£Á°èZ¨Ä…–K§‚«“ô4“ÒÙ´dîfUÙÃÅ WKbyʦ•êŽ…È®FÒ¿ÊÎóCozá¬S@6{Í:›œêZÌ:Š•_%:¢¾¾~;‘Ã~芩ÊǍí`ÔÑ©ú뙵'5I¿fš×WO%ø9¾«¾DK|€ùÍD”Ýs]nHÕ¶êםӼ㞪éUWŸÈË%DÒÕ¬ï‘]/Åcx ‰ï2ß]ä6G[]S£Ôϯrs{úëóµmÒï#UQxo·õÞCe]"±/aÙ&Eã4ú9Jé_ÞåëdãöKë)AÞ ¯¹ægƒÛowЍø^d™ý½ßB7áyMä9ÜÖUã !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 3 l_6@sddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d Zd d Zd dZddZ ddZ!ej"eGddde#Z$ej"eGddde#Z%dS))absolute_importdivisionprint_functionN)utilsx509)UnsupportedAlgorithm)_CRL_ENTRY_REASON_CODE_TO_ENUM_asn1_integer_to_int_asn1_string_to_bytes_decode_x509_name_obj2txt_parse_asn1_generalized_time) _Certificate) serialization)OCSPCertStatus OCSPRequest OCSPResponseOCSPResponseStatus_CERT_STATUS_TO_ENUM _OIDS_TO_HASH_RESPONSE_STATUS_TO_ENUMcstjfdd}|S)Ncs(|jtjkrtdn|f|SdS)NzCOCSP response status is not successful so the property has no value)response_statusr SUCCESSFUL ValueError)selfargs)func/usr/lib64/python3.6/ocsp.pywrapper!s z._requires_successful_response..wrapper) functoolswraps)rrr)rr_requires_successful_response s r"cCs^|jjd}|jj|jj|jj||jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r)_ffinew_libOCSP_id_get0_infoNULLopenssl_assertr )backendcert_idZkey_hashresrrr_issuer_key_hash.s r-cCs^|jjd}|jj||jj|jj|jj|}|j|dk|j|d|jjkt||dS)NzASN1_OCTET_STRING **r#r)r$r%r&r'r(r)r )r*r+Z name_hashr,rrr_issuer_name_hash<s r.cCs^|jjd}|jj|jj|jj|jj||}|j|dk|j|d|jjkt||dS)NzASN1_INTEGER **r#r)r$r%r&r'r(r)r )r*r+numr,rrr_serial_numberJs  r0c Cs|jjd}|jj|jj||jj|jj|}|j|dk|j|d|jjkt||d}yt|Stk rt dj |YnXdS)NzASN1_OBJECT **r#rz*Signature algorithm OID: {} not recognized) r$r%r&r'r(r)r rKeyErrorrformat)r*r+Zasn1objr,oidrrr_hash_algorithmTs r4c@sbeZdZddZejdZeeddZ eeddZ eedd Z eed d Z eed d Z eeddZeeddZddZeeddZeeddZeeddZeeddZeeddZeeddZeed d!Zeed"d#Zeed$d%Zeed&d'Zejed(d)Zejed*d+Zd,d-Zd.S)/ _OCSPResponsecCs||_||_|jjj|j}|jj|tkt||_|jtjkr|jjj |j}|jj||jj j k|jj j ||jjj |_|jjj|j}|dkrtdj||jjj|jd|_|jj|j|jj j k|jjj|j|_|jj|j|jj j kdS)Nr#zhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)_backend_ocsp_responser&ZOCSP_response_statusr)r_statusrrZOCSP_response_get1_basicr$r(gcZOCSP_BASICRESP_free_basicZOCSP_resp_countrr2ZOCSP_resp_get0_singleZOCSP_SINGLERESP_get0_id_cert_id)rr*Z ocsp_responsestatusZbasicZnum_resprrr__init__js.   z_OCSPResponse.__init__r8cCs>|jjj|j}|jj||jjjkt|j|j}t j |S)N) r6r&ZOCSP_resp_get0_tbs_sigalgr:r)r$r(r algorithmrZObjectIdentifier)rZalgr3rrrsignature_algorithm_oidsz%_OCSPResponse.signature_algorithm_oidc Cs8|j}y tj|Stk r2tdj|YnXdS)Nz)Signature algorithm OID:{} not recognized)r@rZ_SIG_OIDS_TO_HASHr1rr2)rr3rrrsignature_hash_algorithms  z&_OCSPResponse.signature_hash_algorithmcCs2|jjj|j}|jj||jjjkt|j|S)N)r6r&ZOCSP_resp_get0_signaturer:r)r$r(r )rZsigrrr signaturesz_OCSPResponse.signaturecsjjjj}jj|jjjkjjjd}jjj||}jj|djjjkjjj |fdd}jj|dkjjj |d|ddS)Nzunsigned char **rcsjjj|dS)Nr)r6r&Z OPENSSL_free)Zpointer)rrrsz2_OCSPResponse.tbs_response_bytes..) r6r&ZOCSP_resp_get0_respdatar:r)r$r(r%Zi2d_OCSP_RESPDATAr9buffer)rZrespdataZppr,r)rrtbs_response_bytessz _OCSPResponse.tbs_response_bytescCsz|jjj|j}|jjj|}g}xRt|D]F}|jjj||}|jj||jjj kt |j|}||_ |j |q,W|S)N) r6r&ZOCSP_resp_get0_certsr:Z sk_X509_numrangeZ sk_X509_valuer)r$r(rZ _ocsp_respappend)rZsk_x509r/ZcertsirZcertrrr certificatess z_OCSPResponse.certificatescCs.