o  `6@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d Zd d Zd dZddZ ddZ!e"eGddde#Z$e"eGddde#Z%dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_CRL_ENTRY_REASON_CODE_TO_ENUM_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate) serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcstfdd}|S)Ncs$|jtjkr td|g|RS)NzCOCSP response status is not successful so the property has no value)response_statusr SUCCESSFUL ValueError)selfargsfunchome/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/hazmat/backends/openssl/ocsp.pywrapper!s z._requires_successful_response..wrapper) functoolswraps)rr rrr_requires_successful_response s r#cCs^|jd}|j|jj|jj||jj|}||dk||d|jjkt||dSNASN1_OCTET_STRING **r_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr )backendcert_idZkey_hashresrrr_issuer_key_hash.s r1cCs^|jd}|j||jj|jj|jj|}||dk||d|jjkt||dSr$r')r.r/Z name_hashr0rrr_issuer_name_hash<s r2cCs^|jd}|j|jj|jj|jj||}||dk||d|jjkt||dS)NzASN1_INTEGER **r&r)r(r)r*r+r,r-r )r.r/numr0rrr_serial_numberJs r4cCs|jd}|j|jj||jj|jj|}||dk||d|jjkt||d}zt|WStyBt d |w)NzASN1_OBJECT **r&rz*Signature algorithm OID: {} not recognized) r(r)r*r+r,r-r rKeyErrorrformat)r.r/Zasn1objr0oidrrr_hash_algorithmTs$   r8c@sbeZdZddZedZeeddZ eeddZ eedd Z eed d Z eed d Z eeddZeeddZddZeeddZeeddZeeddZeeddZeeddZeeddZeed d!Zeed"d#Zeed$d%Zeed&d'Zejed(d)Zejed*d+Zd,d-Zd.S)/ _OCSPResponsecCs||_||_|jj|j}|j|tvt||_|jtjur|jj |j}|j||jj j k|jj ||jjj |_|jj|j}|dkrStd||jj|jd|_|j|j|jj j k|jj|j|_|j|j|jj j kdSdS)Nr&zhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)_backend_ocsp_responser*ZOCSP_response_statusr-r_statusrrZOCSP_response_get1_basicr(r,gcZOCSP_BASICRESP_free_basicZOCSP_resp_countrr6ZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)rr.Z ocsp_responsestatusZbasicZnum_resprrr__init__js<   z_OCSPResponse.__init__r<cCs>|jj|j}|j||jjjkt|j|j}t |SN) r:r*ZOCSP_resp_get0_tbs_sigalgr>r-r(r,r algorithmrZObjectIdentifier)rZalgr7rrrsignature_algorithm_oids z%_OCSPResponse.signature_algorithm_oidcCs0|j}ztj|WStytd|w)Nz)Signature algorithm OID:{} not recognized)rErZ_SIG_OIDS_TO_HASHr5rr6)rr7rrrsignature_hash_algorithms  z&_OCSPResponse.signature_hash_algorithmcCs2|jj|j}|j||jjjkt|j|SrC)r:r*ZOCSP_resp_get0_signaturer>r-r(r,r )rsigrrr signatures z_OCSPResponse.signaturecsjjj}j|jjjkjjd}jj||}j|djjjkjj |fdd}j|dkjj |d|ddS)Nzunsigned char **rcsjj|dS)Nr)r:r*Z OPENSSL_free)pointerrrrsz2_OCSPResponse.tbs_response_bytes..) r:r*ZOCSP_resp_get0_respdatar>r-r(r,r)Zi2d_OCSP_RESPDATAr=buffer)rZrespdatappr0rrJrtbs_response_bytess z _OCSPResponse.tbs_response_bytescCsv|jj|j}|jj|}g}t|D]#}|jj||}|j||jjj kt |j|}||_ | |q|SrC) r:r*ZOCSP_resp_get0_certsr>Z sk_X509_numrangeZ sk_X509_valuer-r(r,rZ _ocsp_respappend)rZsk_x509r3ZcertsirZcertrrr certificatess   z_OCSPResponse.certificatescCs*|\}}||jjjkrdSt|j|SrC)_responder_key_namer:r(r,r )r_ asn1_stringrrrresponder_key_hash  z _OCSPResponse.responder_key_hashcCs*|\}}||jjjkrdSt|j|SrC)rSr:r(r,r )r x509_namerTrrrresponder_namerWz_OCSPResponse.responder_namecCsP|jjd}|jjd}|jj|j||}|j|dk|d|dfS)Nr%z X509_NAME **r&r)r:r(r)r*ZOCSP_resp_get0_idr>r-)rrUrXr0rrrrSsz!