U ʹÖh›1ã@s ddlmZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZGd d „d ejƒZGd d „d ejƒZe je je je je jfZd ddœdd„ZGdd„dejƒZGdd„dƒZe jZe jZe jZGdd„dƒZGdd„dƒZ e j!Z!e j"Z"dS)é)Ú annotationsN)ÚIterable)ÚutilsÚx509)Úocsp)Úhashes)Ú CertificateIssuerPrivateKeyTypes)Ú_reject_duplicate_extensionc@seZdZdZdZdS)ÚOCSPResponderEncodingzBy HashzBy NameN)Ú__name__Ú __module__Ú __qualname__ZHASHÚNAME©rrú<./venv/lib/python3.8/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)ÚOCSPResponseStatusréééééN) r r r Ú SUCCESSFULZMALFORMED_REQUESTZINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIREDZ UNAUTHORIZEDrrrrrs rúhashes.HashAlgorithmÚNone)Ú algorithmÚreturncCst|tƒstdƒ‚dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)Ú isinstanceÚ_ALLOWED_HASHESÚ ValueError)rrrrÚ_verify_algorithm*s ÿrc@seZdZdZdZdZdS)ÚOCSPCertStatusrrrN)r r r ZGOODÚREVOKEDZUNKNOWNrrrrr 1sr c @s(eZdZdddddddddœd d „Zd S) Ú_SingleResponsez0tuple[x509.Certificate, x509.Certificate] | Noneztuple[bytes, bytes, int] | Nonerr údatetime.datetimeúdatetime.datetime | Noneúx509.ReasonFlags | None)ÚrespÚ resp_hashrÚ cert_statusÚ this_updateÚ next_updateÚrevocation_timeÚrevocation_reasonc CsÚt|ƒt|tjƒstdƒ‚|dk r8t|tjƒs8tdƒ‚||_||_||_||_||_t|t ƒshtdƒ‚|t j k r”|dk r‚t dƒ‚|dk rÄt dƒ‚n0t|tjƒs¨tdƒ‚|dk rÄt|t j ƒsÄtdƒ‚||_||_||_dS)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)rrÚdatetimeÚ TypeErrorZ_respZ _resp_hashZ _algorithmZ _this_updateZ _next_updater r!rrZ ReasonFlagsZ _cert_statusZ_revocation_timeZ_revocation_reason) Úselfr&r'rr(r)r*r+r,rrrÚ__init__8sL   ÿ ÿ ÿÿ  ÿÿz_SingleResponse.__init__N)r r r r0rrrrr"7sr"c@sreZdZddgfdddddœdd„Zd d d dd œd d „Zdddd ddœdd„Zddddœdd„Zddœdd„ZdS)ÚOCSPRequestBuilderNzFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | Nonez5tuple[bytes, bytes, int, hashes.HashAlgorithm] | Noneú(list[x509.Extension[x509.ExtensionType]]r)ÚrequestÚ request_hashÚ extensionsrcCs||_||_||_dS©N)Ú_requestÚ _request_hashÚ _extensions)r/r3r4r5rrrr0ws zOCSPRequestBuilder.__init__úx509.Certificater)ÚcertÚissuerrrcCsZ|jdk s|jdk rtdƒ‚t|ƒt|tjƒr) r^rrrr?r.r"rZr_r`r9) r/r;r<rr(r)r*r+r,Ú singleresprrrÚ add_responseØs. ÿø üz OCSPResponseBuilder.add_responserArB) rCrDrErr(r)r*r+r,rc Cs˜|jdk rtdƒ‚t|tƒs$tdƒ‚t d|¡t d|¡t|ƒ|jt |ƒks`|jt |ƒkrhtdƒ‚t d|||f|||||| ƒ} t | |j |j |jƒS)NrarFrCrDrG)r^rrrBr.rrHrrIrJr"rZr_r`r9) r/rCrDrErr(r)r*r+r,rbrrrÚadd_response_by_hashüs>    ÿ þÿø üz(OCSPResponseBuilder.add_response_by_hashr )ÚencodingÚresponder_certrcCsP|jdk rtdƒ‚t|tjƒs&tdƒ‚t|tƒs8tdƒ‚t|j||f|j |j ƒS)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) r_rrrr?r.r rZr^r`r9)r/rerfrrrr\*s   ÿüz OCSPResponseBuilder.responder_idzIterable[x509.Certificate])r]rcCs\|jdk rtdƒ‚t|ƒ}t|ƒdkr.tdƒ‚tdd„|DƒƒsHtdƒ‚t|j|j||j ƒS)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tjƒVqdSr6)rrr?)Ú.0ÚxrrrÚ Esz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) r`rÚlistrJÚallr.rZr^r_r9)r/r]rrrÚ certificates=s  üz OCSPResponseBuilder.certificatesrLrMrNcCsLt|tjƒstdƒ‚t |j||¡}t||jƒt|j |j |j |j|f•ƒSrQ) rrrRr.rSrTr r9rZr^r_r`rUrrrrWNs   üz!OCSPResponseBuilder.add_extensionrzhashes.HashAlgorithm | NoneÚ OCSPResponse)Ú private_keyrrcCs6|jdkrtdƒ‚|jdkr$tdƒ‚t tj|||¡S)Nz&You must add a response before signingz*You must add a responder_id before signing)r^rr_rÚcreate_ocsp_responserr)r/rnrrrrÚsign^s  ÿzOCSPResponseBuilder.signr)Úresponse_statusrcCs4t|tƒstdƒ‚|tjkr$tdƒ‚t |ddd¡S)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rrr.rrrro)ÚclsrqrrrÚbuild_unsuccessfulls ÿ z&OCSPResponseBuilder.build_unsuccessful) r r r r0rcrdr\rlrWrpÚ classmethodrsrrrrrZÊsú $ .rZ)#Z __future__rr-Zcollections.abcrZ cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baser ÚEnumr rZSHA1ZSHA224ZSHA256ZSHA384ZSHA512rrr r"rXrmZOCSPSingleResponser1rZZload_der_ocsp_requestZload_der_ocsp_responserrrrÚs4       û :T1