o Ç `½3ã@spddlmZmZmZddlZddlZddlmZddlZddl m Z ddl m Z ddl mZmZmZe  ¡e  ¡e  ¡e  ¡e  ¡dœZGdd „d eƒZGd d „d eƒZd d „eDƒZe je je je je jfZdd„ZGdd„deƒZdd „eDƒZdd„Zdd„ZGdd„de ƒZ!Gdd„de ƒZ"Gdd„de ƒZ#e $ej%¡Gdd„de ƒƒZ&e $ej%¡Gdd „d e ƒƒZ'dS)!é)Úabsolute_importÚdivisionÚprint_functionN)ÚEnum)Úx509)Úhashes)Ú_EARLIEST_UTC_TIMEÚ_convert_to_naive_utc_timeÚ_reject_duplicate_extension)z 1.3.14.3.2.26z2.16.840.1.101.3.4.2.4z2.16.840.1.101.3.4.2.1z2.16.840.1.101.3.4.2.2z2.16.840.1.101.3.4.2.3c@seZdZdZdZdS)ÚOCSPResponderEncodingzBy HashzBy NameN)Ú__name__Ú __module__Ú __qualname__ZHASHÚNAME©rrúlhome/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)ÚOCSPResponseStatusréééééN) r r rÚ SUCCESSFULZMALFORMED_REQUESTZINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIREDZ UNAUTHORIZEDrrrrr$srcCói|]}|j|“qSr©Úvalue©Ú.0ÚxrrrÚ -órcCst|tƒs tdƒ‚dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)Ú isinstanceÚ_ALLOWED_HASHESÚ ValueError)Ú algorithmrrrÚ_verify_algorithm7s ÿÿr%c@seZdZdZdZdZdS)ÚOCSPCertStatusrrrN)r r rZGOODÚREVOKEDÚUNKNOWNrrrrr&>sr&cCrrrrrrrrDr cCóddlm}| |¡S©Nr©Úbackend)Ú,cryptography.hazmat.backends.openssl.backendr,Úload_der_ocsp_request©Údatar,rrrr.Gó  r.cCr)r*)r-r,Úload_der_ocsp_responser/rrrr2Mr1r2c@s2eZdZdgfdd„Zdd„Zdd„Zdd „ZdS) ÚOCSPRequestBuilderNcCs||_||_dS©N)Ú_requestÚ _extensions)ÚselfZrequestÚ extensionsrrrÚ__init__Ts zOCSPRequestBuilder.__init__cCsL|jdur tdƒ‚t|ƒt|tjƒrt|tjƒstdƒ‚t|||f|jƒS)Nz.Only one certificate can be added to a requestú%cert and issuer must be a Certificate) r5r#r%r!rÚ CertificateÚ TypeErrorr3r6)r7ÚcertÚissuerr$rrrÚadd_certificateXs ÿz"OCSPRequestBuilder.add_certificatecCsDt|tjƒs tdƒ‚t |j||¡}t||jƒt|j |j|gƒS©Nz"extension must be an ExtensionType) r!rÚ ExtensionTyper<Ú ExtensionÚoidr r6r3r5©r7Ú extensionÚcriticalrrrÚ add_extensionds  ÿz OCSPRequestBuilder.add_extensioncCs(ddlm}|jdurtdƒ‚| |¡S)Nrr+z*You must add a certificate before building)r-r,r5r#Zcreate_ocsp_request)r7r,rrrÚbuildos   zOCSPRequestBuilder.build)r r rr9r?rGrHrrrrr3Ss  r3c@seZdZdd„ZdS)Ú_SingleResponsec Cst|tjƒr t|tjƒstdƒ‚t|ƒt|tjƒstdƒ‚|dur,t|tjƒs,tdƒ‚||_||_||_||_ ||_ t|t ƒsDtdƒ‚|t j urZ|durQt dƒ‚|durYt dƒ‚n$t|tjƒsdtdƒ‚t|ƒ}|tkrpt dƒ‚|dur~t|tjƒs~td ƒ‚||_||_||_dS) Nr:z%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r!rr;r<r%ÚdatetimeZ_certZ_issuerZ _algorithmZ _this_updateZ _next_updater&r'r#r rZ ReasonFlagsZ _cert_statusZ_revocation_timeZ_revocation_reason) r7r=r>r$Ú cert_statusÚ this_updateÚ next_updateÚrevocation_timeÚrevocation_reasonrrrr9ys\ ÿ  ÿ ÿ ÿÿÿ ÿ ÿÿ z_SingleResponse.__init__N)r r rr9rrrrrIxs rIc@sReZdZdddgfdd„Zdd„Zdd„Zdd „Zd d „Zd d „Ze dd„ƒZ dS)ÚOCSPResponseBuilderNcCs||_||_||_||_dSr4)Ú _responseÚ _responder_idÚ_certsr6)r7ÚresponseÚ responder_idÚcertsr8rrrr9¿s zOCSPResponseBuilder.__init__c Cs<|jdur tdƒ‚t||||||||ƒ} t| |j|j|jƒS)Nz#Only one response per OCSPResponse.)rQr#rIrPrRrSr6) r7r=r>r$rKrLrMrNrOZ singleresprrrÚ add_responseÇs$ ø üz OCSPResponseBuilder.add_responsecCsP|jdur tdƒ‚t|tjƒstdƒ‚t|tƒstdƒ‚t|j||f|j |j ƒS)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rRr#r!rr;r<r rPrQrSr6)r7ÚencodingZresponder_certrrrrUæs   ÿüz OCSPResponseBuilder.responder_idcCs\|jdur tdƒ‚t|ƒ}t|ƒdkrtdƒ‚tdd„|Dƒƒs$tdƒ‚t|j|j||j ƒS)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjƒVqdSr4)r!rr;rrrrÚ ýs€z3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rSr#ÚlistÚlenÚallr<rPrQrRr6)r7rVrrrÚ certificates÷s  üz OCSPResponseBuilder.certificatescCsLt|tjƒs tdƒ‚t |j||¡}t||jƒt|j |j |j |j|gƒSr@) r!rrAr<rBrCr r6rPrQrRrSrDrrrrGs   üz!OCSPResponseBuilder.add_extensioncCsBddlm}|jdurtdƒ‚|jdurtdƒ‚| tj|||¡S)Nrr+z&You must add a response before signingz*You must add a responder_id before signing)r-r,rQr#rRÚcreate_ocsp_responserr)r7Z