%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/cryptography/x509/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/cryptography/x509/__pycache__/base.cpython-312.pyc

�

�3Tf]��	���ddlmZddlZddlZddlZddlZddlmZddlm	Z
ddlmZm
Z
ddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZmZdd	l m!Z!m"Z"dd
l#m$Z$ejddd�Z%ejLejNejPejRejTejVejXejZej\fZ/Gd
�de0�Z1						d5d�Z2						d6d�Z3d7d�Z4Gd�d�Z5Gd�d�Z6Gd�dejn�Z8Gd�de0�Z9Gd�dejt��Z;e;jye
jv�Gd�dejt��Z=e=jye
jz�Gd�d e=�Z>Gd!�d"ejt��Z?e?jye
j~�Gd#�d$ejt��Z@e@jye
j��	d8					d9d%�ZAd:d&�ZB	d8					d9d'�ZC	d8					d;d(�ZD	d8					d;d)�ZE	d8					d<d*�ZF	d8					d<d+�ZGGd,�d-�ZHGd.�d/�ZIGd0�d1�ZJGd2�d3�ZKd=d4�ZLy)>�)�annotationsN)�utils)�x509)�hashes�
serialization)�dsa�ec�ed448�ed25519�padding�rsa�x448�x25519)� CertificateIssuerPrivateKeyTypes�CertificateIssuerPublicKeyTypes�CertificatePublicKeyTypes)�	Extension�
Extensions�
ExtensionType�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��c� ��eZdZd�fd�Z�xZS)�AttributeNotFoundc�2��t�|�|�||_y�N)�super�__init__�oid)�self�msgr!�	__class__s   ��8/usr/lib/python3/dist-packages/cryptography/x509/base.pyr zAttributeNotFound.__init__8s���
��������)r#�strr!r�return�None��__name__�
__module__�__qualname__r �
__classcell__�r$s@r%rr7s
����r&rc�Z�|D]&}|j|jk(s�td��y)Nz$This extension has already been set.)r!�
ValueError)�	extension�
extensions�es   r%�_reject_duplicate_extensionr5=s1��
�E���5�5�I�M�M�!��C�D�D�Er&c�:�|D]\}}}||k(s�
td��y)Nz$This attribute has already been set.)r1)r!�
attributes�attr_oid�_s    r%�_reject_duplicate_attributer:Gs.��%�E���!�Q��s�?��C�D�D�Er&c��|j�=|j�}|r|ntj�}|j	d��|z
S|S)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)�tzinfo)r<�	utcoffset�datetime�	timedelta�replace)�time�offsets  r%�_convert_to_naive_utc_timerCSsG���{�{�����!��!��x�'9�'9�';���|�|�4�|�(�6�1�1��r&c��eZdZejj
f							dd�Zed	d��Zed
d��Zdd�Z	dd�Z
d
d�Zy)�	Attributec�.�||_||_||_yr)�_oid�_value�_type)r"r!�valuerIs    r%r zAttribute.__init__bs����	������
r&c��|jSr)rG�r"s r%r!z
Attribute.oidls���y�y�r&c��|jSr)rHrLs r%rJzAttribute.valueps���{�{�r&c�<�d|j�d|j�d�S)Nz<Attribute(oid=z, value=�)>)r!rJrLs r%�__repr__zAttribute.__repr__ts�� ����
�(�4�:�:�.��C�Cr&c���t|t�stS|j|jk(xr4|j|jk(xr|j
|j
k(Sr)�
isinstancerE�NotImplementedr!rJrI�r"�others  r%�__eq__zAttribute.__eq__wsS���%��+�!�!�
�H�H��	�	�!�
*��
�
�e�k�k�)�
*��
�
�e�k�k�)�	
r&c�Z�t|j|j|jf�Sr)�hashr!rJrIrLs r%�__hash__zAttribute.__hash__�s ���T�X�X�t�z�z�4�:�:�6�7�7r&N)r!rrJ�bytesrI�intr(r)�r(r�r(rZ�r(r'�rU�objectr(�bool�r(r[)r+r,r-r�
UTF8StringrJr �propertyr!rPrVrY�r&r%rErEasv��
�)�)�/�/�	�
�����	�

����������D�
�8r&rEc�D�eZdZ				dd�Zed�\ZZZdd�Zdd�Z	y)	�
