Your IP : 3.15.12.133


Current Path : /usr/lib64/python3.6/site-packages/cryptography/x509/__pycache__/
Upload File :
Current File : //usr/lib64/python3.6/site-packages/cryptography/x509/__pycache__/ocsp.cpython-36.pyc

3

l�_�3�@spddlmZmZmZddlZddlZddlmZddlZddl	m
Z
ddlmZddl
mZmZmZej�ej�ej�ej�ej�d�ZGdd	�d	e�ZGd
d�de�Zdd
�eD�ZejejejejejfZdd�ZGdd�de�Zdd
�eD�Zdd�Zdd�ZGdd�de �Z!Gdd�de �Z"Gdd�de �Z#ej$ej%�Gdd�de ��Z&ej$ej%�Gdd �d e ��Z'dS)!�)�absolute_import�division�print_functionN)�Enum)�x509)�hashes)�_EARLIEST_UTC_TIME�_convert_to_naive_utc_time�_reject_duplicate_extension)z
1.3.14.3.2.26z2.16.840.1.101.3.4.2.4z2.16.840.1.101.3.4.2.1z2.16.840.1.101.3.4.2.2z2.16.840.1.101.3.4.2.3c@seZdZdZdZdS)�OCSPResponderEncodingzBy HashzBy NameN)�__name__�
__module__�__qualname__ZHASH�NAME�rr�/usr/lib64/python3.6/ocsp.pyrsrc@s$eZdZdZdZdZdZdZdZdS)�OCSPResponseStatusr�����N)	rr
r�
SUCCESSFULZMALFORMED_REQUESTZINTERNAL_ERRORZ	TRY_LATERZSIG_REQUIREDZUNAUTHORIZEDrrrrr$srcCsi|]}||j�qSr)�value)�.0�xrrr�
<dictcomp>-srcCst|t�std��dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)�
isinstance�_ALLOWED_HASHES�
ValueError)�	algorithmrrr�_verify_algorithm7s
r!c@seZdZdZdZdZdS)�OCSPCertStatusrrrN)rr
rZGOOD�REVOKEDZUNKNOWNrrrrr">sr"cCsi|]}||j�qSr)r)rrrrrrDscCsddlm}|j|�S)Nr)�backend)�,cryptography.hazmat.backends.openssl.backendr$�load_der_ocsp_request)�datar$rrrr&Gsr&cCsddlm}|j|�S)Nr)r$)r%r$�load_der_ocsp_response)r'r$rrrr(Msr(c@s2eZdZdgfdd�Zdd�Zdd�Zdd	�ZdS)
�OCSPRequestBuilderNcCs||_||_dS)N)�_request�_extensions)�selfZrequest�
extensionsrrr�__init__TszOCSPRequestBuilder.__init__cCsP|jdk	rtd��t|�t|tj�s6t|tj�r>td��t|||f|j�S)Nz.Only one certificate can be added to a requestz%cert and issuer must be a Certificate)	r*rr!rr�Certificate�	TypeErrorr)r+)r,�cert�issuerr rrr�add_certificateXs
z"OCSPRequestBuilder.add_certificatecCsDt|tj�std��tj|j||�}t||j�t|j	|j|g�S)Nz"extension must be an ExtensionType)
rr�
ExtensionTyper0�	Extension�oidr
r+r)r*)r,�	extension�criticalrrr�
add_extensiondsz OCSPRequestBuilder.add_extensioncCs(ddlm}|jdkrtd��|j|�S)Nr)r$z*You must add a certificate before building)r%r$r*rZcreate_ocsp_request)r,r$rrr�buildos
zOCSPRequestBuilder.build)rr
rr.r3r9r:rrrrr)Ssr)c@seZdZdd�ZdS)�_SingleResponsec		Cst|tj�st|tj�r$td��t|�t|tj�s@td��|dk	r^t|tj�r^td��||_||_||_||_	||_
t|t�s�td��|tjk	r�|dk	r�t
d��|dk	r�t
d��nNt|tj�s�td��t|�}|tkr�t
d��|dk	�rt|tj��rtd	��||_||_||_dS)
Nz%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)rrr/r0r!�datetimeZ_certZ_issuerZ
_algorithmZ_this_updateZ_next_updater"r#rr	rZReasonFlagsZ_cert_statusZ_revocation_timeZ_revocation_reason)	r,r1r2r �cert_status�this_update�next_update�revocation_time�revocation_reasonrrrr.ysJ