private_keyr$r,rrrÚsigns    ÿzOCSPResponseBuilder.signcCs@ddlm}t|tƒstdƒ‚|tjurtdƒ‚| |ddd¡S)Nrr+z7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r-r,r!rr<rr#r^)ÚclsÚresponse_statusr,rrrÚbuild_unsuccessful s  ÿ z&OCSPResponseBuilder.build_unsuccessful) r r rr9rWrUr]rGr_Ú classmethodrbrrrrrP¾s ÿ rPc@s`eZdZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZej d d „ƒZ ejd d „ƒZ d S)Ú OCSPRequestcCódS©z3 The hash of the issuer public key Nr©r7rrrÚissuer_key_hash0ózOCSPRequest.issuer_key_hashcCre©z- The hash of the issuer name NrrgrrrÚissuer_name_hash6rizOCSPRequest.issuer_name_hashcCre©zK The hash algorithm used in the issuer name and key hashes NrrgrrrÚhash_algorithm<rizOCSPRequest.hash_algorithmcCre©zM The serial number of the cert whose status is being checked NrrgrrrÚ serial_numberBrizOCSPRequest.serial_numbercCre)z/ Serializes the request to DER Nr)r7rXrrrÚ public_bytesHrizOCSPRequest.public_bytescCre)zP The list of request extensions. Not single request extensions. Nrrgrrrr8NrizOCSPRequest.extensionsN) r r rÚabcÚabstractpropertyrhrkrmroÚabstractmethodrpr8rrrrrd.s     rdc@s$eZdZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejd d „ƒZ ejd d „ƒZ ejd d„ƒZ ejdd„ƒZ ejdd„ƒZ ejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd„ƒZejdd „ƒZejd!d"„ƒZejd#d$„ƒZejd%d&„ƒZejd'd(„ƒZd)S)*Ú OCSPResponsecCre)zm The status of the response. This is a value from the OCSPResponseStatus enumeration NrrgrrrraWrizOCSPResponse.response_statuscCre)zA The ObjectIdentifier of the signature algorithm NrrgrrrÚsignature_algorithm_oid^riz$OCSPResponse.signature_algorithm_oidcCre)zX Returns a HashAlgorithm corresponding to the type of the digest signed NrrgrrrÚsignature_hash_algorithmdriz%OCSPResponse.signature_hash_algorithmcCre)z% The signature bytes NrrgrrrÚ signaturejrizOCSPResponse.signaturecCre)z+ The tbsResponseData bytes NrrgrrrÚtbs_response_bytesprizOCSPResponse.tbs_response_bytescCre)z» A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrrgrrrr]vrizOCSPResponse.certificatescCre)z2 The responder's key hash or None NrrgrrrÚresponder_key_hash~rizOCSPResponse.responder_key_hashcCre)z. The responder's Name or None NrrgrrrÚresponder_name„rizOCSPResponse.responder_namecCre)z4 The time the response was produced NrrgrrrÚ produced_atŠrizOCSPResponse.produced_atcCre)zY The status of the certificate (an element from the OCSPCertStatus enum) NrrgrrrÚcertificate_statusrizOCSPResponse.certificate_statuscCre)z^ The date of when the certificate was revoked or None if not revoked. NrrgrrrrN–rizOCSPResponse.revocation_timecCre)zi The reason the certificate was revoked or None if not specified or not revoked. NrrgrrrrOrizOCSPResponse.revocation_reasoncCre)z The most recent time at which the status being indicated is known by the responder to have been correct NrrgrrrrL¤rizOCSPResponse.this_updatecCre)zC The time when newer information will be available NrrgrrrrM«rizOCSPResponse.next_updatecCrerfrrgrrrrh±rizOCSPResponse.issuer_key_hashcCrerjrrgrrrrk·rizOCSPResponse.issuer_name_hashcCrerlrrgrrrrm½rizOCSPResponse.hash_algorithmcCrernrrgrrrroÃrizOCSPResponse.serial_numbercCre)zR The list of response extensions. Not single response extensions. Nrrgrrrr8ÉrizOCSPResponse.extensionscCre)zR The list of single response extensions. Not response extensions. NrrgrrrÚsingle_extensionsÏrizOCSPResponse.single_extensionsN)r r rrqrrrarurvrwrxr]ryrzr{r|rNrOrLrMrhrkrmror8r}rrrrrtUsR                   rt)(Ú __future__rrrrqrJÚenumrZsixÚ cryptographyrZcryptography.hazmat.primitivesrZcryptography.x509.baserr r ZSHA1ZSHA224ZSHA256ZSHA384ZSHA512Z _OIDS_TO_HASHr rZ_RESPONSE_STATUS_TO_ENUMr"r%r&Z_CERT_STATUS_TO_ENUMr.r2Úobjectr3rIrPZ add_metaclassÚABCMetardrtrrrrÚsF   û  û %F p &