>wgRn dZddlmZmZmZmZddlmZddlm Z ddl Z ddl Z ddl Z ddl Z ddlZddlZddlmZddlmZmZdd lmZdd lmZmZmZdd lmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>ddl?m@Z@mAZAmBZBmCZCGdde*ZDGdde*ZEGdde*ZFGdde0ZGGdde3ZHGdde4ZIGdde"ZJGdde3ZKGdd e7ZLed!ZMGd"d#e%ZNGd$d%e.ZOGd&d'e3ZPGd(d)e6ZQGd*d+e4ZRGd,d-e%ZSGd.d/e3ZTGd0d1e%ZUGd2d3e%ZVGd4d5e%ZWGd6d7e5ZXGd8d9e5ZYGd:d;e4ZZGd<d=e4Z[Gd>d?e3Z\Gd@dAe3Z]GdBdCe4Z^GdDdEe3Z_GdFdGe4Z`GdHdIe%ZaGdJdKe%ZbGdLdMe5ZcGdNdOe4ZdGdPdQe5ZeGdRdSe3ZfGdTdUe6ZgGdVdWe3ZhGdXdYe%ZiGdZd[e+ZjGd\d]e+ZkGd^d_e3ZlGd`dae4ZmGdbdce3ZnGdddee3ZoGdfdge%ZpGdhdie4ZqGdjdke%ZrGdldme3ZsGdndoe3ZtGdpdqe3ZuGdrdse%ZvGdtdue"ZwGdvdwe3ZxGdxdye4ZyGdzd{e3ZzGd|d}e3Z{Gd~de4Z|Gdde%Z}Gdde4Z~Gdde3ZGdde3ZGdde.ZGdde3ZGdde4ZGdde.ZGdde3ZGdde4ZGdde3ZGdde4ZGdde3ZGdde.ZGdde4ZGdde.ZGdde3ZGdde4ZGdde4ZGdde4ZGdde3ZGdde"ZGdde+ZGdde3ZGdde6ZGdde3ZGdde3ZGdde6ZGdde'ZGdde'ZGdde'ZGdde'ZGdde'ZGd„de'ZGdĄde3ZGdƄde3ZGdȄde'ZGdʄde3ZGd̄de3ZGd΄de6ZGdЄde.ZGd҄de6ZGdԄde6ZGdքde6ZGd؄de3ZGdڄde6ZGd܄de3ZGdބde4ZGdde.ZGdde3ZGdde4ZGdde3ZGdde3ZGdde4ZGdde4ZGdde3ZGdde&Zy)z ASN.1 type classes for X.509 certificates. Exports the following items: - Attributes() - Certificate() - Extensions() - GeneralName() - GeneralNames() - Name() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)contextmanager)idnaN)unwrap) iri_to_uri uri_to_iri) OrderedDict) type_namestr_cls bytes_to_list)AlgorithmIdentifierAnyAlgorithmIdentifierDigestAlgorithmSignedDigestAlgorithm)Any BitString BMPStringBooleanChoiceConcat EnumeratedGeneralizedTime GeneralString IA5StringIntegerNull NumericStringObjectIdentifierOctetBitString OctetStringParsableOctetStringPrintableStringSequence SequenceOfSetSetOf TeletexStringUniversalStringUTCTime UTF8String VisibleStringVOID) PublicKeyInfo) int_to_bytesint_from_bytes inet_ntop inet_ptonc&eZdZdZdZdZdZdZy)DNSNamer c||k( SNselfothers F/var/www/horilla/myenv/lib/python3.12/site-packages/asn1crypto/x509.py__ne__zDNSName.__ne__L5=  ct|tsy|jj|jjk(S)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.2 :param other: Another DNSName object :return: A boolean F) isinstancer7 __unicode__lowerr>s rA__eq__zDNSName.__eq__Os@%)!'')U->->-@-F-F-HHHrDc ht|ts(ttdt |t ||j dr"d|ddj |jz}n|j |j}||_||_ d|_ |jdk7rd|_ yy)zd Sets the value of the DNS name :param value: A unicode string K %s value must be a unicode string, not %s ..r NrD) rFr TypeErrorr r startswithencode _encoding_unicodecontents_header_trailer)r?value encoded_values rAsetz DNSName.set_s%)F$%     C  59#3#3DNN#CCM!LL8M %  ==C DM rDN)__name__ __module__ __qualname__rQ_bad_tagrBrIrXr=rDrAr7r7GsIH!I  rDr7c$eZdZdZdZdZdZy)URIc t|ts(ttdt |t |||_t ||_d|_|jdk7rd|_ yy)b Sets the value of the string :param value: A unicode string rKNrD) rFrrNr rrRr rSrTrUr?rVs rArXzURI.set~sl%)F$%   "5)  ==C DM rDc||k( Sr<r=r>s rArBz URI.__ne__rCrDc~t|tsyt|jdt|jdk(S)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.4 :param other: Another URI object :return: A boolean FT)rFr^r nativer>s rArIz URI.__eq__s2%%$++t, 5<<0NNNrDc|jy|jt|j|_|jS7 :return: A unicode string )rSrRr _merge_chunksr?s rArGzURI.__unicode__s: ==  == &t'9'9';|j|j}|jddk(r"|jd|_|jS|j dd\}}|jddz|jdz|_|jS)rgrurscp1252r rrr)rRrirvdecoderw)r?rSrxrys rArGzEmailAddress.__unicode__s == ))+H}}T"b( ( 9 }}%-OOD!$<! 'x 83 >QWAX X }}rDc||k( Sr<r=r>s rArBzEmailAddress.__ne__rCrDc8t|tsy|js|j|j|js|j|j|j j ddk(s|j j ddk(r|j |j k(S|j jdd\}}|j jdd\}}||k7ry|j|jk7ryy)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.5 :param other: Another EmailAddress object :return: A boolean Frursr T) rFrlrprXrdrnrvrwrH)r?r@ other_mailboxother_hostnamerxrys rArIzEmailAddress.__eq__s%. HHT[[ !  IIell # >>  t $ *eoo.B.B4.HB.N>>U__4 4(-(>(>tQ(G% ~ NN11$: m # >> ~335 5rD) rYrZr[rnrpr\propertyrSsetterrXrGrBrIr=rDrArlrlsSIKH __ <"!rDrlc6eZdZddZdZedZdZdZy) IPAddressNc*ttd)z? This method is not applicable to IP addresses z= IP address values can not be parsed ) ValueErrorr )r?spec spec_paramss rAparsezIPAddress.parse's     rDc \t|ts(ttdt |t ||}|j ddk7}d}|rH|j dd}|d}t|d}|dkrttdt ||j ddk7r6tj}|dkDrttd t |d}n5tj}|d kDrttd t |d }d }|rEd |z} | d|t| z zz } tt| d}d|dzt|z z|z}||_t|||z|_|j |_d|_|j&d k7rd |_yy)z Sets the value of the object :param value: A unicode string containing an IPv4 address, IPv4 address with CIDR, an IPv6 address or IPv6 address with CIDR rK/rsrr zT %s value contains a CIDR range less than 0 :z %s value contains a CIDR range bigger than 128, the maximum value for an IPv6 address z %s value contains a CIDR range bigger than 32, the maximum value for an IPv4 address rD10N)rFrrNr rrvsplitintrsocketAF_INET6AF_INETlenr2_nativer5rS_bytesrTrU) r?rVoriginal_valuehas_cidrcidrpartsfamily cidr_size cidr_bytes cidr_masks rArXz IPAddress.set2s%)F$%  ::c?b( KKQ'E!HEuQx=Dax dO " ::c?b __Fcz dO "I^^Fby dO "I d I  C N :; ;I%c)Q&78J!i1nJ%GHJVJ% !&%0:= mm  ==C DM rDc|jy|j|j}t|}d}d}|t ddgvr1t t j|dd}|dkDrNt|dd}n?|t ddgvr0t t j|dd}|dkDrt|dd}|?HS!Q[(!&..+a2BCa<-k!"o>H##NN84 9++C01 gdm3 DL||rDc||k( Sr<r=r>s rArBzIPAddress.__ne__rCrDcft|tsy|j|jk(S)zl :param other: Another IPAddress object :return: A boolean F)rFrrr>s rArIzIPAddress.__eq__s*%+~~5??#444rD)NN) rYrZr[rrXrrdrBrIr=rDrArr&s,  E N>! 5rDrc"eZdZdefdedeifgZy) AttributetypevaluesrN)rYrZr[r"r*r_fieldsr=rDrArrs !" 563-(GrDrceZdZeZy) AttributesN)rYrZr[r _child_specr=rDrArrKrDrc $eZdZddddddddd d Zy ) KeyUsagedigital_signaturenon_repudiationkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_only rr rrrNrYrZr[_mapr=rDrArrs$          DrDrc,eZdZdedddfdedddfgZy)PrivateKeyUsagePeriod not_beforerTimplicitoptional not_afterr N)rYrZr[rrr=rDrArrs' QD(IJ oA4'HIGrDrceZdZdZdZdZy)NotReallyTeletexStringa6 OpenSSL (and probably some other libraries) puts ISO-8859-1 into TeletexString instead of ITU T.61. We use Windows-1252 when decoding since it is a superset of ISO-8859-1, and less likely to cause encoding issues, but we stay strict with encoding to prevent us from creating bad data. r{c|jy|j.|jj|j|_|jSrf)rSrRrir|_decoding_encodingrjs rArGz"NotReallyTeletexString.