o 9f)@s0ddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZddlmZddlmZdd lmZmZdd lmZdd lmZmZmZmZmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'm(Z(m)Z)m*Z*ej+ddddZ,d}ddZ-d~ddZ.Gddde/Z0Gddde/Z1Gd ddej2d!Z3Gd"d#d#Z4Gd$d%d%e3Z5Gd&d'd'e3Z6Gd(d)d)e3Z7Gd*d+d+e3Z8Gd,d-d-e3Z9Gd.d/d/Z:Gd0d1d1e3Z;Gd2d3d3e3ZGd8d9d9Z?Gd:d;d;ej@ZAeAjBeAjCeAjDeAjEeAjFeAjGeAjHeAjId<ZJeAjBd=eAjCd>eAjDd?eAjEd@eAjFdAeAjGdBeAjHdCeAjIdDiZKGdEdFdFe3ZLGdGdHdHe3ZMGdIdJdJZNGdKdLdLZOGdMdNdNZPGdOdPdPe3ZQGdQdRdRe3ZRGdSdTdTe3ZSGdUdVdVe3ZTGdWdXdXej@ZUdYdZeUDZVGd[d\d\e3ZWGd]d^d^e3ZXGd_d`d`e3ZYGdadbdbejZe,Z[GdcddddZ\Gdedfdfe3Z]Gdgdhdhe3Z^Gdidjdje3Z_Gdkdldle3Z`Gdmdndne3ZaGdodpdpe3ZbGdqdrdre3ZcGdsdtdte3ZdGdudvdve3ZeGdwdxdxe3ZfGdydzdze3ZgGd{d|d|e3ZhdS)) annotationsN)utils)asn1)x509) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)CertificateIssuerPublicKeyTypesCertificatePublicKeyTypes)SignedCertificateTimestamp) DirectoryNameDNSName GeneralName IPAddress OtherName RegisteredID RFC822NameUniformResourceIdentifier_IPAddressTypes)NameRelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDObjectIdentifierOCSPExtensionOIDExtensionTypeVar ExtensionTypeT)ZboundZ covariant public_keyr returnbytescCslt|tr|tjjtjj}nt|tr |tjj tjj }n|tjjtjj }t |}t|SN) isinstancer public_bytesrZEncodingZDERZ PublicFormatZPKCS1rZX962ZUncompressedPointZSubjectPublicKeyInforZparse_spki_for_datahashlibZsha1digest)rdataZ serializedr'.len_methodcr-r!)iterr/r0r2r'r( iter_methodNr4z+_make_sequence_methods..iter_methodcst||Sr!)r/)r1idxr2r'r(getitem_methodQr4z._make_sequence_methods..getitem_methodrr,r')r*r3r6r8r'r2r(_make_sequence_methodsJs   r:ceZdZd fdd ZZS) DuplicateExtensionmsgr+oidrrNonect|||_dSr!super__init__r>r1r=r> __class__r'r(rCX  zDuplicateExtension.__init__r=r+r>rrr?__name__ __module__ __qualname__rC __classcell__r'r'rEr(r<Wr<cr;) ExtensionNotFoundr=r+r>rrr?cr@r!rArDrEr'r(rC^rGzExtensionNotFound.__init__rHrIr'r'rEr(rO]rNrOc@s eZdZUded<dddZdS) rz!typing.ClassVar[ObjectIdentifier]r>rr cCstd|)z7 Serializes the extension type to DER. z3public_bytes is not implemented for extension type )NotImplementedErrorr0r'r'r(r#fszExtensionType.public_bytesNrr )rJrKrL__annotations__r#r'r'r'r(rcs ) metaclassc@sBeZdZdddZdd d ZdddZed\ZZZ dddZ dS) Extensions extensions)typing.Iterable[Extension[ExtensionType]]rr?cCt||_dSr!)list _extensions)r1rUr'r'r(rCpszExtensions.__init__r>rExtension[ExtensionType]cCs.|D] }|j|kr |Sqtd|d|)NNo  extension was found)r>rO)r1r>extr'r'r(get_extension_for_oidus  z Extensions.get_extension_for_oidextclasstype[ExtensionTypeVar]Extension[ExtensionTypeVar]cCsB|turtd|D] }t|j|r|Sq td|d|j)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.r[r\)UnrecognizedExtension TypeErrorr"valuerOr>)r1r_r]r'r'r(get_extension_for_class~s z"Extensions.get_extension_for_classrYr+cCd|jdS)Nz )rYr0r'r'r(__repr__r4zExtensions.