HOME


Mini Shell 1.0
DIR: /snap/certbot/4557/lib64/python3.12/site-packages/acme/__pycache__/
Upload File :
Current File : //snap/certbot/4557/lib64/python3.12/site-packages/acme/__pycache__/messages.cpython-312.pyc
�


N�gIg���dZddlmZddlZddlZddlmZddlmZddlmZddlm	Z	ddlm
Z
dd	lmZdd
lmZddlm
Z
ddlmZdd
lmZddlmZddlZddlmZddlmZddlmZddlmZddlmZdZidd�dd�dd�dd�dd�dd �d!d"�d#d$�d%d&�d'd(�d)d*�d+d,�d-d.�d/d0�d1d2�d3d4�d5d6�d7d8d9d:d;d<d=d>d?d@�	�Ziej9�D��cic]\}}e|z|��
c}}�ZdAedBefdC�Z GdD�dEejBe�Z"GdF�dGe"�Z#e#d)�Z$e#dH�Z%GdI�dJejL�Z'GdK�dLejLejP�Z(GdM�dNe"�Z)e)dO�Z*e)dP�Z+e)dQ�Z,e)dR�Z-e)dS�Z.e)dT�Z/e)dU�Z0e)dV�Z1GdW�dXejB�Z2GdY�dZejL�Z3Gd[�d\e3�Z4Gd]�d^ejL�Z5Gd_�d`�Z6edadb�c�Z7Gdd�dbe5�Z8Gde�dfe8�Z9Gdg�dhe8�Z:Gdi�dje4�Z;Gdk�dle5�Z<Gdm�dne3�Z=Gdo�dpe5�Z>Gdq�dre>�Z?Gds�dte>�Z@Gdu�dve4�ZAGdw�dxejL�ZBGdy�dze4�ZCGd{�d|ejL�ZDGd}�d~e5�ZEGd�d�e4�ZFGd��d�eE�ZGycc}}w)�zACME protocol messages.�)�HashableN)�Any)�Dict)�Iterator)�List)�Mapping)�MutableMapping)�Optional)�Tuple)�Type)�TypeVar)�x509)�
challenges)�errors)�fields)�jws)�utilzurn:ietf:params:acme:error:�accountDoesNotExistz4The request specified an account that does not exist�alreadyRevokedzOThe request specified a certificate to be revoked that has already been revoked�badCSRz2The CSR is unacceptable (e.g., due to a short key)�badNoncez1The client sent an unacceptable anti-replay nonce�badPublicKeyz>The JWS was signed by a public key the server does not support�badRevocationReasonz;The revocation reason provided is not allowed by the server�badSignatureAlgorithmz@The JWS was signed with an algorithm the server does not support�caaz\Certification Authority Authorization (CAA) records forbid the CA from issuing a certificate�compoundzBSpecific error conditions are indicated in the "subproblems" array�
connectionz?The server could not connect to the client to verify the domain�dnszAThere was a problem with a DNS query during identifier validation�dnssecz4The server could not validate a DNSSEC signed domain�incorrectResponsez;Response received didn't match the challenge's requirements�invalidEmailz1The provided email for a registration was invalid�invalidContactz$The provided contact URI was invalid�	malformedz!The request message was malformed�rejectedIdentifierz9The server will not issue certificates for the identifierzLThe request attempted to finalize an order that is not ready to be finalizedz,There were too many requests of a given typez(The server experienced an internal errorz=The server experienced a TLS error during domain verificationz)The client lacks sufficient authorizationz@A contact URL for an account used an unsupported protocol schemez*The server could not resolve a domain namez'An identifier is of an unsupported typez,The server requires external account binding)	�
orderNotReady�rateLimited�serverInternal�tls�unauthorized�unsupportedContact�unknownHost�unsupportedIdentifier�externalAccountRequired�err�returnc�`�t|t�r|j�t|jvSy)z#Check if argument is an ACME error.F)�
isinstance�Error�typ�ERROR_PREFIX)r.s �}/build/snapcraft-certbot-2c33630aaf29c47357e5a1683f659d3d/parts/certbot/install/lib/python3.12/site-packages/acme/messages.py�
is_acme_errorr6Bs'���#�u��3�7�7�#6��s�w�w�&�&��c���eZdZUdZdZeZeedfe	d<deddf�fd�Z
defd�Zed	eddfd
��Z
defd�Zdedefd
�Zdefd�Z�xZS)�	_ConstantzACME constant.��name�POSSIBLE_NAMESr;r/Nc�N��t�|��||j|<||_y�N)�super�__init__r<r;��selfr;�	__class__s  �r5r@z_Constant.__init__Ns%���
����$(����D�!���	r7c��|jSr>r:�rBs r5�to_partial_jsonz_Constant.to_partial_jsonSs���y�y�r7�jobjc��||jvr"tj|j�d���|j|S)Nz not recognized)r<�jose�DeserializationError�__name__��clsrGs  r5�	from_jsonz_Constant.from_jsonVs=���s�)�)�)��+�+�s�|�|�n�O�,L�M�M��!�!�$�'�'r7c�N�|jj�d|j�d�S)N�(�))rCrKr;rEs r5�__repr__z_Constant.__repr__\s$���.�.�)�)�*�!�D�I�I�;�a�8�8r7�otherc�b�t|t|��xr|j|jk(Sr>)r1�typer;)rBrSs  r5�__eq__z_Constant.__eq___s%���%��d��,�H����t�y�y�1H�Hr7c�D�t|j|jf�Sr>)�hashrCr;rEs r5�__hash__z_Constant.__hash__bs���T�^�^�T�Y�Y�/�0�0r7)rK�
__module__�__qualname__�__doc__�	__slots__�NotImplementedr<r�str�__annotations__r@rF�classmethodrNrRr�boolrV�intrY�
__classcell__�rCs@r5r9r9Is������I�-;�N�D��k�)�*�;��S��T��
����(�S�(�[�(��(�
9�#�9�I�C�I�D�I�1�#�1r7r9c�*�eZdZUdZiZeeefed<y)�IdentifierTypezACME identifier type.r<N�	rKrZr[r\r<rr_r9r`�r7r5rgrgfs���+-�N�D��i��(�-r7rg�ipc��eZdZUdZej
dej��Zee	d<ej
d�Z
ee	d<y)�
IdentifierzJACME identifier.