__unicode__sF ==  ==  ..0778O8OPDM}}rDN)rYrZr[__doc__rrGr=rDrArrs" rDrc#bK dt_ddt_y#dt_wxYww)Nteletexr{)rrr=rDrAstrict_teletexrs)=4=1 4<1H1s/ / ,/c4eZdZdefdefdefdefdefdefgZ y)DirectoryStringteletex_stringprintable_stringuniversal_string utf8_string bmp_string ia5_stringN) rYrZr[rr&r,r.rr _alternativesr=rDrArrs: 12 _- _-  # y! y!MrDrceZdZiddddddddd d d d d ddddddddddddddddddd d!d"id#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDZgdEZedFZedGZyH)INameTypez2.5.4.3 common_namez2.5.4.4surnamez2.5.4.5 serial_numberz2.5.4.6 country_namez2.5.4.7 locality_namez2.5.4.8state_or_province_namez2.5.4.9street_addressz2.5.4.10organization_namez2.5.4.11organizational_unit_namez2.5.4.12titlez2.5.4.15business_categoryz2.5.4.17 postal_codez2.5.4.20telephone_numberz2.5.4.41namez2.5.4.42 given_namez2.5.4.43initialsz2.5.4.44generation_qualifierz2.5.4.45unique_identifierz2.5.4.46 dn_qualifierz2.5.4.65 pseudonymz2.5.4.97organization_identifierz 2.23.133.2.1tpm_manufacturerz 2.23.133.2.2 tpm_modelz 2.23.133.2.3 tpm_versionz 2.23.133.2.4platform_manufacturerz 2.23.133.2.5platform_modelz 2.23.133.2.6platform_versionz1.2.840.113549.1.9.1 email_addressz1.3.6.1.4.1.311.60.2.1.1incorporation_localityz1.3.6.1.4.1.311.60.2.1.2incorporation_state_or_provincez1.3.6.1.4.1.311.60.2.1.3incorporation_countryz0.9.2342.19200300.100.1.1user_idz0.9.2342.19200300.100.1.25domain_componentz0.2.262.1.10.7.20name_distinguisher)!rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrc|j|}||jvr|jj|}||fSt|j}||fS)z Returns an ordering value for a particular attribute key. Unrecognized attributes and OIDs will be sorted lexically at the end. :return: An orderable value. )mappreferred_orderindexr)cls attr_nameordinals rApreferred_ordinalzNameType.preferred_ordinalKs`GGI& ++ +))// :G###--.G##rDciddddddddd d d d d ddddddddddddddddddd d!d"id#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDj|j|jS)EzZ :return: A human-friendly unicode string to display to users rz Common NamerSurnamerz Serial NumberrCountryrLocalityrzState/ProvincerzStreet Addressr OrganizationrzOrganizational UnitrTitlerzBusiness Categoryrz Postal CoderzTelephone NumberrNamerz Given NamerInitialsrzGeneration QualifierrzUnique Identifierrz DN Qualifierr Pseudonymrz Email AddressrzIncorporation LocalityrzIncorporation State/ProvincerzIncorporation CountryrzDomain ComponentrzName DistinguisherrzOrganization IdentifierrzTPM Manufacturerrz TPM Modelrz TPM VersionrzPlatform ManufacturerrzPlatform ModelrzPlatform VersionrzUser ID)getrdrjs rAhuman_friendlyzNameType.human_friendly_s# =# y#  _#  I # Z # %&6 #  .#  #  '(=#  W#  !4#  =#   2#  F#  ,#  !# " #$:## $ !4%# & N'# ( )# * _+# , %&>-# . ./M/# 0 $%<1# 2  23# 4 !"65# 6 &'@7# 8  29# : ;# < ==# > $% )  ? )  + )  #)  ')  .)  G)  ')  M)  &)  F)  L)  J!) " *#) $ '%) & N') ( K)) * -+) . */) 0  1) 2  3) 4 /5) 6 (7) 8 *9) < =) @ #$s rArBzNameTypeAndValue.__ne__rCrDct|tsy|dj|djk7ry|j|jk(S)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another NameTypeAndValue object :return: A boolean Fr)rFrrdr!r>s rArIzNameTypeAndValue.__eq__sH%!12 =  4<#6#6 6""d&8&888rDc"tjdd|}tjdd|}tjdk(rtjdd|}ntjdd|}tjdd|}|j d d}tjd d|}dj t tj|}tjd |}|D]}tj|rttd tj|rttd tj|rttdtj |rttdtj"|rttd|dk(sttdd}d}|D]2}tj$|rd}tj&|s1d}4|rJtj$|d}tj$|d}|s|r|sttddtjdd|j)zdz}|S)a" Implements the internationalized string preparation algorithm from RFC 4518. https://tools.ietf.org/html/rfc4518#section-2 :param string: A unicode string to prepare :return: A prepared unicode string, ready for comparison u[­᠆͏᠋-᠍️-＀]+rhu [ …] iu[-]|[-]|󠀁u[𝅳-𝅺󠀠-󠁿󠀁]u?[---„†-Ÿ۝܏᠎‌-‏‪-‮⁠-⁣--]+u​u[   - 
-
   ]NFKCzc X.509 Name objects may not contain unassigned code points z X.509 Name objects may not contain change display or zzzzdeprecated characters zc X.509 Name objects may not contain private use characters zf X.509 Name objects may not contain non-character code points zb X.509 Name objects may not contain surrogate code points u�zf X.509 Name objects may not contain the replacement character FTrrsz{ X.509 Name object contains a malformed bidirectional sequence z +z )resubsys maxunicodereplacejoinr stringprep map_table_b2 unicodedata normalize in_table_a1rr in_table_c8 in_table_c3 in_table_c4 in_table_c5 in_table_d1 in_table_d2strip)r?stringcharhas_r_and_al_cat has_l_catfirst_is_r_and_allast_is_r_and_als rAr z"NameTypeAndValue._ldap_string_prepsOQSU[\@#vN >>V #VVTVXZ`aFVVTVXZ`aF K     "-TVY[abZ44f=>&&vv6* D%%d+ " %%d+ "%%d+ " %%d+ " %%d+ " x "M* \!  !D%%d+#' ''-  !  * 6 6vay A )55fRjA  19I "rvvdD&17799C? rD)rYrZr[rrr _oid_pairrr&r#rlr7r. _oid_specsrrr!rBrIr r=rDrArrs  #G "I%%?% %  %  % !/ % /% _% #O% % _% % O% % o% O!%" #%$ ^%%& '%( _)%, -%0 !/1%2 *?3%4 5%6 G7%8 o9%: "?;%< J=%> Z?%@ zA%B C%D *E%F JG%H ?I%JNH   !9&jrDrc8eZdZeZedZdZdZdZ dZ y)RelativeDistinguishedNamecg}|j|}t|jD]}|j|d||dj |S)b :return: A unicode string that can be used as a dict key or in a set : ) _get_valuessortedkeysappendr,)r?outputrkeys rAhashablez"RelativeDistinguishedName.hashablePsY!!$'&++-( 9C MMc6#;7 8 9 {{6""rDc||k( Sr<r=r>s rArBz RelativeDistinguishedName.__ne__`rCrDct|tsyt|t|k7ry|j|}|j|}||k7ry|j |}|j |}|D]}||||k7syy)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another RelativeDistinguishedName object :return: A boolean FT)rFrBr _get_typesrG)r?r@ self_types other_types self_values other_values type_name_s rArIz RelativeDistinguishedName.__eq__cs%!:; t9E "__T* ooe,  $&&t, ''. $ J:&,z*BB rDcXt|Dcgc]}|djc}Scc}w)z Returns a set of types contained in an RDN :param rdn: A RelativeDistinguishedName object :return: A set object with unicode strings of NameTypeAndValue type field values r)rXrd)r?rdnntvs rArPz$RelativeDistinguishedName._get_typess'#63CK&&6776s'ci}|Dcgc]-}|j|dj|jfg/c}|Scc}w)a$ Returns a dict of prepped values contained in an RDN :param rdn: A RelativeDistinguishedName object :return: A dict object with unicode strings of NameTypeAndValue value field values that have been prepped for comparison r)updaterdr!)r?rWrKrXs rArGz%RelativeDistinguishedName._get_valuessCMPQcV++S->->?