__repr__N)rUrVrr?)r>rrrZ)r_r`rrarr+) rJrKrLrCr^rer:__len____iter__ __getitem__rhr'r'r'r(rTos    rTc@sReZdZejZdddZdd d Zdd d ZdddZ e dddZ dddZ dS) CRLNumber crl_numberr,rr?cCt|ts td||_dSNzcrl_number must be an integerr"r,rc _crl_numberr1rnr'r'r(rC  zCRLNumber.__init__otherobjectboolcCt|tstS|j|jkSr!)r"rmNotImplementedrnr1rur'r'r(__eq__  zCRLNumber.__eq__cC t|jSr!hashrnr0r'r'r(__hash__ zCRLNumber.__hash__r+cCrf)Nz rCr{rrhpropertyrnr#r'r'r'r(rm     rmc@seZdZejZd)d d Zed*d dZed+ddZ d,ddZ d-ddZ d.ddZ e d/ddZe d0d!d"Ze d1d#d$Zd2d&d'Zd(S)3AuthorityKeyIdentifierkey_identifier bytes | Noneauthority_cert_issuer#typing.Iterable[GeneralName] | Noneauthority_cert_serial_number int | Nonerr?cCsr|du|dukr td|dur!t|}tdd|Ds!td|dur.t|ts.td||_||_||_dS)NzXauthority_cert_issuer and authority_cert_serial_number must both be present or both Nonecs|]}t|tVqdSr!r"r.0xr'r'r(   z2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) ValueErrorrXallrcr"r,_key_identifier_authority_cert_issuer_authority_cert_serial_number)r1rrrr'r'r(rCs*  zAuthorityKeyIdentifier.__init__rr cCst|}||dddSNrrrr))clsrr%r'r'r(from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keyskiSubjectKeyIdentifiercCs||jdddSrr%)rrr'r'r("from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifierr+cCsd|jd|jd|jdS)Nz'rC classmethodrrrhr{rrrrrr#r'r'r'r(rs" &       rc@sneZdZejZdddZedd d Ze dd d Z e dd dZ d ddZ d!ddZ d"ddZdddZdS)#rr%r rr?cCs ||_dSr!Z_digest)r1r%r'r'r(rC"rzSubjectKeyIdentifier.__init__rr cCs |t|Sr!r)rrr'r'r(from_public_key%s z$SubjectKeyIdentifier.from_public_keycCrr!rr0r'r'r(r%+rzSubjectKeyIdentifier.digestcCrr!rr0r'r'r(r/rz#SubjectKeyIdentifier.key_identifierr+cCd|jdS)NzrCrrrr%rrhr{rr#r'r'r'r(rs       rc@ReZdZejZdddZed\ZZ Z dd d Z dddZ dddZ dddZdS)AuthorityInformationAccess descriptions"typing.Iterable[AccessDescription]rr?cC,t|}tdd|Dstd||_dS)Ncsrr!r"AccessDescriptionrr'r'r(rJz6AuthorityInformationAccess.__init__..@Every item in the descriptions list must be an AccessDescriptionrXrrc _descriptionsr1rr'r'r(rCF  z#AuthorityInformationAccess.__init__rr+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(rC    rc@r)SubjectInformationAccessrrrr?cCr)Ncsrr!rrr'r'r(rkrz4SubjectInformationAccess.__init__..rrrr'r'r(rCgrz!SubjectInformationAccess.__init__rr+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(rdrrc@PeZdZdddZdd d ZdddZdddZedddZedddZ dS)r access_methodraccess_locationrrr?cCs4t|ts tdt|tstd||_||_dS)Nz)access_method must be an ObjectIdentifierz%access_location must be a GeneralName)r"rrcr_access_method_access_location)r1rrr'r'r(rCs   zAccessDescription.__init__r+cC d|S)NzYformatr0r'r'r(rhzAccessDescription.__repr__rurvrwcC&t|tstS|j|jko|j|jkSr!)r"rryrrrzr'r'r(r{   zAccessDescription.