o  `)g@sddlmZmZmZddlZddlZddlZddlmZddl Z ddl m Z ddl m Z ddlmZmZmZmZmZddlmZmZddlmZdd lmZed d d ZGd d d eZddZddZddZ GdddeZ!d6ddZ"d6ddZ#d6ddZ$d6ddZ%d6ddZ&d6d d!Z'Gd"d#d#eZ(e )ej*Gd$d%d%e+Z,e )ej*Gd&d'd'e+Z-e )ej*Gd(d)d)e+Z.e )ej*Gd*d+d+e+Z/Gd,d-d-e+Z0Gd.d/d/e+Z1Gd0d1d1e+Z2Gd2d3d3e+Z3d4d5Z4dS)7)absolute_importdivisionprint_functionN)Enum)utils) _get_backend)dsaeced25519ed448rsa) Extension ExtensionType)Name)ObjectIdentifiericeZdZfddZZS)AttributeNotFoundctt||||_dSN)superr__init__oid)selfmsgr __class__lhome/ych/rk3568/buildroot/output/rockchip_rk3568/host/lib/python3.10/site-packages/cryptography/x509/base.pyr  zAttributeNotFound.__init____name__ __module__ __qualname__r __classcell__rrrrrrcCs"|D] }|j|jkrtdqdS)Nz$This extension has already been set.)r ValueError) extension extensionserrr_reject_duplicate_extension%s  r*cCs"|D] \}}||krtdqdS)Nz$This attribute has already been set.)r&)r attributesZattr_oid_rrr_reject_duplicate_attribute,s r-cCs6|jdur|}|r |nt}|jdd|S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. N)tzinfo)r. utcoffsetdatetime timedeltareplace)timeoffsetrrr_convert_to_naive_utc_time3s r5c@seZdZdZdZdS)VersionrN)r!r"r#Zv1v3rrrrr6Asr6cCt|}||Sr)rload_pem_x509_certificatedatabackendrrrr:F r:cCr9r)rload_der_x509_certificater;rrrr?Kr>r?cCr9r)rload_pem_x509_csrr;rrrr@Pr>r@cCr9r)rload_der_x509_csrr;rrrrAUr>rAcCr9r)rload_pem_x509_crlr;rrrrBZr>rBcCr9r)rload_der_x509_crlr;rrrrC_r>rCcr)InvalidVersioncrr)rrDrparsed_version)rrrErrrrerzInvalidVersion.__init__r rrrrrDdr%rDc@seZdZejddZejddZejddZejddZ ejd d Z ejd d Z ejd dZ ejddZ ejddZejddZejddZejddZejddZejddZejddZejdd Zejd!d"Zd#S)$ CertificatecCdSz4 Returns bytes using digest passed. Nrr algorithmrrr fingerprintlzCertificate.fingerprintcCrG)z3 Returns certificate serial number Nrrrrr serial_numberrrLzCertificate.serial_numbercCrG)z1 Returns the certificate version NrrMrrrversionxrLzCertificate.versioncCrGz( Returns the public key NrrMrrr public_key~rLzCertificate.public_keycCrG)z? Not before time (represented as UTC datetime) NrrMrrrnot_valid_beforerLzCertificate.not_valid_beforecCrG)z> Not after time (represented as UTC datetime) NrrMrrrnot_valid_afterrLzCertificate.not_valid_aftercCrG)z1 Returns the issuer name object. NrrMrrrissuerrLzCertificate.issuercCrGz2 Returns the subject name object. NrrMrrrsubjectrLzCertificate.subjectcCrGzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. NrrMrrrsignature_hash_algorithmrLz$Certificate.signature_hash_algorithmcCrGzJ Returns the ObjectIdentifier of the signature algorithm. NrrMrrrsignature_algorithm_oidrLz#Certificate.signature_algorithm_oidcCrG)z/ Returns an Extensions object. NrrMrrrr(rLzCertificate.extensionscCrGz. Returns the signature bytes. NrrMrrr signaturerLzCertificate.signaturecCrG)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. NrrMrrrtbs_certificate_bytesrLz!Certificate.tbs_certificate_bytescCrGz" Checks equality. Nrrotherrrr__eq__rLzCertificate.__eq__cCrGz# Checks not equal. Nrr_rrr__ne__rLzCertificate.__ne__cCrGz" Computes a hash. NrrMrrr__hash__rLzCertificate.