a ϏPfF@sDddlmZddlZddlZddlZddlmZmZddlm Z ddl m Z m Z ddl mZddlmZmZmZGdd d ejZGd d d ejZe je je je je jfZd d dddZGdddejZGdddZGdddejdZ GdddejdZ!GdddejdZ"GdddZ#GdddZ$e j%Z%e j&Z&dS) ) annotationsN)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrW/var/www/html/python-backend/venv/lib/python3.9/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r rr SUCCESSFULZMALFORMED_REQUESTINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIRED UNAUTHORIZEDrrrrrs rhashes.HashAlgorithmNone) algorithmreturncCst|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm/s r$c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r rrZGOODREVOKEDUNKNOWNrrrrr%6sr%c @s(eZdZddddddddddd Zd S) _SingleResponsex509.Certificaterr%datetime.datetimedatetime.datetime | Nonex509.ReasonFlags | None)certissuerr cert_status this_update next_updaterevocation_timerevocation_reasonc Cst|tjrt|tjs tdt|t|tjsrr?rrrr@sz"OCSPSingleResponse.issuer_key_hashcCsdSrArr?rrrrBsz#OCSPSingleResponse.issuer_name_hashrcCsdSrCrr?rrrrDsz!OCSPSingleResponse.hash_algorithmrEcCsdSrFrr?rrrrGsz OCSPSingleResponse.serial_numberN)r rrrOrPrQrUr2r3r0r1r@rBrDrGrrrrrSs6rSc@seZdZeejddddZeejddddZeejddd d Zeejd dd d Z eejddddZ eejddddZ eejddddZ eejddddZ eejddddZeejddddZeejddd d!Zeejd"dd#d$Zeejd%dd&d'Zeejddd(d)Zeejd"dd*d+Zeejddd,d-Zeejddd.d/Zeejd0dd1d2Zeejd3dd4d5Zeejd6dd7d8Zeejd6dd9d:Zejd;dd<d=d>Zd?S)@ OCSPResponsez#typing.Iterator[OCSPSingleResponse]r=cCsdS)z_ An iterator over the individual SINGLERESP structures in the response Nrr?rrr responsesszOCSPResponse.responsesrcCsdS)zm The status of the response. This is a value from the OCSPResponseStatus enumeration Nrr?rrrresponse_statusszOCSPResponse.response_statuszx509.ObjectIdentifiercCsdS)zA The ObjectIdentifier of the signature algorithm Nrr?rrrsignature_algorithm_oidsz$OCSPResponse.signature_algorithm_oidhashes.HashAlgorithm | NonecCsdS)zX Returns a HashAlgorithm corresponding to the type of the digest signed Nrr?rrrsignature_hash_algorithm sz%OCSPResponse.signature_hash_algorithmr<cCsdS)z% The signature bytes Nrr?rrr signatureszOCSPResponse.signaturecCsdS)z+ The tbsResponseData bytes Nrr?rrrtbs_response_bytesszOCSPResponse.tbs_response_byteszlist[x509.Certificate]cCsdS)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. Nrr?rrr certificates szOCSPResponse.certificatesz bytes | NonecCsdS)z2 The responder's key hash or None Nrr?rrrresponder_key_hash)szOCSPResponse.responder_key_hashzx509.Name | NonecCsdS)z. The responder's Name or None Nrr?rrrresponder_name0szOCSPResponse.responder_namer*cCsdS)z4 The time the response was produced Nrr?rrr produced_at7szOCSPResponse.produced_atr%cCsdSrTrr?rrrrU>szOCSPResponse.certificate_statusr+cCsdSrVrr?rrrr2EszOCSPResponse.revocation_timer,cCsdSrWrr?rrrr3MszOCSPResponse.revocation_reasoncCsdSrXrr?rrrr0UszOCSPResponse.this_updatecCsdSrYrr?rrrr1]szOCSPResponse.next_updatecCsdSr>rr?rrrr@dszOCSPResponse.issuer_key_hashcCsdSrArr?rrrrBkszOCSPResponse.issuer_name_hashrcCsdSrCrr?rrrrDrszOCSPResponse.hash_algorithmrEcCsdSrFrr?rrrrGyszOCSPResponse.serial_numberrMcCsdS)zR The list of response extensions. Not single response extensions. Nrr?rrrrNszOCSPResponse.extensionscCsdS)zR The list of single response extensions. Not response extensions. Nrr?rrrsingle_extensionsszOCSPResponse.single_extensionsrHrIcCsdS)z0 Serializes the response to DER NrrKrrrrLszOCSPResponse.public_bytesN)r rrrOrPrQr[r\r]r_r`rarbrcrdrerUr2r3r0r1r@rBrDrGrNrfrLrrrrrZsrZc@sreZdZddgfdddddddZd d d dd d d Zdddd ddddZddddddZddddZdS)OCSPRequestBuilderNzFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | Nonez5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None(list[x509.Extension[x509.ExtensionType]]r)request request_hashrNr cCs||_||_||_dSN)_request _request_hash _extensions)r9rirjrNrrrr:s zOCSPRequestBuilder.__init__r)r)r-r.rr cCsZ|jdus|jdurtdt|t|tjr1z3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rr#listrsallr6rrrrn)r9rrrrrb)s  z OCSPResponseBuilder.certificatesrurvrwcCsNt|tjstdt|j||}t||jt|j |j |j g|j|Srz) r!rr{r6r|r}r rnrrrrr~rrrr:s   z!OCSPResponseBuilder.add_extensionrr^rZ) private_keyrr cCs6|jdurtd|jdur$tdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rr#rrcreate_ocsp_responserr)r9rrrrrsignJs   zOCSPResponseBuilder.signr)r\r cCs4t|tstd|tjur$tdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r!rr6rr#rr)clsr\rrrbuild_unsuccessfulXs  z&OCSPResponseBuilder.build_unsuccessful) r rrr:rrrbrr classmethodrrrrrrs r)' __future__rrPr7typingZ cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baser r r Enumr rSHA1SHA224SHA256SHA384SHA512r"r$r%r(ABCMetar;rSrZrgrZload_der_ocsp_requestZload_der_ocsp_responserrrrs6     F+D%T}