__eq__r,cCt|j|jfSr!)rrrr0r'r'r(rzAccessDescription.__hash__cCrr!)rr0r'r'r(rrzAccessDescription.access_methodcCrr!)rr0r'r'r(rrz!AccessDescription.access_locationN)rrrrrr?rirr9rr)rr) rJrKrLrCrhr{rrrrr'r'r'r(r    rc@s`eZdZejZdddZedd d Zedd d Z dddZ dddZ d ddZ d!ddZ dS)"BasicConstraintscarw path_lengthrrr?cCsXt|ts td|dur|std|dur$t|tr |dkr$td||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)r"rwrcrr,_ca _path_length)r1rrr'r'r(rCs   zBasicConstraints.__init__cCrr!)rr0r'r'r(rrzBasicConstraints.cacCrr!)rr0r'r'r(rrzBasicConstraints.path_lengthr+cCr)Nz:rr0r'r'r(rhrzBasicConstraints.__repr__rurvcCrr!)r"rryrrrzr'r'r(r{ zBasicConstraints.__eq__r,cCrr!)rrrr0r'r'r(rrzBasicConstraints.__hash__r cCrr!rr0r'r'r(r#rzBasicConstraints.public_bytesN)rrwrrrr?rrwrrirr9rQ)rJrKrLrZBASIC_CONSTRAINTSr>rCrrrrhr{rr#r'r'r'r(rs      rc@sReZdZejZdddZedddZdd d Z dddZ dddZ dddZ dS)DeltaCRLIndicatorrnr,rr?cCrorprqrsr'r'r(rCrtzDeltaCRLIndicator.__init__cCrr!rr0r'r'r(rnrzDeltaCRLIndicator.crl_numberrurvrwcCrxr!)r"rryrnrzr'r'r(r{r|zDeltaCRLIndicator.__eq__cCr}r!r~r0r'r'r(rrzDeltaCRLIndicator.__hash__r+cCrf)NzrCrrnr{rrhr#r'r'r'r(rs     rc@r)CRLDistributionPointsdistribution_points"typing.Iterable[DistributionPoint]rr?cCr)Ncsrr!r"DistributionPointrr'r'r(rrz1CRLDistributionPoints.__init__..?distribution_points must be a list of DistributionPoint objectsrXrrc_distribution_pointsr1rr'r'r(rC zCRLDistributionPoints.__init__rr+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(r    rc@r) FreshestCRLrrrr?cCr)Ncsrr!rrr'r'r(r$rz'FreshestCRL.__init__..rrrr'r'r(rC rzFreshestCRL.__init__rr+cCrf)Nz rzFreshestCRL.public_bytesNrrirr9rQ)rJrKrLrZ FRESHEST_CRLr>rCr:rjrkrlrhr{rr#r'r'r'r(rrrc@sleZdZd!d d Zd"d dZd#ddZd$ddZed%ddZed&ddZ ed'ddZ ed%ddZ d S)(r full_namer relative_name RelativeDistinguishedName | Nonereasonsfrozenset[ReasonFlags] | None crl_issuerrr?cCs|r|rtd|s|s|std|dur't|}tdd|Ds'td|r2t|ts2td|durGt|}tdd|DsGtd|r[t|trWtd d|Ds[td |rktj|vsgtj |vrktd ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.z?Either full_name, relative_name or crl_issuer must be provided.csrr!rrr'r'r(rWrz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecsrr!rrr'r'r(rdrz2crl_issuer must be None or a list of general namescsrr!r" ReasonFlagsrr'r'r(rkrz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPoint)rrXrrcr"r frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r1rrrrr'r'r(rCCsR     zDistributionPoint.__init__r+cCr)Nz}rr0r'r'r(rh}zDistributionPoint.__repr__rurvrwcCs>t|tstS|j|jko|j|jko|j|jko|j|jkSr!)r"rryrrrrrzr'r'r(r{s     zDistributionPoint.__eq__r,cCsH|jdur t|j}nd}|jdurt|j}nd}t||j|j|fSr!)rrrrrr)r1fnrr'r'r(rs    zDistributionPoint.