o bi1@sddlmZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZGd d d ejZGd d d ejZe je je je je jfZdddZGdddejZGdddZe jZe jZe jZGdddZGdddZ e j!Z!e j"Z"dS)) annotationsN)Iterable)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrP/home/kim/smarthome/.venv/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm*s r"c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r r ZGOODREVOKEDUNKNOWNrrrrr#1sr#c@seZdZdddZdS)_SingleResponseresp0tuple[x509.Certificate, x509.Certificate] | None resp_hashtuple[bytes, bytes, int] | Nonerr cert_statusr# this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|t|tjstd|durt|tjstd||_||_||_||_||_t|t s4td|t j urJ|durAt d|durIt dnt|tjsTtd|durbt|t j sbtd||_||_||_dS)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)r"rdatetime TypeErrorZ_respZ _resp_hash _algorithmZ _this_updateZ _next_updater#r$r!rZ ReasonFlagsZ _cert_statusZ_revocation_timeZ_revocation_reason) selfr'r)rr+r,r.r0r1rrr__init__8sJ       z_SingleResponse.__init__N)r'r(r)r*rrr+r#r,r-r.r/r0r/r1r2)r r r r7rrrrr&7sr&c@sFeZdZddgfd#d d Zd$ddZd%ddZd&ddZd'd!d"ZdS)(OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]rrcCs||_||_||_dSN)_request _request_hash _extensions)r6r9r;r=rrrr7ws  zOCSPRequestBuilder.__init__certx509.CertificateissuerrrcCsZ|jdus |jdurtdt|t|tjrt|tjs"tdt|||f|j|j S)N.Only one certificate can be added to a request%cert and issuer must be a Certificate) r@rAr!r"rr Certificater4r8rB)r6rCrErrrradd_certificatesz"OCSPRequestBuilder.add_certificateissuer_name_hashbytesissuer_key_hash serial_numberintcCs|jdus |jdurtdt|tstdt|td|td||j t |ks5|j t |kr9tdt |j||||f|j S)NrF serial_number must be an integerrJrL`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) r@rAr!rrNr4r"r _check_bytes digest_sizelenr8rB)r6rJrLrMrrrradd_certificate_by_hashs&    z*OCSPRequestBuilder.add_certificate_by_hashextvalx509.ExtensionTypecriticalboolcCsJt|tjs tdt|j||}t||jt|j |j g|j|SNz"extension must be an ExtensionType) rr ExtensionTyper4 Extensionoidr rBr8r@rAr6rUrW extensionrrr add_extensions  z OCSPRequestBuilder.add_extension OCSPRequestcCs&|jdur|jdurtdt|S)Nz*You must add a certificate before building)r@rAr!rZcreate_ocsp_request)r6rrrbuilds zOCSPRequestBuilder.build)r9r:r;r<r=r>rr)rCrDrErDrrrr8) rJrKrLrKrMrNrrrr8)rUrVrWrXrr8)rr`)r r r r7rIrTr_rarrrrr8vs    r8c@sjeZdZdddgfdd"d#Zd?d'd(Zd@d*d+ZdAd0d1ZdBd6d7Z e dCd:d;Z dS)DOCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | Noner=r>cCs||_||_||_||_dSr?) _response _responder_id_certsrB)r6rcrergr=rrrr7s zOCSPResponseBuilder.__init__rCrDrErrr+r#r,r-r.r/r0r1r2rc Cs`|jdur tdt|tjrt|tjstdt||fd||||||} t| |j|j |j S)N#Only one response per OCSPResponse.rG) rir!rrrHr4r&rbrjrkrB) r6rCrErr+r,r.r0r1 singleresprrr add_responses,  z OCSPResponseBuilder.add_responserJrKrLrMrNc Cs|jdur tdt|tstdtd|td|t||jt |ks0|jt |kr4tdt d|||f|||||| } t | |j |j |jS)NrlrOrJrLrP)rir!rrNr4rrQr"rRrSr&rbrjrkrB) r6rJrLrMrr+r,r.r0r1rmrrradd_response_by_hashs<     z(OCSPResponseBuilder.add_response_by_hashencodingr responder_certcCsP|jdur tdt|tjstdt|tstdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rjr!rrrHr4r rbrirkrB)r6rprqrrrre*s   z OCSPResponseBuilder.responder_idIterable[x509.Certificate]cCs\|jdur tdt|}t|dkrtdtdd|Ds$tdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjVqdSr?)rrrH).0xrrr Esz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rkr!listrSallr4rbrirjrB)r6rgrrr certificates=s  z OCSPResponseBuilder.certificatesrUrVrWrXcCsNt|tjs tdt|j||}t||jt|j |j |j g|j|SrY) rrrZr4r[r\r rBrbrirjrkr]rrrr_Ns   z!OCSPResponseBuilder.add_extension private_keyrhashes.HashAlgorithm | None OCSPResponsecCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rir!rjrcreate_ocsp_responserr)r6ryrrrrsign^s   zOCSPResponseBuilder.signresponse_statusrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rrr4rr!rr|)clsr~rrrbuild_unsuccessfulls  z&OCSPResponseBuilder.build_unsuccessful)rcrdrerfrgrhr=r>)rCrDrErDrrr+r#r,r-r.r/r0r/r1r2rrb)rJrKrLrKrMrNrrr+r#r,r-r.r/r0r/r1r2rrb)rpr rqrDrrb)rgrrrrb)rUrVrWrXrrb)ryrrrzrr{)r~rrr{) r r r r7rnrorerxr_r} classmethodrrrrrrbs $ .   rb)rrrr)# __future__rr3collections.abcrZ cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baser Enumr rSHA1SHA224SHA256SHA384SHA512r r"r#r&r`r{ZOCSPSingleResponser8rbZload_der_ocsp_requestZload_der_ocsp_responserrrrs6        :T1