>wg>dZddlmZmZmZmZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZmZmZmZmZGdd e ZGd d eZGd d eZGddeZGddeZ Gdde Z!GddeZ"GddeZ#GddeZ$GddeZ%GddeZ&GddeZ'Gd d!eZ(y)"z ASN.1 type classes for certificate revocation lists (CRL). Exports the following items: - CertificateList() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_functionN)SignedDigestAlgorithm) Boolean EnumeratedGeneralizedTimeIntegerObjectIdentifierOctetBitStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntaxAuthorityKeyIdentifierCRLDistributionPointsDistributionPointName GeneralNamesName ReasonFlagsTimeceZdZddddZy)Versionv1v2v3)rrN__name__ __module__ __qualname___mapE/var/www/horilla/myenv/lib/python3.12/site-packages/asn1crypto/crl.pyrr+s    Dr&rc deZdZdedddfdedddfd ed ddfd ed dd fdedddfdedddfgZy)IssuingDistributionPointdistribution_pointrTexplicitoptionalonly_contains_user_certsrF)implicitdefaultonly_contains_ca_certsronly_some_reasons)r/r- indirect_crlonly_contains_attribute_certsN)r!r"r#rr r_fieldsr%r&r'r)r)3se 41RV6WX #W1.OP !7u,MN kt+LM qU"CD ('e3TU Gr&r)c eZdZddddddddZy ) TBSCertListExtensionIdissuer_alt_name crl_numberdelta_crl_indicatorissuing_distribution_pointauthority_key_identifier freshest_crlauthority_information_access)z 2.5.29.18z 2.5.29.20z 2.5.29.27z 2.5.29.28z 2.5.29.35z 2.5.29.46z1.3.6.1.5.5.7.1.1Nr r%r&r'r:r:>s&!*1/#; Dr&r:c@eZdZdefdeddifdefgZdZee e e e e e dZy) TBSCertListExtensionextn_idcriticalr0F extn_valuerDrF)r;r<r=r>r?r@rAN)r!r"r#r:r rr8 _oid_pairrr r)rrr _oid_specsr%r&r'rCrCJsM *+ Wy%01 *+G *I'&&>$:-(AJr&rCceZdZeZy)TBSCertListExtensionsN)r!r"r#rC _child_specr%r&r'rKrK]s&Kr&rKc 6eZdZddddddddd d d Zed Zy ) CRLReason unspecifiedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdremove_from_crlprivilege_withdrawn aa_compromise) rrrr3r5r7 c 6ddddddddd d d |jS) a :return: A unicode string with revocation description that is suitable to show to end-users. Starts with a lower case letter and phrased in such a way that it makes sense after the phrase "because of" or "due to". zan unspecified reasonza compromised keyzthe CA being compromisedzan affiliation changezcertificate supersessionza cessation of operationza certificate holdzremoval from the CRLzprivilege withdrawlzthe AA being compromised) rOrPrQrRrSrTrUrVrWrXnativeselfs r'human_friendlyzCRLReason.human_friendlyos:317#:4&@ 45#87   ++  r&N)r!r"r#r$propertyrbr%r&r'rNrNas;     #    Dr&rNceZdZdddddZy)CRLEntryExtensionId crl_reasonhold_instruction_codeinvalidity_datecertificate_issuer)z 2.5.29.21z 2.5.29.23z 2.5.29.24z 2.5.29.29Nr r%r&r'reres!,&)  Dr&rec:eZdZdefdeddifdefgZdZee e e dZ y) CRLEntryExtensionrDrEr0FrFrG)rfrgrhriN) r!r"r#rer rr8rHrNr r rrIr%r&r'rkrksD '( Wy%01 *+G *I!1** Jr&rkceZdZeZy)CRLEntryExtensionsN)r!r"r#rkrLr%r&r'rmrms#Kr&rmceZdZdefdefdeddifgZdZdZdZ dZ dZ dZ dZ ed Zed Zed Zed Zed Zy)RevokedCertificateuser_certificaterevocation_datecrl_entry_extensionsr-TFNct|_|dD]g}|dj}d|z}t||rt |||dj |djsM|jj |id|_y)v Sets common named extensions to private attributes and creates a list