@ AQ  Rs2>N) rYrZr[rrrrMrBrIrPrGr=rDrArBrBMs."K  # #!@ 8rDrBc,eZdZeZedZdZdZy) RDNSequencec2djd|DS)rDc34K|]}|jywr<)rM).0rWs rA z'RDNSequence.hashable..s8C3<<8s)r,rjs rArMzRDNSequence.hashables{{84888rDc||k( Sr<r=r>s rArBzRDNSequence.__ne__rCrDct|tsyt|t|k7ryt|D]\}}|||k7syy)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another RDNSequence object :return: A boolean FT)rFr\r enumerate)r?r@r self_rdns rArIzRDNSequence.__eq__sO%- t9E "( OE8U|x' rDN) rYrZr[rBrrrMrBrIr=rDrAr\r\s#+K  9 9!rDr\ceZdZdefgZdZdZdZed dZ e dZ dZ dZ dZe dZe d Zd Ze d Ze d Zy)rrhNc g}|s d}t}nd}t}tt|j d}|j D]\}}t j |}|dk(r t|}nJ|dk(r t|}n9|tgdvrtdt|}nt|||}|jtt||d g|d t|S) aY Creates a Name object from a dict of unicode string keys and values. The keys should be from NameType._map, or a dotted-integer OID unicode string. :param name_dict: A dict of name information, e.g. {"common_name": "Will Bond", "country_name": "US", "organization_name": "Codex Non Sufficit LC"} :param use_printable: A bool - if PrintableString should be used for encoding instead of UTF8String. This is for backwards compatibility with old software. :return: An x509.Name object rrc2tj|dS)Nr)rr)items rAzName.build..s!;!;DG!DrD)rLrr)rrr)rrVrrh)r.r&r rHitemsrrrlr7rXrrJrBrr\) r  name_dict use_printablerdns encoding_nameencoding_classattribute_nameattribute_valuerVs rAbuildz Name.builds &)M'N.M,N !D  09/@  +NO%\\.9N0$_5#5503'X#YY'+)/: (&(9 KK1 *""3 # 0+d"344rDc.|jjS)rD)chosenrMrjs rArMz Name.hashables{{###rDc,t|jSr<)rrurjs rA__len__z Name.__len__s4;;rDc||k( Sr<r=r>s rArBz Name.__ne__rCrDcVt|tsy|j|jk(S)z Equality as defined by https://tools.ietf.org/html/rfc5280#section-7.1 :param other: Another Name object :return: A boolean F)rFrrur>s rArIz Name.__eq__!s$%&{{ell**rDcj|jt|_|jjD]t}|D]m}|d}||jvrF|j|}t |t s|gx}|j|<|j |d\|d|j|<ov|jS)NrrV)rr rurdrFlistrJ)r?rWtype_val field_nameexistings rArdz Name.native0s << &=DL{{)) E #EH!)&!1J!T\\1#'<< #;)(D9CK*LHt||J'? (9:3;G3D Z0E E||rDc:|jt}d}|jD]G}|D]@}|dj}|}||vr!||g||<||j |d9|d||<BIg}|j }|dk(rt t|}|D].}||} |j| } |j |d| 0d} |D]} | jddk7sd } n| sd nd } | j|ddd|_|jS) zg :return: A human-friendly unicode string containing the parts of the name NrrVrrEF,rsT, z; ) _human_friendlyr rurrJrIreversedr{_recursive_humanizervr,)r?data last_fieldrWr|r}to_joinrIrLrV native_value has_commaelement separators rArzName.human_friendly@sT    '=DJ{{ = #=H!)&!1!@!@J!+J!T),0,<+=Z(Z(//0AB+3G+<Z(= =G99;DY&T + ?S #77> 3 => ? I" <<$* $I  %.4I#,>>'$B$-#@D ###rDc t|tr7djt|Dcgc]}|j |c}S|j Scc}w)z Recursively serializes data compiled from the RDNSequence :param value: An Asn1Value object, or a list of Asn1Value objects :return: A unicode string r)rFr{r,rrrd)r?rV sub_values rArzName._recursive_humanizegsO eT "99uU)$229=UV ||VsA c|j6tj|jj |_|jS)zZ :return: The SHA1 hash of the DER-encoded bytes of this name _sha1hashlibsha1dumpdigestrjs rArz Name.sha1x7 ::  diik299;DJzzrDc|j6tj|jj |_|jS)z] :return: The SHA-256 hash of the DER-encoded bytes of this name _sha256rsha256rrrjs rArz Name.sha256s7 << ">>$))+6==?DL||rD)F)rYrZr[r\rrrrrrsrrMrwrBrIrdrrrrr=rDrArrs [MO EG:5:5x$$ ! +  $$$$L"rDrc"eZdZdefdeddifgZy) AnotherNametype_idrVexplicitrN)rYrZr[r"rrr=rDrArrs $% # A'GrDrc$eZdZdZdZdefdefgZy) CountryNamer x121_dcc_codeiso_3166_alpha2_codeNrYrZr[class_tagr!r&rr=rDrArrs% F C -( 1MrDrc$eZdZdZdZdefdefgZy)AdministrationDomainNamer rnumeric printableNrr=rDrArrs% F C M" o&MrDrceZdZdefdefgZy)PrivateDomainNamerrNrYrZr[r!r&rr=rDrArrs M" o&MrDrcFeZdZdeddifdedddfded ddfd ed ddfgZy ) PersonalNamerrrrr TrrrrrNrYrZr[r&rr=rDrArrsD Oj!_5 QD(IJ _1$&GH qd2ST GrDrcFeZdZdeddifdedddfded ddfd ed ddfgZy ) TeletexPersonalNamerrrrr TrrrrrNrYrZr[r+rr=rDrArrsD MJ?3 }1$&GH ]$EF QD0QR GrDrceZdZeZy)OrganizationalUnitNamesNrYrZr[r&rr=rDrArr!KrDrceZdZeZy)TeletexOrganizationalUnitNamesN)rYrZr[r+rr=rDrArrKrDrc eZdZdeddifdeddifdedddfded ddfd ed dd fd edddfdedddfdedddfde dddfg Z y)BuiltInStandardAttributesrrTadministration_domain_namenetwork_addressrrterminal_identifierr private_domain_namerrrrrnumeric_user_identifierr personal_namerorganizational_unit_namesrN) rYrZr[rrr!r&rrrrr=rDrArrs z4&89 %'?*dAST Mt+LM aT1RS  1t3TU oA4/PQ "Mt3TU ,QD(IJ $&=A[_?`a GrDrceZdZdefdefgZy)BuiltInDomainDefinedAttributerrVNrr=rDrArrs ! /"GrDrceZdZeZy)BuiltInDomainDefinedAttributesN)rYrZr[rrr=rDrArr/KrDrceZdZdefdefgZy)TeletexDomainDefinedAttributerrVNrr=rDrArrs  - GrDrceZdZeZy)TeletexDomainDefinedAttributesN)rYrZr[rrr=rDrArrrrDrceZdZdefdefgZy)PhysicalDeliveryCountryNamerrNrr=rDrArrs -( 1MrDrceZdZdefdefgZy) PostalCode numeric_codeprintable_codeNrr=rDrArrs ' ?+MrDrc(eZdZdeddifdeddifgZy) PDSParameterrrTrN)rYrZr[r&r+rr=rDrArrs' _z4.@A =:t*<=GrDrceZdZeZy)PrintableAddressNrr=rDrArrrrDrc(eZdZdeddifdeddifgZy)UnformattedPostalAddressprintable_addressrTrN)rYrZr[rr+rr=rDrArrs( .T0BC =:t*<=GrDrc*eZdZdeddifdedddfgZy) E1634Addressnumberrr sub_addressr TrN)rYrZr[r!rr=rDrArrs& =:q/2  A4'HIGrDrceZdZeZy) NAddressesN)rYrZr[r$rr=rDrArrKrDrcFeZdZdedddfdedddfdedddfd ed d ifgZy ) PresentationAddress p_selectorrTr s_selectorr t_selectorr n_addressesrrN)rYrZr[r$rrr=rDrArrsD {$EF {$EF {$EF  ZO4 GrDrc"eZdZdefdeddifgZy)ExtendedNetworkAddresse163_4_address psap_addressrrN)rYrZr[rrrr=rDrArr#s <( ,z1o>MrDrceZdZdddddddZy) TerminalTypetelexr g3_facsimile g4_facsimile ia5_terminalvideotex)rrrrrrNrr=rDrArr*s        DrDrceZdZiddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)Zy*)+ExtensionAttributeTyper rrteletex_common_namerteletex_organization_namerteletex_personal_namerteletex_organization_unit_namesr!teletex_domain_defined_attributesrpds_namerphysical_delivery_country_name r physical_delivery_office_name physical_delivery_office_numberr9extension_of_address_components physical_delivery_personal_name#physical_delivery_organization_name.extension_physical_delivery_address_componentsrunformatted_postal_addressrpost_office_box_addressposte_restante_addressunique_postal_namelocal_postal_attributesextended_network_address terminal_type)r:Nrr=rDrArr5s  =    &  "   ,   .   :  +  =  +  -  -  -  1  <  (! " # $ & $ % & / DrDrceZdZdeddifdeddifgZdZided ed ed e d e d e dede de dedededededededeeeeeeedZy)ExtensionAttributeextension_attribute_typerrextension_attribute_valuerr )rrrrrrrrrrrrrrrrrrr)rr r r r r N)rYrZr[rrrr?r&r+rrrrrrrrrr@r=rDrArrQs #%;j!_M $cJ?;G JI} $] !4  *+I  ,-K  O )*E z ( *< *< *< .| 9, %&>!" ,#$$0".*#/$:%/JrDrceZdZeZy)ExtensionAttributesN)rYrZr[rrr=rDrArrs$KrDrc.eZdZdefdeddifdeddifgZy) ORAddressbuilt_in_standard_attributes"built_in_domain_defined_attributesrTextension_attributesN)rYrZr[rrrrr=rDrArrws4 ')BC -/MPZ\`Oab !4z46HIGrDrc*eZdZdedddfdeddifgZy) EDIPartyName name_assignerrTr party_namerr N)rYrZr[rrr=rDrAr r s& /t+LM Q8GrDr c eZdZdeddifdeddifdeddifdedd ifd ed d ifd eddifde ddifde ddifde ddifg Z dZ dZy) GeneralName other_namerr rfc822_namer dns_namer x400_addressrdirectory_namerredi_party_nameruniform_resource_identifierr ip_addressr registered_idrc||k( Sr<r=r>s rArBzGeneralName.__ne__rCrDc|jdvrttd|j|jdvrttd|j|j|jk7ry|j|jk(S)z Does not support other_name, x400_address or edi_party_name :param other: The other GeneralName to compare to :return: A boolean )r%r(r*zr Comparison is not supported for GeneralName objects of choice %s za Comparison is not supported for GeneralName objects of choice %sF)rrr rur>s rArIzGeneralName.__eq__s 99H HV   ::I IV   99 "{{ell**rDN)rYrZr[rrlr7rrr r^rr"rrBrIr=rDrAr$r$s {ZO4  z1o6 Wz1o. ZO4 4*a1 <*a9 &j!_= y:q/2 *ZO< M!+rDr$ceZdZeZy) GeneralNamesN)rYrZr[r$rr=rDrAr1r1rrDr1ceZdZdefdefgZy)Timeutc_time general_timeN)rYrZr[r-rrr=rDrAr3r3s W )MrDr3ceZdZdefdefgZy)ValidityrrN)rYrZr[r3rr=rDrAr7r7s t dGrDr7c(eZdZdeddifdeddifgZy)BasicConstraintscadefaultFpath_len_constraintrTN)rYrZr[rrrr=rDrAr9r9s' wE*+ *d);<GrDr9c:eZdZdedddfdedddfdedddfgZy ) AuthorityKeyIdentifierkey_identifierrTrauthority_cert_issuerr authority_cert_serial_numberrN)rYrZr[r$r1rrr=rDrAr>r>s6 ;QD(IJ ,QD0QR 'qd2STGrDr>c(eZdZdeddifdeddifgZy)DistributionPointName full_namerrname_relative_to_crl_issuerr N)rYrZr[r1rBrr=rDrArCrCs' lZO4 &(AJPQ?SMrDrCc $eZdZddddddddd d Zy ) ReasonFlagsunusedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserNrr=rDrArGrGs$     #   DrDrGc2eZdZdefdedddfdedddfgZy ) GeneralSubtreebaseminimumrrr;maximumr TrN)rYrZr[r$rrr=rDrArRrRs/  G!:; G!>?GrDrRceZdZeZy)GeneralSubtreesN)rYrZr[rRrr=rDrArXrXs KrDrXc,eZdZdedddfdedddfgZy)NameConstraintspermitted_subtreesrTrexcluded_subtreesr N)rYrZr[rXrr=rDrArZrZs' QD0QR oA4/PQGrDrZcNeZdZdedddfdedddfded ddfgZd Zed Z y ) DistributionPointdistribution_pointrTrreasonsr r crl_issuerrFcT|jdurd|_|d}|jdk7rttd|jD]Q}|jdk(s|j }|j jds?||_|jS|jS)z_ :return: None or a unicode string of the distribution point's URL FNr_rDz CRL distribution points that are relative to the issuer are not supported r+zhttp://zhttps://zldap://zldaps://)_urlrrr rurdrHrO)r?r general_nameurls rArfzDistributionPoint.url s 99 DI,-DyyK' "!%   $$(EE&--Cyy{--.\]$' yy yyrDN) rYrZr[rCrGr1rrdrrfr=rDrAr^r^sQ 41RV6WX KaT!BC |!%FGG D rDr^ceZdZeZy)CRLDistributionPointsN)rYrZr[r^rr=rDrArhrh&#KrDrhc(eZdZdefdefdefdefgZy) DisplayTextrvisible_stringrrN)rYrZr[rr/rr.rr=rDrArkrk*s) y! =) y!  # MrDrkceZdZeZy) NoticeNumbersNrYrZr[rrr=rDrArnrn3KrDrnceZdZdefdefgZy)NoticeReference organizationnotice_numbersN)rYrZr[rkrnrr=rDrArrrr7s % =)GrDrrc(eZdZdeddifdeddifgZy) UserNotice notice_refrT explicit_textN)rYrZr[rrrkrr=rDrArvrv>s' T(:; + D'9:GrDrvceZdZdddZy)PolicyQualifierId certification_practice_statement user_notice)z1.3.6.1.5.5.7.2.1z1.3.6.1.5.5.7.2.2Nrr=rDrArzrzEs?* DrDrzc*eZdZdefdefgZdZeedZ y)PolicyQualifierInfopolicy_qualifier_id qualifier)rr)r{r|N) rYrZr[rzrrr?rrvr@r=rDrAr~r~Ls.  12 cG 5I,5!JrDr~ceZdZeZy)PolicyQualifierInfosN)rYrZr[r~rr=rDrArrY%KrDrceZdZddiZy)PolicyIdentifierz 2.5.29.32.0 any_policyNrr=rDrArr]s| DrDrc"eZdZdefdeddifgZy)PolicyInformationpolicy_identifierpolicy_qualifiersrTN)rYrZr[rrrr=rDrArrcs" ./ 2Z4FGGrDrceZdZeZy)CertificatePoliciesN)rYrZr[rrr=rDrArrjrirDrceZdZdefdefgZy) PolicyMappingissuer_domain_policysubject_domain_policyN)rYrZr[rrr=rDrArrns !12 "23GrDrceZdZeZy)PolicyMappingsN)rYrZr[rrr=rDrArrurrDrc,eZdZdedddfdedddfgZy)PolicyConstraintsrequire_explicit_policyrTrinhibit_policy_mappingr NrYrZr[rrr=rDrArrys' "G!-NO !7,MNGrDrceZdZiddddddddd d d d d ddddddddddddddddddd d!d"id#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDidEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfidgdhdidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~ddddddddddiddddddddddddddddddddddddddddddddddZy) KeyPurposeIdz 2.5.29.37.0any_extended_key_usagez1.3.6.1.5.5.7.3.1 server_authz1.3.6.1.5.5.7.3.2 client_authz1.3.6.1.5.5.7.3.3 code_signingz1.3.6.1.5.5.7.3.4email_protectionz1.3.6.1.5.5.7.3.5ipsec_end_systemz1.3.6.1.5.5.7.3.6 ipsec_tunnelz1.3.6.1.5.5.7.3.7 ipsec_userz1.3.6.1.5.5.7.3.8 time_stampingz1.3.6.1.5.5.7.3.9 ocsp_signingz1.3.6.1.5.5.7.3.10dvcsz1.3.6.1.5.5.7.3.13 eap_over_pppz1.3.6.1.5.5.7.3.14 eap_over_lanz1.3.6.1.5.5.7.3.15 scvp_serverz1.3.6.1.5.5.7.3.16 scvp_clientz1.3.6.1.5.5.7.3.17 ipsec_ikez1.3.6.1.5.5.7.3.18 capwap_acz1.3.6.1.5.5.7.3.19 capwap_wtpz1.3.6.1.5.5.7.3.20 sip_domainz1.3.6.1.5.5.7.3.21secure_shell_clientz1.3.6.1.5.5.7.3.22secure_shell_serverz1.3.6.1.5.5.7.3.23 send_routerz1.3.6.1.5.5.7.3.24send_proxied_routerz1.3.6.1.5.5.7.3.25 send_ownerz1.3.6.1.5.5.7.3.26send_proxied_ownerz1.3.6.1.5.5.7.3.27cmc_caz1.3.6.1.5.5.7.3.28cmc_raz1.3.6.1.5.5.7.3.29 cmc_archivez1.3.6.1.5.5.7.3.30bgpspec_routerz1.3.6.1.5.5.8.2.2ike_intermediatez1.3.6.1.4.1.311.10.3.1microsoft_trust_list_signingz1.3.6.1.4.1.311.10.3.2microsoft_time_stamp_signingz1.3.6.1.4.1.311.10.3.3microsoft_server_gatedz1.3.6.1.4.1.311.10.3.3.1microsoft_serializedz1.3.6.1.4.1.311.10.3.4 microsoft_efsz1.3.6.1.4.1.311.10.3.4.1microsoft_efs_recoveryz1.3.6.1.4.1.311.10.3.5microsoft_whqlz1.3.6.1.4.1.311.10.3.6 microsoft_nt5z1.3.6.1.4.1.311.10.3.7microsoft_oem_whqlz1.3.6.1.4.1.311.10.3.8microsoft_embedded_ntz1.3.6.1.4.1.311.10.3.9microsoft_root_list_signerz1.3.6.1.4.1.311.10.3.10!microsoft_qualified_subordinationz1.3.6.1.4.1.311.10.3.11microsoft_key_recoveryz1.3.6.1.4.1.311.10.3.12microsoft_document_signingz1.3.6.1.4.1.311.10.3.13microsoft_lifetime_signingz1.3.6.1.4.1.311.10.3.14 