_OCSPResponse._responder_key_namecCs|jj|j}t|j|SrC)r:r*ZOCSP_resp_get0_produced_atr>r )r produced_atrrrrZs z_OCSPResponse.produced_atcCsH|jj|j|jjj|jjj|jjj|jjj}|j|tvt|SrC)r:r*OCSP_single_get0_statusr?r(r,r-r)rrArrrcertificate_statussz _OCSPResponse.certificate_statuscCsr|jtjurdS|jjd}|jj|j|jjj ||jjj |jjj |j |d|jjj kt |j|dSNzASN1_GENERALIZEDTIME **r) r\rREVOKEDr:r(r)r*r[r?r,r-r rZ asn1_timerrrrevocation_times z_OCSPResponse.revocation_timecCsx|jtjurdS|jjd}|jj|j||jjj |jjj |jjj |ddkr,dS|j |dt vt |dS)Nzint *r) r\rr^r:r(r)r*r[r?r,r-r)rZ reason_ptrrrrrevocation_reasons    z_OCSPResponse.revocation_reasoncCsb|jjd}|jj|j|jjj|jjj||jjj|j|d|jjjkt|j|dSr]) r:r(r)r*r[r?r,r-r r_rrr this_updatesz_OCSPResponse.this_updatecCs^|jjd}|jj|j|jjj|jjj|jjj||d|jjjkr-t|j|dSdSr])r:r(r)r*r[r?r,r r_rrr next_update,sz_OCSPResponse.next_updatecCt|j|jSrCr1r:r@rJrrrissuer_key_hash<z_OCSPResponse.issuer_key_hashcCrerCr2r:r@rJrrrissuer_name_hashArhz_OCSPResponse.issuer_name_hashcCrerCr8r:r@rJrrrhash_algorithmFrhz_OCSPResponse.hash_algorithmcCrerCr4r:r@rJrrr serial_numberKrhz_OCSPResponse.serial_numbercC|jj|jSrC)r:Z_ocsp_basicresp_ext_parserparser>rJrrr extensionsPz_OCSPResponse.extensionscCrorC)r:Z_ocsp_singleresp_ext_parserrpr?rJrrrsingle_extensionsUrrz_OCSPResponse.single_extensionscCL|tjjur td|j}|jj||j}|j |dk|j |SNz/The only allowed encoding value is Encoding.DERr) rEncodingDERrr:_create_mem_bio_gcr*Zi2d_OCSP_RESPONSE_bior;r- _read_mem_biorencodingbior0rrr public_bytesZs   z_OCSPResponse.public_bytesN)__name__ __module__ __qualname__rBrZread_only_propertyrpropertyr#rErFrHrNrRrVrYrSrZr\r`rbrcrdrgrjrlrncached_propertyrqrsr}rrrrr9hs|                          r9c@sZeZdZddZeddZeddZeddZed d Ze j d d Z d dZ dS) _OCSPRequestcCs~|j|dkr td||_||_|jj|jd|_|j|j|jjj k|jj |j|_ |j|j |jjj kdS)Nr&z+OCSP request contains more than one requestr) r*ZOCSP_request_onereq_countNotImplementedErrorr: _ocsp_requestZOCSP_request_onereq_get0Z_requestr-r(r,ZOCSP_onereq_get0_idr@)rr.Z ocsp_requestrrrrBhsz_OCSPRequest.__init__cCrerCrfrJrrrrgvz_OCSPRequest.issuer_key_hashcCrerCrirJrrrrjzrz_OCSPRequest.issuer_name_hashcCrerCrmrJrrrrn~rz_OCSPRequest.serial_numbercCrerCrkrJrrrrlrz_OCSPRequest.hash_algorithmcCrorC)r:Z_ocsp_req_ext_parserrprrJrrrrqsz_OCSPRequest.extensionscCrtru) rrvrwrr:rxr*Zi2d_OCSP_REQUEST_biorr-ryrzrrrr}s   z_OCSPRequest.public_bytesN) r~rrrBrrgrjrnrlrrrqr}rrrrrfs      r)& __future__rrrr! cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r Z)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr#r1r2r4r8Zregister_interfaceobjectr9rrrrrs$    $  ~