of critical extensions rrrD _%s_valuerFrETNset_critical_extensionsr_hasattrsetattrparsedadd_processed_extensionsra extensionnameattribute_names r'_set_extensionsz"RevokedCertificate._set_extensionss %(E!45 4IY'..D(4/Nt^,ni .E.L.LM$++))--d3  4&*"r&cR|js|j|jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings r}rrxr`s r'critical_extensionsz&RevokedCertificate.critical_extensions%))  "(((r&cV|jdur|j|jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)r}r_crl_reason_valuer`s r'crl_reason_valuez#RevokedCertificate.crl_reason_values*  % % .  "%%%r&cV|jdur|j|jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)r}r_invalidity_date_valuer`s r'invalidity_date_valuez(RevokedCertificate.invalidity_date_values*  % % .  "***r&cV|jdur|j|jS)a This extension indicates the issuer of the certificate in question, and is used in indirect CRLs. CRL entries without this extension are for certificates issued from the last seen issuer. :return: None or an x509.GeneralNames object F)r}r_certificate_issuer_valuer`s r'certificate_issuer_valuez+RevokedCertificate.certificate_issuer_values*  % % .  "---r&c|jdurQd|_|jr>|jD]/}|jdk(s|j|_|jS|jS)zi :return: None, or an asn1crypto.x509.Name object for the issuer of the cert FNdirectory_name) _issuer_namerrchosen)ra general_names r' issuer_namezRevokedCertificate.issuer_namesr    % $D ,,$($A$AL#((,<<,8,?,?)      r&)r!r"r#r rrmr8r}rxrrrrrrcrrrrrr%r&r'roros W% D! !3j$5GHG "! $L*$ ) ) & & + + . . ! !r&roceZdZeZy)RevokedCertificatesN)r!r"r#rorLr%r&r'rrs$Kr&rc TeZdZdeddifdefdefdefdeddifdeddifd ed dd fgZ y ) TbsCertListversionr-T signatureissuer this_update next_updaterevoked_certificatescrl_extensionsrr+N) r!r"r#rrrrrrKr8r%r&r'rrs` Gj$/0 +, 4  z401 !4z46HI 0qd2STGr&rcLeZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZedZedZed Zed Zed Zed Zed ZedZedZedZedZ edZ!edZ"edZ#edZ$y)CertificateList tbs_cert_listsignature_algorithmrFNct|_|ddD]g}|dj}d|z}t||rt |||dj |djsM|jj |id|_y) rtrrrDrurFrETNrvr~s r'rzCertificateList._set_extensions4s %(E!o./?@ 4IY'..D(4/Nt^,ni .E.L.LM$++))--d3  4&*"r&cR|js|j|jSrrr`s r'rz#CertificateList.critical_extensionsFrr&cV|jdur|j|jS)z This extension allows associating one or more alternative names with the issuer of the CRL. :return: None or an x509.GeneralNames object F)r}r_issuer_alt_name_valuer`s r'issuer_alt_name_valuez%CertificateList.issuer_alt_name_valueTs*  % % .  "***r&cV|jdur|j|jS)z This extension adds a monotonically increasing number to the CRL and is used to distinguish different versions of the CRL. :return: None or an Integer object F)r}r_crl_number_valuer`s r'crl_number_valuez CertificateList.crl_number_valuebs*  % % .  "%%%r&cV|jdur|j|jS)z This extension indicates a CRL is a delta CRL, and contains the CRL number of the base CRL that it is a delta from. :return: None or an Integer object F)r}r_delta_crl_indicator_valuer`s r'delta_crl_indicator_valuez)CertificateList.delta_crl_indicator_valueps*  % % .  "...r&cV|jdur|j|jS)z This extension includes information about what types of revocations and certificates are part of the CRL. :return: None or an IssuingDistributionPoint object F)r}r!_issuing_distribution_point_valuer`s r' issuing_distribution_point_valuez0CertificateList.issuing_distribution_point_value~s*  % % .  "555r&cV|jdur|j|jS)z This extension helps in identifying the public key with which to validate the authenticity of the CRL. :return: None or an AuthorityKeyIdentifier object F)r}r_authority_key_identifier_valuer`s r'authority_key_identifier_valuez.CertificateList.authority_key_identifier_values*  % % .  "333r&cV|jdur|j|jS)z This extension is used in complete CRLs to indicate where a delta CRL may be located. :return: None or a CRLDistributionPoints object F)r}r_freshest_crl_valuer`s r'freshest_crl_valuez"CertificateList.freshest_crl_values*  % % .  "'''r&cV|jdur|j|jS)z This extension is used to provide a URL with which to download the certificate used to sign this CRL. :return: None or an AuthorityInfoAccessSyntax object F)r}r#_authority_information_access_valuer`s r'"authority_information_access_valuez2CertificateList.authority_information_access_values*  % % .  "777r&c|ddS)z_ :return: An asn1crypto.x509.Name object for the issuer of the CRL rrr%r`s r'rzCertificateList.issuersO$X..r&cN|jsy|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension Nkey_identifier)rr_r`s r'r?z(CertificateList.authority_key_identifiers(22223CDKKKr&cF|jg|_|jrw|jD]h}|djdk(s|d}|jdk7r+|j}|j dddk(sN|jj |j|jS)z :return: A list of unicode strings that are URLs that should contain either an individual DER-encoded X.509 certificate, or a DER-encoded CMS message containing multiple certificates access_method ca_issuersaccess_locationuniform_resource_identifierrzhttp://)_issuer_cert_urlsrr_rlowerappend)raentrylocationurls r'issuer_cert_urlsz CertificateList.issuer_cert_urlss  ! ! )%'D "66!DD?E_-44 D#():#;#==,II$&oo99;q+y8 2299#>?%%%r&c|jug|_|jb|jD]S}|d}|jdk(r|jD]-}|jdk(s|jj |/U|jS)z Returns delta CRL URLs - only applies to complete CRLs :return: A list of zero or more DistributionPoint objects r*name_relative_to_crl_issuerr)_delta_crl_distribution_pointsrrrr)rar*distribution_point_namers r'delta_crl_distribution_pointsz-CertificateList.delta_crl_distribution_pointss  . . 624D /&&2*.*A*A[&.@AU.V+.337TT (?(F(F[ ',,0MM ??FFGYZ[ [222r&c |djS)zE :return: A byte string of the signature rr^r`s r'rzCertificateList.signaturesK '''r&c|j6tj|jj |_|jS)zf :return: The SHA1 hash of the DER-encoded bytes of this certificate list )_sha1hashlibsha1dumpdigestr`s r'rzCertificateList.sha1s7 ::  diik299;DJzzr&c|j6tj|jj |_|jS)zi :return: The SHA-256 hash of the DER-encoded bytes of this certificate list )_sha256rsha256rrr`s r'rzCertificateList.sha256s7 << ">>$))+6==?DL||r&)%r!r"r#rrrr8r}rxrrrrrrrrrrrrrcrrrrrrrrrr?rrrrrr%r&r'rrs +&  56 n%G "!!%(,%&*#*.'%)" EG*$ ) ) + + & & / / 6 6 4 4 ( ( 8 8// L L&&*330((r&r))__doc__ __future__rrrrralgosrcorer r r r r rrrrx509rrrrrrrrrr)r:rCrKrNrerkrmrorrrr%r&r'rsSR(      gx - 8&'J'# #L*   $$h!h!V%*% ( yhyr&