    :ivar IdentifierType typ:
    :ivar str value:

    rU��decoderr3�valueN)rKrZr[r\rI�fieldrgrNr3r`ror_rir7r5rlrlos;���%�$�*�*�V�^�5M�5M�N�C��N�����G�$�E�3�$r7rlc���eZdZUdZej
ddd��Zeed<ej
dd��Z	eed<ej
d	d��Z
eed	<ej
d
ejd��Z
eded
<ej
d
d��Zeeded
<ej"deeeefdedfd��Zedededdfd��Zedeefd��Zedeefd��Zdededdfd�Zdefd�Zy)r2a�ACME error.

    https://datatracker.ietf.org/doc/html/rfc7807

    Note: Although Error inherits from JSONObjectWithFields, which is immutable,
    we add mutability for Error to comply with the Python exception API.

    :ivar str typ:
    :ivar str title:
    :ivar str detail:
    :ivar Identifier identifier:
    :ivar tuple subproblems: An array of ACME Errors which may be present when the CA
            returns multiple errors related to the same request, `tuple` of `Error`.

    rUTzabout:blank��	omitempty�defaultr3�title�rs�detail�
identifier�rnrsrl�subproblems)r2.ror/c�&�td�|D��S)Nc3�FK�|]}tj|����y�wr>)r2rN)�.0�
subproblems  r5�	<genexpr>z$Error.subproblems.<locals>.<genexpr>�s����I�Z�U�_�_�Z�0�I���!��tuple�ros r5rzzError.subproblems�s���I�5�I�I�Ir7�code�kwargsc�T�|tvrtd|z��t|z}|dd|i|��S)z�Create an Error instance with an ACME Error code.

        :str code: An ACME error code, like 'dnssec'.
        :kwargs: kwargs to pass to Error.

        z4The supplied code: %s is not a known ACME error coder3ri)�ERROR_CODES�
ValueErrorr4)rMr�r�r3s    r5�	with_codezError.with_code�sE���{�"��%�'+�,�-�
-��T�!���%�s�%�f�%�%r7c�@�tj|j�S)z�Hardcoded error description based on its type.

        :returns: Description if standard ACME error or ``None``.
        :rtype: str

        )�ERROR_TYPE_DESCRIPTIONS�getr3rEs r5�descriptionzError.description�s��'�*�*�4�8�8�4�4r7c�j�t|j�jdd��d}|tvr|Sy)z�ACME error code.

        Basically self.typ without the ERROR_PREFIX.

