o  `tT@s.ddlmZmZmZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZddlmZmZddlmZmZddlmZmZmZdd lmZeejGd d d eZ eej!Gd d d eZ"eej#GdddeZ$eej%GdddeZ&eej'j(GdddeZ)dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_time)_encode_asn1_int_gc _txt2obj_gc)hashes serialization)dsaecrsa) _ASN1Typec@seZdZddZddZddZddZd d Zd d Zd dZ e dZ e ddZddZe ddZe ddZe ddZe ddZe ddZe ddZe jd d!Ze d"d#Ze d$d%Zd&d'Zd(S)) _CertificatecCsZ||_||_|jj|j}|dkrtjj|_dS|dkr$tjj|_dSt d ||)Nrz{} is not a valid X509 version) _backend_x509_libZX509_get_versionrVersionv1_versionZv3InvalidVersionformat)selfbackendZ x509_certversionr"home/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/x509.py__init__s z_Certificate.__init__cCs d|jS)Nz)rsubjectrr"r"r#__repr__,s z_Certificate.__repr__cC,t|tjstS|jj|j|j}|dkSNr) isinstancer CertificateNotImplementedrrZX509_cmprrotherresr"r"r#__eq__/ z_Certificate.__eq__cC ||k SNr"rr.r"r"r#__ne__6 z_Certificate.__ne__cCt|tjjSr3hash public_bytesrEncodingDERr&r"r"r#__hash__9z_Certificate.__hash__cCs|Sr3r")rmemor"r"r# __deepcopy__<sz_Certificate.__deepcopy__cCs*t||j}||tjj|Sr3) rHashrupdater:rr;r<finalize)r algorithmhr"r"r# fingerprint?sz_Certificate.fingerprintrcC2|jj|j}|j||jjjkt|j|Sr3)rrZX509_get_serialNumberropenssl_assert_ffiNULLrrasn1_intr"r"r# serial_numberF z_Certificate.serial_numbercCsR|jj|j}||jjjkr|jtd|jj||jjj }|j |S)Nz,Certificate public key is of an unknown type) rrZX509_get_pubkeyrrIrJ_consume_errors ValueErrorgc EVP_PKEY_free_evp_pkey_to_public_keyrpkeyr"r"r# public_keyLs   z_Certificate.public_keycC|jj|j}t|j|Sr3)rrZX509_getm_notBeforerr rZ asn1_timer"r"r#not_valid_beforeW z_Certificate.not_valid_beforecCrWr3)rrZX509_getm_notAfterrr rXr"r"r#not_valid_after\rZz_Certificate.not_valid_aftercCrGr3)rrZX509_get_issuer_namerrHrIrJr rissuerr"r"r#r]arNz_Certificate.issuercCrGr3)rrZX509_get_subject_namerrHrIrJr rr%r"r"r#r%grNz_Certificate.subjectcC0|j}ztj|WStytd|wNz)Signature algorithm OID:{} not recognizedsignature_algorithm_oidrZ_SIG_OIDS_TO_HASHKeyErrorrrroidr"r"r#signature_hash_algorithmm  z%_Certificate.signature_hash_algorithmcCs^|jjd}|jj|jjj||j|j|d|jjjkt|j|dj }t |SNz X509_ALGOR **r) rrInewrX509_get0_signaturerJrrHr rDrObjectIdentifierrZalgrer"r"r#rbw z$_Certificate.signature_algorithm_oidcC|jj|jSr3)rZ_certificate_extension_parserparserr&r"r"r# extensionsz_Certificate.extensionscCsR|jjd}|jj||jjj|j|j|d|jjjkt|j|dSNzASN1_BIT_STRING **r) rrIrirrjrJrrHr rsigr"r"r# signature z_Certificate.signaturecdjjd}jjj|}j|dkjj|fdd}jj|d|ddS)Nunsigned char **rcjj|dSr)rrZ OPENSSL_freepointerr&r"r#z4_Certificate.tbs_certificate_bytes..) rrIrirZi2d_re_X509_tbsrrHrQbufferrppr/r"r&r#tbs_certificate_bytes z"_Certificate.tbs_certificate_bytescCn|j}|tjjur|jj||j}n|tjjur%|jj ||j}nt d|j |dk|j |SNz/encoding must be an item from the Encoding enum) r_create_mem_bio_gcrr;PEMrZPEM_write_bio_X509rr<Z i2d_X509_bio TypeErrorrH _read_mem_biorencodingbior/r"r"r#r:s    z_Certificate.public_bytesN)__name__ __module__ __qualname__r$r'r0r5r=r@rFrZread_only_propertyr!propertyrMrVrYr[r]r%rfrbcached_propertyrprurr:r"r"r"r#rs>            rc@s:eZdZddZeddZeddZejddZ d S) _RevokedCertificatecC||_||_||_dSr3)rZ_crl _x509_revoked)rr ZcrlZ x509_revokedr"r"r#r$s z_RevokedCertificate.__init__cCrGr3)rrZX509_REVOKED_get0_serialNumberrrHrIrJrrKr"r"r#rMs  z!_RevokedCertificate.serial_numbercCst|j|jj|jSr3)r rrZ X509_REVOKED_get0_revocationDaterr&r"r"r#revocation_dates z#_RevokedCertificate.revocation_datecCrnr3)rZ_revoked_cert_extension_parserrorr&r"r"r#rpsz_RevokedCertificate.extensionsN) rrrr$rrMrrrrpr"r"r"r#rs  rc@seZdZddZddZddZddZejd d Z d d Z e d dZ e ddZ e ddZe ddZe ddZe ddZe ddZddZddZdd Zd!d"Zd#d$Zejd%d&Zd'd(Zd)S)*_CertificateRevocationListcC||_||_dSr3)r _x509_crl)rr Zx509_crlr"r"r#r$ z#_CertificateRevocationList.__init__cCr(r))r*rCertificateRevocationListr,rrZ X509_CRL_cmprr-r"r"r#r0r1z!_CertificateRevocationList.__eq__cCr2r3r"r4r"r"r#r5r6z!_CertificateRevocationList.__ne__cCsXt||j}|j}|jj||j}|j|dk|j|}| || S)Nr) rrArrri2d_X509_CRL_biorrHrrBrC)rrDrErr/Zderr"r"r#rFs   z&_CertificateRevocationList.fingerprintcCs@|jj|j}|j||jjjk|jj||jjj}|Sr3) rrZ X509_CRL_duprrHrIrJrQZ X509_CRL_free)rdupr"r"r# _sorted_crlsz&_CertificateRevocationList._sorted_crlcCsh|jjd}t|j|}|jj|j||}|dkrdS|j|d|jjjkt |j|j|dS)NzX509_REVOKED **r) rrIrir rZX509_CRL_get0_by_serialrrHrJr)rrMrevokedrLr/r"r"r#(get_revoked_certificate_by_serial_numbers zC_CertificateRevocationList.get_revoked_certificate_by_serial_numbercCr_r`rardr"r"r#rfrgz3_CertificateRevocationList.signature_hash_algorithmcC^|jjd}|jj|j|jjj||j|d|jjjkt|j|dj }t |Srh) rrIrirX509_CRL_get0_signaturerrJrHr rDrrkrlr"r"r#rbrmz2_CertificateRevocationList.signature_algorithm_oidcCrGr3)rrZX509_CRL_get_issuerrrHrIrJr r\r"r"r#r]rNz!_CertificateRevocationList.issuercCrGr3)rrZX509_CRL_get_nextUpdaterrHrIrJr )rnur"r"r# next_updaterNz&_CertificateRevocationList.next_updatecCrGr3)rrZX509_CRL_get_lastUpdaterrHrIrJr )rZlur"r"r# last_updaterNz&_CertificateRevocationList.last_updatecCR|jjd}|jj|j||jjj|j|d|jjjkt|j|dSrr) rrIrirrrrJrHr rsr"r"r#ru"rvz$_CertificateRevocationList.signaturecrw)Nrxrcryr)rzr{r&r"r#r}1r~z?