Attributesc�$�t|�|_yr)�list�_attributes)r"r7s  r%r zAttributes.__init__�s�� �
�+��r&rjc�"�d|j�d�S)Nz<Attributes(rO)rjrLs r%rPzAttributes.__repr__�s���d�.�.�/�r�2�2r&c�V�|D]}|j|k(s�|cStd|�d�|��)NzNo z attribute was found)r!r)r"r!�attrs   r%�get_attribute_for_oidz Attributes.get_attribute_for_oid�s:���	�D��x�x�3����	� �#�c�U�*>� ?��E�Er&N)r7ztyping.Iterable[Attribute]r(r)r^)r!rr(rE)
r+r,r-r r�__len__�__iter__�__getitem__rPrnrer&r%rgrg�s7��,�.�,�
�,�&<�M�%J�"�G�X�{�3�Fr&rgc��eZdZdZdZy)�Versionr�N)r+r,r-�v1�v3rer&r%rsrs�s��	
�B�	
�Br&rsc� ��eZdZd�fd�Z�xZS)�InvalidVersionc�2��t�|�|�||_yr)rr �parsed_version)r"r#rzr$s   �r%r zInvalidVersion.__init__�s���
�����,��r&)r#r'rzr[r(r)r*r/s@r%rxrx�s
���-�-r&rxc�h�eZdZejdd��Zeejdd���Zeejdd���Zejdd��Z	eejdd���Z
eejdd���Zeejdd���Zeejdd���Z
eej		dd	���Zeejdd
���Zeej		dd���Zeejdd���Zeejdd
���Zeejdd���Zeejdd���Zejd d��Zejdd��Zejd!d��Zejd"d��Zy)#�Certificatec��y�z4
        Returns bytes using digest passed.
        Nre�r"�	algorithms  r%�fingerprintzCertificate.fingerprint���r&c��y)z3
        Returns certificate serial number
        NrerLs r%�
serial_numberzCertificate.serial_number�r�r&c��y)z1
        Returns the certificate version
        NrerLs r%�versionzCertificate.version�r�r&c��y�z(
        Returns the public key
        NrerLs r%�
public_keyzCertificate.public_key�r�r&c��y)z?
        Not before time (represented as UTC datetime)
        NrerLs r%�not_valid_beforezCertificate.not_valid_before�r�r&c��y)z>
        Not after time (represented as UTC datetime)
        NrerLs r%�not_valid_afterzCertificate.not_valid_after�r�r&c��y)z1
        Returns the issuer name object.
        NrerLs r%�issuerzCertificate.issuer�r�r&c��y�z2
        Returns the subject name object.
        NrerLs r%�subjectzCertificate.subject�r�r&c��y�zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        NrerLs r%�signature_hash_algorithmz$Certificate.signature_hash_algorithm�r�r&c��y�zJ
        Returns the ObjectIdentifier of the signature algorithm.
        NrerLs r%�signature_algorithm_oidz#Certificate.signature_algorithm_oid�r�r&c��y)z=
        Returns the signature algorithm parameters.
        NrerLs r%�signature_algorithm_parametersz*Certificate.signature_algorithm_parameters�r�r&c��y)z/
        Returns an Extensions object.
        NrerLs r%r3zCertificate.extensions�r�r&c��y�z.
        Returns the signature bytes.
        NrerLs r%�	signaturezCertificate.signature�r�r&c��y)zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        NrerLs r%�tbs_certificate_bytesz!Certificate.tbs_certificate_bytesr�r&c��y)zh
        Returns the tbsCertificate payload bytes with the SCT list extension
        stripped.
