U e]V5@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d Zd d Z d dZ!ddZ"ddZ#e$eGddde%Z&e$eGddde%Z'dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_CRL_ENTRY_REASON_CODE_TO_ENUM_OCSP_BASICRESP_EXT_PARSER_OCSP_REQ_EXT_PARSER_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate) serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcstfdd}|S)Ncs(|jtjkrtdn|f|SdS)NzCOCSP response status is not successful so the property has no value)response_statusr SUCCESSFUL ValueError)selfargsfuncK/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl/ocsp.pywrappers  z._requires_successful_response..wrapper) functoolswraps)rr"r rr!_requires_successful_responses r%cCs^|jd}|j|jj|jj||jj|}||dk||d|jjkt||dSNASN1_OCTET_STRING **r_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr )backendcert_idZkey_hashresr r r!_issuer_key_hash's r3cCs^|jd}|j||jj|jj|jj|}||dk||d|jjkt||dSr&r))r0r1Z name_hashr2r r r!_issuer_name_hash2s r4cCs^|jd}|j|jj|jj|jj||}||dk||d|jjkt||dS)NzASN1_INTEGER **r(r)r*r+r,r-r.r/r )r0r1numr2r r r!_serial_number=s r6cCs|jd}|j|jj||jj|jj|}||dk||d|jjkt||d}z t|WStk rt d |YnXdS)NzASN1_OBJECT **r(rz*Signature algorithm OID: {} not recognized) r*r+r,r-r.r/rrKeyErrorrformat)r0r1Zasn1objr2oidr r r!_hash_algorithmHs"  r:c@sPeZdZddZedZeeddZ eeddZ eedd Z eed d Z eed d Z eeddZeeddZddZeeddZeeddZeeddZeeddZeeddZeeddZeed d!Zeed"d#Zeed$d%Zeed&d'Zejed(d)Zd*d+Zd,S)- _OCSPResponsecCs||_||_|jj|j}|j|tkt||_|jtjkr|jj |j}|j||jj j k|jj ||jjj |_|j|jj|jdk|jj|jd|_|j|j|jj j k|jj|j|_|j|j|jj j kdS)Nr(r)_backend_ocsp_responser,ZOCSP_response_statusr/r_statusrrZOCSP_response_get1_basicr*r.gcZOCSP_BASICRESP_free_basicZOCSP_resp_countZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)rr0Z ocsp_responsestatusZbasicr r r!__init__[s6  z_OCSPResponse.__init__r>cCs>|jj|j}|j||jjjkt|j|j}t |SN) r<r,ZOCSP_resp_get0_tbs_sigalgr@r/r*r.r algorithmrZObjectIdentifier)rZalgr9r r r!signature_algorithm_oidysz%_OCSPResponse.signature_algorithm_oidcCs:|j}z tj|WStk r4td|YnXdS)Nz)Signature algorithm OID:{} not recognized)rGrZ_SIG_OIDS_TO_HASHr7rr8)rr9r r r!signature_hash_algorithms z&_OCSPResponse.signature_hash_algorithmcCs2|jj|j}|j||jjjkt|j|SrE)r<r,ZOCSP_resp_get0_signaturer@r/r*r.r )rZsigr r r! signaturesz_OCSPResponse.signaturecsjjj}j|jjjkjjd}jj||}j|djjjkjj |fdd}j|dkjj |d|ddS)Nzunsigned char **rcsjj|dS)Nr)r<r,Z OPENSSL_free)Zpointerrr r!z2_OCSPResponse.tbs_response_bytes..) r<r,ZOCSP_resp_get0_respdatar@r/r*r.r+Zi2d_OCSP_RESPDATAr?buffer)rZrespdataZppr2r rJr!tbs_response_bytess z _OCSPResponse.tbs_response_bytescCsv|jj|j}|jj|}g}t|D]F}|jj||}|j||jjj kt |j|}||_ | |q*|SrE) r<r,ZOCSP_resp_get0_certsr@Z sk_X509_numrangeZ sk_X509_valuer/r*r.rZ _ocsp_respappend)rZsk_x509r5ZcertsirZcertr r r! certificatess   z_OCSPResponse.certificatescCs.|\}}||jjjkrdSt|j|SdSrE)_responder_key_namer<r*r.r )r_ asn1_stringr r r!responder_key_hashs z _OCSPResponse.responder_key_hashcCs.