microsoft_mobile_device_softwarez1.3.6.1.4.1.311.20.2.2microsoft_smart_card_logonz1.2.840.113635.100.1.2apple_x509_basicz1.2.840.113635.100.1.3 apple_sslz1.2.840.113635.100.1.4apple_local_cert_genz1.2.840.113635.100.1.5 apple_csr_genz1.2.840.113635.100.1.6apple_revocation_crlz1.2.840.113635.100.1.7apple_revocation_ocspz1.2.840.113635.100.1.8 apple_smimez1.2.840.113635.100.1.9 apple_eapz1.2.840.113635.100.1.10apple_software_update_signingz1.2.840.113635.100.1.11 apple_ipsecz1.2.840.113635.100.1.12 apple_ichatz1.2.840.113635.100.1.13apple_resource_signingz1.2.840.113635.100.1.14apple_pkinit_clientz1.2.840.113635.100.1.15apple_pkinit_serverz1.2.840.113635.100.1.16apple_code_signingz1.2.840.113635.100.1.17apple_package_signingz1.2.840.113635.100.1.18apple_id_validationz1.2.840.113635.100.1.20apple_time_stampingz1.2.840.113635.100.1.21apple_revocationz1.2.840.113635.100.1.22apple_passbook_signingz1.2.840.113635.100.1.23apple_mobile_storez1.2.840.113635.100.1.24apple_escrow_servicez1.2.840.113635.100.1.25apple_profile_signerz1.2.840.113635.100.1.26apple_qa_profile_signerz1.2.840.113635.100.1.27apple_test_mobile_storez1.2.840.113635.100.1.28apple_otapki_signerz1.2.840.113635.100.1.29apple_test_otapki_signerz1.2.840.113625.100.1.30)apple_id_validation_record_signing_policyz1.2.840.113625.100.1.31apple_smp_encryptionz1.2.840.113625.100.1.32apple_test_smp_encryptionz1.2.840.113635.100.1.33apple_server_authenticationz1.2.840.113635.100.1.34apple_pcs_escrow_servicez2.16.840.1.101.3.6.8piv_card_authenticationz2.16.840.1.101.3.6.7piv_content_signingz1.3.6.1.5.2.3.4pkinit_kpclientauthz1.3.6.1.5.2.3.5 pkinit_kpkdcz1.2.840.113583.1.1.5adobe_authentic_documents_trustz2.16.840.1.101.3.8.7fpki_pivi_content_signingNrr=rDrArrsl /l  ]l  ] l  ^ l  / l  /l  ^l  \l  _l  ^l  fl  nl  n!l $ m%l & m'l * k+l . k/l 0 l1l 4 l5l 8 39l : 3;l > m?l @ 3Al B lCl D 2El H hIl J hKl L mMl P .Ql T /Ul Z !"@[l \ !"@]l ^ !":_l ` #$:al b !/cl d #$ol p "#Fql r "#;sl t "#?ul v "#?wl x "#Eyl | !">}l D !"4El F !+Gl H !"8Il J !/Kl L !"8Ml N !"9Ol P !-Ql R !+Sl T "#BUl V "=Wl X "=Yl Z "#;[l \ "#8]l ^ "#8_l ` "#7al b "#:cl d "#8el f "#8gl h "#5il j "#;kl l "#7ml n "#9ol p "#9ql r "#l @ "#@Al B "#=Cl F  9Gl H  5Il L 0Ml N >Ol R  ASl V  ;Wl DrDrceZdZeZy)ExtKeyUsageSyntaxNrYrZr[rrr=rDrArrKrDrceZdZdddddZy) AccessMethodocsp ca_issuersr ca_repository)z1.3.6.1.5.5.7.48.1z1.3.6.1.5.5.7.48.2z1.3.6.1.5.5.7.48.3z1.3.6.1.5.5.7.48.5Nrr=rDrArrs$*--  DrDrceZdZdefdefgZy)AccessDescription access_methodaccess_locationN)rYrZr[rr$rr=rDrArrs ,' K(GrDrceZdZeZy)AuthorityInfoAccessSyntaxNrYrZr[rrr=rDrArrrirDrceZdZeZy)SubjectInfoAccessSyntaxNrr=rDrArrrirDrceZdZeZy)FeaturesNror=rDrArr rprDrceZdZdefdefgZy)EntrustVersionInfo entrust_versentrust_info_flagsN)rYrZr[rrrr=rDrArrs ' y)GrDrc "eZdZddddddddd Zy ) NetscapeCertificateType ssl_client ssl_serveremailobject_signingreservedssl_caemail_caobject_signing_ca)rr rrrrrrNrr=rDrArrs!         DrDrceZdZddddZy)Versionv1v2v3rr rNrr=rDrArr%s    DrDrc"eZdZdefdefdefgZy)TPMSpecificationrlevelrevisionN)rYrZr[r.rrr=rDrArr-s! : ' WGrDrceZdZeZy)SetOfTPMSpecificationN)rYrZr[rrr=rDrArr5s"KrDrc"eZdZdefdefdefgZy)TCGSpecificationVersion major_version minor_versionrNrr=rDrArr9s! '" '" WGrDrceZdZdefdefgZy)TCGPlatformSpecificationversionplatform_classN)rYrZr[rr$rr=rDrAr"r"As +, ;'GrDr"ceZdZeZy)SetOfTCGPlatformSpecificationN)rYrZr[r"rr=rDrAr&r&Hs*KrDr&ceZdZdddddZy)EKGenerationTypeinternalinjectedinternal_revocableinjected_revocable)rr rrNrr=rDrAr(r(Ls      DrDr(ceZdZddddZy)EKGenerationLocationrrek_cert_signerrNrr=rDrAr.r.U  "  DrDr.ceZdZddddZy)EKCertificateGenerationLocationrrr/rNrr=rDrAr2r2]r0rDr2c eZdZddddddddZy ) EvaluationAssuranceLevellevel1level2level3level4level5level6level7)r rrrrrrNrr=rDrAr4r4es        DrDr4ceZdZddddZy)EvaluationStatusdesigned_to_meetevaluation_in_progressevaluation_completedrNrr=rDrAr=r=qs  # ! DrDr=ceZdZddddZy)StrengthOfFunctionbasicmediumhighrNrr=rDrArBrBys    DrDrBc.eZdZdefdeddifdeddifgZy) URIReferencer+hash_algorithmrT hash_valueN)rYrZr[rrrrr=rDrArGrGs/ & 2 ?Z,>? y:t"45GrDrGc teZdZdefdefdefdeddifdedd d fd ed d d fd e dd d fdedd d fde dd d fg Z y)CommonCriteriaMeasuresr#assurance_levelevaluation_statusplusr;Fstrengh_of_functionrTr profile_oidr profile_urlr target_oidr target_urirN) rYrZr[rr4r=rrBr"rGrr=rDrArKrKs I 45 ./ 9e,-  2PT4UV (qd*KL  1$&GH 'aT)JK |!%FG GrDrKceZdZdddddZy) SecurityLevelr5r6r7r8)r rrrNrr=rDrArUrUs      DrDrUc(eZdZdefdefdeddifgZy) FIPSLevelr#rrNr;FN)rYrZr[rrUrrr=rDrArWrWs( I - 9e,-GrDrWc eZdZdeddifdeddifdeddd fd ed dd fd ed dd fdeddd fde ddd fdedddfde ddifg Z y)TPMSecurityAssertionsr#r;rfield_upgradableFek_generation_typerTrek_generation_locationr "ek_certificate_generation_locationrcc_infor fips_levelriso_9000_certifiedrrU iso_9000_urirN) rYrZr[rrr(r.r2rKrWrrr=rDrArYrYs Gi./ Wy%&89 /aT1RS !#7aUY9Z[ -/N]^lpPqr *,MN yqd"CD wQ5(IJ Z$67 GrDrYceZdZeZy)SetOfTPMSecurityAssertionsN)rYrZr[rYrr=rDrArcrcs'KrDrcc &eZdZddddddddd d d Zy ) SubjectDirectoryAttributeIdsupported_algorithmstpm_specificationtcg_platform_specificationtpm_security_assertionspda_date_of_birthpda_place_of_birth pda_genderpda_country_of_citizenshippda_country_of_residenceentrust_user_role) z2.5.4.52z 2.23.133.2.16z 2.23.133.2.17z 2.23.133.2.18z1.3.6.1.5.5.7.9.1z1.3.6.1.5.5.7.9.2z1.3.6.1.5.5.7.9.3z1.3.6.1.5.5.7.9.4z1.3.6.1.5.5.7.9.5z1.2.840.113533.7.68.29Nrr=rDrAreres)+,5201)97"5 DrDreceZdZeZy)SetOfGeneralizedTimeN)rYrZr[rrr=rDrArqrqrrDrqceZdZeZy)SetOfDirectoryStringN)rYrZr[rrr=rDrArsrsrrDrsceZdZeZy)SetOfPrintableStringNrr=rDrArururrDruc2eZdZdefdedddfdedddfgZy) SupportedAlgorithmalgorithm_identifierintended_usagerTrintended_certificate_policiesr N)rYrZr[rrrrr=rDrArwrws2 !78 8!%FG (*=A[_?