        :returns: error code if standard ACME code or ``None``.
        :rtype: str

        �:�)�maxsplit���N)r_r3�rsplitr�)rBr�s  r5r�z
Error.code�s6���4�8�8�}�#�#�C�!�#�4�R�8���;���K�r7r;Nc�0�tj|||�Sr>)�object�__setattr__)rBr;ros   r5r�zError.__setattr__�s���!�!�$��e�4�4r7c�v�djd�|j|j|j|jfD��j�}|jrd|jj�d�|z}|jr1t|j�dkDr|jD]
}|d|��z
}�|S)Ns :: c3�DK�|]}|�|jdd����y�w)N�ascii�backslashreplace��encode)r}�parts  r5rz Error.__str__.<locals>.<genexpr>�s*����!�9=���
�K�K��!3�4�!�s� zProblem for z: r�
)
�joinr3r�rwru�decoderxrorz�len)rB�resultr~s   r5�__str__z
Error.__str__�s������!�
�X�X�t�'�'����d�j�j�A�!�!�"(���	��?�?�#�D�O�O�$9�$9�#:�"�=��F�F�����D�$4�$4� 5�� 9�"�.�.�
,�
��B�z�l�+�+��
,��
r7)rKrZr[r\rIrpr3r_r`rurwrlrNrxr
rzrrnrrrrar��propertyr�r�r�r�rir7r5r2r2zsh����t�z�z�&�D�-�H�C��H�����G�t�4�E�3�4��$�*�*�X��6�F�C�6�)3�����j�2�2�d�*D�J���&�D�1;����M�UY�1Z�K��%��-�.�Z����J�4��S�#�X��/�J�E�,�4G�J��J��
&�S�
&�C�
&�G�
&��
&��5�X�c�]�5��5���h�s�m����5��5�C�5�D�5�
��
r7r2c�*�eZdZUdZiZeeefed<y)�StatuszACME "status" field.r<Nrhrir7r5r�r��s���+-�N�D��i��(�-r7r��unknown�pending�
processing�valid�invalid�revoked�ready�deactivatedc��eZdZdZGd�dej
�Zdeee	fddfd�Z
dede	fd	�Zdede	fd
�Zde
ee	ffd�Zedeee	fddfd��Zy)
�	DirectoryzmDirectory.

    Directory resources must be accessed by the exact field name in RFC8555 (section 9.7.5).
    c�t��eZdZUdZej
dd��Zeed<ej
dd��Z	eed<ej
dd��Z
eeed<ej
d	d��Ze
ed
<ej
dd��Zeeefed<ded
df�fd�Zed
efd��Zd
eef�fd�Zded
efd�Z�xZS)�Directory.MetazDirectory Meta.�termsOfServiceTrv�_terms_of_service�website�
caaIdentities�caa_identitiesr-�external_account_required�profilesr�r/Nc���|j�D��cic]\}}|j|�|��}}}t�|�di|��ycc}}w�Nri��items�_internal_namer?r@�rBr��k�vrCs    �r5r@zDirectory.Meta.__init__�sF���<B�L�L�N�K�D�A�q�d�)�)�!�,�a�/�K�F�K��G��&�v�&��L��Ac��|jS)zURL for the CA TOS)r�rEs r5�terms_of_servicezDirectory.Meta.terms_of_service�s���)�)�)r7c#�P�K�t�|��D]}|dk(r|ddn|���y�w)Nr�r��r?�__iter__rAs  �r5r�zDirectory.Meta.__iter__�s8�������(�*�
H��"&�*=�"=�d�1�2�h�4�G�
H�s�#&r;c��|dk(rd|zS|S)Nr��_ri�rBr;s  r5r�zDirectory.Meta._internal_name�s��!%�);�!;�3��:�E��Er7)rKrZr[r\rIrpr�r_r`r�r�rr�rbr�rrr@r�r�rr�r�rdres@r5�Metar��s�����!+����,<��!M��3�M�!�t�z�z�)�t�<���<�$.�D�J�J��$�$O���S�	�O�*4�$�*�*�5N�Z^�*_�!�4�_�#-�4�:�:�j�D�#I��$�s�C�x�.�I�	'�S�	'�T�	'�
�	*�c�	*�
�	*�	H�h�s�m�	H�	F�s�	F�s�	Fr7r�rGr/Nc��||_yr>)�_jobj�rBrGs  r5r@zDirectory.__init__s	����
r7r;c�X�	||S#t$r}tt|���d}~wwxYwr>)�KeyError�AttributeErrorr_)rBr;�errors   r5�__getattr__zDirectory.__getattr__s0��	-���:����	-� ��U��,�,��	-�s��	)�$�)c�Z�	|j|S#t$rtd|�d���wxYw)NzDirectory field "z" not found)r�r�r�s  r5�__getitem__zDirectory.__getitem__	s=��	B��:�:�d�#�#���	B��.�t�f�K�@�A�A�	B�s��*c�D�tj|jd��S)Nc��|Sr>ri)r�s r5�<lambda>z+Directory.to_partial_json.<locals>.<lambda>s��1�r7)r�map_keysr�rEs r5rFzDirectory.to_partial_jsons���}�}�T�Z�Z��5�5r7c�n�|jj|jdi��|d<||�S)N�meta)r�rN�poprLs  r5rNzDirectory.from_jsons/���x�x�)�)�$�(�(�6�2�*>�?��V���4�y�r7)rKrZr[r\rI�JSONObjectWithFieldsr�rr_rr@r�r�rrFrar	rNrir7r5r�r��s����
F�t�(�(�F�4�W�S�#�X�.��4��-��-��-�B��B��B�6��c�3�h��6���^�C��H�5��+���r7r�c�@�eZdZUdZej
d�Zded<y)�ResourcezOACME Resource.

