B QUc3A@sVddlZddlZddlZddlmZddlmZddlmZddlm Z m Z ddl m Z ddl mZmZmZGdd d ejZGd d d ejZe je je je je jfZe jdd d dZGdddejZGdddZGdddejdZGdddejdZ GdddejdZ!GdddZ"GdddZ#e$eddd Z%e$e!dd!d"Z&dS)#N)utils)x509)ocsp)hashes serialization)CERTIFICATE_PRIVATE_KEY_TYPES)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__ZHASHNAMErr5lib/python3.7/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULZMALFORMED_REQUESTZINTERNAL_ERRORZ TRY_LATERZ SIG_REQUIREDZ UNAUTHORIZEDrrrrrs r) algorithmreturncCst|tstddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm/s rc@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r rZGOODREVOKEDZUNKNOWNrrrrr6src @sHeZdZejejejeeje j eje j eje j ej dddZ dS)_SingleResponse)certissuerr cert_status this_update next_updaterevocation_timerevocation_reasonc Cst|tjrt|tjs tdt|t|tjsrr?r8rrrrrDsXrDc@seZdZdgfejejejejej fej ej ej ddddZ ejejej ddddZej eddd d Zed d d ZdS)OCSPRequestBuilderN)requestr9rcCs||_||_dS)N)_request _extensions)r-rTr9rrrr.ss zOCSPRequestBuilder.__init__)r"r#rrcCsL|jdk rtdt|t|tjr2t|tjs:tdt|||f|jS)Nz.Only one certificate can be added to a requestz%cert and issuer must be a Certificate) rUrrrrr)r*rSrV)r-r"r#rrrradd_certificates  z"OCSPRequestBuilder.add_certificate)extvalcriticalrcCsDt|tjstdt|j||}t||jt|j |j|gS)Nz"extension must be an ExtensionType) rr ExtensionTyper* Extensionoidr rVrSrU)r-rXrY extensionrrr add_extensions   z OCSPRequestBuilder.add_extension)rcCs|jdkrtdt|S)Nz*You must add a certificate before building)rUrrZcreate_ocsp_request)r-rrrbuilds zOCSPRequestBuilder.build)r r rr0r1Tuplerr)rr/rQr[rZr.rWboolr^r2r_rrrrrSrs.  rSc @s eZdZdddgfejeejejeje fejej ejej ej ej dddZ ejejejeejejejejejejejdd ddZe ejddd d Zejejdd d d Zej eddddZeejejedddZeeedddZdS)OCSPResponseBuilderN)response responder_idcertsr9cCs||_||_||_||_dS)N) _response _responder_id_certsrV)r-rcrdrer9rrrr.s zOCSPResponseBuilder.__init__) r"r#rr$r%r&r'r(rc Cs<|jdk rtdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rfrr!rbrgrhrV) r-r"r#rr$r%r&r'r(Z singleresprrr add_responses z OCSPResponseBuilder.add_response)r7responder_certrcCsP|jdk rtdt|tjs&tdt|ts8tdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rgrrrr)r*r rbrfrhrV)r-r7rjrrrrds   z OCSPResponseBuilder.responder_id)rercCs\|jdk rtdt|}t|dkr.tdtdd|DsHtdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tjVqdS)N)rrr)).0xrrr sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rhrlistlenallr*rbrfrgrV)r-rerrrrKs  z OCSPResponseBuilder.certificates)rXrYrcCsLt|tjstdt|j||}t||jt|j |j |j |j|gS)Nz"extension must be an ExtensionType) rrrZr*r[r\r rVrbrfrgrh)r-rXrYr]rrrr^s  z!OCSPResponseBuilder.add_extension) private_keyrrcCs6|jdkrtd|jdkr$tdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rfrrgrcreate_ocsp_responserr)r-rqrrrrsigns   zOCSPResponseBuilder.sign)rFrcCs4t|tstd|tjkr$tdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rrr*rrrrr)clsrFrrrbuild_unsuccessfuls   z&OCSPResponseBuilder.build_unsuccessful)r r rr0r1r!r`rr)r rQr[rZr.rr/rr+r,rirdIterablerKrar^rrDrs classmethodrrurrrrrbs2L       rb)datarcCs t|S)N)rload_der_ocsp_request)rxrrrry"srycCs t|S)N)rload_der_ocsp_response)rxrrrrz&srz)'r:r+r0Z cryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baserr r Enumr rZSHA1ZSHA224ZSHA256ZSHA384ZSHA512rr/rrr!ABCMetar2rBrDrSrbr<ryrzrrrrs4     F&;2~