U *”}fY~ã @s¨ddlmZmZmZddlZddlZddlZddlmZddl m Z m Z m Z m Z ddlmZddlmZddlmZmZmZmZdd „Zd d „Zd d „Zdd„Zdd„Zdd„Zdd„Zdd„ZGdd„deƒZ dd„Z!dd„Z"dd„Z#d d!„Z$d"d#„Z%d$d%„Z&d&d'„Z'd(d)„Z(d*d+„Z)d,d-„Z*d.d/„Z+d0d1„Z,d2d3„Z-d4d5„Z.d6d7„Z/d8d9„Z0d:d;„Z1dZ2d„Z4ej5j6ej5j7ej5j8ej5j9ej5j:ej5j;ej5jd@dA„Z?dBdC„Z@dDdE„ZAdFdG„ZBdHdI„ZCdJdK„ZDdLdM„ZEdNdO„ZFej5jGej5j6ej5j7ej5j8ej5j9ej5j:ej5j;ej5jHej5jKsz$_decode_x509_name..) rZX509_NAME_entry_countÚrangeZX509_NAME_get_entryr'Z Cryptography_X509_NAME_ENTRY_setÚappendÚaddrÚName) rZ x509_nameÚcountÚ attributesZ prev_set_idÚxÚentryÚ attributeZset_idrrrÚ_decode_x509_name<s    r5cCsR|j |¡}g}t|ƒD]4}|j ||¡}| ||jjk¡| t||ƒ¡q|Sr ) rZsk_GENERAL_NAME_numr,Zsk_GENERAL_NAME_valuerrrr-Ú_decode_general_name)rÚgnsÚnumÚnamesÚiÚgnrrrÚ_decode_general_namesNs  r<c Cs|j|jjkr.t||jjƒ d¡}tj  |¡S|j|jj kr\t||jj ƒ d¡}tj   |¡S|j|jj krˆt||jjƒ}t t |¡¡S|j|jjkrbt||jjƒ}t|ƒ}|dksÀ|dkrNt |d|d…¡}t ||dd…¡}tt|ƒƒdd…}| d¡}|dkrt|ƒ}d||d…kr6tdƒ‚t |jd  |¡¡} n t |¡} t | ¡S|j|jjkr†t  t!||jj"ƒ¡S|j|jj#kr¶t||jj$ƒ d¡}tj%  |¡S|j|jj&krøt||jj'j(ƒ} t)||jj'j*ƒ} t +t | ¡| ¡St ,d  tj- .|j|j¡¡|j¡‚dS) NÚutf8éé éÚ0r(Ú1zInvalid netmaskz/{}z{} is not a supported type)/r"rZGEN_DNSÚ_asn1_string_to_bytesÚdZdNSNamerrZDNSNameZ_init_without_validationZGEN_URIZuniformResourceIdentifierZUniformResourceIdentifierZGEN_RIDrZ registeredIDZ RegisteredIDr#Z GEN_IPADDZ iPAddressÚlenÚ ipaddressÚ ip_addressÚbinÚintÚfindÚ ValueErrorÚ ip_networkÚexplodedÚformatZ IPAddressZ GEN_DIRNAMEZ DirectoryNamer5Z directoryNameZ GEN_EMAILZ rfc822NameZ RFC822NameZ GEN_OTHERNAMEZ otherNameÚtype_idÚ _asn1_to_derr%Z OtherNameZUnsupportedGeneralNameTypeZ_GENERAL_NAMESÚget) rr;r$r&Zdata_lenÚbaseÚnetmaskÚbitsÚprefixÚiprOr%rrrr6Ys\ ÿþ      ÿ ÿür6cCst ¡Sr )rZ OCSPNoCheck©rÚextrrrÚ_decode_ocsp_no_check§srYcCs0|j d|¡}|j ||jj¡}t t||ƒ¡S©NzASN1_INTEGER *)rÚcastÚgcrÚASN1_INTEGER_freerZ CRLNumberÚ_asn1_integer_to_int©rrXÚasn1_intrrrÚ_decode_crl_number«sracCs0|j d|¡}|j ||jj¡}t t||ƒ¡SrZ)rr[r\rr]rZDeltaCRLIndicatorr^r_rrrÚ_decode_delta_crl_indicator±srbc@seZdZdd„Zdd„ZdS)Ú_X509ExtensionParsercCs||_||_||_||_dSr )Ú ext_countÚget_extÚhandlersÚ_backend)ÚselfrrdrerfrrrÚ__init__¸sz_X509ExtensionParser.__init__c Csfg}tƒ}t| |¡ƒD]@}| ||¡}|j ||jjjk¡|jj  |¡}|dk}t   t |j|jj  |¡ƒ¡}||krŒt  d |¡|¡‚|tjkr|jj |¡} t|j| ƒ} t| ƒ t¡} g} |  ¡sâ|  |  t¡ ¡¡qÄt  dd„| Dƒ¡} | t  ||| ¡¡| |¡qn\|tjkrt|jj |¡} tt|j| ƒƒ}| t¡  ¡| t  ||t  !