    :ivar acme.messages.ResourceBody body: Resource body.

    �body�ResourceBodyN)rKrZr[r\rIrpr�r`rir7r5r�r�s���
&�4�:�:�f�-�D�.�-r7r�c�@�eZdZUdZej
d�Zeed<y)�ResourceWithURIzKACME Resource with URI.

    :ivar str uri: Location of the resource.

    �uriN)	rKrZr[r\rIrpr�r_r`rir7r5r�r�!s���
�t�z�z�%� �C�� r7r�c��eZdZdZy)r�zACME Resource Body.N�rKrZr[r\rir7r5r�r�*s��r7r�c
�T�eZdZdZedejdededede	ee
ff
d��Zy)	�ExternalAccountBindingzACME External Account Binding�account_public_key�kid�hmac_key�	directoryr/c��tj|j��j�}tj
j
|�}|d}tjj|tjj|��tjjd||�}|j�S)zLCreate External Account Binding Resource from contact details, kid and hmac.�
newAccount)�keyN)�json�dumpsrFr�rI�b64�	b64decoder�JWS�sign�jwk�JWKOct�jwa�HS256)	rMr�r�r�r��key_json�decoded_hmac_key�url�eabs	         r5�	from_dataz ExternalAccountBinding.from_data1s���
�:�:�0�@�@�B�C�J�J�L���8�8�-�-�h�7����%���g�g�l�l�8�T�X�X�_�_�9I�_�%J��8�8�>�>�4���%���"�"�$�$r7N)rKrZr[r\rarI�JWKr_r�rrr�rir7r5r�r�.sH��'��%�4�8�8�%�#�%��%�&�%�+/��S��>�%��%r7r��GenericRegistration�Registration)�boundc����eZdZUdZej
ddejj��Zeje	d<ej
ddd��Z
eedfe	d<ej
d	d�
�Z
ee	d	<ej
dd�
�Zee	d<ej
dd�
�Zee	d
<ej
dd�
�Zee	d<ej
dd�
�Zeeefe	d<dZdZe			d$deedeedeedeeeefdedefd��Zdeddf�fd�Zdedeedffd�Zdeeefdeeeffd�Zdeeeff�fd �Z deeeff�fd!�Z!e"deedffd"��Z#e"deedffd#��Z$�xZ%S)%rz�Registration Resource Body.

    :ivar jose.JWK key: Public key.
    :ivar tuple contact: Contact information following ACME spec,
        `tuple` of `str`.
    :ivar str agreement:

    r�T�rsrn�contactrirr.�	agreementrv�status�termsOfServiceAgreed�terms_of_service_agreed�onlyReturnExisting�only_return_existing�externalAccountBinding�external_account_bindingztel:zmailto:NrM�phone�emailr�r/c�F�d|v}t|jdd��}|�|j|j|z�|�;|j	|jd�D�cgc]}|j|z��c}�|s|rt|�|d<|r||d<|di|��Scc}w)a
        Create registration resource from contact details.