_CertificateRevocationList.tbs_certlist_bytes..) rrIrirZi2d_re_X509_CRL_tbsrrHrQrrr"r&r#tbs_certlist_bytes+rz-_CertificateRevocationList.tbs_certlist_bytescCrr) rrrr;rrZPEM_write_bio_X509_CRLrr<rrrHrrr"r"r#r:5    z'_CertificateRevocationList.public_bytescCsD|jj|j}|jj||}|j||jjjkt|j||Sr3) rrX509_CRL_get_REVOKEDrZsk_X509_REVOKED_valuerHrIrJr)ridxrrr"r"r# _revoked_certCsz(_CertificateRevocationList._revoked_certccs$tt|D]}||VqdSr3)rangelenr)rir"r"r#__iter__Isz#_CertificateRevocationList.__iter__cst|tr|t\}}}fddt|||DSt|}|dkr+|t7}d|kr8tks;tt|S)Ncsg|]}|qSr")r).0rr&r"r# Psz:_CertificateRevocationList.__getitem__..r) r*sliceindicesrroperatorindex IndexErrorr)rrstartstopstepr"r&r# __getitem__Ms    z&_CertificateRevocationList.__getitem__cCs0|jj|j}||jjjkrdS|jj|Sr))rrrrrIrJZsk_X509_REVOKED_num)rrr"r"r#__len__Ysz"_CertificateRevocationList.__len__cCrnr3)rZ_crl_extension_parserrorr&r"r"r#rp`rqz%_CertificateRevocationList.extensionscCsLt|tjtjtjfstd|jj |j |j }|dkr$|j dSdS)NzGExpecting one of DSAPublicKey, RSAPublicKey, or EllipticCurvePublicKey.rFT)r*rZ DSAPublicKeyrZ RSAPublicKeyrZEllipticCurvePublicKeyrrrZX509_CRL_verifyrZ _evp_pkeyrO)rrVr/r"r"r#is_signature_validds z-_CertificateRevocationList.is_signature_validN)rrrr$r0r5rFrrrrrrfrbr]rrrurr:rrrrrprr"r"r"r#rs<             rc@seZdZddZddZddZddZd d Zed d Z ed dZ eddZ e j ddZddZeddZeddZeddZddZdS)_CertificateSigningRequestcCrr3)r _x509_req)rr Zx509_reqr"r"r#r$zrz#_CertificateSigningRequest.__init__cCs2t|tstS|tjj}|tjj}||kSr3)r*rr,r:rr;r<)rr.Z self_bytesZ other_bytesr"r"r#r0~s z!_CertificateSigningRequest.__eq__cCr2r3r"r4r"r"r#r5r6z!_CertificateSigningRequest.__ne__cCr7r3r8r&r"r"r#r=r>z#_CertificateSigningRequest.__hash__cCsH|jj|j}|j||jjjk|jj||jjj}|j |Sr3) rrX509_REQ_get_pubkeyrrHrIrJrQrRrSrTr"r"r#rVs z%_CertificateSigningRequest.public_keycCrGr3)rrZX509_REQ_get_subject_namerrHrIrJr r^r"r"r#r%rNz"_CertificateSigningRequest.subjectcCr_r`rardr"r"r#rfrgz3_CertificateSigningRequest.signature_hash_algorithmcCrrh) rrIrirX509_REQ_get0_signaturerrJrHr rDrrkrlr"r"r#rbrmz2_CertificateSigningRequest.signature_algorithm_oidcs6jjj}jj|fdd}jj|S)Ncs"jj|jjjjjdS)NZX509_EXTENSION_free)rrZsk_X509_EXTENSION_pop_freerI addressofZ _original_lib)xr&r"r#r}s  z7_CertificateSigningRequest.extensions..)rrZX509_REQ_get_extensionsrrIrQZ_csr_extension_parserro)rZ x509_extsr"r&r#rps   