¡¡¡| |¡qz|j"|}Wnvt#k rø|jj |¡} |j | |jjjk¡|jj $| j%| j&¡dd…}t  '||¡}| t  |||¡¡YnXX|jj (|¡}||jjjkr0|j )¡t*d |¡ƒ‚||j|ƒ} | t  ||| ¡¡| |¡qt  +|¡S)NrzDuplicate {} extension foundcSsg|] }t|‘qSrr )r*r2rrrÚ Þsz._X509ExtensionParser.parse..z/The {} extension is invalid and can't be parsed),Úsetr,rdrergrrrrZX509_EXTENSION_get_criticalrr#rZX509_EXTENSION_get_objectZDuplicateExtensionrNrZ TLS_FEATUREZX509_EXTENSION_get_datarCrZread_single_elementr Zis_emptyr-Z read_elementrZ as_integerZ TLSFeatureÚ Extensionr.ZPRECERT_POISONZ check_emptyZ PrecertPoisonrfÚKeyErrorrr$ÚlengthZUnrecognizedExtensionZX509V3_EXT_d2iZ_consume_errorsrKZ Extensions)rhZx509_objÚ extensionsZ seen_oidsr:rXÚcritÚcriticalr&r$Z data_bytesÚfeaturesÚparsedr%ÚreaderÚhandlerZderZ unrecognizedZext_datarrrÚparse¾sx  þÿÿ   ÿ  ÿ   ÿÿ  z_X509ExtensionParser.parseN)Ú__name__Ú __module__Ú __qualname__rirvrrrrrc·srccCs4|j d|¡}|j ||jj¡}|j |¡}g}t|ƒD]ð}d}|j ||¡}t  t ||j ƒ¡}|j |jj kr|j |j ¡}g}t|ƒD]Š} |j |j | ¡} t  t || jƒ¡} | tjkrî|j | jjj| jjj¡dd… d¡} | | ¡qŠ| tjksüt‚t|| jjƒ} | | ¡qŠ| t ||¡¡q8t |¡S)Nz"Cryptography_STACK_OF_POLICYINFO *Úascii) rr[r\rZCERTIFICATEPOLICIES_freeZsk_POLICYINFO_numr,Zsk_POLICYINFO_valuerr#rZpolicyidÚ qualifiersrZsk_POLICYQUALINFO_numZsk_POLICYQUALINFO_valueÚpqualidrZ CPS_QUALIFIERrrDÚcpsurir$rnrr-ZCPS_USER_NOTICEÚAssertionErrorÚ_decode_user_noticeZ usernoticeZPolicyInformationZCertificatePolicies)rÚcpr8Zcertificate_policiesr:r{Úpir&ZqnumÚjZpqir|r}Z user_noticerrrÚ_decode_certificate_policiess<    ÿ þ ÿ rƒc Csžd}d}|j|jjkr"t||jƒ}|j|jjkr’t||jjƒ}|j |jj¡}g}t |ƒD]*}|j  |jj|¡}t ||ƒ} |  | ¡qZt  ||¡}t  ||¡Sr )Zexptextrrr!Z noticerefÚ organizationrZsk_ASN1_INTEGER_numZ noticenosr,Zsk_ASN1_INTEGER_valuer^r-rZNoticeReferenceZ UserNotice) rZunZ explicit_textZnotice_referencer„r8Znotice_numbersr:r`Z notice_numrrrr)s"  ÿ   rcCsB|j d|¡}|j ||jj¡}|jdk}t||jƒ}t  ||¡S)NzBASIC_CONSTRAINTS *éÿ) rr[r\rZBASIC_CONSTRAINTS_freeÚcaÚ_asn1_integer_to_int_or_noneÚpathlenrZBasicConstraints)rZbc_stZbasic_constraintsr†Z path_lengthrrrÚ_decode_basic_constraintsAsÿ ÿr‰cCs@|j d|¡}|j ||jj¡}t |j |j|j ¡dd…¡S©NzASN1_OCTET_STRING *) rr[r\rÚASN1_OCTET_STRING_freerZSubjectKeyIdentifierrr$rn©rÚ asn1_stringrrrÚ_decode_subject_key_identifierQsÿÿrŽcCsˆ|j d|¡}|j ||jj¡}d}d}|j|jjkrT|j |jj|jj ¡dd…}|j |jjkrnt ||j ƒ}t ||j ƒ}t |||¡S)NzAUTHORITY_KEYID *)rr[r\rZAUTHORITY_KEYID_freeZkeyidrrr$rnZissuerr<r‡ÚserialrZAuthorityKeyIdentifier)rZakidZkey_identifierZauthority_cert_issuerZauthority_cert_serial_numberrrrÚ _decode_authority_key_identifier[s(ÿ  ÿÿrcs¬ˆj d|¡}ˆj |‡fdd„¡}ˆj |¡}g}t|ƒD]j}ˆj ||¡}ˆ |jˆjj k¡t   t ˆ|jƒ¡}ˆ |j ˆjj k¡tˆ|j ƒ}| t  ||¡¡q<|S)Nz*Cryptography_STACK_OF_ACCESS_DESCRIPTION *csˆj |ˆj ˆjjd¡¡S)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freerÚ addressofZ _original_lib)r2©rrrÚvs ÿþz,_decode_information_access..)rr[r\rZsk_ACCESS_DESCRIPTION_numr,Zsk_ACCESS_DESCRIPTION_valuerÚmethodrrr#rÚlocationr6r-ZAccessDescription)rÚiar8Úaccess_descriptionsr:Úadr&r;rr’rÚ_decode_information_accessrs þ   r™cCst||ƒ}t |¡Sr )r™rZAuthorityInformationAccess©rZaiar—rrrÚ$_decode_authority_information_accessŠs r›cCst||ƒ}t |¡Sr )r™rZSubjectInformationAccessršrrrÚ"_decode_subject_information_accesss rœc CsÀ|j d|¡}|j ||jj¡}|jj}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk}||dƒdk} ||d ƒdk} ||d ƒdk} t ||||||| | | ¡ S) NzASN1_BIT_STRING *rrr@ééééér>)rr[r\rZASN1_BIT_STRING_freeÚASN1_BIT_STRING_get_bitrZKeyUsage) rZ bit_stringZget_bitZdigital_signatureZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_onlyrrrÚ_decode_key_usage”s.÷r£cCs.|j d|¡}|j ||jj¡}t||ƒ}|S©NzGENERAL_NAMES *)rr[r\rÚGENERAL_NAMES_freer<©rr7Z general_namesrrrÚ_decode_general_names_extension®s r§cCst t||ƒ¡Sr )rZSubjectAlternativeNamer§rWrrrÚ_decode_subject_alt_nameµsÿr¨cCst t||ƒ¡Sr )rZIssuerAlternativeNamer§rWrrrÚ_decode_issuer_alt_name»sÿr©cCsF|j d|¡}|j ||jj¡}t||jƒ}t||jƒ}tj ||dS)NzNAME_CONSTRAINTS *)Zpermitted_subtreesZexcluded_subtrees) rr[r\rZNAME_CONSTRAINTS_freeÚ_decode_general_subtreesZpermittedSubtreesZexcludedSubtreesrZNameConstraints)rZncZ permittedZexcludedrrrÚ_decode_name_constraintsÁs  ÿr«cCsh||jjkrdS|j |¡}g}t|ƒD]:}|j ||¡}| ||jjk¡t||jƒ}|  |¡q(|Sr ) rrrZsk_GENERAL_SUBTREE_numr,Zsk_GENERAL_SUBTREE_valuerr6rRr-)rZstack_subtreesr8Zsubtreesr:rÚnamerrrrªËs     rªc Cs¦|j d|¡}|j ||jj¡}|j|jjkr@t||jƒ\}}nd}d}|jdk}|j dk}|j dk}|j dk}|j |jjkrŒt ||j ƒ}nd}t |||||||¡S)NzISSUING_DIST_POINT *r…)rr[r\rZISSUING_DIST_POINT_freeÚ distpointrÚ_decode_distpointZonlyuserZonlyCAZ indirectCRLZonlyattrZonlysomereasonsÚ_decode_reasonsrZIssuingDistributionPoint) rZidpÚ full_nameÚ relative_nameZ only_userZonly_caZ indirect_crlZ only_attrZonly_some_reasonsrrrÚ_decode_issuing_dist_pointÛs,    