`aGrDrwceZdZeZy)SetOfSupportedAlgorithmN)rYrZr[rwrr=rDrAr|r|rrDr|c FeZdZdefdefgZdZeee e e e e e e d ZdZdeiZy)SubjectDirectoryAttributerr)rr) rfrgrhrirjrkrlrmrncf|dj}||jvr|j|StS)Nr)rdr@r*)r?type_s rA _values_specz&SubjectDirectoryAttribute._values_specs1V ## DOO #??5) ) rDN)rYrZr[rerrr?r|rr&rcrqrsrur@r_spec_callbacksr=rDrAr~r~sU ,- 3G #I 72&C#=12*&:$8 J ,OrDr~ceZdZeZy)SubjectDirectoryAttributesN)rYrZr[r~rr=rDrArrs+KrDrc eZdZiddddddddd d d d d ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*Zy+), ExtensionIdz2.5.29.9subject_directory_attributesz 2.5.29.14r?z 2.5.29.15 key_usagez 2.5.29.16private_key_usage_periodz 2.5.29.17subject_alt_namez 2.5.29.18issuer_alt_namez 2.5.29.19basic_constraintsz 2.5.29.30name_constraintsz 2.5.29.31crl_distribution_pointsz 2.5.29.32certificate_policiesz 2.5.29.33policy_mappingsz 2.5.29.35authority_key_identifierz 2.5.29.36policy_constraintsz 2.5.29.37extended_key_usagez 2.5.29.46 freshest_crlz 2.5.29.54inhibit_any_policyz1.3.6.1.5.5.7.1.1authority_information_accesssubject_information_access tls_feature ocsp_no_checkentrust_version_extensionnetscape_certificate_type!signed_certificate_timestamp_listmicrosoft_enroll_certtype)z1.3.6.1.5.5.7.1.11z1.3.6.1.5.5.7.1.24z1.3.6.1.5.5.7.48.1.5z1.2.840.113533.7.65.0z2.16.840.1.113730.1.1z1.3.6.1.4.1.11129.2.4.2z1.3.6.1.4.1.311.20.2Nrr=rDrArrs 2 %  [  /   '   &   (  '  .  +  &  /  )  )  ^  )! " ;# $;+ /!rrrrrrr rrrr@r=rDrArr's' K Wy%01 *+G *I&(B+ X #$9  L  <  - O "#8  3 > #$: / / - g!" '(A#$'>%7%<-8&/5JrDrceZdZeZy) ExtensionsN)rYrZr[rrr=rDrArrMrrDrcleZdZdedddfdefdefdefdefd efd efd e d d dfde dd dfde dd dfg Z y)TbsCertificater#rr)rr;r signatureissuervaliditysubjectsubject_public_key_infoissuer_unique_idr Trsubject_unique_idr extensionsrrN) rYrZr[rrrrr7r1r#rrr=rDrArrQsv G!=> '" +, 4 X D "M2 ^!-NO n1$.OP zt#DE GrDrceZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'e(dZ)e(dZ*e(d Z+e(d Z,e(d Z-e(d Z.e(d Z/e(dZ0e(dZ1e(dZ2e(dZ3e(dZ4e(dZ5e(dZ6e(dZ7e(dZ8e(dZ9e(dZ:e(dZ;e(dZe(dZ?e(dZ@e(dZAe(d ZBe(d!ZCe(d"ZDe(d#ZEe(d$ZFe(d%ZGe(d&ZHe(d'ZIe(d(ZJe(d)ZKe(d*ZLd+ZMe(d,ZNe(d-ZOe(d.ZPe(d/ZQe(d0ZRe(d1ZSe(d2ZTe(d3ZUe(d4ZVe(d5ZWe(d6ZXd7ZYd8ZZd9Z[y): Certificatetbs_certificatesignature_algorithmsignature_valueFNct|_|ddD]g}|dj}d|z}t||rt |||dj |djsM|jj |id|_y) zv Sets common named extensions to private attributes and creates a list of critical extensions rrrz _%s_valuerrTN)rX_critical_extensionsrdhasattrsetattrparsedadd_processed_extensions)r? extensionrrqs rA_set_extensionszCertificate._set_extensionss %(E!/0> 4IY'..D(4/Nt^,ni .E.L.LM$++))--d3  4&*"rDcR|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )rrrrjs rAcritical_extensionszCertificate.critical_extensionss%))  "(((rDcR|js|j|jS)z This extension is used to constrain the period over which the subject private key may be used :return: None or a PrivateKeyUsagePeriod object )rr_private_key_usage_period_valuerjs rAprivate_key_usage_period_valuez*Certificate.private_key_usage_period_value%))  "333rDcR|js|j|jS)z This extension is used to contain additional identification attributes about the subject. :return: None or a SubjectDirectoryAttributes object )rr#_subject_directory_attributes_valuerjs rA"subject_directory_attributes_valuez.Certificate.subject_directory_attributes_value%))  "777rDcR|js|j|jS)z This extension is used to help in creating certificate validation paths. It contains an identifier that should generally, but is not guaranteed to, be unique. :return: None or an OctetString object )rr_key_identifier_valuerjs rAkey_identifier_valuez Certificate.key_identifier_values%))  ")))rDcR|js|j|jS)z This extension is used to define the purpose of the public key contained within the certificate. :return: None or a KeyUsage )rr_key_usage_valuerjs rAkey_usage_valuezCertificate.key_usage_values%))  "$$$rDcR|js|j|jS)aT This extension allows for additional names to be associate with the subject of the certificate. While it may contain a whole host of possible names, it is usually used to allow certificates to be used with multiple different domain names. :return: None or a GeneralNames object )rr_subject_alt_name_valuerjs rAsubject_alt_name_valuez"Certificate.subject_alt_name_values%))  "+++rDcR|js|j|jS)z This extension allows associating one or more alternative names with the issuer of the certificate. :return: None or an x509.GeneralNames object )rr_issuer_alt_name_valuerjs rAissuer_alt_name_valuez!Certificate.issuer_alt_name_values%))  "***rDcR|js|j|jS)a' This extension is used to determine if the subject of the certificate is a CA, and if so, what the maximum number of intermediate CA certs after this are, before an end-entity certificate is found. :return: None or a BasicConstraints object )rr_basic_constraints_valuerjs rAbasic_constraints_valuez#Certificate.basic_constraints_values%))  ",,,rDcR|js|j|jS)z This extension is used in CA certificates, and is used to limit the possible names of certificates issued. :return: None or a NameConstraints object )rr_name_constraints_valuerjs rAname_constraints_valuez"Certificate.name_constraints_value s%))  "+++rDcR|js|j|jS)z This extension is used to help in locating the CRL for this certificate. :return: None or a CRLDistributionPoints object extension )rr_crl_distribution_points_valuerjs rAcrl_distribution_points_valuez)Certificate.crl_distribution_points_value s%))  "222rDcR|js|j|jS)a; This extension defines policies in CA certificates under which certificates may be issued. In end-entity certificates, the inclusion of a policy indicates the issuance of the certificate follows the policy. :return: None or a CertificatePolicies object )rr_certificate_policies_valuerjs rAcertificate_policies_valuez&Certificate.certificate_policies_value* s%))  "///rDcR|js|j|jS)z This extension allows mapping policy OIDs to other OIDs. This is used to allow different policies to be treated as equivalent in the process of validation. :return: None or a PolicyMappings object )rr_policy_mappings_valuerjs rApolicy_mappings_valuez!Certificate.policy_mappings_value: s%))  "***rDcR|js|j|jS)z This extension helps in identifying the public key with which to validate