        The `contact` keyword being passed to a Registration object is meaningful, so
        this function represents empty iterables in its kwargs by passing on an empty
        `tuple`.
        rri�,r
)�listr��append�phone_prefix�extend�split�email_prefixr�)rMrrr
r��contact_provided�details�mails        r5r�zRegistration.from_data^s���%��.���v�z�z�)�R�0�1�����N�N�3�+�+�e�3�4����N�N����C�@P�Q��C�,�,�t�3�Q�R��&� %�g��F�9��#�1I�F�-�.��}�V�}���Rs� Bc�d��d|vr|d�tj|dd�t�|�di|��y)z;Note if the user provides a value for the `contact` member.rN�_add_contactTri)r�r�r?r@)rBr�rCs  �r5r@zRegistration.__init__s7������6�)�#4�#@����t�^�T�:�
���"�6�"r7�prefixc�@��t�fd�|jD��S)Nc3�\�K�|]#}|j��r|t��d���%y�wr>)�
startswithr�)r}rwrs  �r5rz/Registration._filter_contact.<locals>.<genexpr>�s2�����*�%+�� � ��(�
�3�v�;�<� �*�s�),)r�r)rBrs `r5�_filter_contactzRegistration._filter_contact�s!����*�/3�|�|�*�*�	*r7rGc�H�t|dd�r|jd�|d<|S)a�
        The `contact` member of Registration objects should not be required when
        de-serializing (as it would be if the Fields' `omitempty` flag were `False`), but
        it should be included in serializations if it was provided.

        :param jobj: Dictionary containing this Registrations' data
        :type jobj: dict

        :returns: Dictionary containing Registrations data to transmit to the server
        :rtype: dict
        rFr)�getattrr�r�s  r5�_add_contact_if_appropriatez(Registration._add_contact_if_appropriate�s'���4���/�"�k�k�)�4�D��O��r7c�B��t�|��}|j|�S)z2Modify josepy.JSONDeserializable.to_partial_json())r?rFr$�rBrGrCs  �r5rFzRegistration.to_partial_json�s!����w�&�(���/�/��5�5r7c�B��t�|��}|j|�S)z;Modify josepy.JSONObjectWithFields.fields_to_partial_json())r?�fields_to_partial_jsonr$r&s  �r5r(z#Registration.fields_to_partial_json�s!����w�-�/���/�/��5�5r7c�8�|j|j�S)z*All phones found in the ``contact`` field.)r!rrEs r5�phoneszRegistration.phones�����#�#�D�$5�$5�6�6r7c�8�|j|j�S)z*All emails found in the ``contact`` field.)r!rrEs r5�emailszRegistration.emails�r+r7)NNN)&rKrZr[r\rIrpr�rNr�r`rrr_rrr�r	rbrr
rrrrrarrr
r�r@r!r$rFr(r�r*r-rdres@r5rrDs�����D�J�J�u��d�h�h�>P�>P�Q�C����Q� *�t�z�z�)�t�R�P�G�U�3��8�_�P��T�Z�Z��t�<�I�s�<��T�Z�Z��D�9�F�F�9�$.�D�J�J�/E�QU�$V��T�V�!+����,@�D�!Q��$�Q�/9�t�z�z�:R�DH�0J��d�3��8�n�J��L��L��IM�)-�GK��t�/�0���#���!�#���,4�T�#�s�(�^�,D�� ��%8����@#��#��#�*�c�*�e�C��H�o�*�
��S�#�X���4��S��>��"6��c�3�h��6�
6��S�#�X��6�
�7��c�3�h��7��7��7��c�3�h��7��7r7c��eZdZdZy)�NewRegistrationzNew registration.Nr�rir7r5r/r/�s��r7r/c��eZdZdZy)�UpdateRegistrationzUpdate registration.Nr�rir7r5r1r1�s��r7r1c��eZdZUdZej
dej��Zee	d<ej
dd��Z
ee	d<ej
dd��Zee	d<y)	�RegistrationResourcez�Registration Resource.

    :ivar acme.messages.Registration body:
    :ivar str new_authzr_uri: Deprecated. Do not use.
    :ivar str terms_of_service: URL for the CA TOS.

    r�rm�new_authzr_uriTrvr�N)
rKrZr[r\rIrprrNr�r`r4r_r�rir7r5r3r3�sW���$����F�L�4J�4J�K�D�,�K�$�$�*�*�%5��F�N�C�F�&�D�J�J�'9�T�J��c�Jr7r3c����eZdZUdZdZejddd��Zee	d<ejde
jde�	�Z
e
e	d<ejd
d��Zej"e	d
<ejdejdd�	�Zee	d<d
eddf�fd�Zdedef�fd�Zdeeeff�fd�Zedeeefdeeeff�fd��Zedefd��Zdedefd�Zdeef�fd�Z dedefd�Z!�xZ"S)�
ChallengeBodya>Challenge Resource Body.

