HOME


Mini Shell 1.0
DIR: /snap/certbot/4482/lib/python3.12/site-packages/cryptography/x509/__pycache__/
Upload File :
Current File : //snap/certbot/4482/lib/python3.12/site-packages/cryptography/x509/__pycache__/ocsp.cpython-312.pyc
�

�S�g#N���ddlmZddlZddlZddlZddlmZmZddlm	Z	ddl
mZmZddl
mZddlmZmZmZGd�d	ej&�ZGd
�dej&�Zej,ej.ej0ej2ej4fZdd�ZGd
�dej&�ZGd�d�ZGd�dej>��Z Gd�dej>��Z!Gd�dej>��Z"e jGe	j@�e"jGe	jD�e!jGe	jB�Gd�d�Z$Gd�d�Z%e	jLZ&e	jNZ'y)�)�annotationsN)�utils�x509)�ocsp)�hashes�
serialization)� CertificateIssuerPrivateKeyTypes)�_EARLIEST_UTC_TIME�_convert_to_naive_utc_time�_reject_duplicate_extensionc��eZdZdZdZy)�OCSPResponderEncodingzBy HashzBy NameN)�__name__�
__module__�__qualname__�HASH�NAME����/build/snapcraft-certbot-29b1212f749eeba2f1dece1adfe9a83a/parts/certbot/install/lib/python3.12/site-packages/cryptography/x509/ocsp.pyrrs���D��Drrc�$�eZdZdZdZdZdZdZdZy)�OCSPResponseStatusr�����N)	rrr�
SUCCESSFUL�MALFORMED_REQUEST�INTERNAL_ERROR�	TRY_LATER�SIG_REQUIRED�UNAUTHORIZEDrrrrrs!���J����N��I��L��Lrrc�:�t|t�std��y)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)�
isinstance�_ALLOWED_HASHES�
ValueError)�	algorithms r�_verify_algorithmr)/s!���i��1��G�
�	
�2rc��eZdZdZdZdZy)�OCSPCertStatusrrrN)rrr�GOOD�REVOKED�UNKNOWNrrrr+r+6s���D��G��Grr+c�4�eZdZ																dd�Zy)�_SingleResponsec	��t|tj�rt|tj�std��t	|�t|t
j
�std��|�%t|t
j
�std��||_||_||_||_	||_
t|t�std��|tjur|�td��|�vtd��t|t
j
�std��t|�}|tkrtd��|�%t|tj �std	��||_||_||_y)
N�%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r%r�Certificate�	TypeErrorr)�datetime�_cert�_issuer�
_algorithm�_this_update�_next_updater+r-r'rr
�ReasonFlags�_cert_status�_revocation_time�_revocation_reason)	�self�cert�issuerr(�cert_status�this_update�next_update�revocation_time�revocation_reasons	         r�__init__z_SingleResponse.__init__=s����$�� 0� 0�1���D�$�$�:
��C�D�D��)�$��+�x�'8�'8�9��C�D�D��"�:���*�*�,
��K�L�L���
����#���'���'����+�~�6��J��
��n�4�4�4��*� �!���!�,� �"���
�o�x�/@�/@�A�� K�L�L�8��I�O��!3�3� �'���
!�,�Z�!�4�#3�#3�6� �#���
(��� /���"3��rN)r@�x509.CertificaterArHr(�hashes.HashAlgorithmrBr+rC�datetime.datetimerD�datetime.datetime | NonerErKrF�x509.ReasonFlags | None)rrrrGrrrr0r0<s^��B4��B4�!�B4�(�	B4�
$�B4�'�
B4�.�B4�2�B4�3�B4rr0c�"�eZdZeej
dd���Zeej
dd���Zeej
d	d���Zeej
d
d���Z	ej
dd��Z
eej
dd���Zy)
�OCSPRequestc��y�z3
        The hash of the issuer public key
        Nr�r?s r�issuer_key_hashzOCSPRequest.issuer_key_hash���rc��y�z-
        The hash of the issuer name
        NrrQs r�issuer_name_hashzOCSPRequest.issuer_name_hash�rSrc��y�zK
        The hash algorithm used in the issuer name and key hashes
        NrrQs r�hash_algorithmzOCSPRequest.hash_algorithm�rSrc��y�zM
        The serial number of the cert whose status is being checked
        NrrQs r�
serial_numberzOCSPRequest.serial_number�rSrc��y)z/
        Serializes the request to DER
        Nr�r?�encodings  r�public_byteszOCSPRequest.public_bytes�rSrc��y)zP
        The list of request extensions. Not single request extensions.