the authenticity of the certificate. :return: None or an AuthorityKeyIdentifier object )rr_authority_key_identifier_valuerjs rAauthority_key_identifier_valuez*Certificate.authority_key_identifier_valueI rrDcR|js|j|jS)z This extension is used to control if policy mapping is allowed and when policies are required. :return: None or a PolicyConstraints object )rr_policy_constraints_valuerjs rApolicy_constraints_valuez$Certificate.policy_constraints_valueW %))  "---rDcR|js|j|jS)z This extension is used to help locate any available delta CRLs :return: None or an CRLDistributionPoints object )rr_freshest_crl_valuerjs rAfreshest_crl_valuezCertificate.freshest_crl_valuee s%))  "'''rDcR|js|j|jS)z This extension is used to prevent mapping of the any policy to specific requirements :return: None or a Integer object )rr_inhibit_any_policy_valuerjs rAinhibit_any_policy_valuez$Certificate.inhibit_any_policy_valuer rrDcR|js|j|jS)z This extension is used to define additional purposes for the public key beyond what is contained in the basic constraints. :return: None or an ExtKeyUsageSyntax object )rr_extended_key_usage_valuerjs rAextended_key_usage_valuez$Certificate.extended_key_usage_value rrDcR|js|j|jS)z This extension is used to locate the CA certificate used to sign this certificate, or the OCSP responder for this certificate. :return: None or an AuthorityInfoAccessSyntax object )rr#_authority_information_access_valuerjs rA"authority_information_access_valuez.Certificate.authority_information_access_value rrDcR|js|j|jS)z This extension is used to access information about the subject of this certificate. :return: None or a SubjectInfoAccessSyntax object )rr!_subject_information_access_valuerjs rA subject_information_access_valuez,Certificate.subject_information_access_value s%))  "555rDcR|js|j|jS)z This extension is used to list the TLS features a server must respond with if a client initiates a request supporting them. :return: None or a Features object )rr_tls_feature_valuerjs rAtls_feature_valuezCertificate.tls_feature_value s%))  "&&&rDcR|js|j|jS)a- This extension is used on certificates of OCSP responders, indicating that revocation information for the certificate should never need to be verified, thus preventing possible loops in path validation. :return: None or a Null object (if present) )rr_ocsp_no_check_valuerjs rAocsp_no_check_valuezCertificate.ocsp_no_check_value s%))  "(((rDc |djS)zE :return: A byte string of the signature rrdrjs rArzCertificate.signature s%&---rDc |djS)zj :return: A unicode string of "rsassa_pkcs1v15", "rsassa_pss", "dsa", "ecdsa" r)signature_algorjs rArzCertificate.signature_algo s)*999rDc |djS)z :return: A unicode string of "md2", "md5", "sha1", "sha224", "sha256", "sha384", "sha512", "sha512_224", "sha512_256" r) hash_algorjs rArzCertificate.hash_algo s)*444rDc|ddS)zT :return: The PublicKeyInfo object for this certificate rrr=rjs rA public_keyzCertificate.public_key s%&'@AArDc|ddS)zZ :return: The Name object for the subject of this certificate rrr=rjs rArzCertificate.subject s%&y11rDc|ddS)zY :return: The Name object for the issuer of this certificate rrr=rjs rArzCertificate.issuer s%&x00rDc&|ddjS)zT :return: An integer of the certificate's serial number rrrrjs rArzCertificate.serial_number s%&7>>>rDcH|jsy|jjS)z :return: None or a byte string of the certificate's key identifier from the key identifier extension N)rrdrjs rAr?zCertificate.key_identifier s"((((///rDc|jC|jjdzt|jj dz|_|jS)z :return: A byte string of the SHA-256 hash of the issuer concatenated with the ascii character ":", concatenated with the serial number as an ascii string :rt)_issuer_serialrrrrrPrjs rA issuer_serialzCertificate.issuer_serial sO    &"&++"4"4t";gdFXFX>Y>`>`ah>i"iD """rDc,|dddjS)zd :return: A datetime of latest time when the certificate is still valid rrrrrjs rAnot_valid_afterzCertificate.not_valid_after! s %&z2;?FFFrDc,|dddjS)zd :return: A datetime of the earliest time when the certificate is valid rrrrrjs rAnot_valid_beforezCertificate.not_valid_before) s %&z2<@GGGrDcN|jsy|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension Nr?)rrdrjs rArz$Certificate.authority_key_identifier1 s(22223CDKKKrDc~|jdur|j}|r|djr|jddj}|j }|jdj}|j dzt |jdz|_|jSd|_|jS)a; :return: None or a byte string of the SHA-256 hash of the isser from the authority key identifier extension concatenated with the ascii character ":", concatenated with the serial number from the authority key identifier extension as an ascii string Fr@rrAr rtN)_authority_issuer_serialrrdruuntagrrrP)r?akivrauthority_serials rAauthority_issuer_serialz#Certificate.authority_issuer_serial> s  ( (E 166D45<<<<=TUVWX__#'#F#FGe#f#m#m 06 0DwO_G`GgGghoGp0p-,,,15-,,,rDcr|j |j|j|_|jS)z Returns complete CRL URLs - does not include delta CRLs :return: A list of zero or more DistributionPoint objects )_crl_distribution_points!_get_http_crl_distribution_pointsrrjs rArz#Certificate.crl_distribution_pointsT s6  ( ( 0,0,R,RSWSuSu,vD ),,,rDcr|j |j|j|_|jS)z Returns delta CRL URLs - does not include complete CRLs :return: A list of zero or more DistributionPoint objects )_delta_crl_distribution_pointsrrrjs rAdelta_crl_distribution_pointsz)Certificate.delta_crl_distribution_pointsa s6  . . 6262X2XY]YpYp2qD /222rDcg}|gS|D]R}|d}|tur|jdk(r!|jD]#}|jdk(s|j|%T|S)a? Fetches the DistributionPoint object for non-relative, HTTP CRLs referenced by the certificate :param crl_distribution_points: A CRLDistributionPoints object to grab the DistributionPoints from :return: A list of zero or more DistributionPoint objects r_rEr+)r0rrurJ)r?rrKr_distribution_point_nameres rArz-Certificate._get_http_crl_distribution_pointsn s " *I"9 6 &89M&N #&$.&++/LL 7 > > 6 $$(EEMM"45 6 6 rDc|jsgSg}|jD]g}|djdk(s|d}|jdk7r+|j}|jj dsW|j |i|S)zx :return: A list of zero or more unicode strings of the OCSP URLs for this cert rrrr+rc)rrdrrHrOrJ)r?rKentrylocationrfs rA ocsp_urlszCertificate.ocsp_urls s66I<< 'E_%,,6 !23==$AAoo99;))*XYMM#& ' rDc<|jg|_|jrk|jD]P}|jdk(s|j|jvs,|jj |jR|jSt j d}|jjD]X}|D]Q}|djdk(s|dj}|j|s7|jj |SZ|jS)z :return: A list of unicode strings of valid domain names for the certificate. Wildcard certificates will have a domain in the form: *.example.com r'zE^(\*\.)