U *”}f\ã @sœddlmZmZmZddlZddlZddlZddlmZm Z ddl m Z m Z m Z ddlmZddlmZmZmZdd„Zd d „Zd d „Zd d„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd „Z d!d"„Z!d#d$„Z"d%d&„Z#d'd(„Z$d)d*„Z%d+d,„Z&d-d.„Z'd/d0„Z(d1d2„Z)d3d4„Z*d5d6„Z+d7d8„Z,d9d:„Z-d;d<„Z.d=d>„Z/d?d@„Z0e j1j2dAe j1j3dBe j1j4dCe j1j5dDe j1j6dEe j1j7dFe j1j8dGe j1j9dHiZ:dIdJ„Z;dKdL„ZdQdR„Z?dSdT„Z@dUdV„ZAdWdX„ZBejCe)ejDe-ejEe'ejFe,ejGe,ejHe0ejIe(ejJe"ejKe*ejLe*ejMe>ejNe>ejOeejPe&ejQe?ejRe@iZSejGe,ejIe(ejKe*ejTeejUeejVeejNe>iZWejXe,ejYe ejZe!iZ[ej\eBiZ]ej\eBiZ^dS)Yé)Úabsolute_importÚdivisionÚprint_functionN)ÚutilsÚx509)Ú_CRL_ENTRY_REASON_ENUM_TO_CODEÚ_DISTPOINT_TYPE_FULLNAMEÚ_DISTPOINT_TYPE_RELATIVENAME)Ú _ASN1Type)ÚCRLEntryExtensionOIDÚ ExtensionOIDÚOCSPExtensionOIDcCsD| |¡}|j ||jj¡}|j ||jj¡}| ||jjk¡|S)a Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. )Z _int_to_bnÚ_ffiÚgcÚ_libZBN_freeZBN_to_ASN1_INTEGERÚNULLÚopenssl_assert©ÚbackendÚxÚi©rúT/tmp/pip-unpacked-wheel-x36vw73o/cryptography/hazmat/backends/openssl/encode_asn1.pyÚ_encode_asn1_ints rcCs t||ƒ}|j ||jj¡}|S©N)rrrrZASN1_INTEGER_freerrrrÚ_encode_asn1_int_gc.s rcCs0|j ¡}|j ||t|ƒ¡}| |dk¡|S)z@ Create an ASN1_OCTET_STRING from a Python byte string. é)rZASN1_OCTET_STRING_newZASN1_OCTET_STRING_setÚlenr)rÚdataÚsÚresrrrÚ_encode_asn1_str4s r!cCs<|j ¡}|j || d¡t| d¡ƒ¡}| |dk¡|S)z³ Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. Úutf8r)rZASN1_UTF8STRING_newÚASN1_STRING_setÚencoderr)rÚstringrr rrrÚ_encode_asn1_utf8_str>s  ÿr&cCs t||ƒ}|j ||jj¡}|Sr)r!rrrZASN1_OCTET_STRING_free)rrrrrrÚ_encode_asn1_str_gcLs r'cCs t||jƒSr)rZ skip_certs)rZinhibit_any_policyrrrÚ_encode_inhibit_any_policyRsr(cCsh|j ¡}|jD]R}d}|D]D}t||ƒ}|j ||jj¡}|j ||d|¡}| |dk¡d}qq|S)zP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. réÿÿÿÿr) rZ X509_NAME_newZrdnsÚ_encode_name_entryrrZX509_NAME_ENTRY_freeZX509_NAME_add_entryr)rÚnameÚsubjectZrdnZset_flagÚ attributeÚ name_entryr rrrÚ _encode_nameVs$   ÿÿr/cCs t||ƒ}|j ||jj¡}|Sr)r/rrrZX509_NAME_free)rÚ attributesr,rrrÚ_encode_name_gcks r1cCs>|j ¡}|D]*}t||ƒ}|j ||¡}| |dk¡q|S)z: The sk_X509_NAME_ENTRY created will not be gc'd. r)rZsk_X509_NAME_ENTRY_new_nullr*Zsk_X509_NAME_ENTRY_pushr)rr0Ústackr-r.r rrrÚ_encode_sk_name_entryqs   r3cCsr|jtjkr|j d¡}n&|jtjkr4|j d¡}n |j d¡}t||jjƒ}|j   |j j ||jj|t |ƒ¡}|S)NÚ utf_16_beÚ utf_32_ber")Ú_typer Z BMPStringÚvaluer$ZUniversalStringÚ _txt2obj_gcÚoidÚ dotted_stringrZX509_NAME_ENTRY_create_by_OBJrrr)rr-r7Úobjr.rrrr*}s   ÿr*cCs t||jƒSr)rZ crl_number©rÚextrrrÚ&_encode_crl_number_delta_crl_indicatorsr>cCs®|j ¡}| ||jjk¡|j ||jj¡}|jr8dnd|_|j rHdnd|_ |j rXdnd|_ |j rhdnd|_|jr‚t||jƒ|_|jr–t||jƒ|_|jrªt||jƒ|_|S©Néÿr)rZISSUING_DIST_POINT_newrrrrZISSUING_DIST_POINT_freeZonly_contains_user_certsZonlyuserZonly_contains_ca_certsZonlyCAZ indirect_crlZ indirectCRLZonly_contains_attribute_certsZonlyattrZonly_some_reasonsÚ_encode_reasonflagsZonlysomereasonsÚ full_nameÚ_encode_full_nameÚ distpointÚ relative_nameÚ_encode_relative_name)rr=ZidprrrÚ_encode_issuing_dist_point‘s" ÿrGcCsT|j ¡}| ||jjk¡|j ||jj¡}|j |t|j ¡}| |dk¡|S©Nr) rZASN1_ENUMERATED_newrrrrZASN1_ENUMERATED_freeZASN1_ENUMERATED_setrÚreason)rZ crl_reasonZasn1enumr rrrÚ_encode_crl_reason§s ÿrJcCsF|j |jjt |j ¡¡¡}| ||jjk¡|j  ||jj ¡}|Sr) rZASN1_GENERALIZEDTIME_setrrÚcalendarÚtimegmÚinvalidity_dateÚ timetuplerrZASN1_GENERALIZEDTIME_free)rrMÚtimerrrÚ_encode_invalidity_date³sþrPc Cs”|j ¡}| ||jjk¡|j ||jj¡}|D]Z}|j ¡}| ||jjk¡|j ||¡}| |dk¡t ||j j ƒ}||_ |j r2|j ¡}| ||jjk¡|j D]Ú}|j ¡} | | |jjk¡|j || ¡}| |dk¡t|tjƒrt |tjj ƒ| _t|| d¡ƒ| j_q¬t|tjƒs.t‚t |tjj ƒ| _|j ¡} | | |jjk¡| | j_|j rxt!||j ƒ| _"t#||j$ƒ| _%q¬||_&q2|S)NrÚascii)'rZsk_POLICYINFO_new_nullrrrrZsk_POLICYINFO_freeZPOLICYINFO_newZsk_POLICYINFO_pushÚ_txt2objZpolicy_identifierr:ZpolicyidZpolicy_qualifiersZsk_POLICYQUALINFO_new_nullZPOLICYQUALINFO_newZsk_POLICYQUALINFO_pushÚ isinstanceÚsixÚ text_typerZOID_CPS_QUALIFIERZpqualidr!r$ÚdZcpsuriZ UserNoticeÚAssertionErrorZOID_CPS_USER_NOTICEZUSERNOTICE_newZ usernoticeZ explicit_textr&ZexptextÚ_encode_notice_referenceZnotice_referenceZ noticerefZ qualifiers) rZcertificate_policiesÚcpZ policy_infoÚpir r9ZpqisZ qualifierZpqiZunrrrÚ_encode_certificate_policies¾s\      ÿþ ÿ ÿÿr[cCs„|dkr|jjS|j ¡}| ||jjk¡t||jƒ|_|j ¡}||_|j D]*}t ||ƒ}|j  ||¡}| |dk¡qP|SdSrH) rrrZ NOTICEREF_newrr&Z organizationZsk_ASN1_INTEGER_new_nullZ noticenosZnotice_numbersrZsk_ASN1_INTEGER_push)rÚnoticeÚnrZ notice_stackÚnumberÚnumr rrrrXïs    rXcCs.| d¡}|j |d¡}| ||jjk¡|S)z_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. rQr)r$rÚ OBJ_txt2objrrr©rr+r;rrrrRs rRcCs t||ƒ}|j ||jj¡}|Sr)rRrrrZASN1_OBJECT_freerarrrr8 s r8cCs |j ¡Sr)rZ ASN1_NULL_newr<rrrÚ_encode_ocsp_nochecksrbcCsb|jj}|j ¡}|j ||jj¡}||d|jƒ}| |dk¡||d|jƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡||d|j ƒ}| |dk¡|j r*||d|jƒ}| |dk¡||d |jƒ}| |dk¡n4||ddƒ}| |dk¡||d dƒ}| |dk¡|S) Nrrééééééé)rÚASN1_BIT_STRING_set_bitÚASN1_BIT_STRING_newrrZASN1_BIT_STRING_freeZdigital_signaturerZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_only)rZ key_usageZset_bitZkur rrrÚ_encode_key_usages6   