Ng~,ddlmZddlZddlZddlmZmZddlmZddl m Z ddl m Z ddl mZmZmZGdd ejZGd d ejZe je je je je jfZddZGddejZGddZejZejZejZGddZ GddZ!ej"Z"ej#Z#dS)) annotationsN)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionceZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMER/var/www/html/ai-engine/env/lib/python3.11/site-packages/cryptography/x509/ocsp.pyr r s D DDDrr c&eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) rrr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrs-JNILLLLrr algorithmhashes.HashAlgorithmreturnNonecNt|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)r#s r_verify_algorithmr+.s3 i 1 1  G     rceZdZdZdZdZdS)OCSPCertStatusrrrN)rrrGOODREVOKEDUNKNOWNrrrr-r-5s DGGGGrr-ceZdZddZdS)_SingleResponsecertx509.Certificateissuerr#r$ cert_statusr- this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec ft|tjrt|tjstdt |t|t jstd|)t|t jstd||_||_||_||_ ||_ t|tstd|tj ur#|td|tdn}t|t jstdt|}|tkrtd|)t|tjstd ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r(r Certificate TypeErrorr+datetime_cert_issuer _algorithm _this_update _next_updater-r/r*r r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr3r5r#r6r7r9r;r<s r__init__z_SingleResponse.__init__<s$ 011 E D$: :  ECDD D)$$$+x'899 ECDD D  ": *, , "KLL L  #''+~66 J  n4 4 4* !!, "- ox/@AA M KLLL8IIO!333 ' !,Z!4#366, # ( /"3rN)r3r4r5r4r#r$r6r-r7r8r9r:r;r:r<r=)rrrrMrrrr2r2;s.B4B4B4B4B4B4rr2c>eZdZddgfdd ZddZd dZd!dZd"dZdS)#OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]r%r&c0||_||_||_dSN)_request _request_hash _extensions)rLrPrRrTs rrMzOCSPRequestBuilder.__init__s!  )%rr3r4r5r#r$c|j|jtdt|t |t jrt |t jstdt|||f|j|j S)N.Only one certificate can be added to a requestr?) rXrYr*r+r(rr@rArOrZ)rLr3r5r#s radd_certificatez"OCSPRequestBuilder.add_certificates = $(:(FMNN N)$$$$ 011 E D$: :  ECDD D! 69 %t'94;K   rissuer_name_hashbytesissuer_key_hash serial_numberintc|j|jtdt|tst dt |tjd|tjd||j t|ks|j t|krtdt|j||||f|j S)Nr\z serial_number must be an integerr^r`z`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rXrYr*r(rbrAr+r _check_bytes digest_sizelenrOrZ)rLr^r`rar#s radd_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hashs = $(:(FMNN N--- @>?? ?)$$$ -/?@@@ ,o>>>  C % %    "c/&:&: : :6  " M  y I     rextvalx509.ExtensionTypecriticalboolct|tjstdtj|j||}t ||jt|j |j g|j|SNz"extension must be an ExtensionType) r(r ExtensionTyperA Extensionoidr rZrOrXrYrLrhrj extensions r add_extensionz OCSPRequestBuilder.add_extensions}&$"455 B@AA AN6:x@@ #It/?@@@! M4-/M1A/M9/M   r OCSPRequestcd|j|jtdtj|S)Nz*You must add a certificate before building)rXrYr*rcreate_ocsp_request)rLs rbuildzOCSPRequestBuilder.builds2 = T%7%?IJJ J'---r)rPrQrRrSrTrUr%r&)r3r4r5r4r#r$r%rO) r^r_r`r_rarbr#r$r%rO)rhrirjrkr%rO)r%rt)rrrrMr]rgrsrwrrrrOrOs ?A & & & & &    &    <     ......rrOc`eZdZdddgfd.d Zd/dZd0dZd1d Zd2d%Zd3d*Ze d4d-Z dS)5OCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | NonerTrUc>||_||_||_||_dSrW) _response _responder_id_certsrZ)rLrzr|r~rTs rrMzOCSPResponseBuilder.__init__s(") %rr3r4r5r#r$r6r-r7r8r9r:r;r<r=r%c |jtdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rr*r2ryrrrZ) rLr3r5r#r6r7r9r;r< singleresps r add_responsez OCSPResponseBuilder.add_responsesj > %BCC C$           #    K      rencodingr responder_certc|jtdt|tjst dt|t st dt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr*r(rr@rAr ryrrrZ)rLrrs rr|z OCSPResponseBuilder.responder_ids   )@AA A.$*:;; DBCC C($9:: H # N X & K      r!typing.Iterable[x509.Certificate]c"|jtdt|}t|dkrtdt d|Dst dt |j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listc3JK|]}t|tjVdSrW)r(rr@).0xs r z3OCSPResponseBuilder.certificates.."s/BBq:a!122BBBBBBrz$certs must be a list of Certificates) rr*listrfallrAryrrrZ)rLr~s r certificatesz OCSPResponseBuilder.certificatess ; "@AA AU  u::??>?? ?BBEBBBBB DBCC C" N         rrhrirjrkct|tjstdtj|j||}t ||jt|j |j |j g|j|Srm) r(rrnrArorpr rZryrrrrqs rrsz!OCSPResponseBuilder.add_extension+s&$"455 B@AA AN6:x@@ #It/?@@@" N   K *d * *    r private_keyrhashes.HashAlgorithm | None OCSPResponsec|jtd|jtdtjt j|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr*rrcreate_ocsp_responserr)rLrr#s rsignzOCSPResponseBuilder.sign;sT > !EFF F   %IJJ J(  )4i   rresponse_statusrct|tstd|tjurt dt j|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r(rrArr*rr)clsrs rbuild_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfulIsc/+=>> I  0; ; ;CDD D($dKKKr)rzr{r|r}r~rrTrU)r3r4r5r4r#r$r6r-r7r8r9r:r;r:r<r=r%ry)rr rr4r%ry)r~rr%ry)rhrirjrkr%ry)rrr#rr%r)rrr%r) rrrrMrr|rrsr classmethodrrrrryrys,0/3?A & & & & &    >    &    "         L L L[ L L Lrry)r#r$r%r&)$ __future__rrBtyping cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesr/cryptography.hazmat.primitives.asymmetric.typesrcryptography.x509.baser r r Enumr rSHA1SHA224SHA256SHA384SHA512r)r+r-r2rtrOCSPSingleResponserOryload_der_ocsp_requestload_der_ocsp_responserrrrsA #""""" $$$$$$$$333333111111EJ  K M M M M     UZ C4C4C4C4C4C4C4C4L  ,Q.Q.Q.Q.Q.Q.Q.Q.hzLzLzLzLzLzLzLzLz24r