        NrerLs r%�tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytes
r�r&c��y�z"
        Checks equality.
        NrerTs  r%rVzCertificate.__eq__r�r&c��y�z"
        Computes a hash.
        NrerLs r%rYzCertificate.__hash__r�r&c��y)zB
        Serializes the certificate to PEM or DER format.
        Nre�r"�encodings  r%�public_byteszCertificate.public_bytesr�r&c��y)z�
        This method verifies that certificate issuer name matches the
        issuer subject name and that the certificate is signed by the
        issuer's private key. No other validation is performed.
        Nre)r"r�s  r%�verify_directly_issued_byz%Certificate.verify_directly_issued_by$r�r&N�r�zhashes.HashAlgorithmr(rZrb)r(rs�r(r�r(�datetime.datetime�r(r�r(z%typing.Optional[hashes.HashAlgorithm]r\)r(z;typing.Union[None, padding.PSS, padding.PKCS1v15, ec.ECDSA]�r(rr]r_�r�zserialization.Encodingr(rZ)r�r|r(r))r+r,r-�abc�abstractmethodr�rdr�r�r�r�r�r�r�r�r�r�r3r�r�r�rVrYr�r�rer&r%r|r|�sf��������
��������
��������
	������
��������
��������
��������
��������
�����	.�������������
�����	D�������������
��������
��������
��������	������
	������
	������
	�����r&r|)�	metaclassc��eZdZeej
dd���Zeej
dd���Zeej
dd���Zy)�RevokedCertificatec��y)zG
        Returns the serial number of the revoked certificate.
        NrerLs r%r�z RevokedCertificate.serial_number2r�r&c��y)zH
        Returns the date of when this certificate was revoked.
        NrerLs r%�revocation_datez"RevokedCertificate.revocation_date9r�r&c��y)zW
        Returns an Extensions object containing a list of Revoked extensions.
        NrerLs r%r3zRevokedCertificate.extensions@r�r&Nrbr�r�)	r+r,r-rdr�r�r�r�r3rer&r%r�r�1sf��
��������
��������
�������r&r�c�V�eZdZ						dd�Zedd��Zedd��Zed	d��Zy)
�_RawRevokedCertificatec�.�||_||_||_yr��_serial_number�_revocation_date�_extensions�r"r�r�r3s    r%r z_RawRevokedCertificate.__init__M���,��� /���%��r&c��|jSr)r�rLs r%r�z$_RawRevokedCertificate.serial_numberWs���"�"�"r&c��|jSr)r�rLs r%r�z&_RawRevokedCertificate.revocation_date[s���$�$�$r&c��|jSr)r�rLs r%r3z!_RawRevokedCertificate.extensions_s�����r&N)r�r[r�r�r3rrbr�r�)r+r,r-r rdr�r�r3rer&r%r�r�Ls_��&��&�+�&��	&��#��#��%��%�� �� r&r�c�$�eZdZejdd��Zejdd��Zej				dd��Zeej		dd���Z	eejdd���Z
eejdd���Zeejdd���Zeejdd���Z
eejdd	���Zeejdd
���Zeejdd���Zejdd��Zejdd
��Zej(d d��Zej(d!d��Zej				d"d��Zejd#d��Zej				d$d��Zy)%�CertificateRevocationListc��y)z:
        Serializes the CRL to PEM or DER format.
        Nrer�s  r%r�z&CertificateRevocationList.public_byteser�r&c��yr~rers  r%r�z%CertificateRevocationList.fingerprintkr�r&c��y)zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nre)r"r�s  r%�(get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_numberqr�r&c��yr�rerLs r%r�z2CertificateRevocationList.signature_hash_algorithmzr�r&c��yr�rerLs r%r�z1CertificateRevocationList.signature_algorithm_oid�r�r&c��y)zC
        Returns the X509Name with the issuer of this CRL.