    .. todo::
       Confusingly, this has a similar name to `.challenges.Challenge`,
       as well as `.achallenges.AnnotatedChallenge`. Please use names
       such as ``challb`` to distinguish instances of this class from
       ``achall``.

    :ivar acme.challenges.Challenge: Wrapped challenge.
        Conveniently, all challenge fields are proxied, i.e. you can
        call ``challb.x`` to get ``challb.chall.x`` contents.
    :ivar acme.messages.Status status:
    :ivar datetime.datetime validated:
    :ivar messages.Error error:

    )�challr�TNrr�_urlr)rnrsrt�	validatedrvr�r�r/c���|j�D��cic]\}}|j|�|��}}}t�|�di|��ycc}}wr�r�r�s    �r5r@zChallengeBody.__init__�sF���8>����G���1�$�%�%�a�(�!�+�G��G�
���"�6�"��Hr�r;c�@��t�|�|j|��Sr>)r?r�r�rAs  �r5r�zChallengeBody.encode�s����w�~�d�1�1�$�7�8�8r7c�v��t�|��}|j|jj��|Sr>)r?rF�updater7r&s  �r5rFzChallengeBody.to_partial_json�s.����w�&�(�����D�J�J�.�.�0�1��r7rGc�j��t�|�|�}tjj	|�|d<|S)Nr7)r?�fields_from_jsonr�	ChallengerN)rMrG�jobj_fieldsrCs   �r5r?zChallengeBody.fields_from_json�s3����g�.�t�4��)�3�3�=�=�d�C��G���r7c��|jS)zThe URL of this challenge.)r8rEs r5r�zChallengeBody.uri�s���y�y�r7c�.�t|j|�Sr>)r#r7r�s  r5r�zChallengeBody.__getattr__�s���t�z�z�4�(�(r7c#�J�K�t�|��D]
}|dk(rdn|���y�w)Nr8r�r�rAs  �r5r�zChallengeBody.__iter__�s.������G�$�&�	4�D��6�>�%�t�3�	4�s� #c��|dk(rdS|S)Nr�r8rir�s  r5r�zChallengeBody._internal_names�����v�0�D�0r7)#rKrZr[r\r]rIrpr8r_r`r�rN�STATUS_PENDINGrr�rfc3339r9�datetimer2r�rr@r�rrFrarr?r�r�r�rr�r�rdres@r5r6r6�sQ���� �I�
��
�
�5�D�$�?�D�#�?��T�Z�Z��&�2B�2B�"&��@�F�F�@�#1�6�>�>�+��#N�I�x� � �N��4�:�:�g�u���!%�t�5�E�5�5�#��#��#�9�3�9�3�9���c�3�h���
��G�C��H�$5��$�s�C�x�.����
��S����)��)��)�4�(�3�-�4�1�3�1�3�1r7r6c��eZdZUdZej
dej��Zee	d<ej
d�Z
ee	d<edefd��Z
y)�ChallengeResourcez�Challenge Resource.

    :ivar acme.messages.ChallengeBody body:
    :ivar str authzr_uri: URI found in the 'up' ``Link`` header.

    r�rm�
authzr_urir/c�.�|jjS)zThe URL of the challenge body.)r�r�rEs r5r�zChallengeResource.uris���y�y�}�}�r7N)rKrZr[r\rIrpr6rNr�r`rKr_r�r�rir7r5rJrJsT���%�$�*�*�V�]�5L�5L�M�D�-�M� �d�j�j��.�J��.�
��S���r7rJc��eZdZUdZej
dejd��Zee	d<ej
dd��Z
eee	d<ej
dde
j��Ze
e	d<ej d	d��Zej$e	d	<ej
d
d��Zee	d
<e
j*deeeefdeed
ffd��Z
y)�
Authorizationz�Authorization Resource Body.