__hash__rcCrr!rr0r'r'r(rrzDistributionPoint.full_namecCrr!rr0r'r'r(rrzDistributionPoint.relative_namecCrr!)rr0r'r'r(rrzDistributionPoint.reasonscCrr!)rr0r'r'r(rrzDistributionPoint.crl_issuerN) rrrrrrrrrr?rirr9rrrrr) rJrKrLrCrhr{rrrrrrr'r'r'r(rBs  :     rc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) rJrKrLrkey_compromise ca_compromiseaffiliation_changedrcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserr'r'r'r(rsr)r r r r rrrrc@s`eZdZejZdddZdd d ZdddZdddZ e dddZ e dddZ d ddZ dS)!PolicyConstraintsrequire_explicit_policyrinhibit_policy_mappingrr?cCs\|dur t|ts td|durt|tstd|dur&|dur&td||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)r"r,rcr_require_explicit_policy_inhibit_policy_mapping)r1rrr'r'r(rCs$   zPolicyConstraints.__init__r+cCr)Nz{rr0r'r'r(rhrzPolicyConstraints.__repr__rurvrwcCrr!)r"rryrrrzr'r'r(r{rzPolicyConstraints.__eq__r,cCrr!)rrrr0r'r'r(r s zPolicyConstraints.__hash__cCrr!)rr0r'r'r(rrz)PolicyConstraints.require_explicit_policycCrr!)rr0r'r'r(rrz(PolicyConstraints.inhibit_policy_mappingr cCrr!rr0r'r'r(r#rzPolicyConstraints.public_bytesN)rrrrrr?rirr9rrQ)rJrKrLrZPOLICY_CONSTRAINTSr>rCrhr{rrrrr#r'r'r'r(rs      rc@r)CertificatePoliciespolicies"typing.Iterable[PolicyInformation]rr?cCr)Ncsrr!)r"PolicyInformationrr'r'r(r#rz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rXrrc _policies)r1rr'r'r(rC!  zCertificatePolicies.__init__rr+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(rs    rc@PeZdZdddZdd d ZdddZdddZedddZedddZ dS) rpolicy_identifierrpolicy_qualifiers(typing.Iterable[str | UserNotice] | Nonerr?cCsLt|ts td||_|dur!t|}tdd|Ds!td||_dS)Nz-policy_identifier must be an ObjectIdentifiercss|] }t|ttfVqdSr!)r"r+ UserNoticerr'r'r(rJs z-PolicyInformation.__init__..zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)r"rrc_policy_identifierrXr_policy_qualifiers)r1rrr'r'r(rC>s  zPolicyInformation.__init__r+cCr)Nzerr0r'r'r(rhTrzPolicyInformation.__repr__rurvrwcCrr!)r"rryrrrzr'r'r(r{ZrzPolicyInformation.__eq__r,cCs(|jdur t|j}nd}t|j|fSr!)rrrr)r1Zpqr'r'r(rcs zPolicyInformation.__hash__cCrr!)r"r0r'r'r(rmrz#PolicyInformation.policy_identifierlist[str | UserNotice] | NonecCrr!)r#r0r'r'r(rqrz#PolicyInformation.policy_qualifiersN)rrrr rr?rirr9r)rr$) rJrKrLrCrhr{rrrrr'r'r'r(r=s     rc@r)r!notice_referenceNoticeReference | None explicit_text str | Nonerr?cCs&|r t|ts td||_||_dS)Nz2notice_reference must be None or a NoticeReference)r"NoticeReferencerc_notice_reference_explicit_text)r1r%r'r'r'r(rCys zUserNotice.__init__r+cCr)NzVrr0r'r'r(rhrzUserNotice.__repr__rurvrwcCrr!)r"r!ryr%r'rzr'r'r(r{rzUserNotice.__eq__r,cCrr!)rr%r'r0r'r'r(rrzUserNotice.__hash__cCrr!)r*r0r'r'r(r%rzUserNotice.notice_referencecCrr!)r+r0r'r'r(r'rzUserNotice.explicit_textN)r%r&r'r(rr?rirr9)rr&rr() rJrKrLrCrhr{rrr%r'r'r'r'r(r!xs     r!c@r) r) organizationr(notice_numberstyping.Iterable[int]rr?cCs2||_t|}tdd|Dstd||_dS)Ncsrr!)r"r,rr'r'r(rrz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrXrrc_notice_numbers)r1r-r.r'r'r(rCs  zNoticeReference.