|\}}||jjjkrdSt|j|SdSrE)rSr<r*r.r )r x509_namerTr r r!responder_names z_OCSPResponse.responder_namecCsP|jjd}|jjd}|jj|j||}|j|dk|d|dfS)Nr'z X509_NAME **r(r)r<r*r+r,ZOCSP_resp_get0_idr@r/)rrUrWr2r r r!rSsz!_OCSPResponse._responder_key_namecCs|jj|j}t|j|SrE)r<r,ZOCSP_resp_get0_produced_atr@r)r produced_atr r r!rYsz_OCSPResponse.produced_atcCsH|jj|j|jjj|jjj|jjj|jjj}|j|tkt|SrE)r<r,OCSP_single_get0_statusrAr*r.r/r)rrCr r r!certificate_statussz _OCSPResponse.certificate_statuscCsr|jtjk rdS|jjd}|jj|j|jjj ||jjj |jjj |j |d|jjj kt |j|dSNzASN1_GENERALIZEDTIME **r) r[rREVOKEDr<r*r+r,rZrAr.r/rrZ asn1_timer r r!revocation_times z_OCSPResponse.revocation_timecCs||jtjk rdS|jjd}|jj|j||jjj |jjj |jjj |ddkrXdS|j |dt kt |dSdS)Nzint *r) r[rr]r<r*r+r,rZrAr.r/r)rZ reason_ptrr r r!revocation_reasons    z_OCSPResponse.revocation_reasoncCsb|jjd}|jj|j|jjj|jjj||jjj|j|d|jjjkt|j|dSr\) r<r*r+r,rZrAr.r/rr^r r r! this_update sz_OCSPResponse.this_updatecCsb|jjd}|jj|j|jjj|jjj|jjj||d|jjjkrZt|j|dSdSdSr\)r<r*r+r,rZrAr.rr^r r r! next_updatesz_OCSPResponse.next_updatecCst|j|jSrEr3r<rBrJr r r!issuer_key_hash)sz_OCSPResponse.issuer_key_hashcCst|j|jSrEr4r<rBrJr r r!issuer_name_hash.sz_OCSPResponse.issuer_name_hashcCst|j|jSrEr:r<rBrJr r r!hash_algorithm3sz_OCSPResponse.hash_algorithmcCst|j|jSrEr6r<rBrJr r r! serial_number8sz_OCSPResponse.serial_numbercCst|j|jSrE)r parser<r@rJr r r! extensions=sz_OCSPResponse.extensionscCsL|tjjk rtd|j}|jj||j}|j |dk|j |SNz/The only allowed encoding value is Encoding.DERr) rEncodingDERrr<_create_mem_bio_gcr,Zi2d_OCSP_RESPONSE_bior=r/ _read_mem_biorencodingZbior2r r r! public_bytesBs  z_OCSPResponse.public_bytesN)__name__ __module__ __qualname__rDrZread_only_propertyrpropertyr%rGrHrIrNrRrVrXrSrYr[r_rarbrcrergrirkcached_propertyrmrur r r r!r;Yst                    r;c@sZeZdZddZeddZeddZeddZed d Ze j d d Z d dZ dS) _OCSPRequestcCs~|j|dkrtd||_||_|jj|jd|_|j|j|jjj k|jj |j|_ |j|j |jjj kdS)Nr(z+OCSP request contains more than one requestr) r,ZOCSP_request_onereq_countNotImplementedErrorr< _ocsp_requestZOCSP_request_onereq_get0Z_requestr/r*r.ZOCSP_onereq_get0_idrB)rr0Z ocsp_requestr r r!rDRsz_OCSPRequest.__init__cCst|j|jSrErdrJr r r!re`sz_OCSPRequest.issuer_key_hashcCst|j|jSrErfrJr r r!rgdsz_OCSPRequest.issuer_name_hashcCst|j|jSrErjrJr r r!rkhsz_OCSPRequest.serial_numbercCst|j|jSrErhrJr r r!rilsz_OCSPRequest.hash_algorithmcCst|j|jSrE)r rlr<r}rJr r r!rmpsz_OCSPRequest.extensionscCsL|tjjk rtd|j}|jj||j}|j |dk|j |Srn) rrorprr<rqr,Zi2d_OCSP_REQUEST_bior}r/rrrsr r r!ruts  z_OCSPRequest.public_bytesN) rvrwrxrDryrergrkrirrzrmrur r r r!r{Ps     r{)(Z __future__rrrr#Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r rrZ)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr%r3r4r6r:Zregister_interfaceobjectr;r{r r r r!s" (  $   w