o V h~,@sddlmZddlZddlZddlmZmZddlmZddl m Z ddl m Z ddl mZmZmZGdd d ejZGd d d ejZe je je je je jfZdddZGdddejZGdddZejZejZejZGdddZ GdddZ!ej"Z"ej#Z#dS)) annotationsN)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc@seZdZdZdZdS)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMErrj/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/cryptography/x509/ocsp.pyr sr c@s$eZdZdZdZdZdZdZdZdS)OCSPResponseStatusrN) r r r SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrsr algorithmhashes.HashAlgorithmreturnNonecCst|ts tddS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError)rrrr_verify_algorithm.s r&c@seZdZdZdZdZdS)OCSPCertStatusrrrN)r r rGOODREVOKEDUNKNOWNrrrrr'5sr'c@seZdZdddZdS)_SingleResponsecertx509.Certificateissuerrr cert_statusr' this_updatedatetime.datetime next_updatedatetime.datetime | Nonerevocation_timerevocation_reasonx509.ReasonFlags | Nonec Cst|tjr t|tjstdt|t|tjstd|dur,t|tjs,td||_||_||_||_ ||_ t|t sDtd|t j urZ|durQt d|durYt dn$t|tjsdtdt|}|tkrpt d|dur~t|tjs~td ||_||_||_dS) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r#r Certificate TypeErrorr&datetime_cert_issuer _algorithm _this_update _next_updater'r)r%r r ReasonFlags _cert_status_revocation_time_revocation_reason) selfr,r.rr/r0r2r4r5rrr__init__<s\        z_SingleResponse.__init__N)r,r-r.r-rr r/r'r0r1r2r3r4r3r5r6)r r rrErrrrr+;sr+c@sFeZdZddgfd#d d Zd$ddZd%ddZd&ddZd'd!d"ZdS)(OCSPRequestBuilderNrequestFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | None request_hash5tuple[bytes, bytes, int, hashes.HashAlgorithm] | None extensions(list[x509.Extension[x509.ExtensionType]]r!r"cCs||_||_||_dSN)_request _request_hash _extensions)rDrGrIrKrrrrEs  zOCSPRequestBuilder.__init__r,r-r.rr cCsZ|jdus |jdurtdt|t|tjrt|tjs"tdt|||f|j|j S)N.Only one certificate can be added to a requestr7) rNrOr%r&r#rr8r9rFrP)rDr,r.rrrradd_certificatesz"OCSPRequestBuilder.add_certificateissuer_name_hashbytesissuer_key_hash serial_numberintcCs|jdus |jdurtdt|tstdt|td|td||j t |ks5|j t |kr9tdt |j||||f|j S)NrQz serial_number must be an integerrSrUz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rNrOr%r#rWr9r&r _check_bytes digest_sizelenrFrP)rDrSrUrVrrrradd_certificate_by_hashs&    z*OCSPRequestBuilder.add_certificate_by_hashextvalx509.ExtensionTypecriticalboolcCsJt|tjs tdt|j||}t||jt|j |j g|j|SNz"extension must be an ExtensionType) r#r ExtensionTyper9 Extensionoidr rPrFrNrOrDr\r^ extensionrrr add_extensions  z OCSPRequestBuilder.add_extension OCSPRequestcCs&|jdur|jdurtdt|S)Nz*You must add a certificate before building)rNrOr%rcreate_ocsp_request)rDrrrbuilds zOCSPRequestBuilder.build)rGrHrIrJrKrLr!r")r,r-r.r-rr r!rF) rSrTrUrTrVrWrr r!rF)r\r]r^r_r!rF)r!rg)r r rrErRr[rfrirrrrrFs    rFc@s`eZdZdddgfd5d d Zd6ddZd7d d!Zd8d#d$Zd9d)d*Zd:d/d0Ze d;d3d4Z dS)<OCSPResponseBuilderNresponse_SingleResponse | None responder_id5tuple[x509.Certificate, OCSPResponderEncoding] | Nonecertslist[x509.Certificate] | NonerKrLcCs||_||_||_||_dSrM) _response _responder_id_certsrP)rDrkrmrorKrrrrEs zOCSPResponseBuilder.__init__r,r-r.rr r/r'r0r1r2r3r4r5r6r!c Cs<|jdur tdt||||||||} t| |j|j|jS)Nz#Only one response per OCSPResponse.)rqr%r+rjrrrsrP) rDr,r.rr/r0r2r4r5 singleresprrr add_responses$  z OCSPResponseBuilder.add_responseencodingr responder_certcCsP|jdur tdt|tjstdt|tstdt|j||f|j |j S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rrr%r#rr8r9r rjrqrsrP)rDrvrwrrrrms   z OCSPResponseBuilder.responder_id!typing.Iterable[x509.Certificate]cCs\|jdur tdt|}t|dkrtdtdd|Ds$tdt|j|j||j S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|] }t|tjVqdSrM)r#rr8).0xrrr "sz3OCSPResponseBuilder.certificates..z$certs must be a list of Certificates) rsr%listrZallr9rjrqrrrP)rDrorrr certificatess  z OCSPResponseBuilder.certificatesr\r]r^r_cCsNt|tjs tdt|j||}t||jt|j |j |j g|j|Sr`) r#rrar9rbrcr rPrjrqrrrsrdrrrrf+s   z!OCSPResponseBuilder.add_extension private_keyrhashes.HashAlgorithm | None OCSPResponsecCs6|jdur td|jdurtdttj|||S)Nz&You must add a response before signingz*You must add a responder_id before signing)rqr%rrrcreate_ocsp_responserr)rDrrrrrsign;s   zOCSPResponseBuilder.signresponse_statusrcCs4t|ts td|tjurtdt|dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r#rr9rr%rr)clsrrrrbuild_unsuccessfulIs  z&OCSPResponseBuilder.build_unsuccessful)rkrlrmrnrorprKrL)r,r-r.r-rr r/r'r0r1r2r3r4r3r5r6r!rj)rvr rwr-r!rj)rorxr!rj)r\r]r^r_r!rj)rrrrr!r)rrr!r) r r rrErurmr~rfr classmethodrrrrrrjs    rj)rr r!r")$ __future__rr:typing cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesr/cryptography.hazmat.primitives.asymmetric.typesrcryptography.x509.baserr r Enumr rSHA1SHA224SHA256SHA384SHA512r$r&r'r+rgrOCSPSingleResponserFrjload_der_ocsp_requestload_der_ocsp_responserrrrs4      FT}