__init__r+cCr)NzUrr0r'r'r(rhrzNoticeReference.__repr__rurvrwcCrr!)r"r)ryr-r.rzr'r'r(r{rzNoticeReference.__eq__r,cCst|jt|jfSr!)rr-rr.r0r'r'r(rzNoticeReference.__hash__cCrr!)r0r0r'r'r(r-rzNoticeReference.organization list[int]cCrr!)r1r0r'r'r(r.rzNoticeReference.notice_numbersN)r-r(r.r/rr?rirr9r,)rr3) rJrKrLrCrhr{rrr-r.r'r'r'r(r)rr)c@r)ExtendedKeyUsageusages!typing.Iterable[ObjectIdentifier]rr?cCr)Ncsrr!r"rrr'r'r(rrz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rXrrc_usages)r1r5r'r'r(rCs  zExtendedKeyUsage.__init__r8r+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(r4s    r4c@:eZdZejZdddZddd Zdd d ZdddZ dS) OCSPNoCheckrurvrrwcCt|tstSdSNT)r"r:ryrzr'r'r(r{ zOCSPNoCheck.__eq__r,cCttSr!)rr:r0r'r'r(rzOCSPNoCheck.__hash__r+cCdS)Nzr'r0r'r'r(rhzOCSPNoCheck.__repr__r cCrr!rr0r'r'r(r#rzOCSPNoCheck.public_bytesNrr9rirQ) rJrKrLrZ OCSP_NO_CHECKr>r{rrhr#r'r'r'r(r:    r:c@r9) PrecertPoisonrurvrrwcCr;r<)r"rCryrzr'r'r(r{r=zPrecertPoison.__eq__r,cCr>r!)rrCr0r'r'r(rr?zPrecertPoison.__hash__r+cCr@)Nzr'r0r'r'r(rhrAzPrecertPoison.__repr__r cCrr!rr0r'r'r(r# rzPrecertPoison.public_bytesNrr9rirQ) rJrKrLrZPRECERT_POISONr>r{rrhr#r'r'r'r(rCrBrCc@r) TLSFeaturefeaturestyping.Iterable[TLSFeatureType]rr?cCs8t|}tdd|Drt|dkrtd||_dS)Ncsrr!)r"TLSFeatureTyperr'r'r(rrz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rXrr.rc _features)r1rEr'r'r(rCs  zTLSFeature.__init__rHr+cCrf)NzrCr:rjrkrlrhr{rr#r'r'r'r(rDs    rDc@seZdZdZdZdS)rGrN)rJrKrLZstatus_requestZstatus_request_v2r'r'r'r(rG1srGcCsi|]}|j|qSr'rdrr'r'r( <rKc@sReZdZejZdddZddd Zdd dZdddZ e dddZ dddZ dS)InhibitAnyPolicy skip_certsr,rr?cCs,t|ts td|dkrtd||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)r"r,rcr _skip_certs)r1rNr'r'r(rCBs  zInhibitAnyPolicy.__init__r+cCrf)NzrCrhr{rrrNr#r'r'r'r(rM?s    rMc@seZdZejZd/d dZed0ddZed0ddZ ed0ddZ ed0ddZ ed0ddZ ed0ddZ ed0ddZed0ddZed0dd Zd1d"d#Zd2d&d'Zd3d)d*Zd4d,d-Zd.S)5KeyUsagedigital_signaturerwcontent_commitmentkey_enciphermentdata_encipherment key_agreement key_cert_signcrl_sign encipher_only decipher_onlyrr?c CsN|s |s| r td||_||_||_||_||_||_||_||_| |_ dS)NzKencipher_only and decipher_only can only be true when key_agreement is true) r_digital_signature_content_commitment_key_encipherment_data_encipherment_key_agreement_key_cert_sign _crl_sign_encipher_only_decipher_only) r1rQrRrSrTrUrVrWrXrYr'r'r(rCbs  zKeyUsage.