
    Wwg~,                       d dl mZ d dlZd dlZd dlmZmZ d dlmZ d dl	m
Z
 d dlmZ d dlmZmZmZ  G d d	ej"                        Z G d
 dej"                        Ze
j(                  e
j*                  e
j,                  e
j.                  e
j0                  fZddZ G d dej"                        Z G d d      Zej:                  Zej<                  Zej>                  Z G d d      Z  G d d      Z!ejD                  Z"ejF                  Z#y)    )annotationsN)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc                      e Zd ZdZdZy)OCSPResponderEncodingzBy HashzBy NameN)__name__
__module____qualname__HASHNAME     M/var/www/horilla/myenv/lib/python3.12/site-packages/cryptography/x509/ocsp.pyr   r      s    DDr   r   c                  $    e Zd ZdZdZdZdZdZdZy)OCSPResponseStatusr                  N)	r   r   r   
SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR	TRY_LATERSIG_REQUIREDUNAUTHORIZEDr   r   r   r   r      s!    JNILLr   r   c                :    t        | t              st        d      y )Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)
isinstance_ALLOWED_HASHES
ValueError)	algorithms    r   _verify_algorithmr(   .   s!    i1G
 	
 2r   c                      e Zd ZdZdZdZy)OCSPCertStatusr   r   r   N)r   r   r   GOODREVOKEDUNKNOWNr   r   r   r*   r*   5   s    DGGr   r*   c                  4    e Zd Z	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 ddZy)_SingleResponsec	                   t        |t        j                        rt        |t        j                        st        d      t	        |       t        |t
        j
                        st        d      |%t        |t
        j
                        st        d      || _        || _        || _        || _	        || _
        t        |t              st        d      |t        j                  ur|t        d      |vt        d      t        |t
        j
                        st        d      t        |      }|t        k  rt        d      |%t        |t        j                         st        d	      || _        || _        || _        y )
N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r$   r   Certificate	TypeErrorr(   datetime_cert_issuer
_algorithm_this_update_next_updater*   r,   r&   r
   r	   ReasonFlags_cert_status_revocation_time_revocation_reason)	selfcertissuerr'   cert_statusthis_updatenext_updaterevocation_timerevocation_reasons	            r   __init__z_SingleResponse.__init__<   s    $ 0 01D$$:
 CDD)$+x'8'89CDD":**,
 KLL
#''+~6J  n444* !  !, " 
 ox/@/@A KLL8IO!33 ' 
 !,Z!4#3#36  # 
 ( /"3r   N)r?   x509.Certificater@   rG   r'   hashes.HashAlgorithmrA   r*   rB   datetime.datetimerC   datetime.datetime | NonerD   rJ   rE   x509.ReasonFlags | None)r   r   r   rF   r   r   r   r/   r/   ;   s^    B4B4 !B4 (	B4
 $B4 'B4 .B4 2B4 3B4r   r/   c                  z    e Zd Zddg f	 	 	 	 	 	 	 ddZ	 	 	 	 	 	 	 	 ddZ	 	 	 	 	 	 	 	 	 	 d	dZ	 	 	 	 	 	 d
dZddZy)OCSPRequestBuilderNc                .    || _         || _        || _        y N)_request_request_hash_extensions)r>   requestrequest_hash
extensionss       r   rF   zOCSPRequestBuilder.__init__   s      )%r   c                $   | j                   | j                  t        d      t        |       t	        |t
        j                        rt	        |t
        j                        st        d      t        |||f| j                  | j                        S )N.Only one certificate can be added to a requestr1   )
rP   rQ   r&   r(   r$   r   r2   r3   rM   rR   )r>   r?   r@   r'   s       r   add_certificatez"OCSPRequestBuilder.add_certificate   s     ==$(:(:(FMNN)$$ 0 01D$$:
 CDD!69%t'9'94;K;K
 	
r   c                   | j                   | j                  t        d      t        |t              st        d      t        |       t        j                  d|       t        j                  d|       |j                  t        |      k7  s|j                  t        |      k7  rt        d      t        | j                   ||||f| j                        S )NrW   z serial_number must be an integerissuer_name_hashissuer_key_hashz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm)rP   rQ   r&   r$   intr3   r(   r   _check_bytesdigest_sizelenrM   rR   )r>   rZ   r[   serial_numberr'   s        r   add_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hash   s     ==$(:(:(FMNN-->??)$-/?@,o>  C%
 
""c/&::6 
 "MMyI
 	
r   c                   t        |t        j                        st        d      t        j                  |j
                  ||      }t        || j                         t        | j                  | j                  g | j                  |      S Nz"extension must be an ExtensionType)r$   r   ExtensionTyper3   	Extensionoidr   rR   rM   rP   rQ   r>   extvalcritical	extensions       r   add_extensionz OCSPRequestBuilder.add_extension   su     &$"4"45@AANN6::x@	#It/?/?@!MM4--/M1A1A/M9/M
 	
r   c                r    | j                   | j                  t        d      t        j                  |       S )Nz*You must add a certificate before building)rP   rQ   r&   r   create_ocsp_request)r>   s    r   buildzOCSPRequestBuilder.build   s4    == T%7%7%?IJJ''--r   )rS   zFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | NonerT   z5tuple[bytes, bytes, int, hashes.HashAlgorithm] | NonerU   (list[x509.Extension[x509.ExtensionType]]returnNone)r?   rG   r@   rG   r'   rH   rp   rM   )
rZ   bytesr[   rr   r`   r\   r'   rH   rp   rM   )rh   x509.ExtensionTyperi   boolrp   rM   )rp   OCSPRequest)r   r   r   rF   rX   ra   rk   rn   r   r   r   rM   rM      s     ?A&&& =& 
&