|j\}}||jjjkrdSt|j|SdS)N)_responder_key_namer6r$r(r )r_ asn1_stringrrrresponder_key_hashs z _OCSPResponse.responder_key_hashcCs.|j\}}||jjjkrdSt|j|SdS)N)rJr6r$r(r )r x509_namerKrrrresponder_names z_OCSPResponse.responder_namecCsP|jjjd}|jjjd}|jjj|j||}|jj|dk|d|dfS)NzASN1_OCTET_STRING **z X509_NAME **r#r)r6r$r%r&ZOCSP_resp_get0_idr:r))rrLrNr,rrrrJs  z!_OCSPResponse._responder_key_namecCs|jjj|j}t|j|S)N)r6r&ZOCSP_resp_get0_produced_atr:r )r produced_atrrrrPsz_OCSPResponse.produced_atcCsH|jjj|j|jjj|jjj|jjj|jjj}|jj|tkt|S)N)r6r&OCSP_single_get0_statusr;r$r(r)r)rr=rrrcertificate_statuss z _OCSPResponse.certificate_statuscCsr|jtjk rdS|jjjd}|jjj|j|jjj ||jjj |jjj |jj |d|jjj kt |j|dS)NzASN1_GENERALIZEDTIME **r) rRrREVOKEDr6r$r%r&rQr;r(r)r )r asn1_timerrrrevocation_times  z_OCSPResponse.revocation_timecCs||jtjk rdS|jjjd}|jjj|j||jjj |jjj |jjj |ddkrXdS|jj |dt kt |dSdS)Nzint *rr#) rRrrSr6r$r%r&rQr;r(r)r)rZ reason_ptrrrrrevocation_reasons   z_OCSPResponse.revocation_reasoncCsb|jjjd}|jjj|j|jjj|jjj||jjj|jj|d|jjjkt|j|dS)NzASN1_GENERALIZEDTIME **r) r6r$r%r&rQr;r(r)r )rrTrrr this_updates z_OCSPResponse.this_updatecCsb|jjjd}|jjj|j|jjj|jjj|jjj||d|jjjkrZt|j|dSdSdS)NzASN1_GENERALIZEDTIME **r)r6r$r%r&rQr;r(r )rrTrrr next_update,sz_OCSPResponse.next_updatecCst|j|jS)N)r-r6r<)rrrrissuer_key_hash<sz_OCSPResponse.issuer_key_hashcCst|j|jS)N)r.r6r<)rrrrissuer_name_hashAsz_OCSPResponse.issuer_name_hashcCst|j|jS)N)r4r6r<)rrrrhash_algorithmFsz_OCSPResponse.hash_algorithmcCst|j|jS)N)r0r6r<)rrrr serial_numberKsz_OCSPResponse.serial_numbercCs|jjj|jS)N)r6Z_ocsp_basicresp_ext_parserparser:)rrrr extensionsPsz_OCSPResponse.extensionscCs|jjj|jS)N)r6Z_ocsp_singleresp_ext_parserr^r;)rrrrsingle_extensionsUsz_OCSPResponse.single_extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rEncodingDERrr6_create_mem_bio_gcr&Zi2d_OCSP_RESPONSE_bior7r) _read_mem_bio)rencodingbior,rrr public_bytesZs   z_OCSPResponse.public_bytesN)__name__ __module__ __qualname__r>rZread_only_propertyrpropertyr"r@rArBrErIrMrOrJrPrRrUrWrXrYrZr[r\r]cached_propertyr_r`rgrrrrr5hsT      r5c@sZeZdZddZeddZeddZeddZed d Ze j d d Z d dZ dS) _OCSPRequestcCs~|jj|dkrtd||_||_|jjj|jd|_|jj|j|jjj k|jjj |j|_ |jj|j |jjj kdS)Nr#z+OCSP request contains more than one requestr) r&ZOCSP_request_onereq_countNotImplementedErrorr6 _ocsp_requestZOCSP_request_onereq_get0Z_requestr)r$r(ZOCSP_onereq_get0_idr<)rr*Z ocsp_requestrrrr>hs z_OCSPRequest.__init__cCst|j|jS)N)r-r6r<)rrrrrZvsz_OCSPRequest.issuer_key_hashcCst|j|jS)N)r.r6r<)rrrrr[zsz_OCSPRequest.issuer_name_hashcCst|j|jS)N)r0r6r<)rrrrr]~sz_OCSPRequest.serial_numbercCst|j|jS)N)r4r6r<)rrrrr\sz_OCSPRequest.hash_algorithmcCs|jjj|jS)N)r6Z_ocsp_req_ext_parserr^ro)rrrrr_sz_OCSPRequest.extensionscCsL|tjjk rtd|jj}|jjj||j}|jj |dk|jj |S)Nz/The only allowed encoding value is Encoding.DERr) rrarbrr6rcr&Zi2d_OCSP_REQUEST_bioror)rd)rrerfr,rrrrgs   z_OCSPRequest.public_bytesN) rhrirjr>rkrZr[r]r\rrlr_rgrrrrrmfs    rm)&Z __future__rrrr Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r Z)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr"r-r.r0r4Zregister_interfaceobjectr5rmrrrrs"    $  ~