__init__cCrr!)rZr0r'r'r(rQ~rzKeyUsage.digital_signaturecCrr!)r[r0r'r'r(rRrzKeyUsage.content_commitmentcCrr!)r\r0r'r'r(rSrzKeyUsage.key_enciphermentcCrr!)r]r0r'r'r(rTrzKeyUsage.data_enciphermentcCrr!)r^r0r'r'r(rUrzKeyUsage.key_agreementcCrr!)r_r0r'r'r(rVrzKeyUsage.key_cert_signcCrr!)r`r0r'r'r(rWrzKeyUsage.crl_signcC|jstd|jS)Nz7encipher_only is undefined unless key_agreement is true)rUrrar0r'r'r(rX zKeyUsage.encipher_onlycCrc)Nz7decipher_only is undefined unless key_agreement is true)rUrrbr0r'r'r(rYrdzKeyUsage.decipher_onlyr+cCsvz|j}|j}Wn tyd}d}Ynwd|jd|jd|jd|jd|jd|jd|j d |d |d S) NFzrCrrQrRrSrTrUrVrWrXrYrhr{rr#r'r'r'r(rP_s2             rPc@s~eZdZejZd$ddZd%d d Zd&ddZd&ddZ d&ddZ d'ddZ d(ddZ e d)ddZe d)ddZd*d!d"Zd#S)+NameConstraintspermitted_subtreesrexcluded_subtreesrr?cCs|dur t|}|stdtdd|Dstd|||dur@t|}|s.tdtdd|Ds;td|||durL|durLtd||_||_dS) Nz3permitted_subtrees must be a non-empty list or Nonecsrr!rrr'r'r(rrz+NameConstraints.__init__..z@permitted_subtrees must be a list of GeneralName objects or Nonez2excluded_subtrees must be a non-empty list or Nonecsrr!rrr'r'r(rrz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rXrrrc_validate_tree_permitted_subtrees_excluded_subtrees)r1rfrgr'r'r(rCs8   zNameConstraints.__init__rurvrwcCrr!)r"reryrgrfrzr'r'r(r{rzNameConstraints.__eq__treetyping.Iterable[GeneralName]cCs||||dSr!)_validate_ip_name_validate_dns_namer1rkr'r'r(rhs zNameConstraints._validate_treecCtdd|Dr tddS)Ncss0|]}t|tot|jtjtjf VqdSr!)r"rrd ipaddressZ IPv4NetworkZ IPv6Networkrnamer'r'r(rs  z4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyrcror'r'r(rmsz!NameConstraints._validate_ip_namecCrp)Ncss$|] }t|to d|jvVqdS)*N)r"rrdrrr'r'r(r,s z5NameConstraints._validate_dns_name..zDDNSName name constraints must not contain the '*' wildcard character)rtrror'r'r(rn+sz"NameConstraints._validate_dns_namer+cCsd|jd|jdS)Nz$rCr{rhrmrnrhrrrfrgr#r'r'r'r(res  *    rec@s^eZdZdd d Zedd d Zedd dZedddZd ddZd!ddZ d"ddZ dS)# Extensionr>rcriticalrwrdrrr?cCs:t|ts tdt|tstd||_||_||_dS)Nz2oid argument must be an ObjectIdentifier instance.z critical must be a boolean value)r"rrcrw_oid _critical_value)r1r>ryrdr'r'r(rCXs   zExtension.__init__cCrr!rzr0r'r'r(r>grz Extension.oidcCrr!)r{r0r'r'r(rykrzExtension.criticalcCrr!r|r0r'r'r(rdorzExtension.valuer+cCd|jd|jd|jdS)Nzryrdr0r'r'r(rhsszExtension.__repr__rurvcCrr!)r"rxryr>ryrdrzr'r'r(r{y    zExtension.__eq__r,cCt|j|j|jfSr!)rr>ryrdr0r'r'r(rr2zExtension.__hash__N)r>rryrwrdrrr?rr)rrrirr9) rJrKrLrCrr>ryrdrhr{rr'r'r'r(rxWs       rxc@seZdZd(ddZed\ZZZej d)d d Z ej d*dd Z ej d+dd Z ej d,dd Z ej d-dd Z d.dd Z d/ddZ d0d"d#Z d1d%d&Z d'S)2 GeneralNames general_namesrlrr?cCr)Ncsrr!rrr'r'r(rrz(GeneralNames.__init__..z^Every item in the general_names list must be an object conforming to the GeneralName interface)rXrrc_general_namesr1rr'r'r(rCrzGeneralNames.