U

�e�]�N�@s2
dd
lm
Z
mZmZ
ddlZddlZddlmZmZ
ddl	m
Z

ddlmZm
Z
mZmZmZmZmZmZmZmZ
ddlmZ
ddlmZmZ
ddlmZmZmZ
e�ej �
Gd	d
�d
e!��
Z"e�ej#�
Gdd�de!��
Z$e�ej%�
Gd
d�de!��
Z&e�ej'�
Gdd�de!��
Z(e�ej)j*�
Gdd�de!��
Z+dS)�)�absolute_import�division�print_functionN)�utils�x509)
�UnsupportedAlgorithm)
�_CERTIFICATE_EXTENSION_PARSER�$_CERTIFICATE_EXTENSION_PARSER_NO_SCT�_CRL_EXTENSION_PARSER�_CSR_EXTENSION_PARSER�%_REVOKED_CERTIFICATE_EXTENSION_PARSER�_asn1_integer_to_int�_asn1_string_to_bytes�_decode_x509_name�_obj2txt�_parse_asn1_time)
�_encode_asn1_int_gc)�hashes�
serialization)�dsa�ec�rsac@s�eZ
dZd
d�Zdd�Zdd�Zdd�Zd	d
�Zdd�Ze	d
d��
Z
e	dd��
Zdd�Ze	dd��
Z
e	dd��
Ze	dd��
Ze	dd��
Ze	dd��
Ze	dd��
Zejdd ��
Ze	d!d"��
Ze	d#d$��
Zd%d&�Zd'S)(�_CertificatecCs|
|_||_
dS�
N)�_backend�_x509)�self�backendr�r�K/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/x509.py�__init__s

z_Certificate.__init__c

Csd
�|j
�
S)Nz<Certificate(subject={}, ...)>)�format�subject�
rrrr�__repr__s
z_Certificate.__repr__cCs,t|
t
j�stS|jj�|j|
j�}|d
kS�Nr
)�
isinstancer�Certificate�NotImplementedr�_libZX509_cmpr�r�other�resrrr�__eq__"s


z_Certificate.__eq__cCs
||
kSrr�rr+rrr�__ne__)s
z_Certificate.__ne__c

Cst|�
tjj�
�
Sr��hash�public_bytesr�Encoding�DERr#rrr�__hash__,s
z_Certificate.__hash__cCs*t�
|
|j�}|�|�tjj�
�

|��Sr)	r�Hashr�updater2rr3r4�finalize)r�	algorithm�
hrrr�fingerprint/s


z_Certificate.fingerprintc
CsF|jj
�|j�
}
|
d
kr tjjS|
dkr0tjjSt�d�	|
�
|
��
dS)Nr
�z{} is not a valid X509 version)
rr)ZX509_get_versionrr�Version�v1Zv3ZInvalidVersionr!�r�versionrrrr@4s




�z_Certificate.versionc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_get_serialNumberr�openssl_assert�_ffi�NULLr
�r�asn1_intrrr�
serial_number@s

z_Certificate.serial_numberc
CsR|jj
�|j�
}
|
|jjjkr0|j��
td
�
�
|jj�|
|jj
j	�}
|j�
|
�
S)Nz,Certificate public key is of an unknown type)rr)ZX509_get_pubkeyrrBrC�_consume_errors�
ValueError�gc�
EVP_PKEY_free�_evp_pkey_to_public_key�r�pkeyrrr�
public_keyFs



z_Certificate.public_keyc
Cs|jj
�|j�
}
t|j|
�Sr)rr)ZX509_getm_notBeforerr�rZ	asn1_timerrr�not_valid_beforeQs
z_Certificate.not_valid_beforec
Cs|jj
�|j�
}
t|j|
�Sr)rr)ZX509_getm_notAfterrrrOrrr�not_valid_afterVs
z_Certificate.not_valid_afterc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_get_issuer_namerrArBrCr�r�issuerrrrrS[s

z_Certificate.issuerc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_get_subject_namerrArBrCr�rr"rrrr"as

z_Certificate.subjectc
Cs:|j}
zt
j|
WStk
r4


td
�|
�
�
�
YnXdS�Nz)Signature algorithm OID:{} not recognized��signature_algorithm_oidrZ_SIG_OIDS_TO_HASH�KeyErrorrr!�r�oidrrr�signature_hash_algorithmgs