z_SingleResponse.__init__N)rr
rr.rrrrr;xsr;c@sReZdZdddgfdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Ze	dd��Z
dS)�OCSPResponseBuilderNcCs||_||_||_||_dS)N)�	_response�
_responder_id�_certsr+)r,Zresponse�responder_id�certsr-rrrr.�szOCSPResponseBuilder.__init__c	
	Cs<|jdk	rtd��t||||||||�}	t|	|j|j|j�S)Nz#Only one response per OCSPResponse.)rCrr;rBrDrEr+)
r,r1r2r r=r>r?r@rAZ
singleresprrr�add_response�s 
z OCSPResponseBuilder.add_responsecCsP|jdk	rtd��t|tj�s&td��t|t�s8td��t|j||f|j	|j
�S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)rDrrrr/r0rrBrCrEr+)r,�encodingZresponder_certrrrrF�s

z OCSPResponseBuilder.responder_idcCs\|jdk	rtd��t|�}t|�dkr.td��tdd�|D��sHtd��t|j|j||j	�S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tj�VqdS)N)rrr/)rrrrr�	<genexpr>�sz3OCSPResponseBuilder.certificates.<locals>.<genexpr>z$certs must be a list of Certificates)
rEr�list�len�allr0rBrCrDr+)r,rGrrr�certificates�s
z OCSPResponseBuilder.certificatescCsLt|tj�std��tj|j||�}t||j�t|j	|j
|j|j|g�S)Nz"extension must be an ExtensionType)rrr4r0r5r6r
r+rBrCrDrE)r,r7r8rrrr9sz!OCSPResponseBuilder.add_extensioncCsBddlm}|jdkrtd��|jdkr0td��|jtj|||�S)Nr)r$z&You must add a response before signingz*You must add a responder_id before signing)r%r$rCrrD�create_ocsp_responserr)r,Zprivate_keyr r$rrr�signs

zOCSPResponseBuilder.signcCs@ddlm}t|t�std��|tjkr0td��|j|ddd�S)Nr)r$z7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r%r$rrr0rrrO)�cls�response_statusr$rrr�build_unsuccessful s