__init__rtypeBtype[DNSName] | type[UniformResourceIdentifier] | type[RFC822Name] list[str]cCdSr!r'r1rr'r'r(get_values_for_typez GeneralNames.get_values_for_typetype[DirectoryName] list[Name]cCrr!r'rr'r'r(rtype[RegisteredID]list[ObjectIdentifier]cCrr!r'rr'r'r(rrtype[IPAddress]list[_IPAddressTypes]cCrr!r'rr'r'r(rtype[OtherName]list[OtherName]cCrr!r'rr'r'r(rtype[DNSName] | type[DirectoryName] | type[IPAddress] | type[OtherName] | type[RFC822Name] | type[RegisteredID] | type[UniformResourceIdentifier]Ylist[_IPAddressTypes] | list[str] | list[OtherName] | list[Name] | list[ObjectIdentifier]cs0fdd|D}tkrdd|DSt|S)Nc3s|] }t|r|VqdSr!)r"rirr'r(rsz3GeneralNames.get_values_for_type..cSsg|]}|jqSr'rJrr'r'r( sz4GeneralNames.get_values_for_type..)rrX)r1rZobjsr'rr(rsr+cCrf)NzrCr:rjrkrlrrrrhr{rr#r'r'r'r(r&          rc@r)6IssuerAlternativeNamerrlrr?cCrWr!rrr'r'r(rC(r4zIssuerAlternativeName.__init__rrrrcCrr!r'rr'r'r(r-rz)IssuerAlternativeName.get_values_for_typerrcCrr!r'rr'r'r(r6rrrcCrr!r'rr'r'r(r=rrrcCrr!r'rr'r'r(rDrrrcCrr!r'rr'r'r(rJrrrcCrr!rrr'r'r(rNrr+cCrf)NzrCr:rjrkrlrrrrhr{rr#r'r'r'r(r%rrc@r)6CertificateIssuerrrlrr?cCrWr!rrr'r'r(rCsr4zCertificateIssuer.__init__rrrrcCrr!r'rr'r'r(rxrz%CertificateIssuer.get_values_for_typerrcCrr!r'rr'r'r(rrrrcCrr!r'rr'r'r(rrrrcCrr!r'rr'r'r(rrrrcCrr!r'rr'r'r(rrrrcCrr!rrr'r'r(rrr+cCrf)NzrCr:rjrkrlrrrrhr{rr#r'r'r'r(rprrc@ReZdZejZdddZddd Zdd dZdddZ e dddZ dddZ dS) CRLReasonreasonrrr?cCro)Nz*reason must be an element from ReasonFlags)r"rrc_reason)r1rr'r'r(rCrtzCRLReason.__init__r+cCrf)NzrCrhr{rrrr#r'r'r'r(r     rc@r)InvalidityDateinvalidity_datedatetime.datetimerr?cCst|tjs td||_dS)Nz+invalidity_date must be a datetime.datetime)r"datetimerc_invalidity_date)r1rr'r'r(rCs  zInvalidityDate.__init__r+cCrf)Nz rCrhr{rrrr#r'r'r'r(rrrc@ReZdZejZdddZed\ZZ Z dd d Z dd d Z dddZ dddZdS))PrecertificateSignedCertificateTimestampssigned_certificate_timestamps+typing.Iterable[SignedCertificateTimestamp]rr?cCr)Ncsrr!r"r rZsctr'r'r(r  zEPrecertificateSignedCertificateTimestamps.__init__..YEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamprXrrc_signed_certificate_timestampsr1rr'r'r(rC z2PrecertificateSignedCertificateTimestamps.__init__rr+cCdt|dS)Nz+rCr:rjrkrlrhrr{r#r'r'r'r(r     rc@r)SignedCertificateTimestampsrrrr?cCr)Ncsrr!rrr'r'r(r*rz7SignedCertificateTimestamps.__init__..rrrr'r'r(rC#rz$SignedCertificateTimestamps.__init__rr+cCr)Nzrz"SignedCertificateTimestamps.__eq__r cCrr!rr0r'r'r(r#Grz(SignedCertificateTimestamps.public_bytesNrrir9rrQ)rJrKrLrZSIGNED_CERTIFICATE_TIMESTAMPSr>rCr:rjrkrlrhrr{r#r'r'r'r(r rrc@sReZdZejZdddZdd d Zdd dZdddZ e dddZ dddZ dS) OCSPNoncenoncer rr?cCro)Nznonce must be bytes)r"r rc_nonce)r1rr'r'r(rCNrtzOCSPNonce.__init__rurvrwcCrxr!)r"rryrrzr'r'r(r{Tr|zOCSPNonce.__eq__r,cCr}r!)rrr0r'r'r(rZrzOCSPNonce.__hash__r+cCr)NzrCr{rrhrrr#r'r'r'r(rKrrc@sNeZdZejZdddZdd d Zdd dZdddZ dddZ dddZ dS)OCSPAcceptableResponses responsesr6rr?cCs,t|}tdd|Drtd||_dS)Ncss|] }t|t VqdSr!r7)rrr'r'r(rmsz3OCSPAcceptableResponses.__init__..z'All responses must be ObjectIdentifiers)rXrtrc _responses)r1rr'r'r(rCks z OCSPAcceptableResponses.