ùr²cCsD|j d|¡}|j ||jj¡}t||jƒ}t||jƒ}t  ||¡S)NzPOLICY_CONSTRAINTS *) rr[r\rZPOLICY_CONSTRAINTS_freer‡ZrequireExplicitPolicyZinhibitPolicyMappingrZPolicyConstraints)rZpcZrequire_explicit_policyZinhibit_policy_mappingrrrÚ_decode_policy_constraintsøsÿÿÿr³cCs‚|j d|¡}|j ||jj¡}|j |¡}g}t|ƒD]>}|j ||¡}| ||jj k¡t   t ||ƒ¡}|  |¡q8t  |¡S)Nz#Cryptography_STACK_OF_ASN1_OBJECT *)rr[r\rZsk_ASN1_OBJECT_freeZsk_ASN1_OBJECT_numr,Zsk_ASN1_OBJECT_valuerrrr#rr-ZExtendedKeyUsage)rÚskr8Zekusr:rr&rrrÚ_decode_extended_key_usages   rµrc CsÈ|j d|¡}|j ||jj¡}|j |¡}g}t|ƒD]Š}d}d}d}d}|j ||¡} | j|jj krtt || jƒ}| j |jj krŽt || j ƒ}| j |jj kr¬t|| j ƒ\}}| t ||||¡¡q8|S)Nz"Cryptography_STACK_OF_DIST_POINT *)rr[r\rZCRL_DIST_POINTS_freeZsk_DIST_POINT_numr,Zsk_DIST_POINT_valueÚreasonsrr¯Z CRLissuerr<r­r®r-rZDistributionPoint) rÚcdpsr8Ú dist_pointsr:r°r±Z crl_issuerr¶ZcdprrrÚ_decode_dist_pointss8    ÿÿÿr¹)rr@rržrŸr r¡r>cCs8g}t t¡D] \}}|j ||¡r| |¡qt|ƒSr )ÚsixÚ iteritemsÚ_REASON_BIT_MAPPINGrr¢r-Ú frozenset)rr¶Z enum_reasonsZ bit_positionÚreasonrrrr¯Ss  r¯c CsŠ|jtkr t||jjƒ}|dfS|jj}|j |¡}tƒ}t |ƒD]4}|j  ||¡}|  ||j j k¡| t||ƒ¡qBt |¡}d|fSr )r"Ú_DISTPOINT_TYPE_FULLNAMEr<r¬ÚfullnameZ relativenamerZsk_X509_NAME_ENTRY_numrkr,Zsk_X509_NAME_ENTRY_valuerrrr.r'rr)) rr­r°ZrnsZrnumr1r:Zrnr±rrrr®]s     r®cCst||ƒ}t |¡Sr )r¹rZCRLDistributionPoints©rr·r¸rrrÚ_decode_crl_distribution_pointsvs rÂcCst||ƒ}t |¡Sr )r¹rZ FreshestCRLrÁrrrÚ_decode_freshest_crl{s rÃcCs4|j d|¡}|j ||jj¡}t||ƒ}t |¡SrZ)rr[r\rr]r^rZInhibitAnyPolicy)rr`Z skip_certsrrrÚ_decode_inhibit_any_policy€s rÄcCsjddlm}|j d|¡}|j ||jj¡}g}t|j |¡ƒD]$}|j  ||¡}|  ||||ƒ¡q@|S)Nr)Ú_SignedCertificateTimestampzCryptography_STACK_OF_SCT *) Z)cryptography.hazmat.backends.openssl.x509rÅrr[r\rZ SCT_LIST_freer,Z sk_SCT_numZ sk_SCT_valuer-)rÚ asn1_sctsrÅZsctsr:ZsctrrrÚ _decode_scts‡s rÇcCst t||ƒ¡Sr )rZ)PrecertificateSignedCertificateTimestampsrÇ©rrÆrrrÚ-_decode_precert_signed_certificate_timestamps—sÿrÉcCst t||ƒ¡Sr )rZSignedCertificateTimestampsrÇrÈrrrÚ%_decode_signed_certificate_timestampssrÊ) rrr@rržrŸr r>é é r@rržrŸr r>rËrÌcCsd|j d|¡}|j ||jj¡}|j |¡}zt t|¡WSt k r^t d  |¡ƒ‚YnXdS)NzASN1_ENUMERATED *zUnsupported reason code: {}) rr[r\rZASN1_ENUMERATED_freeZASN1_ENUMERATED_getrZ CRLReasonÚ_CRL_ENTRY_REASON_CODE_TO_ENUMrmrKrN)rÚenumÚcoderrrÚ_decode_crl_reasonÉs rÐcCs0|j d|¡}|j ||jj¡}t t||ƒ¡S)NzASN1_GENERALIZEDTIME *)rr[r\rÚASN1_GENERALIZEDTIME_freerZInvalidityDateÚ_parse_asn1_generalized_time)rZinv_dateÚgeneralized_timerrrÚ_decode_invalidity_dateÔsÿÿrÔcCs4|j d|¡}|j ||jj¡}t||ƒ}t |¡Sr¤)rr[r\rr¥r<rZCertificateIssuerr¦rrrÚ_decode_cert_issuerÞs rÕcsnˆj d¡}ˆj ||¡}ˆ |dk¡ˆ |dˆjjk¡ˆj |‡fdd„¡}ˆj |d|¡dd…S)Núunsigned char **rcsˆj |d¡S©Nr©rZ OPENSSL_free©rr’rrr“ëóz_asn1_to_der..)rrrZ i2d_ASN1_TYPErrr\r)rZ asn1_typerrrr’rrPås  ÿrPcCs@|j ||jj¡}| ||jjk¡|j ||jj¡}| |¡Sr )rZASN1_INTEGER_to_BNrrrr\ZBN_freeZ _bn_to_int)rr`Zbnrrrr^ðsr^cCs||jjkrdSt||ƒSdSr )rrr^)rr`rrrr‡÷s r‡cCs|j |j|j¡dd…Sr )rrr$rnrŒrrrrCþsrCcCst||ƒ d¡S)Nrz)rCrrŒrrrÚ_asn1_string_to_asciisrÛcs~ˆj d¡}ˆj ||¡}|dkr2td |j¡ƒ‚ˆ |dˆjjk¡ˆj  |‡fdd„¡}ˆj  |d|¡dd…  d¡S)NrÖr(z&Unsupported ASN1 string type. Type: {}rcsˆj |d¡Sr×rØrÙr’rrr“rÚz&_asn1_string_to_utf8..r=) rrrZASN1_STRING_to_UTF8rKrNr"rrr\rr)rrrrrr’rr!s  ÿ ÿr!cCs`| ||jjk¡|j ||jj¡}||jjkrDtd t||ƒ¡ƒ‚|j ||jj ¡}t ||ƒS)Nz1Couldn't parse ASN.1 time as generalizedtime {!r}) rrrrZASN1_TIME_to_generalizedtimerKrNrCr\rÑrÒ)rZ asn1_timerÓrrrÚ_parse_asn1_times ÿ ÿÿÿrÜcCs"t||j d|¡ƒ}tj |d¡S)Nz ASN1_STRING *z %Y%m%d%H%M%SZ)rÛrr[ÚdatetimeÚstrptime)rrÓÚtimerrrrÒ's  ÿrÒcCs0|j d|¡}|j ||jj¡}t t||ƒ¡SrŠ)rr[r\rr‹rZ OCSPNoncerC)rÚnoncerrrÚ _decode_nonce.srá)wÚ __future__rrrrÝrFrºZ cryptographyrZcryptography.hazmat._derrrrr Zcryptography.x509.extensionsr Zcryptography.x509.namer Zcryptography.x509.oidr rrrrr'r5r<r6rYrarbÚobjectrcrƒrr‰rŽrr™r›rœr£r§r¨r©r«rªr²r³rµr¿Z_DISTPOINT_TYPE_RELATIVENAMEr¹Z ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiser¼r¯r®rÂrÃrÄrÇrÉrÊÚ unspecifiedZremove_from_crlrÍZ_CRL_ENTRY_REASON_ENUM_TO_CODErÐrÔrÕrPr^r‡rCrÛr!rÜrÒráZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZAUTHORITY_INFORMATION_ACCESSZSUBJECT_INFORMATION_ACCESSZCERTIFICATE_POLICIESZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZ OCSP_NO_CHECKZINHIBIT_ANY_POLICYZISSUER_ALTERNATIVE_NAMEZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_HANDLERS_BASEZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSZ_EXTENSION_HANDLERS_SCTZ CRL_REASONZINVALIDITY_DATEZCERTIFICATE_ISSUERZ_REVOKED_EXTENSION_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_HANDLERSZNONCEZ_OCSP_REQ_EXTENSION_HANDLERSZ"_OCSP_BASICRESP_EXTENSION_HANDLERSZSIGNED_CERTIFICATE_TIMESTAMPSZ'_OCSP_SINGLERESP_EXTENSION_HANDLERS_SCTrrrrÚsJ     NQ!  -ø  öö   ìþý÷ ÿÿþ