z%_CertificateSigningRequest.extensionscCrr) rrrr;rrZPEM_write_bio_X509_REQrr<Zi2d_X509_REQ_biorrHrrr"r"r#r:rz'_CertificateSigningRequest.public_bytescrw)Nrxrcryr)rzr{r&r"r#r}r~zB_CertificateSigningRequest.tbs_certrequest_bytes..) rrIrirZi2d_re_X509_REQ_tbsrrHrQrrr"r&r#tbs_certrequest_bytesrz0_CertificateSigningRequest.tbs_certrequest_bytescCrrr) rrIrirrrrJrHr rsr"r"r#rurvz$_CertificateSigningRequest.signaturecCsh|jj|j}|j||jjjk|jj||jjj}|jj |j|}|dkr2|j dSdS)NrFT) rrrrrHrIrJrQrRZX509_REQ_verifyrO)rrUr/r"r"r#rs z-_CertificateSigningRequest.is_signature_validcCs t|j|j}|jj|j|d}|dkrtd|||jj |j|}|j ||jj j k|j |jj |dk|jj|d}|j ||jj j k|jtjjtjjtjjfvritd||j|jj|d|j|jj j }|j ||jj j k|jj d|}t|j|S)NzNo {} attribute was foundrrz&OID {} has a disallowed ASN.1 type: {}z ASN1_STRING *)rrZ dotted_stringrZX509_REQ_get_attr_by_OBJrrZAttributeNotFoundrZX509_REQ_get_attrrHrIrJZX509_ATTRIBUTE_countZX509_ATTRIBUTE_get0_typetyperZ UTF8StringvalueZPrintableStringZ IA5StringrPZX509_ATTRIBUTE_get0_datacastr )rreobjposattrZ asn1_typedatar"r"r#get_attribute_for_oids>  z0_CertificateSigningRequest.get_attribute_for_oidN)rrrr$r0r5r=rVrr%rfrbrrrpr:rrurrr"r"r"r#rxs,         rc@sheZdZddZeddZeddZeddZed d Zed d Z d dZ ddZ ddZ dS)_SignedCertificateTimestampcCrr3)rZ _sct_list_sct)rr Zsct_listZsctr"r"r#r$s z$_SignedCertificateTimestamp.__init__cC,|jj|j}||jjjksJtjjjSr3) rrZSCT_get_versionrZSCT_VERSION_V1rcertificate_transparencyrr)rr!r"r"r#r!s z#_SignedCertificateTimestamp.versioncCsH|jjd}|jj|j|}|dksJ|jj|d|ddSNrxr)rrIrirZSCT_get0_log_idrr)routZ log_id_lengthr"r"r#log_id"s z"_SignedCertificateTimestamp.log_idcCs4|jj|j}|d}tj|dj|ddS)Ni) microsecond)rrZSCT_get_timestamprdatetimeutcfromtimestampreplace)r timestampZ millisecondsr"r"r#r)s z%_SignedCertificateTimestamp.timestampcCrr3) rrZSCT_get_log_entry_typerZCT_LOG_ENTRY_TYPE_PRECERTrrZ LogEntryTypeZPRE_CERTIFICATE)r entry_typer"r"r#r1s z&_SignedCertificateTimestamp.entry_typecCsf|jjd}|jj|j|}|j|dk|j|d|jjjk|jj|d|ddSr) rrIrirZSCT_get0_signaturerrHrJr)rZptrptrr/r"r"r# _signature9s z&_SignedCertificateTimestamp._signaturecCs t|jSr3)r9rr&r"r"r#r=Ar6z$_SignedCertificateTimestamp.__hash__cCst|tstS|j|jkSr3)r*rr,rr4r"r"r#r0Ds  z"_SignedCertificateTimestamp.__eq__cCr2r3r"r4r"r"r#r5Jr6z"_SignedCertificateTimestamp.__ne__N) rrrr$rr!rrrrr=r0r5r"r"r"r#rs      r)* __future__rrrrr cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r Z0cryptography.hazmat.backends.openssl.encode_asn1r rZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrZcryptography.x509.namerZregister_interfacer+objectrZRevokedCertificaterrrZCertificateSigningRequestrrZSignedCertificateTimestamprr"r"r"r#s2     % -