�z%_Certificate.signature_hash_algorithmc
Cs^|jj
�d
�
}
|jj�|jj
j|
|j�
|j�|
d|jj
jk�

t|j|
dj	�}t
�|�
S�Nz
X509_ALGOR **r
)rrB�newr)�X509_get0_signaturerCrrArr9r�ObjectIdentifier�rZalgrZrrrrWqs

�

z$_Certificate.signature_algorithm_oidc

Cs.|jj
jrt�|j|j�St�|j|j�SdSr)rr)Z#CRYPTOGRAPHY_OPENSSL_110_OR_GREATERr�parserr	r#rrr�
extensions{s


�
�z_Certificate.extensionsc
CsR|jj
�d
�
}
|jj�|
|jj
j|j�
|j�|
d|jj
jk�

t|j|
d�S�NzASN1_BIT_STRING **r
)	rrBr]r)r^rCrrAr�rZsigrrr�	signature�s

�
z_Certificate.signaturec
sd�jj
�d
�
}
�jj��j|
�}�j�|dk�

�jj
�|
�f
dd��}
�jj
�|
d|�dd�S)N�unsigned char **r
c

s�jj
�|d
�
Sr%�rr)ZOPENSSL_free�
Zpointerr#rr�<lambda>��z4_Certificate.tbs_certificate_bytes.<locals>.<lambda>)	rrBr]r)Zi2d_re_X509_tbsrrArI�buffer�rZppr,rr#r�tbs_certificate_bytes�s




�z"_Certificate.tbs_certificate_bytescCsn|j�
�}|
tjjkr*|jj�||j�}n(|
tjjkrJ|jj�	||j�}nt
d
�
�
|j�|dk�

|j�|�
S�Nz/encoding must be an item from the Encoding enum�
)
r�_create_mem_bio_gcrr3�PEMr)ZPEM_write_bio_X509rr4Zi2d_X509_bio�	TypeErrorrA�
_read_mem_bio�r�encoding�bior,rrrr2�s






z_Certificate.public_bytesN)�__name__�
__module__�__qualname__r r$r-r/r5r;�propertyr@rFrNrPrQrSr"r[rWr�cached_propertyrbrermr2rrrrrs<













	

	






	rc@s:eZ
dZd
d�Zedd��
Zedd��
Zejdd��
Z	d	S)
�_RevokedCertificatecCs|
|_||_
||_dSr)rZ_crl�
_x509_revoked)rrZcrlZx509_revokedrrrr �s

z_RevokedCertificate.__init__c
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_REVOKED_get0_serialNumberr}rArBrCr
rDrrrrF�s

�
z!_RevokedCertificate.serial_numberc

Cst|j
|j
j�|j�
�Sr)rrr)Z X509_REVOKED_get0_revocationDater}r#rrr�revocation_date�s


��z#_RevokedCertificate.revocation_datec

Cst�
|j|j�Sr)rrarr}r#rrrrb�s
�z_RevokedCertificate.extensionsN)
rwrxryr rzrFr~rr{rbrrrrr|�s




r|c@s�eZ
dZd
d�Zdd�Zdd�Zdd�Zejd	d
��
Z	dd�Z
ed
d��
Zedd��
Z
edd��
Zedd��
Zedd��
Zedd��
Zedd��
Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zejd%d&��
Zd'd(�Zd)S)*�_CertificateRevocationListcCs|
|_||_
dSr)r�	_x509_crl)rrZx509_crlrrrr �s

z#_CertificateRevocationList.__init__cCs,t|
t
j�stS|jj�|j|
j�}|d
kSr%)r&r�CertificateRevocationListr(rr)ZX509_CRL_cmpr�r*rrrr-�s