        NrrQs r�
extensionszOCSPRequest.extensions�rSrN��return�bytes�rdrI�rd�int�r_zserialization.Encodingrdre�rdzx509.Extensions)rrr�property�abc�abstractmethodrRrVrYr\r`rbrrrrNrN�s���
��������
��������
��������
��������
	������
�������rrN)�	metaclassc�L�eZdZeej
dd���Zeej
dd���Zeej
dd���Zeej
dd���Z	eej
dd���Z
eej
dd���Zeej
dd���Zeej
dd���Z
eej
dd	���Zeej
dd
���Zeej
dd���Zeej
dd���Zy
)�OCSPSingleResponsec��y�zY
        The status of the certificate (an element from the OCSPCertStatus enum)
        NrrQs r�certificate_statusz%OCSPSingleResponse.certificate_status�rSrc��y�z^
        The date of when the certificate was revoked or None if not
        revoked.
        NrrQs rrEz"OCSPSingleResponse.revocation_time�rSrc��y�z�
        The date of when the certificate was revoked or None if not
        revoked. Represented as a non-naive UTC datetime.
        NrrQs r�revocation_time_utcz&OCSPSingleResponse.revocation_time_utc�rSrc��y�zi
        The reason the certificate was revoked or None if not specified or
        not revoked.
        NrrQs rrFz$OCSPSingleResponse.revocation_reason�rSrc��y�z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct
        NrrQs rrCzOCSPSingleResponse.this_update�rSrc��y�z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct. Represented as a non-naive UTC
        datetime.
        NrrQs r�this_update_utcz"OCSPSingleResponse.this_update_utc�rSrc��y�zC
        The time when newer information will be available
        NrrQs rrDzOCSPSingleResponse.next_update�rSrc��y�zu
        The time when newer information will be available. Represented as a
        non-naive UTC datetime.
        NrrQs r�next_update_utcz"OCSPSingleResponse.next_update_utc�rSrc��yrPrrQs rrRz"OCSPSingleResponse.issuer_key_hash�rSrc��yrUrrQs rrVz#OCSPSingleResponse.issuer_name_hash�rSrc��yrXrrQs rrYz!OCSPSingleResponse.hash_algorithm�rSrc��yr[rrQs rr\z OCSPSingleResponse.serial_numberrSrN�rdr+�rdrK�rdrL�rdrJrcrfrg)rrrrkrlrmrsrErxrFrCrrDr�rRrVrYr\rrrrprp�s���
��������
������������������������������������������������
����������������
��������
��������
�������rrpc���eZdZeej
dd���Zeej
dd���Zeej
dd���Zeej
		dd���Z	eej
d d���Z
eej
d d���Zeej
d!d���Zeej
d"d���Z
eej
d#d	���Zeej
d$d
���Zeej
d$d���Zeej
d%d���Zeej
d&d
���Zeej
d&d���Zeej
d'd���Zeej
d$d���Zeej
d$d���Zeej
d&d���Zeej
d&d���Zeej
d d���Zeej
d d���Zeej
d(d���Zeej
d)d���Zeej
d*d���Zeej
d*d���Zej
d+d��Zy),�OCSPResponsec��y)z_
        An iterator over the individual SINGLERESP structures in the
        response
        NrrQs r�	responseszOCSPResponse.responsesrSrc��y)zm
        The status of the response. This is a value from the OCSPResponseStatus
        enumeration
        NrrQs r�response_statuszOCSPResponse.response_statusrSrc��y)zA
        The ObjectIdentifier of the signature algorithm
        NrrQs r�signature_algorithm_oidz$OCSPResponse.signature_algorithm_oidrSrc��y)zX
        Returns a HashAlgorithm corresponding to the type of the digest signed
        NrrQs r�signature_hash_algorithmz%OCSPResponse.signature_hash_algorithm"rSrc��y)z%
        The signature bytes
        NrrQs r�	signaturezOCSPResponse.signature+rSrc��y)z+
        The tbsResponseData bytes
        NrrQs r�tbs_response_byteszOCSPResponse.tbs_response_bytes2rSrc��y)z�
        A list of certificates used to help build a chain to verify the OCSP
        response. This situation occurs when the OCSP responder uses a delegate
        certificate.
        NrrQs r�certificateszOCSPResponse.certificates9rSrc��y)z2
        The responder's key hash or None
        NrrQs r�responder_key_hashzOCSPResponse.responder_key_hashBrSrc��y)z.
        The responder's Name or None
        NrrQs r�responder_namezOCSPResponse.responder_nameIrSrc��y)z4
        The time the response was produced
        NrrQs r�produced_atzOCSPResponse.produced_atPrSrc��y)zf
        The time the response was produced. Represented as a non-naive UTC
        datetime.