z&OCSPResponseBuilder.build_unsuccessful)rr
rr.rHrFrNr9rP�classmethodrSrrrrrB�srBc@s`eZdZejdd��Zejdd��Zejdd��Zejdd��Zej	d	d
��Z
ejdd��Zd
S)�OCSPRequestcCsdS)z3
        The hash of the issuer public key
        Nr)r,rrr�issuer_key_hash0szOCSPRequest.issuer_key_hashcCsdS)z-
        The hash of the issuer name
        Nr)r,rrr�issuer_name_hash6szOCSPRequest.issuer_name_hashcCsdS)zK
        The hash algorithm used in the issuer name and key hashes
        Nr)r,rrr�hash_algorithm<szOCSPRequest.hash_algorithmcCsdS)zM
        The serial number of the cert whose status is being checked
        Nr)r,rrr�
serial_numberBszOCSPRequest.serial_numbercCsdS)z/
        Serializes the request to DER
        Nr)r,rIrrr�public_bytesHszOCSPRequest.public_bytescCsdS)zP
        The list of request extensions. Not single request extensions.
        Nr)r,rrrr-NszOCSPRequest.extensionsN)rr
r�abc�abstractpropertyrVrWrXrY�abstractmethodrZr-rrrrrU.srUc@s$eZdZejdd��Zejdd��Zejdd��Zejdd��Zejd	d
��Z	ejdd��Z
ejd
d��Zejdd��Zejdd��Z
ejdd��Zejdd��Zejdd��Zejdd��Zejdd��Zejdd��Zejdd ��Zejd!d"��Zejd#d$��Zejd%d&��Zejd'd(��Zd)S)*�OCSPResponsecCsdS)zm
        The status of the response. This is a value from the OCSPResponseStatus
        enumeration
        Nr)r,rrrrRWszOCSPResponse.response_statuscCsdS)zA
        The ObjectIdentifier of the signature algorithm
        Nr)r,rrr�signature_algorithm_oid^sz$OCSPResponse.signature_algorithm_oidcCsdS)zX
        Returns a HashAlgorithm corresponding to the type of the digest signed
        Nr)r,rrr�signature_hash_algorithmdsz%OCSPResponse.signature_hash_algorithmcCsdS)z%
        The signature bytes
        Nr)r,rrr�	signaturejszOCSPResponse.signaturecCsdS)z+
        The tbsResponseData bytes
        Nr)r,rrr�tbs_response_bytespszOCSPResponse.tbs_response_bytescCsdS)z�
        A list of certificates used to help build a chain to verify the OCSP
        response. This situation occurs when the OCSP responder uses a delegate
        certificate.
        Nr)r,rrrrNvszOCSPResponse.certificatescCsdS)z2
        The responder's key hash or None
        Nr)r,rrr�responder_key_hash~szOCSPResponse.responder_key_hashcCsdS)z.
        The responder's Name or None
        Nr)r,rrr�responder_name�szOCSPResponse.responder_namecCsdS)z4
        The time the response was produced
        Nr)r,rrr�produced_at�szOCSPResponse.produced_atcCsdS)zY
        The status of the certificate (an element from the OCSPCertStatus enum)
        Nr)r,rrr�certificate_status�szOCSPResponse.certificate_statuscCsdS)z^
        The date of when the certificate was revoked or None if not
        revoked.
        Nr)r,rrrr@�szOCSPResponse.revocation_timecCsdS)zi
        The reason the certificate was revoked or None if not specified or
        not revoked.
        Nr)r,rrrrA�szOCSPResponse.revocation_reasoncCsdS)z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct
        Nr)r,rrrr>�szOCSPResponse.this_updatecCsdS)zC
        The time when newer information will be available
        Nr)r,rrrr?�szOCSPResponse.next_updatecCsdS)z3
        The hash of the issuer public key
        Nr)r,rrrrV�szOCSPResponse.issuer_key_hashcCsdS)z-
        The hash of the issuer name
        Nr)r,rrrrW�szOCSPResponse.issuer_name_hashcCsdS)zK
        The hash algorithm used in the issuer name and key hashes
        Nr)r,rrrrX�szOCSPResponse.hash_algorithmcCsdS)zM
        The serial number of the cert whose status is being checked
        Nr)r,rrrrY�szOCSPResponse.serial_numbercCsdS)zR
        The list of response extensions. Not single response extensions.
        Nr)r,rrrr-�szOCSPResponse.extensionscCsdS)zR
        The list of single response extensions. Not response extensions.
        Nr)r,rrr�single_extensions�szOCSPResponse.single_extensionsN)rr
rr[r\rRr_r`rarbrNrcrdrerfr@rAr>r?rVrWrXrYr-rgrrrrr^Us(r^)(Z
__future__rrrr[r<�enumrZsixZcryptographyrZcryptography.hazmat.primitivesrZcryptography.x509.baserr	r
ZSHA1ZSHA224ZSHA256ZSHA384ZSHA512Z
_OIDS_TO_HASHrrZ_RESPONSE_STATUS_TO_ENUMrr!r"Z_CERT_STATUS_TO_ENUMr&r(�objectr)r;rBZ
add_metaclass�ABCMetarUr^rrrr�<module>s@	%Fp&

?>