rlcCsz|j ¡}| ||jjk¡|j ||jj¡}|jdk rFt||jƒ|_ |j dk r^t ||j ƒ|_ |j dk rvt||j ƒ|_|Sr)rZAUTHORITY_KEYID_newrrrrZAUTHORITY_KEYID_freeZkey_identifierr!ZkeyidZauthority_cert_issuerÚ_encode_general_namesZissuerZauthority_cert_serial_numberrÚserial)rZauthority_keyidZakidrrrÚ _encode_authority_key_identifier8s&  þ ÿ ÿrocCsN|j ¡}|j ||jj¡}|jr&dnd|_|jrJ|jdk rJt||jƒ|_|Sr?) rZBASIC_CONSTRAINTS_newrrZBASIC_CONSTRAINTS_freeÚcaZ path_lengthrÚpathlen)rZbasic_constraintsÚ constraintsrrrÚ_encode_basic_constraintsOs ÿÿrscsŠˆj ¡}ˆ |ˆjjk¡ˆj |‡fdd„¡}|D]N}ˆj ¡}tˆ|jj ƒ}t ˆ|j |j ƒ||_ ˆj ||¡}ˆ |dk¡q6|S)Ncsˆj |ˆj ˆjjd¡¡S)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freerÚ addressofZ _original_lib)r©rrrÚbs ÿþz,_encode_information_access..r)rZsk_ACCESS_DESCRIPTION_new_nullrrrrZACCESS_DESCRIPTION_newrRZ access_methodr:Ú!_encode_general_name_preallocatedZaccess_locationÚlocationÚmethodZsk_ACCESS_DESCRIPTION_push)rZ info_accessZaiaZaccess_descriptionÚadryr rrurÚ_encode_information_access]s*  þ  ÿÿr{cCsP|j ¡}| ||jjk¡|D]*}t||ƒ}|j ||¡}| |dk¡q |S)Nr)rZGENERAL_NAMES_newrrrÚ_encode_general_nameZsk_GENERAL_NAME_push)rÚnamesÚ general_namesr+Úgnr rrrrmxs  rmcCs t||ƒ}|j ||jj¡}|Sr)rmrrrZGENERAL_NAMES_free)rÚsanr~rrrÚ_encode_alt_nameƒs  ÿrcCs t||jƒSr)r'Údigest)rZskirrrÚ_encode_subject_key_identifier‹srƒcCs|j ¡}t|||ƒ|Sr)rZGENERAL_NAME_newrw)rr+rrrrr|s  r|cCsRt|tjƒr~| ||jjk¡|jj|_|j  ¡}| ||jjk¡|j   d¡}|j  ||t |ƒ¡}| |dk¡||j_nÐt|tjƒrÜ| ||jjk¡|jj|_|j |j j  d¡d¡}| ||jjk¡||j_nrt|tjƒr| ||jjk¡t||j ƒ}|jj|_||j_n0t|tjƒrÊ| ||jjk¡t|j tjƒrn|j jjt d|j j d¡}n|j j d¡}n|j j}t"||ƒ} |jj#|_| |j_$n„t|tj%ƒr¬| ||jjk¡|j &¡} | | |jjk¡|j |j'j  d¡d¡} | | |jjk¡|j (d|j ¡} |j (d ¡} | | d <|j )|jj| t |j ƒ¡}||jjkrŒ| *¡t+d ƒ‚| | _'|| _ |jj,|_| |j_-n¢t|tj.ƒrö| ||jjk¡|j   d¡} t"|| ƒ}|jj/|_||j_0nXt|tj1ƒr@| ||jjk¡|j   d¡} t"|| ƒ}|jj2|_||j_3nt+d  4|¡ƒ‚dS) Nr"rrQlreé€ézunsigned char[]zunsigned char **rzInvalid ASN.1 dataz!{} is an unknown GeneralName type)5rSrZDNSNamerrrrZGEN_DNSÚtypeZASN1_IA5STRING_newr7r$r#rrVZdNSNameZ RegisteredIDZGEN_RIDr`r:Z registeredIDZ DirectoryNamer/Z GEN_DIRNAMEZ directoryNameZ IPAddressÚ ipaddressÚ IPv4NetworkÚnetwork_addressÚpackedrZ int_to_bytesÚ num_addressesÚ IPv6Networkr!Z GEN_IPADDZ iPAddressZ OtherNameZ OTHERNAME_newÚtype_idÚnewZ d2i_ASN1_TYPEZ_consume_errorsÚ ValueErrorZ GEN_OTHERNAMEZ otherNameZ RFC822NameZ GEN_EMAILZ rfc822NameZUniformResourceIdentifierZGEN_URIZuniformResourceIdentifierÚformat)rr+rZia5r7r r;Zdir_namerŠÚipaddrZ other_namerrZ data_ptr_ptrZasn1_strrrrrw•s˜        