z!_CertificateRevocationList.__eq__cCs
||
kSrrr.rrrr/�s
z!_CertificateRevocationList.__ne__cCsXt�
|
|j�}|j��}|jj�||j�}|j�|d
k�

|j�|�
}|�	|�

|�
�S)Nro)rr6rrpr)�i2d_X509_CRL_bior�rArsr7r8)rr9r:rvr,Zderrrrr;�s




�



z&_CertificateRevocationList.fingerprintc
Cs@|jj
�|j�
}
|j�|
|jjjk�

|jj�|
|jj
j�}
|
Sr)	rr)ZX509_CRL_dupr�rArBrCrIZ
X509_CRL_free)r�duprrr�_sorted_crl�s


z&_CertificateRevocationList._sorted_crlcCsl|jj
�d
�
}t|j|
�}|jj�|j||�}|dkr:dS|j�|d|jj
jk�

t	|j|j|d�SdS)NzX509_REVOKED **r
)
rrBr]rr)ZX509_CRL_get0_by_serialr�rArCr|)rrF�revokedrEr,rrr�(get_revoked_certificate_by_serial_number�s"



�

�
�zC_CertificateRevocationList.get_revoked_certificate_by_serial_numberc
Cs:|j}
zt
j|
WStk
r4


td
�|
�
�
�
YnXdSrUrVrYrrrr[

s




�z3_CertificateRevocationList.signature_hash_algorithmc
Cs^|jj
�d
�
}
|jj�|j|jj
j|
�
|j�|
d|jj
jk�

t|j|
dj	�}t
�|�
Sr\)rrBr]r)�X509_CRL_get0_signaturer�rCrArr9rr_r`rrrrW
s

�

z2_CertificateRevocationList.signature_algorithm_oidc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_CRL_get_issuerr�rArBrCrrRrrrrS
s

z!_CertificateRevocationList.issuerc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_CRL_get_nextUpdater�rArBrCr)rZnurrr�next_update
s

z&_CertificateRevocationList.next_updatec
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_CRL_get_lastUpdater�rArBrCr)rZlurrr�last_update!
s

z&_CertificateRevocationList.last_updatec
CsR|jj
�d
�
}
|jj�|j|
|jj
j�
|j�|
d|jj
jk�

t|j|
d�Src)	rrBr]r)r�r�rCrArrdrrrre'
s

�
z$_CertificateRevocationList.signaturec
sd�jj
�d
�
}
�jj��j|
�}�j�|dk�

�jj
�|
�f
dd��}
�jj
�|
d|�dd�S)Nrfr
c

s�jj
�|d
�
Sr%rgrhr#rrri6
rjz?_CertificateRevocationList.tbs_certlist_bytes.<locals>.<lambda>)	rrBr]r)Zi2d_re_X509_CRL_tbsr�rArIrkrlrr#r�tbs_certlist_bytes0
s




�z-_CertificateRevocationList.tbs_certlist_bytescCsn|j�
�}|
tjjkr*|jj�||j�}n(|
tjjkrJ|jj�	||j�}nt
d
�
�
|j�|dk�

|j�|�
Srn)
rrprr3rqr)ZPEM_write_bio_X509_CRLr�r4r�rrrArsrtrrrr2:
s




�

z'_CertificateRevocationList.public_bytescCsD|jj
�|j�
}|jj
�||
�}|j�||jjjk�

t|j||�Sr)	rr)�X509_CRL_get_REVOKEDr�Zsk_X509_REVOKED_valuerArBrCr|)r�idxr��
rrrr�
_revoked_certH
s



z(_CertificateRevocationList._revoked_certc
cs"tt
|�
�
D]}
|�|
�
V
qdSr)�range�lenr�)r�
irrr�__iter__N
s

z#_CertificateRevocationList.__iter__cs�t|
t
�r8|
�t��
�
\}}}�f
d
d�t|||�D�
St�|
�
}
|
dkrV|
t��
7}
d|
k
rnt��
kstn
t�
��|
�
SdS)Nc
sg|]}
��|
�
�qSr)
r�)�.0r�r#rr�
<listcomp>U
sz:_CertificateRevocationList.__getitem__.<locals>.<listcomp>r
)	r&�slice�indicesr�r��operator�index�
IndexErrorr�)rr��start�stop�steprr#r�__getitem__R
s