__init__rurvrwcCrxr!)r"rryrrzr'r'r(r{rr|zOCSPAcceptableResponses.__eq__r,cCrr!)rrrr0r'r'r(rxr4z OCSPAcceptableResponses.__hash__r+cCrf)Nz#rCr{rrhrkr#r'r'r'r(rhs     rc@seZdZejZd-ddZd.ddZd/ddZd0ddZ e d1ddZ e d2ddZ e d3dd Z e d3d!d"Ze d4d#d$Ze d3d%d&Ze d3d'd(Zd5d*d+Zd,S)6IssuingDistributionPointrrrronly_contains_user_certsrwonly_contains_ca_certsonly_some_reasonsr indirect_crlonly_contains_attribute_certsrr?c Cs|durt|}|rt|trtdd|Dstd|r,tj|vs(tj|vr,tdt|t r@t|t r@t|t r@t|t sDtd||||g}t dd|DdkrYtd t |||||||gshtd ||_ ||_ ||_||_||_||_||_dS) Ncsrr!rrr'r'r(rrz4IssuingDistributionPoint.__init__..z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|]}|r|qSr'r'rr'r'r(rrLz5IssuingDistributionPoint.__init__..r zOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rXr"rrrcrrrrrwr.rt_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r1rrrrrrrZcrl_constraintsr'r'r(rCsp     z!IssuingDistributionPoint.__init__r+cCs>d|jd|jd|jd|jd|jd|jd|jdS) Nz$rCrhr{rrrrrrrrrr#r'r'r'r(rs*  S        rc@sneZdZejZddd Zed d d Zed!d d Z ed!ddZ d"ddZ d#ddZ d$ddZ d%ddZdS)&MSCertificateTemplate template_idr major_versionr minor_versionrr?cCsTt|ts td||_|durt|tr|dur"t|ts"td||_||_dS)Noid must be an ObjectIdentifierz8major_version and minor_version must be integers or None)r"rrc _template_idr,_major_version_minor_version)r1rrrr'r'r(rC(s  zMSCertificateTemplate.__init__cCrr!)rr0r'r'r(r<rz!MSCertificateTemplate.template_idcCrr!)rr0r'r'r(r@rz#MSCertificateTemplate.major_versioncCrr!)rr0r'r'r(rDrz#MSCertificateTemplate.minor_versionr+cCr)Nz#rCrrrrrhr{rr#r'r'r'r(r%s       rc@sZeZdZdddZedd d Zedd d ZdddZdddZd ddZ dddZ dS)!rbr>rrdr rr?cCs"t|ts td||_||_dS)Nr)r"rrcrzr|)r1r>rdr'r'r(rCas  zUnrecognizedExtension.__init__cCrr!r}r0r'r'r(r>grzUnrecognizedExtension.oidcCrr!r~r0r'r'r(rdkrzUnrecognizedExtension.valuer+cCsd|jd|jdS)Nzrdr0r'r'r(rhorvzUnrecognizedExtension.__repr__rurvrwcCrr!)r"rbryr>rdrzr'r'r(r{urzUnrecognizedExtension.__eq__r,cCrr!)rr>rdr0r'r'r(r{rzUnrecognizedExtension.__hash__cCrr!rJr0r'r'r(r#~sz"UnrecognizedExtension.public_bytesN)r>rrdr rr?rrQrirr9) rJrKrLrCrr>rdrhr{rr#r'r'r'r(rb`s      rb)rr rr )r*r+)iZ __future__rabcrr$rqrZ cryptographyrZ"cryptography.hazmat.bindings._rustrrrZcryptography.hazmat.primitivesrrZ,cryptography.hazmat.primitives.asymmetric.ecrZ-cryptography.hazmat.primitives.asymmetric.rsar Z/cryptography.hazmat.primitives.asymmetric.typesr r Z*cryptography.x509.certificate_transparencyr Zcryptography.x509.general_namer rrrrrrrrZcryptography.x509.namerrZcryptography.x509.oidrrrrTypeVarrr)r: Exceptionr<rOABCMetarrTrmrrrrrrrrrrEnumrrrrrrrrr Z_REASON_BIT_MAPPINGZ_CRLREASONFLAGSrrrr!r)r4r:rCrDrGZ_TLS_FEATURE_TYPE_TO_ENUMrMrPreZGenericrxrrrrrrrrrrrrrbr'r'r'r(s       ,     'l$!!(.%%k  A;+("  s0SKKK++!;