?(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$rrrV) _valid_domainsrrrdrJr'compilerrumatch)r?repatternrWname_type_valuerVs rA valid_domainszCertificate.valid_domains s    &"$D  **$($?$?HL#((J6<;N;NVZViVi;i++22<3F3FGH$"""**%pq<<..BC+.B*6299]J$3G$<$C$CE&}}U3 $ 3 3 : :5 A BB"""rDc|jYg|_|jrF|jD]7}|jdk(s|jj|j9|jS)zj :return: A list of unicode strings of valid IP addresses for the certificate r,) _valid_ipsrrrJrd)r?res rA valid_ipszCertificate.valid_ips sg ?? " DO**$($?$?DL#((L8..|/B/BCDrDcP|jxr|jdjS)zW :return; A boolean - if the certificate is marked as a CA r:)rrdrjs rAr:zCertificate.ca s&++Y0L0LT0R0Y0YYrDcN|jsy|jdjS)zT :return; None or an integer of the maximum path length Nr<)r:rrdrjs rAmax_path_lengthzCertificate.max_path_length s&ww++,ABIIIrDcn|j|j|jk(|_|jS)zx :return: A boolean - if the certificate is self-issued, as defined by RFC 5280 ) _self_issuedrrrjs rA self_issuedzCertificate.self_issued s1    $ $  ;D    rDc|jqd|_|jr^|jrK|jsd|_|jS|j|jk(rd|_|jSd|_|jS)a :return: A unicode string of "no" or "maybe". The "maybe" result will be returned if the certificate issuer and subject are the same. If a key identifier and authority key identifier are present, they will need to match otherwise "no" will be returned. To verify is a certificate is truly self-signed, the signature will need to be verified. See the certvalidator package for one possible solution. nomaybe) _self_signedr4r?rrjs rA self_signedzCertificate.self_signed s    $ $D &&88,3)    66$:M:MM,3)   )0D%   rDc|j6tj|jj |_|jS)zk :return: The SHA-1 hash of the DER-encoded bytes of this complete certificate rrjs rArzCertificate.sha1 rrDcXdjdt|jDS)z :return: A unicode string of the SHA-1 hash, formatted using hex encoding with a space between each pair of characters, all uppercase r%c3&K|] }d|z ywz%02XNr=r`cs rAraz/Certificate.sha1_fingerprint..$ sEq E)r,rrrjs rAsha1_fingerprintzCertificate.sha1_fingerprint s"xxEM$)),DEEErDc|j6tj|jj |_|jS)zy :return: The SHA-256 hash of the DER-encoded bytes of this complete certificate rrjs rArzCertificate.sha256& s7 << ">>$))+6==?DL||rDcXdjdt|jDS)z :return: A unicode string of the SHA-256 hash, formatted using hex encoding with a space between each pair of characters, all uppercase r%c3&K|] }d|z ywr=r=r>s rAraz1Certificate.sha256_fingerprint..: sGq Gr@)r,rrrjs rAsha256_fingerprintzCertificate.sha256_fingerprint2 s"xxGM$++,FGGGrDct|tsttdt ||j dj dj}|jddk7}| xrtjd|}| xr| }|r|jsy|jd}|jD]}|j dj dj}|jd} t| t|k7rZ| |k(ry |j|} | su|j|| sy y|j sy|rt"j$nt"j&} t)| |} |j D]I} | jddk7rt"j$nt"j&}t)|| }|| k(sIy y) a Check if a domain name or IP address is valid according to the certificate :param domain_ip: A unicode string of a domain name or IP address :return: A boolean - if the domain or IP is valid for the certificate zL domain_ip must be a unicode string, not %s rrtrrsz^\d+\.\d+\.\d+\.\d+$FrLT)rFrrNr rrPr|rHrvr'r(r+rr_is_wildcard_domain_is_wildcard_matchr.rrrr5)r? domain_ipencoded_domain_ipis_ipv6is_ipv4 is_domain domain_labels valid_domainencoded_valid_domainvalid_domain_labels is_wildcardr normalized_ipvalid_ip valid_familynormalized_valid_ips rAis_valid_domain_ipzCertificate.is_valid_domain_ip< s)W-F)$  &,,V4;;GDJJL#((-3+\"((+HJ["\K/K  %%-33C8M $ 2 2 '3':':6'B'I'I''R'X'X'Z$&:&@&@&E#*+s=/AA&-7"667KL 4#:#:=J]#^ ~~#*!&*;<  H-5]]3-?2-E6>>6??L"+L("C "m3  rDc|jddk7ry|jjd}|sy|djddk(ry|ddddk(ryy ) af Checks if a domain is a valid wildcard according to https://tools.ietf.org/html/rfc6125#section-6.4.3 :param domain: A unicode string of the domain name, where any U-labels from an IDN have been converted to A-labels :return: A boolean - if the domain is a valid wildcard domain *r FrLrrsrzxn--T)countrHrrv)r?domainlabelss rArGzCertificate._is_wildcard_domain~ sh <<  !%%c* !9>># " $ !9Qq>V #rDc|d}|dd}|d}|dd}||k7ry|dk(rytjd|jddzd z}|j|ryy) a Determines if the labels in a domain are a match for labels from a wildcard valid domain name :param domain_labels: A list of unicode strings, with A-label form for IDNs, of the labels in the domain name to check :param valid_domain_labels: A list of unicode strings, with A-label form for IDNs, of the labels in a wildcard domain pattern :return: A boolean - if the domain matches the valid domain rr NFrYT^z.*$)r'r'r+r()r?rNrQfirst_domain_labelother_domain_labelswildcard_labelother_valid_domain_labelswildcard_regexs rArHzCertificate._is_wildcard_match s"+1-+AB/,Q/$7$;! "; ; S C.*@*@d*K$Kc$QR    2 3rD)\rYrZr[rrr#rrrrrrrrrrrrrrrrrrrrrrrr rrrr&r-r3r8rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr?r rrrrrrrr$r+r.r:r1r4r9rrArrErWrGrHr=rDrArr`s N+  56 N+G "*.' "!#"%)""&!&*# $ $ $*.'(,%&*#N$#%)"NJLL EG*$ ) ) 4 4 8 8 * * % % , , + + - - , , 3 3 0 0 + + 4 4 . . ( ( . . . . 8 8 6 6 ' ' ) )..::55BB2211?? 0 0 # #GGHH L L--* - - 3 3>* # #D ZZJJ ! !!!2FF  HH@DB#rDrceZdZeZy)KeyPurposeIdentifiersNrr=rDrArfrf rrDrfceZdZeZy)SequenceOfAlgorithmIdentifiersN)rYrZr[rrr=rDrArhrh rrDrhc PeZdZdeddifdedddfdeddifdeddifd ed ddfgZy ) CertificateAuxtrustrTrejectrraliaskeyidr@r N)rYrZr[rfr.r$rhrr=rDrArjrj sW '*d);< (qd*KL *z401 + D12 0qd2ST GrDrjceZdZeegZy)TrustedCertificateN)rYrZr[rrj _child_specsr=rDrArprp s 0LrDrp)r __future__rrrr contextlibr encodingsrrr'rr-r)r/_errorsr _irir r _ordereddictr _typesrrralgosrrrrcorerrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0rIr1utilr2r3r4r5r7r^rlrrrrrrrrrrrBr\rrrrrrrrrrrrrrrrrrrrrrrrrrrrr r$r1r3r7r9r>rCrGrRrXrZr^rhrkrnrrrvrzr~rrrrrrrrrrrrrrrrrrrrr"r&r(r.r2r4r=rBrGrKrUrWrYrcrerqrsrurwr|r~rrrrrrrfrhrjrpr=rDrAr|s SR%  (%55ff< DD2 i2 j6)6rn9nbB5 B5J y H]0== f Q(Q(h~x~BRRj'*'T@6@F(&v3#"j" Z   H0Z0H0Z0&3"z"s8(V7W8D%*%8/+&/+d:6xxXF ) X!j!h""J$J$&Jh( ( &:&' $*$H Z m#m` #$ $$j$ z i gx#E#hx+E+z:j z z8 X J H (("2&"5""5""5"%e%<,,"@##L X b (b RJ&Z&X11rD