z&_CertificateRevocationList.__getitem__c
Cs4|jj
�|j�
}
|
|jjjkr"d
S|jj
�|
�
SdSr%)rr)r�r�rBrCZsk_X509_REVOKED_num)rr�rrr�__len__^
s


z"_CertificateRevocationList.__len__c

Cst�
|j|j�Sr)r
rarr�r#rrrrbe
sz%_CertificateRevocationList.extensionscCsLt|
t
jtjtjf�std
�
�
|jj	�
|j|
j�}|dkrH|j�
�
dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.roFT)r&rZDSAPublicKeyrZRSAPublicKeyrZEllipticCurvePublicKeyrrrr)ZX509_CRL_verifyr�Z	_evp_pkeyrG)rrNr,rrr�is_signature_validi
s

�
�


z-_CertificateRevocationList.is_signature_validN)rwrxryr r-r/r;rr{r�r�rzr[rWrSr�r�rer�r2r�r�r�r�rbr�rrrrr�s:

	

	

	









	

rc@s�eZ
dZd
d�Zdd�Zdd�Zdd�Zd	d
�Zedd��
Z	ed
d��
Z
edd��
Zej
dd��
Zdd�Zedd��
Zedd��
Zedd��
ZdS)�_CertificateSigningRequestcCs|
|_||_
dSr)r�	_x509_req)rrZx509_reqrrrr {
s

z#_CertificateSigningRequest.__init__cCs2t|
t
�stS|�tjj�
}|
�tjj�
}||kSr)r&r�r(r2rr3r4)rr+Z
self_bytesZother_bytesrrrr-
s





z!_CertificateSigningRequest.__eq__cCs
||
kSrrr.rrrr/�
s
z!_CertificateSigningRequest.__ne__c

Cst|�
tjj�
�
Srr0r#rrrr5�
s
z#_CertificateSigningRequest.__hash__c
CsH|jj
�|j�
}
|j�|
|jjjk�

|jj�|
|jj
j�}
|j�	|
�
Sr)
rr)�X509_REQ_get_pubkeyr�rArBrCrIrJrKrLrrrrN�
s



z%_CertificateSigningRequest.public_keyc
Cs2|jj
�|j�
}
|j�|
|jjjk�

t|j|
�Sr)rr)ZX509_REQ_get_subject_namer�rArBrCrrTrrrr"�
s

z"_CertificateSigningRequest.subjectc
Cs:|j}
zt
j|
WStk
r4


td
�|
�
�
�
YnXdSrUrVrYrrrr[�
s




�z3_CertificateSigningRequest.signature_hash_algorithmc
Cs^|jj
�d
�
}
|jj�|j|jj
j|
�
|j�|
d|jj
jk�

t|j|
dj	�}t
�|�
Sr\)rrBr]r)�X509_REQ_get0_signaturer�rCrArr9rr_r`rrrrW�
s

�

z2_CertificateSigningRequest.signature_algorithm_oidc
s6�jj
��j�
}
�jj�|
�f
d
d��}
t��j|
�S)Nc

s"�jj
�|�jj��jj
jd
��S)NZX509_EXTENSION_free)rr)Zsk_X509_EXTENSION_pop_freerBZ	addressofZ
_original_lib)
�
xr#rrri�
s

��z7_CertificateSigningRequest.extensions.<locals>.<lambda>)rr)ZX509_REQ_get_extensionsr�rBrIrra)rZ	x509_extsrr#rrb�
s



�z%_CertificateSigningRequest.extensionscCsn|j�
�}|
tjjkr*|jj�||j�}n(|
tjjkrJ|jj�	||j�}nt
d
�
�
|j�|dk�

|j�|�
Srn)
rrprr3rqr)ZPEM_write_bio_X509_REQr�r4Zi2d_X509_REQ_biorrrArsrtrrrr2�
s