    :ivar acme.messages.Identifier identifier:
    :ivar list challenges: `list` of `.ChallengeBody`
    :ivar acme.messages.Status status:
    :ivar datetime.datetime expires:

    rxTryrrvrr�expires�wildcardror/.c�&�td�|D��S)Nc3�FK�|]}tj|����y�wr>)r6rN)r}r7s  r5rz+Authorization.challenges.<locals>.<genexpr>/s����G��]�,�,�U�3�G�r�r�r�s r5rzAuthorization.challenges-s���G��G�G�Gr7N)rKrZr[r\rIrprlrNrxr`rrr6r�rrrGrOrHrPrbrnrr_rrrir7r5rNrNs����(�T�Z�Z��j�>R�>R�^b�c�J�
�c�&0�d�j�j���&N�J��]�#�N��T�Z�Z��D�&�BR�BR�S�F�F�S�
"0����	�T�!J�G�X�
�
�J��T�Z�Z�
�d�;�H�d�;����H�$�t�C��H�~�.�H�5���9K�3L�H��Hr7rNc��eZdZdZy)�NewAuthorizationzNew authorization.Nr�rir7r5rTrT2s��r7rTc��eZdZdZy)�UpdateAuthorizationzUpdate authorization.Nr�rir7r5rVrV6s��r7rVc��eZdZUdZej
dej��Zee	d<ej
dd��Z
ee	d<y)�AuthorizationResourcez~Authorization Resource.

    :ivar acme.messages.Authorization body:
    :ivar str new_cert_uri: Deprecated. Do not use.

    r�rm�new_cert_uriTrvN)rKrZr[r\rIrprNrNr�r`rYr_rir7r5rXrX:s=���%�$�*�*�V�]�5L�5L�M�D�-�M�"��
�
�>�T�B�L�#�Br7rXc��eZdZUdZej
dejej��Ze	jed<y)�CertificateRequestzlACME newOrder request.

    :ivar x509.CertificateSigningRequest csr: `x509.CertificateSigningRequest`

    �csr�rn�encoderN)rKrZr[r\rIrp�
decode_csr�
encode_csrr\r�CertificateSigningRequestr`rir7r5r[r[Es7���
+5�$�*�*�
�t������+A�C��	'�	'�Ar7r[c�x�eZdZUdZej
d�Zeed<ej
d�Z	e
edfed<y)�CertificateResourcez�Certificate Resource.

    :ivar x509.Certificate body: `x509.Certificate`
    :ivar str cert_chain_uri: URI found in the 'up' ``Link`` header
    :ivar tuple authzrs: `tuple` of `AuthorizationResource`.

    �cert_chain_uri�authzrs.N)rKrZr[r\rIrprdr_r`rerrXrir7r5rcrcOs?���%�$�*�*�%5�6�N�C�6�1;����I�1F�G�U�(�#�-�
.�Fr7rcc��eZdZUdZej
dejej��Ze	jed<ej
d�Ze
ed<y)�
RevocationzURevocation message.

    :ivar x509.Certificate certificate: `x509.Certificate`

    �certificater]�reasonN)rKrZr[r\rIrp�decode_cert�encode_certrhr�Certificater`rircrir7r5rgrg[sP���
%/�D�J�J��t�/�/��9I�9I�%K�K��!�!�K��$�*�*�X�&�F�C�&r7rgc�6�eZdZUdZej
dd��Zeed<ej
dd��Z	e
eed<ej
dejd��Zeed<ej
dd��Ze
eed<ej
d	d��Zeed	<ej
d
d��Zeed
<ej&dd��Zej*ed<ej
ddej�
�Zeed<e	j0de
eeefdeedffd��Z	y)�Ordera�Order Resource Body.