        NrrQs r�produced_at_utczOCSPResponse.produced_at_utcWrSrc��yrrrrQs rrszOCSPResponse.certificate_status_rSrc��yrurrQs rrEzOCSPResponse.revocation_timefrSrc��yrwrrQs rrxz OCSPResponse.revocation_time_utcnrSrc��yrzrrQs rrFzOCSPResponse.revocation_reasonvrSrc��yr|rrQs rrCzOCSPResponse.this_update~rSrc��yr~rrQs rrzOCSPResponse.this_update_utc�rSrc��yr�rrQs rrDzOCSPResponse.next_update�rSrc��yr�rrQs rr�zOCSPResponse.next_update_utc�rSrc��yrPrrQs rrRzOCSPResponse.issuer_key_hash�rSrc��yrUrrQs rrVzOCSPResponse.issuer_name_hash�rSrc��yrXrrQs rrYzOCSPResponse.hash_algorithm�rSrc��yr[rrQs rr\zOCSPResponse.serial_number�rSrc��y)zR
        The list of response extensions. Not single response extensions.
        NrrQs rrbzOCSPResponse.extensions�rSrc��y)zR
        The list of single response extensions. Not response extensions.
        NrrQs r�single_extensionszOCSPResponse.single_extensions�rSrc��y)z0
        Serializes the response to DER
        Nrr^s  rr`zOCSPResponse.public_bytes�rSrN)rdz#typing.Iterator[OCSPSingleResponse])rdr)rdzx509.ObjectIdentifier)rd�hashes.HashAlgorithm | Nonerc)rdzlist[x509.Certificate])rdzbytes | None)rdzx509.Name | Noner�r�r�r�rfrgrjri) rrrrkrlrmr�r�r�r�r�r�r�r�r�r�r�rsrErxrFrCrrDr�rRrVrYr\rbr�r`rrrr�r�
st��
������������������������
�����	$�������������
��������
����������������
��������
��������
����������������
������������������������������������������������
����������������
��������
��������
��������
��������
��������
	�����rr�c�z�eZdZddgf							dd�Z								dd�Z										d	d�Z						d
d�Zdd�Zy)�OCSPRequestBuilderNc�.�||_||_||_y�N)�_request�
_request_hash�_extensions)r?�request�request_hashrbs    rrGzOCSPRequestBuilder.__init__�s�� ��
�)���%��rc�$�|j�|j�td��t|�t	|t
j�rt	|t
j�std��t|||f|j|j�S)N�.Only one certificate can be added to a requestr2)
r�r�r'r)r%rr3r4r�r�)r?r@rAr(s    r�add_certificatez"OCSPRequestBuilder.add_certificate�s����=�=�$��(:�(:�(F��M�N�N��)�$��$�� 0� 0�1���D�$�$�:
��C�D�D�!�
�6�9�%�t�'9�'9�4�;K�;K�
�	
rc��|j�|j�td��t|t�std��t
|�tjd|�tjd|�|jt|�k7s|jt|�k7rtd��t|j||||f|j�S)Nr�z serial_number must be an integerrVrRz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm)
r�r�r'r%rhr4r)r�_check_bytes�digest_size�lenr�r�)r?rVrRr\r(s     r�add_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hash�s����=�=�$��(:�(:�(F��M�N�N��-��-��>�?�?��)�$�
���-�/?�@�
���,�o�>�� � �C��%
�
�
�
"�
"�c�/�&:�
:��6��
�
"��M�M�
��
�y�I����
�	
rc��t|tj�std��tj|j
||�}t
||j�t|j|jg|j�|��S�Nz"extension must be an ExtensionType)r%r�
ExtensionTyper4�	Extension�oidrr�r�r�r��r?�extval�critical�	extensions    r�
add_extensionz OCSPRequestBuilder.add_extensionsu���&�$�"4�"4�5��@�A�A��N�N�6�:�:�x��@�	�#�I�t�/?�/?�@�!��M�M�4�-�-�/M��1A�1A�/M�9�/M�
�	
rc�r�|j�|j�td��tj|�S)Nz*You must add a certificate before building)r�r�r'r�create_ocsp_requestrQs r�buildzOCSPRequestBuilder.build!s4���=�=� �T�%7�%7�%?��I�J�J��'�'��-�-r)r�zFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | Noner�z5tuple[bytes, bytes, int, hashes.HashAlgorithm] | Nonerb�(list[x509.Extension[x509.ExtensionType]]rd�None)r@rHrArHr(rIrdr�)