ÿ      ÿ ÿ     ÿ ÿ          rwcCsR|j ¡}|j ||jj¡}|D],}t||jƒ}|j ||¡}| |dk¡q |SrH) rZsk_ASN1_OBJECT_new_nullrrZsk_ASN1_OBJECT_freerRr:Zsk_ASN1_OBJECT_pushr)rZextended_key_usageZekur9r;r rrrÚ_encode_extended_key_usageés  r’rrcrdrerfrgrhricCsL|j ¡}| ||jjk¡|D]&}|j |t|d¡}| |dk¡q |SrH)rrkrrrrjÚ_CRLREASONFLAGS)rÚreasonsZbitmaskrIr rrrrAs ÿrAcCs4|j ¡}| ||jjk¡t|_t||ƒ|j_ |Sr) rÚDIST_POINT_NAME_newrrrrr†rmr+Úfullname)rrBÚdpnrrrrC s  rCcCs4|j ¡}| ||jjk¡t|_t||ƒ|j_ |Sr) rr•rrrr r†r3r+Z relativename)rrEr—rrrrFs  rFcCs²|j ¡}|j ||jj¡}|D]Œ}|j ¡}| ||jjk¡|jrTt ||jƒ|_|j rht ||j ƒ|_ |j r|t||j ƒ|_ |jrt||jƒ|_|j ||¡}| |dk¡q |SrH)rZsk_DIST_POINT_new_nullrrZsk_DIST_POINT_freeZDIST_POINT_newrrr”rArBrCrDrErFZ crl_issuerrmZ CRLissuerZsk_DIST_POINT_push)rZcdpsZcdpZpointZdpr rrrÚ_encode_cdps_freshest_crls   r˜cCsV|j ¡}| ||jjk¡|j ||jj¡}t||jƒ}||_ t||j ƒ}||_ |Sr) rZNAME_CONSTRAINTS_newrrrrZNAME_CONSTRAINTS_freeÚ_encode_general_subtreeZpermitted_subtreesZpermittedSubtreesZexcluded_subtreesZexcludedSubtrees)rZname_constraintsZncZ permittedZexcludedrrrÚ_encode_name_constraints5s ÿÿršcCsb|j ¡}| ||jjk¡|j ||jj¡}|jdk rFt||jƒ|_ |j dk r^t||j ƒ|_ |Sr) rZPOLICY_CONSTRAINTS_newrrrrZPOLICY_CONSTRAINTS_freeZrequire_explicit_policyrZrequireExplicitPolicyZinhibit_policy_mappingZinhibitPolicyMapping)rZpolicy_constraintsZpcrrrÚ_encode_policy_constraintsEs  ÿ ÿr›cCs\|dkr|jjS|j ¡}|D]4}|j ¡}t||ƒ|_|j ||¡}|dkst‚q|SdSrH) rrrZsk_GENERAL_SUBTREE_new_nullZGENERAL_SUBTREE_newr|ÚbaseZsk_GENERAL_SUBTREE_pushrW)rZsubtreesZgeneral_subtreesr+Zgsr rrrr™Vs   r™cCs t||jƒSr)r'Únonce)rrrrrÚ _encode_noncedsrž)_Ú __future__rrrrKr‡rTZ cryptographyrrZ0cryptography.hazmat.backends.openssl.decode_asn1rrr Zcryptography.x509.namer Zcryptography.x509.oidr r r rrr!r&r'r(r/r1r3r*r>rGrJrPr[rXrRr8rbrlrorsr{rmrrƒr|rwr’Z ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiser“rArCrFr˜ršr›r™ržZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZISSUER_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZCERTIFICATE_POLICIESZAUTHORITY_INFORMATION_ACCESSZSUBJECT_INFORMATION_ACCESSZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZINHIBIT_ANY_POLICYZ OCSP_NO_CHECKZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_ENCODE_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_ENCODE_HANDLERSZCERTIFICATE_ISSUERZ CRL_REASONZINVALIDITY_DATEZ$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERSZNONCEZ'_OCSP_REQUEST_EXTENSION_ENCODE_HANDLERSZ)_OCSP_BASICRESP_EXTENSION_ENCODE_HANDLERSrrrrÚsô     1   T ø  ðù ýÿÿ