U *”}fÌ6ã@sôddlmZmZmZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZmZddlmZddlmZddlmZmZmZmZmZmZmZd d „Zd d „Zd d„Zdd„Z dd„Z!e "e¡Gdd„de#ƒƒZ$e "e¡Gdd„de#ƒƒZ%dS)é)Úabsolute_importÚdivisionÚprint_functionN)ÚutilsÚx509)ÚUnsupportedAlgorithm)Ú_CRL_ENTRY_REASON_CODE_TO_ENUMÚ_asn1_integer_to_intÚ_asn1_string_to_bytesÚ_decode_x509_nameÚ_obj2txtÚ_parse_asn1_generalized_time)Ú _Certificate)Ú serialization)ÚOCSPCertStatusÚ OCSPRequestÚ OCSPResponseÚOCSPResponseStatusÚ_CERT_STATUS_TO_ENUMÚ _OIDS_TO_HASHÚ_RESPONSE_STATUS_TO_ENUMcst ˆ¡‡fdd„ƒ}|S)Ncs(|jtjkrtdƒ‚nˆ|f|žŽSdS)NzCOCSP response status is not successful so the property has no value)Úresponse_statusrÚ SUCCESSFULÚ ValueError)ÚselfÚargs©Úfunc©úM/tmp/pip-unpacked-wheel-x36vw73o/cryptography/hazmat/backends/openssl/ocsp.pyÚwrapper!s  ÿz._requires_successful_response..wrapper)Ú functoolsÚwraps)rr rrrÚ_requires_successful_response s r#cCs^|j d¡}|j |jj|jj||jj|¡}| |dk¡| |d|jjk¡t||dƒS©NúASN1_OCTET_STRING **ér©Ú_ffiÚnewÚ_libÚOCSP_id_get0_infoÚNULLÚopenssl_assertr )ÚbackendÚcert_idZkey_hashÚresrrrÚ_issuer_key_hash.s ûr1cCs^|j d¡}|j ||jj|jj|jj|¡}| |dk¡| |d|jjk¡t||dƒSr$r')r.r/Z name_hashr0rrrÚ_issuer_name_hash<s ûr2cCs^|j d¡}|j |jj|jj|jj||¡}| |dk¡| |d|jjk¡t||dƒS)NzASN1_INTEGER **r&r)r(r)r*r+r,r-r )r.r/Únumr0rrrÚ_serial_numberJs ÿr4cCs|j d¡}|j |jj||jj|jj|¡}| |dk¡| |d|jjk¡t||dƒ}z t|WStk rŠt d  |¡ƒ‚YnXdS)NzASN1_OBJECT **r&rz*Signature algorithm OID: {} not recognized) r(r)r*r+r,r-r rÚKeyErrorrÚformat)r.r/Zasn1objr0ÚoidrrrÚ_hash_algorithmTs" û ÿr8c@sbeZdZdd„Ze d¡Zeedd„ƒƒZ eedd„ƒƒZ eedd „ƒƒZ eed d „ƒƒZ eed d „ƒƒZ eedd„ƒƒZeedd„ƒƒZdd„Zeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeedd„ƒƒZeed d!„ƒƒZeed"d#„ƒƒZeed$d%„ƒƒZeed&d'„ƒƒZejed(d)„ƒƒZejed*d+„ƒƒZd,d-„Zd.S)/Ú _OCSPResponsecCs||_||_|jj |j¡}|j |tk¡t||_|jtjkrü|jj  |j¡}|j ||jj j k¡|jj   ||jjj ¡|_|jj |j¡}|dkr¦td |¡ƒ‚|jj |jd¡|_|j |j|jj j k¡|jj |j¡|_|j |j|jj j k¡dS)Nr&zhOCSP response contains more than one SINGLERESP structure, which this library does not support. {} foundr)Ú_backendÚ_ocsp_responser*ZOCSP_response_statusr-rÚ_statusrrZOCSP_response_get1_basicr(r,ÚgcZOCSP_BASICRESP_freeÚ_basicZOCSP_resp_countrr6ZOCSP_resp_get0Ú_singleZOCSP_SINGLERESP_get0_idÚ_cert_id)rr.Z ocsp_responseÚstatusÚbasicZnum_resprrrÚ__init__js>  ÿÿþÿÿÿÿz_OCSPResponse.