    :ivar profile: The profile to request.
    :vartype profile: str
    :ivar identifiers: List of identifiers for the certificate.
    :vartype identifiers: `list` of `.Identifier`
    :ivar acme.messages.Status status:
    :ivar authorizations: URLs of authorizations.
    :vartype authorizations: `list` of `str`
    :ivar str certificate: URL to download certificate as a fullchain PEM.
    :ivar str finalize: URL to POST to to request issuance once all
        authorizations have "valid" status.
    :ivar datetime.datetime expires: When the order expires.
    :ivar ~.Error error: Any error that occurred during finalization, if applicable.
    �profileTrv�identifiersrry�authorizationsrh�finalizerOr�rror/.c�&�td�|D��S)Nc3�FK�|]}tj|����y�wr>)rlrN)r}rxs  r5rz$Order.identifiers.<locals>.<genexpr>�s����N�*�Z�)�)�*�5�N�r�r�r�s r5rpzOrder.identifiers�s���N��N�N�Nr7N)rKrZr[r\rIrpror_r`rprrlr�rNrrqrhrrrrGrOrHr2r�rnrrrrir7r5rnrnfs!��� �4�:�:�i�4�8�G�S�8�$.�D�J�J�}��$M�K��j�!�M��T�Z�Z��&�2B�2B�d�S�F�F�S� *��
�
�+;�t� L�N�D��I�L�!�t�z�z�-�4�@�K��@��D�J�J�z�T�:�H�c�:�!/����	�T�!J�G�X�
�
�J��4�:�:�g��u���O�E�5�O����O�4��S�#�X��/�O�E�*�c�/�4J�O��Or7rnc�x�eZdZUdZej
dej��Zee	d<ej
ddd�d���Z
ee	d<ej
d	�Ze
ee	d	<ej
d
d��Zee	d
<ej
dd��Ze
ee	d<ej$d
e
eeefdeedffd��Zy)�
OrderResourcea�Order Resource.

    :ivar acme.messages.Order body:
    :ivar bytes csr_pem: The CSR this Order will be finalized with.
    :ivar authorizations: Fully-fetched AuthorizationResource objects.
    :vartype authorizations: `list` of `acme.messages.AuthorizationResource`
    :ivar str fullchain_pem: The fetched contents of the certificate URL
        produced once the order was finalized, if it's present.
    :ivar alternative_fullchains_pem: The fetched contents of alternative certificate
        chain URLs produced once the order was finalized, if present and requested during
        finalization.
    :vartype alternative_fullchains_pem: `list` of `str`
    r�rm�csr_pemTc�$�|jd�S�Nzutf-8r�)�ss r5r�zOrderResource.<lambda>����!�(�(�7�2C�r7c�$�|jd�Sry)r�)�bs r5r�zOrderResource.<lambda>�r{r7)rsrnr^rq�
fullchain_pemrv�alternative_fullchains_pemror/.c�&�td�|D��S)Nc3�FK�|]}tj|����y�wr>)rXrN)r}�authzs  r5rz/OrderResource.authorizations.<locals>.<genexpr>�s����O��*�4�4�U�;�O�r�r�r�s r5rqzOrderResource.authorizations�s���O��O�O�Or7N)rKrZr[r\rIrprnrNr�r`rw�bytesrqrrXr~r_rrnrrrrir7r5rvrv�s�����$�*�*�V�U�_�_�=�D�%�=��T�Z�Z�	�T�)D�(C�	E�G�U�	E�3=�$�*�*�=M�2N�N�D�.�/�N�#����O�t�D�M�3�D�,6�D�J�J�7S�AE�-G���S�	�G�
���P�d�4��S��>�2�P�u�=R�TW�=W�7X�P��Pr7rvc��eZdZdZy)�NewOrderz
New order.Nr�rir7r5r�r��s��r7r�)Hr\�collections.abcrrHr��typingrrrrrr	r
rrr
�cryptographyr�josepyrI�acmerrrrrr4r�r�r��
BaseExceptionrbr6�JSONDeSerializabler9rg�IDENTIFIER_FQDN�
IDENTIFIER_IPr�rlr2r��STATUS_UNKNOWNrF�STATUS_PROCESSING�STATUS_VALID�STATUS_INVALID�STATUS_REVOKED�STATUS_READY�STATUS_DEACTIVATEDr�r�r�r�r�rrr/r1r3r6rJrNrTrVrXr[rcrgrnrvr�)r;�descs00r5�<module>r�s����$��������!������������,����Q�����
�B�	�
�C���T�
��X���_��
����T�����
�N��
�D�� �X�!�$�G�%�&�<�'�(�4�)�*�U�+�,d�A�@�J�?�\�?�F�M�=��B�0;�0A�0A�0C��",�$��L�4�������
�}����1��'�'��1�:.�Y�.�
!��'���t�$�
�%��*�*�%�T�D�%�%�v�|�|�T�n.�Y�.�
�	�"���	�"���<�(���g����	�"���	�"���g����M�*��5��'�'�5�p.�t�(�(�.�!�h�!��4�,�,��%�%�&�3�>�J��j7�<�j7�Z�l�����
K�?�
K�>1�L�>1�B
��
� H�L�H�6�}�� �-� �C�O�C�A��2�2�A�	G�/�	G�'��*�*�'�O�L�O�B#P�O�#P�L�u���as�J=