�

z'_CertificateSigningRequest.public_bytesc
sd�jj
�d
�
}
�jj��j|
�}�j�|dk�

�jj
�|
�f
dd��}
�jj
�|
d|�dd�S)Nrfr
c

s�jj
�|d
�
Sr%rgrhr#rrri�
rjzB_CertificateSigningRequest.tbs_certrequest_bytes.<locals>.<lambda>)	rrBr]r)Zi2d_re_X509_REQ_tbsr�rArIrkrlrr#r�tbs_certrequest_bytes�
s




�z0_CertificateSigningRequest.tbs_certrequest_bytesc
CsR|jj
�d
�
}
|jj�|j|
|jj
j�
|j�|
d|jj
jk�

t|j|
d�Src)	rrBr]r)r�r�rCrArrdrrrre�
s

�
z$_CertificateSigningRequest.signaturec
Csh|jj
�|j�
}
|j�|
|jjjk�

|jj�|
|jj
j�}
|jj
�	|j|
�}|d
krd|j�
�
dSdS)NroFT)rr)r�r�rArBrCrIrJZX509_REQ_verifyrG)rrMr,rrrr��
s





z-_CertificateSigningRequest.is_signature_validN)rwrxryr r-r/r5rNrzr"r[rWrr{rbr2r�rer�rrrrr�y
s(



	

	



	


r�c@sheZ
dZd
d�Zedd��
Zedd��
Zedd��
Zed	d
��
Zedd��
Z	d
d�Z
dd�Zdd�ZdS)�_SignedCertificateTimestampcCs|
|_||_
||_dSr)rZ	_sct_list�_sct)rrZsct_listZsctrrrr �
s

z$_SignedCertificateTimestamp.__init__c
Cs,|jj
�|j�
}
|
|jj
jks"t�
tjjj	Sr)
rr)ZSCT_get_versionr�ZSCT_VERSION_V1�AssertionErrorr�certificate_transparencyr=r>r?rrrr@�
s

z#_SignedCertificateTimestamp.versionc
CsH|jj
�d
�
}
|jj�|j|
�}|dks,t�
|jj
�|
d|�dd�S�Nrfr
)rrBr]r)ZSCT_get0_log_idr�r�rk)r�outZ
log_id_lengthrrr�log_id�
s


z"_SignedCertificateTimestamp.log_idc
Cs4|jj
�|j�
}
|
d
}tj�|
d
�
j|d
d�
S)Ni�)
Zmicrosecond)rr)ZSCT_get_timestampr��datetimeZutcfromtimestamp�replace)r�	timestampZmillisecondsrrrr�s


��z%_SignedCertificateTimestamp.timestampc
Cs,|jj
�|j�
}
|
|jj
jks"t�
tjjj	Sr)
rr)ZSCT_get_log_entry_typer�ZCT_LOG_ENTRY_TYPE_PRECERTr�rr�ZLogEntryTypeZPRE_CERTIFICATE)r�
entry_typerrrr�s
z&_SignedCertificateTimestamp.entry_typec
Csf|jj
�d
�
}
|jj�|j|
�}|j�|dk�

|j�|
d|jj
jk�

|jj
�|
d|�dd�Sr�)	rrBr]r)ZSCT_get0_signaturer�rArCrk)rZptrptrr,rrr�
_signatures




z&_SignedCertificateTimestamp._signaturec

Cs
t|j
�
Sr)r1r�r#rrrr5s
z$_SignedCertificateTimestamp.__hash__cCst|
t
�stS|j|
jkSr)r&r�r(r�r.rrrr-s


z"_SignedCertificateTimestamp.__eq__cCs
||
kSrrr.rrrr/!s
z"_SignedCertificateTimestamp.__ne__N)
rwrxryr rzr@r�r�r�r�r5r-r/rrrrr��
s









r�),Z
__future__rrrr�r�ZcryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr	r
rrr
rrrrZ0cryptography.hazmat.backends.openssl.encode_asn1rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZregister_interfacer'�objectrZRevokedCertificater|r�rZCertificateSigningRequestr�r�ZSignedCertificateTimestampr�rrrr�<module>s,


0




%

-

o