 !
 (	

 

&

 
 	

 (
 

<
(
48
	
.r   rM   c                      e Zd Zdddg f	 	 	 	 	 	 	 d	dZ	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 d
dZ	 	 	 	 	 	 ddZ	 	 	 	 ddZ	 	 	 	 	 	 ddZ	 	 	 	 	 	 ddZe		 	 	 	 dd       Z
y)OCSPResponseBuilderNc                <    || _         || _        || _        || _        y rO   )	_response_responder_id_certsrR   )r>   responseresponder_idcertsrU   s        r   rF   zOCSPResponseBuilder.__init__   s"     ")%r   c	           
         | j                   t        d      t        ||||||||      }	t        |	| j                  | j
                  | j                        S )Nz#Only one response per OCSPResponse.)ry   r&   r/   rw   rz   r{   rR   )
r>   r?   r@   r'   rA   rB   rC   rD   rE   
singleresps
             r   add_responsez OCSPResponseBuilder.add_response   sg     >>%BCC$	

 #KK	
 	
r   c                   | j                   t        d      t        |t        j                        st        d      t        |t              st        d      t        | j                  ||f| j                  | j                        S )Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)rz   r&   r$   r   r2   r3   r   rw   ry   r{   rR   )r>   encodingresponder_certs      r   r}   z OCSPResponseBuilder.responder_id  s     )@AA.$*:*:;BCC($9:H  #NNX&KK	
 	
r   c                
   | j                   t        d      t        |      }t        |      dk(  rt        d      t	        d |D              st        d      t        | j                  | j                  || j                        S )Nz!certificates may only be set oncer   zcerts must not be an empty listc              3  P   K   | ]  }t        |t        j                           y wrO   )r$   r   r2   ).0xs     r   	<genexpr>z3OCSPResponseBuilder.certificates.<locals>.<genexpr>"  s     Bq:a!1!12Bs   $&z$certs must be a list of Certificates)
r{   r&   listr_   allr3   rw   ry   rz   rR   )r>   r~   s     r   certificatesz OCSPResponseBuilder.certificates  s}     ;;"@AAUu:?>??BEBBBCC"NN	
 	
r   c                .   t        |t        j                        st        d      t        j                  |j
                  ||      }t        || j                         t        | j                  | j                  | j                  g | j                  |      S rc   )r$   r   rd   r3   re   rf   r   rR   rw   ry   rz   r{   rg   s       r   rk   z!OCSPResponseBuilder.add_extension+  s}     &$"4"45@AANN6::x@	#It/?/?@"NNKK*d*	*	
 	
r   c                    | j                   t        d      | j                  t        d      t        j                  t
        j                  | ||      S )Nz&You must add a response before signingz*You must add a responder_id before signing)ry   r&   rz   r   create_ocsp_responser   r   )r>   private_keyr'   s      r   signzOCSPResponseBuilder.sign;  sT    
 >>!EFF%IJJ(())4i
 	
r   c                    t        |t              st        d      |t        j                  u rt	        d      t        j                  |d d d       S )Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r$   r   r3   r   r&   r   r   )clsresponse_statuss     r   build_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfulI  sS     /+=>I  0;;;CDD(($dKKr   )r|   z_SingleResponse | Noner}   z5tuple[x509.Certificate, OCSPResponderEncoding] | Noner~   zlist[x509.Certificate] | NonerU   ro   )r?   rG   r@   rG   r'   rH   rA   r*   rB   rI   rC   rJ   rD   rJ   rE   rK   rp   rw   )r   r   r   rG   rp   rw   )r~   z!typing.Iterable[x509.Certificate]rp   rw   )rh   rs   ri   rt   rp   rw   )r   r   r'   zhashes.HashAlgorithm | Nonerp   OCSPResponse)r   r   rp   r   )r   r   r   rF   r   r}   r   rk   r   classmethodr   r   r   r   rw   rw      s0    ,0/3?A&(&&
 -& =&

 !
 (	

 $
 '
 .
 2
 3
 

>
-
?O
	
&
6
	
"
(
48
	
 
5
 /
 
	
 
L0
L	
L 
Lr   rw   )r'   rH   rp   rq   )$
__future__r   r4   typingcryptographyr   r   "cryptography.hazmat.bindings._rustr   cryptography.hazmat.primitivesr   /cryptography.hazmat.primitives.asymmetric.typesr   cryptography.x509.baser	   r
   r   Enumr   r   SHA1SHA224SHA256SHA384SHA512r%   r(   r*   r/   ru   r   OCSPSingleResponserM   rw   load_der_ocsp_requestload_der_ocsp_responser   r   r   <module>r      s   
 #   $ 3 1 EJJ 
  KK
MM
MM
MM
MM
UZZ C4 C4L   ,, Q. Q.hzL zLz 22 44 r   