__init__r<cCs>|jj |j¡}|j ||jjjk¡t|j|jƒ}t   |¡S©N) r:r*ZOCSP_resp_get0_tbs_sigalgr>r-r(r,r Ú algorithmrZObjectIdentifier)rZalgr7rrrÚsignature_algorithm_oidŒsz%_OCSPResponse.signature_algorithm_oidcCs:|j}z tj|WStk r4td |¡ƒ‚YnXdS)Nz)Signature algorithm OID:{} not recognized)rFrZ_SIG_OIDS_TO_HASHr5rr6)rr7rrrÚsignature_hash_algorithm”s ÿz&_OCSPResponse.signature_hash_algorithmcCs2|jj |j¡}|j ||jjjk¡t|j|ƒSrD)r:r*ZOCSP_resp_get0_signaturer>r-r(r,r )rÚsigrrrÚ signatureŸsz_OCSPResponse.signaturecs¢ˆjj ˆj¡}ˆj |ˆjjjk¡ˆjj d¡}ˆjj ||¡}ˆj |dˆjjjk¡ˆjj  |‡fdd„¡}ˆj |dk¡ˆjj  |d|¡dd…S)Nzunsigned char **rcsˆjj |d¡S)Nr)r:r*Z OPENSSL_free)Úpointer©rrrÚ¯óz2_OCSPResponse.tbs_response_bytes..) r:r*ZOCSP_resp_get0_respdatar>r-r(r,r)Zi2d_OCSP_RESPDATAr=Úbuffer)rZrespdataÚppr0rrKrÚtbs_response_bytes¦s ÿz _OCSPResponse.tbs_response_bytescCsv|jj |j¡}|jj |¡}g}t|ƒD]F}|jj ||¡}|j ||jjj k¡t |j|ƒ}||_ |  |¡q*|SrD) r:r*ZOCSP_resp_get0_certsr>Z sk_X509_numÚrangeZ sk_X509_valuer-r(r,rZ _ocsp_respÚappend)rZsk_x509r3ÚcertsÚirÚcertrrrÚ certificates´s   z_OCSPResponse.certificatescCs.| ¡\}}||jjjkrdSt|j|ƒSdSrD)Ú_responder_key_namer:r(r,r )rÚ_Ú asn1_stringrrrÚresponder_key_hashÆs z _OCSPResponse.responder_key_hashcCs.| ¡\}}||jjjkrdSt|j|ƒSdSrD)rWr:r(r,r )rÚ x509_namerXrrrÚresponder_nameÏs z_OCSPResponse.responder_namecCsP|jj d¡}|jj d¡}|jj |j||¡}|j |dk¡|d|dfS)Nr%z X509_NAME **r&r)r:r(r)r*ZOCSP_resp_get0_idr>r-)rrYr[r0rrrrWØsÿz!_OCSPResponse._responder_key_namecCs|jj |j¡}t|j|ƒSrD)r:r*ZOCSP_resp_get0_produced_atr>r )rÚ produced_atrrrr]ásÿz_OCSPResponse.produced_atcCsH|jj |j|jjj|jjj|jjj|jjj¡}|j |tk¡t|SrD)r:r*ÚOCSP_single_get0_statusr?r(r,r-r)rrArrrÚcertificate_statusésûz _OCSPResponse.certificate_statuscCsr|jtjk rdS|jj d¡}|jj |j|jjj ||jjj |jjj ¡|j  |d|jjj k¡t |j|dƒS©NzASN1_GENERALIZEDTIME **r) r_rÚREVOKEDr:r(r)r*r^r?r,r-r ©rZ asn1_timerrrÚrevocation_timeös ûz_OCSPResponse.revocation_timecCs||jtjk rdS|jj d¡}|jj |j||jjj |jjj |jjj ¡|ddkrXdS|j  |dt k¡t |dSdS)Nzint *réÿÿÿÿ) r_rrar:r(r)r*r^r?r,r-r)rZ reason_ptrrrrÚrevocation_reasons  û  ÿz_OCSPResponse.revocation_reasoncCsb|jj d¡}|jj |j|jjj|jjj||jjj¡|j |d|jjjk¡t|j|dƒSr`) r:r(r)r*r^r?r,r-r rbrrrÚ this_updatesûz_OCSPResponse.this_updatecCsb|jj d¡}|jj |j|jjj|jjj|jjj|¡|d|jjjkrZt|j|dƒSdSdSr`)r:r(r)r*r^r?r,r rbrrrÚ next_update,sûz_OCSPResponse.next_updatecCst|j|jƒSrD©r1r:r@rKrrrÚissuer_key_hash<sz_OCSPResponse.issuer_key_hashcCst|j|jƒSrD©r2r:r@rKrrrÚissuer_name_hashAsz_OCSPResponse.issuer_name_hashcCst|j|jƒSrD©r8r:r@rKrrrÚhash_algorithmFsz_OCSPResponse.hash_algorithmcCst|j|jƒSrD©r4r:r@rKrrrÚ serial_numberKsz_OCSPResponse.serial_numbercCs|jj |j¡SrD)r:Z_ocsp_basicresp_ext_parserÚparser>rKrrrÚ extensionsPsz_OCSPResponse.extensionscCs|jj |j¡SrD)r:Z_ocsp_singleresp_ext_parserrpr?rKrrrÚsingle_extensionsUsz_OCSPResponse.single_extensionscCsL|tjjk rtdƒ‚|j ¡}|jj ||j¡}|j  |dk¡|j  |¡S©Nz/The only allowed encoding value is Encoding.DERr) rÚEncodingÚDERrr:Ú_create_mem_bio_gcr*Zi2d_OCSP_RESPONSE_bior;r-Ú _read_mem_bio©rÚencodingZbior0rrrÚ public_bytesZs  ÿz_OCSPResponse.public_bytesN)Ú__name__Ú __module__Ú __qualname__rCrZread_only_propertyrÚpropertyr#rFrGrIrPrVrZr\rWr]r_rcrerfrgrirkrmroÚcached_propertyrqrrrzrrrrr9hsz                     r9c@sZeZdZdd„Zedd„ƒZedd„ƒZedd„ƒZed d „ƒZe j d d „ƒZ d d„Z dS)Ú _OCSPRequestcCs~|j |¡dkrtdƒ‚||_||_|jj |jd¡|_|j |j|jjj k¡|jj  |j¡|_ |j |j |jjj k¡dS)Nr&z+OCSP request contains more than one requestr) r*ZOCSP_request_onereq_countÚNotImplementedErrorr:Ú _ocsp_requestZOCSP_request_onereq_get0Ú_requestr-r(r,ZOCSP_onereq_get0_idr@)rr.Z ocsp_requestrrrrChsÿÿz_OCSPRequest.__init__cCst|j|jƒSrDrhrKrrrrivsz_OCSPRequest.issuer_key_hashcCst|j|jƒSrDrjrKrrrrkzsz_OCSPRequest.issuer_name_hashcCst|j|jƒSrDrnrKrrrro~sz_OCSPRequest.serial_numbercCst|j|jƒSrDrlrKrrrrm‚sz_OCSPRequest.hash_algorithmcCs|jj |j¡SrD)r:Z_ocsp_req_ext_parserrpr‚rKrrrrq†sz_OCSPRequest.extensionscCsL|tjjk rtdƒ‚|j ¡}|jj ||j¡}|j  |dk¡|j  |¡Srs) rrtrurr:rvr*Zi2d_OCSP_REQUEST_bior‚r-rwrxrrrrzŠs   z_OCSPRequest.public_bytesN) r{r|r}rCr~rirkrormrrrqrzrrrrr€fs     r€)&Ú __future__rrrr!Z cryptographyrrZcryptography.exceptionsrZ0cryptography.hazmat.backends.openssl.decode_asn1rr r r r r Z)cryptography.hazmat.backends.openssl.x509rZcryptography.hazmat.primitivesrZcryptography.x509.ocsprrrrrrrr#r1r2r4r8Zregister_interfaceÚobjectr9r€rrrrÚs"    $  ~