__hash__cCrG)zB Serializes the certificate to PEM or DER format. Nrrencodingrrr public_bytesrLzCertificate.public_bytesN)r!r"r#abcabstractmethodrKabstractpropertyrNrOrQrRrSrTrVrXrZr(r\r]rarcrerhrrrrrFjsF                rFc@seZdZejddZejddZejddZejddZ ejd d Z ejd d Z ejd dZ ejddZ ejddZejddZejddZejddZejddZejddZejddZejdd Zejd!d"Zd#S)$CertificateRevocationListcCrG)z: Serializes the CRL to PEM or DER format. NrrfrrrrhrLz&CertificateRevocationList.public_bytescCrGrHrrIrrrrKrLz%CertificateRevocationList.fingerprintcCrG)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nr)rrNrrr(get_revoked_certificate_by_serial_numberrLzBCertificateRevocationList.get_revoked_certificate_by_serial_numbercCrGrWrrMrrrrXrLz2CertificateRevocationList.signature_hash_algorithmcCrGrYrrMrrrrZrLz1CertificateRevocationList.signature_algorithm_oidcCrG)zC Returns the X509Name with the issuer of this CRL. NrrMrrrrTrLz CertificateRevocationList.issuercCrG)z? Returns the date of next update for this CRL. NrrMrrr next_updaterLz%CertificateRevocationList.next_updatecCrG)z? Returns the date of last update for this CRL. NrrMrrr last_updaterLz%CertificateRevocationList.last_updatecCrG)zS Returns an Extensions object containing a list of CRL extensions. NrrMrrrr(rLz$CertificateRevocationList.extensionscCrGr[rrMrrrr\rLz#CertificateRevocationList.signaturecCrG)zO Returns the tbsCertList payload bytes as defined in RFC 5280. NrrMrrrtbs_certlist_bytesrLz,CertificateRevocationList.tbs_certlist_bytescCrGr^rr_rrrrarLz CertificateRevocationList.__eq__cCrGrbrr_rrrrc rLz CertificateRevocationList.__ne__cCrG)z< Number of revoked certificates in the CRL. NrrMrrr__len__&rLz!CertificateRevocationList.__len__cCrG)zS Returns a revoked certificate (or slice of revoked certificates). Nr)ridxrrr __getitem__,rLz%CertificateRevocationList.__getitem__cCrG)z8 Iterator over the revoked certificates NrrMrrr__iter__2rLz"CertificateRevocationList.__iter__cCrG)zQ Verifies signature of revocation list against given public key. Nr)rrQrrris_signature_valid8rLz,CertificateRevocationList.is_signature_validN)r!r"r#rirjrhrKrmrkrXrZrTrnror(r\rprarcrqrsrtrurrrrrlsF                rlc@seZdZejddZejddZejddZejddZej d d Z ej d d Z ej d dZ ej ddZ ejddZej ddZej ddZej ddZej ddZdS)CertificateSigningRequestcCrGr^rr_rrrraArLz CertificateSigningRequest.__eq__cCrGrbrr_rrrrcGrLz CertificateSigningRequest.__ne__cCrGrdrrMrrrreMrLz"CertificateSigningRequest.__hash__cCrGrPrrMrrrrQSrLz$CertificateSigningRequest.public_keycCrGrUrrMrrrrVYrLz!CertificateSigningRequest.subjectcCrGrWrrMrrrrX_rLz2CertificateSigningRequest.signature_hash_algorithmcCrGrYrrMrrrrZfrLz1CertificateSigningRequest.signature_algorithm_oidcCrG)z@ Returns the extensions in the signing request. NrrMrrrr(lrLz$CertificateSigningRequest.extensionscCrG)z; Encodes the request to PEM or DER format. NrrfrrrrhrrLz&CertificateSigningRequest.public_bytescCrGr[rrMrrrr\xrLz#CertificateSigningRequest.signaturecCrG)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. NrrMrrrtbs_certrequest_bytes~rLz/CertificateSigningRequest.tbs_certrequest_bytescCrG)z8 Verifies signature of signing request. NrrMrrrrurLz,CertificateSigningRequest.is_signature_validcCrG)z: Get the attribute value for a given OID. NrrMrrrget_attribute_for_oidrLz/CertificateSigningRequest.get_attribute_for_oidN)r!r"r#rirjrarcrerQrkrVrXrZr(rhr\rwrurxrrrrrv?s6            rvc@s6eZdZejddZejddZejddZdS)RevokedCertificatecCrG)zG Returns the serial number of the revoked certificate. NrrMrrrrNrLz RevokedCertificate.serial_numbercCrG)zH Returns the date of when this certificate was revoked. NrrMrrrrevocation_daterLz"RevokedCertificate.revocation_datecCrG)zW Returns an Extensions object containing a list of Revoked extensions. NrrMrrrr(rLzRevokedCertificate.extensionsN)r!r"r#rirkrNrzr(rrrrrys  ryc@s>eZdZdggfddZddZddZdd Zd d d ZdS) CertificateSigningRequestBuilderNcCs||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_name _extensions _attributes)r subject_namer(r+rrrrs z)CertificateSigningRequestBuilder.