ddZd%ddZd&ddZd'd!d"ZdS)(OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]r r!cCs||_||_||_dSN)_request _request_hash _extensions)rBrErGrIrrrrCws  zOCSPRequestBuilder.__init__certx509.CertificateissuerrrcCsZ|jdus |jdurtdt|t|tjrt|tjs"tdt|||f|j|j S)N.Only one certificate can be added to a request%cert and issuer must be a Certificate) rLrMr$r%r"r Certificater8rDrN)rBrOrQrrrradd_certificatesz"OCSPRequestBuilder.add_certificateissuer_name_hashbytesissuer_key_hash serial_numberintcCs|jdus |jdurtdt|tstdt|td|td||j t |ks5|j t |kr9tdt |j||||f|j S)NrR serial_number must be an integerrVrX`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rLrMr$r"rZr8r%r _check_bytes digest_sizelenrDrN)rBrVrXrYrrrradd_certificate_by_hashs&    z*OCSPRequestBuilder.add_certificate_by_hashextvalx509.ExtensionTypecriticalboolcCsJt|tjs tdt|j||}t||jt|j |j g|j|SNz"extension must be an ExtensionType) r"r ExtensionTyper8 Extensionoidr rNrDrLrMrBrarc extensionrrr add_extensions  z OCSPRequestBuilder.add_extension OCSPRequestcCs&|jdur|jdurtdt|S)Nz*You must add a certificate before building)rLrMr$rcreate_ocsp_request)rBrrrbuilds zOCSPRequestBuilder.build)rErFrGrHrIrJr r!)rOrPrQrPrrr rD) rVrWrXrWrYrZrrr rD)rarbrcrdr rD)r rl)r r r rCrUr`rkrnrrrrrDvs    rDc@sjeZdZdddgfdd"d#Zd?d'd(Zd@d*d+ZdAd0d1ZdBd6d7Z e dCd:d;Z dS)DOCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | NonerIrJcCs||_||_||_||_dSrK) _response _responder_id_certsrN)rBrprrrtrIrrrrCs zOCSPResponseBuilder.__init__rOrPrQrrr/r&r0r1r2r3r4r5r6r c Cs`|jdur tdt|tjrt|tjstdt||fd||||||} t| |j|j |j S)N#Only one response per OCSPResponse.rS) rvr$r"rrTr8r*rorwrxrN) rBrOrQrr/r0r2r4r5 singleresprrr add_responses,  z OCSPResponseBuilder.add_responserVrWrXrYrZc Cs|jdur tdt|tstdtd|td|t||jt |ks0|jt |kr4tdt d|||f|||||| } t | |j |j |jS)Nryr[rVrXr\)rvr$r"rZr8rr]r%r^r_r*rorwrxrN) rBrVrXrYrr/r0r2r4r5rzrrradd_response_by_hashs<     z(OCSPResponseBuilder.add_response_by_hashencodingr responder_certcCsP|jdur tdt|tjstdt|tstdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rwr$r"rrTr8r rorvrxrN)rBr}r~rrrrr*s   z OCSPResponseBuilder.responder_idIterable[x509.Certificate]cCs\|jdur tdt|}t|dkrtdtdd|Ds$tdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjVqdSrK)r"rrT).0xrrr Esz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rxr$listr_allr8rorvrwrN)rBrtrrr certificates=s  z OCSPResponseBuilder.certificatesrarbrcrdcCsNt|tjs tdt|j||}t||jt|j |j |j g|j|Sre) r"rrfr8rgrhr rNrorvrwrxrirrrrkNs   z!OCSPResponseBuilder.add_extension private_keyrhashes.HashAlgorithm | None OCSPResponsecCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rvr$rwrcreate_ocsp_responserr)rBrrrrrsign^s   zOCSPResponseBuilder.signresponse_statusrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r"rr8rr$rr)clsrrrrbuild_unsuccessfulls  z&OCSPResponseBuilder.build_unsuccessful)rprqrrrsrtrurIrJ)rOrPrQrPrrr/r&r0r1r2r3r4r3r5r6r ro)rVrWrXrWrYrZrrr/r&r0r1r2r3r4r3r5r6r ro)r}r r~rPr ro)rtrr ro)rarbrcrdr ro)rrrrr r)rrr r) r r r rCr{r|rrrrkr classmethodrrrrrros $ .   ro)rrr r!)# __future__rr7collections.abcr cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesr/cryptography.hazmat.primitives.asymmetric.typesrcryptography.x509.baser Enumr rSHA1SHA224SHA256SHA384SHA512r#r%r&r*rlrOCSPSingleResponserDroload_der_ocsp_requestload_der_ocsp_responserrrrs6        :T1