rVrerRrer\rhr(rIrdr�)r��x509.ExtensionTyper��boolrdr�)rdrN)rrrrGr�r�r�r�rrrr�r��s�����?A�&��&��
&�=�&�
�&�
��
�!�
�(�	
�

�
�&
��
��
��	
�
(�
�
�

�<
�(�
�48�
�	�
�.rr�c��eZdZdddgf							d	d�Z																		d
d�Z						dd�Z				dd�Z						d
d�Z						dd�Ze					dd��Z
y)�OCSPResponseBuilderNc�<�||_||_||_||_yr�)�	_response�
_responder_id�_certsr�)r?�response�responder_id�certsrbs     rrGzOCSPResponseBuilder.__init__)s"��"���)������%��rc	
��|j�td��t||||||||�}	t|	|j|j
|j�S)Nz#Only one response per OCSPResponse.)r�r'r0r�r�r�r�)
r?r@rAr(rBrCrDrErF�
singleresps
          r�add_responsez OCSPResponseBuilder.add_response6sg���>�>�%��B�C�C�$���������	
�
�#������K�K����	
�	
rc��|j�td��t|tj�std��t|t�std��t|j||f|j|j�S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)r�r'r%rr3r4rr�r�r�r�)r?r_�responder_certs   rr�z OCSPResponseBuilder.responder_idUs������)��@�A�A��.�$�*:�*:�;��B�C�C��(�$9�:��H��
�#��N�N�
�X�&��K�K����	
�	
rc�
�|j�td��t|�}t|�dk(rtd��t	d�|D��std��t
|j|j||j�S)Nz!certificates may only be set oncerzcerts must not be an empty listc3�PK�|]}t|tj���� y�wr�)r%rr3)�.0�xs  r�	<genexpr>z3OCSPResponseBuilder.certificates.<locals>.<genexpr>ps����B�q�:�a��!1�!1�2�B�s�$&z$certs must be a list of Certificates)
r�r'�listr��allr4r�r�r�r�)r?r�s  rr�z OCSPResponseBuilder.certificateshs}���;�;�"��@�A�A��U����u�:��?��>�?�?��B�E�B�B��B�C�C�"��N�N��������	
�	
rc�.�t|tj�std��tj|j
||�}t
||j�t|j|j|jg|j�|��Sr�)r%rr�r4r�r�rr�r�r�r�r�r�s    rr�z!OCSPResponseBuilder.add_extensionys}���&�$�"4�"4�5��@�A�A��N�N�6�:�:�x��@�	�#�I�t�/?�/?�@�"��N�N�����K�K�*�d���*�	�*�	
�	
rc��|j�td��|j�td��tjt
j|||�S)Nz&You must add a response before signingz*You must add a responder_id before signing)r�r'r�r�create_ocsp_responserr)r?�private_keyr(s   r�signzOCSPResponseBuilder.sign�sT��
�>�>�!��E�F�F����%��I�J�J��(�(��)�)�4��i�
�	
rc��t|t�std��|tjurt	d��tj|ddd�S)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r%rr4rr'rr�)�clsr�s  r�build_unsuccessfulz&OCSPResponseBuilder.build_unsuccessful�sS���/�+=�>��I��
��0�;�;�;��C�D�D��(�(��$��d�K�Kr)r�z_SingleResponse | Noner�z5tuple[x509.Certificate, OCSPResponderEncoding] | Noner�zlist[x509.Certificate] | Nonerbr�)r@rHrArHr(rIrBr+rCrJrDrKrErKrFrLrdr�)r_rr�rHrdr�)r�z!typing.Iterable[x509.Certificate]rdr�)r�r�r�r�rdr�)r�r	r(r�rdr�)r�rrdr�)rrrrGr�r�r�r�r��classmethodr�rrrr�r�(s0��,0��/3�?A�
&�(�&��&�
-�&�=�
&�
��
�!�
�(�	
�
$�
�'�

�.�
�2�
�3�
�
�
�>
�-�
�?O�
�	�
�&
�6�
�	�
�"
�(�
�48�
�	�
� 
�5�
�/�
�
�	
��
L�0�
L�	�
L��
Lrr�)r(rIrdr�)(�
__future__rrlr5�typing�cryptographyrr�"cryptography.hazmat.bindings._rustr�cryptography.hazmat.primitivesrr�/cryptography.hazmat.primitives.asymmetric.typesr	�cryptography.x509.baser
rr�Enumrr�SHA1�SHA224�SHA256�SHA384�SHA512r&r)r+r0�ABCMetarNrpr��registerr�r��load_der_ocsp_request�load_der_ocsp_responserrr�<module>rsD��
#�
��
�$�3�@�����E�J�J��
������K�K�
�M�M�
�M�M�
�M�M�
�M�M���
��U�Z�Z��C4�C4�L(�C�K�K�(�VZ�3�;�;�Z�zB�S�[�[�B�J���T�%�%�&����d�'�'�(����D�3�3�4�Q.�Q.�hzL�zL�z�2�2���4�4�r