__init__cCs4t|ts td|jdurtdt||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.) isinstancer TypeErrorr|r&r{r}r~rnamerrrrs   z-CertificateSigningRequestBuilder.subject_namecCsDt|ts tdt|j||}t||jt|j|j|g|j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) rrrr rr*r}r{r|r~rr'criticalrrr add_extensions   z.CertificateSigningRequestBuilder.add_extensioncCsLt|ts tdt|tstdt||jt|j|j|j||fgS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytes) rrrbytesr-r~r{r|r})rrvaluerrr add_attributes   z.CertificateSigningRequestBuilder.add_attributecCs(t|}|jdur td||||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subject)rr|r&Zcreate_x509_csrrZ private_keyrJr=rrrsigns z%CertificateSigningRequestBuilder.signr)r!r"r#rrrrrrrrrr{s  r{c@sfeZdZddddddgfddZddZddZdd Zd d Zd d ZddZ ddZ dddZ dS)CertificateBuilderNcCs6tj|_||_||_||_||_||_||_||_ dSr) r6r8_version _issuer_namer| _public_key_serial_number_not_valid_before_not_valid_afterr})r issuer_namerrQrNrRrSr(rrrrs  zCertificateBuilder.__init__cCsDt|ts td|jdurtdt||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. rN%The issuer name may only be set once.) rrrrr&rr|rrrrr}rrrrrs  zCertificateBuilder.issuer_namecCsDt|ts td|jdurtdt|j||j|j|j |j |j S)z: Sets the requestor's distinguished name. rNr) rrrr|r&rrrrrrr}rrrrrs  zCertificateBuilder.subject_namecCsXt|tjtjtjtjt j fst d|j durt dt|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zhExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey or Ed448PublicKey.Nz$The public key may only be set once.)rrZ DSAPublicKeyr Z RSAPublicKeyr ZEllipticCurvePublicKeyr ZEd25519PublicKeyr ZEd448PublicKeyrrr&rrr|rrrr})rkeyrrrrQ s.  zCertificateBuilder.public_keycCsjt|tjs td|jdurtd|dkrtd|dkr%tdt|j|j |j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.)rsix integer_typesrrr& bit_lengthrrr|rrrr}rnumberrrrrN?s&   z CertificateBuilder.serial_numbercCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rr0rrr&r5_EARLIEST_UTC_TIMErrrr|rrr}rr3rrrrRZs,  z#CertificateBuilder.not_valid_beforecCszt|tjs td|jdurtdt|}|tkrtd|jdur-||jkr-tdt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rNz)The not valid after may only be set once.zeZdZddgfddZddZddZdd Zd d d ZdS) RevokedCertificateBuilderNcCs||_||_||_dSr)r_revocation_dater})rrNrzr(rrrr<s z"RevokedCertificateBuilder.__init__cCsZt|tjs td|jdurtd|dkrtd|dkr%tdt||j|j S)Nrrrz$The serial number should be positiverr) rrrrrr&rrrr}rrrrrNCs    z'RevokedCertificateBuilder.serial_numbercCsNt|tjs td|jdurtdt|}|tkrtdt|j||j S)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rr0rrr&r5rrrr}rrrrrzUs   z)RevokedCertificateBuilder.revocation_datecCsDt|ts tdt|j||}t||jt|j|j |j|gS)Nr) rrrr rr*r}rrrrrrrrcs   z'RevokedCertificateBuilder.add_extensioncCs6t|}|jdur td|jdurtd||S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rrr&rZcreate_x509_revoked_certificate)rr=rrrbuildos   zRevokedCertificateBuilder.buildr)r!r"r#rrNrzrrrrrrr;s  rcCsttddd?S)Nbigr)rZint_from_bytesosurandomrrrrrandom_serial_number{srr)5 __future__rrrrir0renumrr cryptographyrZcryptography.hazmat.backendsrZ)cryptography.hazmat.primitives.asymmetricrr r r r Zcryptography.x509.extensionsr rZcryptography.x509.namerZcryptography.x509.oidrr Exceptionrr*r-r5r6r:r?r@rArBrCrDZ add_metaclassABCMetaobjectrFrlrvryr{rrrrrrrrsN             i j RA^v @