        NrerLs r%r�z CertificateRevocationList.issuer�r�r&c��y)z?
        Returns the date of next update for this CRL.
        NrerLs r%�next_updatez%CertificateRevocationList.next_update�r�r&c��y)z?
        Returns the date of last update for this CRL.
        NrerLs r%�last_updatez%CertificateRevocationList.last_update�r�r&c��y)zS
        Returns an Extensions object containing a list of CRL extensions.
        NrerLs r%r3z$CertificateRevocationList.extensions�r�r&c��yr�rerLs r%r�z#CertificateRevocationList.signature�r�r&c��y)zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        NrerLs r%�tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytes�r�r&c��yr�rerTs  r%rVz CertificateRevocationList.__eq__�r�r&c��y)z<
        Number of revoked certificates in the CRL.
        NrerLs r%roz!CertificateRevocationList.__len__�r�r&c��yrre�r"�idxs  r%rqz%CertificateRevocationList.__getitem__����r&c��yrrer�s  r%rqz%CertificateRevocationList.__getitem__�r�r&c��y)zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nrer�s  r%rqz%CertificateRevocationList.__getitem__�r�r&c��y)z8
        Iterator over the revoked certificates
        NrerLs r%rpz"CertificateRevocationList.__iter__�r�r&c��y)zQ
        Verifies signature of revocation list against given public key.
        Nre)r"r�s  r%�is_signature_validz,CertificateRevocationList.is_signature_valid�r�r&Nr�r�)r�r[r(z#typing.Optional[RevokedCertificate]r�r\r�)r(�"typing.Optional[datetime.datetime]r�r�r]r_rb)r�r[r(r�)r��slicer(�typing.List[RevokedCertificate])r�ztyping.Union[int, slice]r(zAtyping.Union[RevokedCertificate, typing.List[RevokedCertificate]])r(z#typing.Iterator[RevokedCertificate])r�rr(ra)r+r,r-r�r�r�r�r�rdr�r�r�r�r�r3r�r�rVro�typing�overloadrqrpr�rer&r%r�r�dsH��������
	������
	���� ��	,���������	.�������������
��������
��������
��������
��������
��������
��������
	������
	������
�_�_�����_�_����	����+��	J����	������
	����9��	
���r&r�c�N�eZdZejdd��Zejdd��Zejdd��Zeejdd���Z	eej		dd���Z
eejdd���Zeejdd���Zeejdd���Z
ejdd	��Zeejdd
���Zeejdd���Zeejdd���Zejdd
��Zy)�CertificateSigningRequestc��yr�rerTs  r%rVz CertificateSigningRequest.__eq__�r�r&c��yr�rerLs r%rYz"CertificateSigningRequest.__hash__�r�r&c��yr�rerLs r%r�z$CertificateSigningRequest.public_key�r�r&c��yr�rerLs r%r�z!CertificateSigningRequest.subject�r�r&c��yr�rerLs r%r�z2CertificateSigningRequest.signature_hash_algorithm�r�r&c��yr�rerLs r%r�z1CertificateSigningRequest.signature_algorithm_oidr�r&c��y)z@
        Returns the extensions in the signing request.
        NrerLs r%r3z$CertificateSigningRequest.extensionsr�r&c��y)z/
        Returns an Attributes object.
        NrerLs r%r7z$CertificateSigningRequest.attributesr�r&c��y)z;
        Encodes the request to PEM or DER format.
        Nrer�s  r%r�z&CertificateSigningRequest.public_bytesr�r&c��yr�rerLs r%r�z#CertificateSigningRequest.signature"r�r&c��y)zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        NrerLs r%�tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytes)r�r&c��y)z8
        Verifies signature of signing request.
        NrerLs r%r�z,CertificateSigningRequest.is_signature_valid1r�r&c��y)z:
        Get the attribute value for a given OID.
        Nre)r"r!s  r%rnz/CertificateSigningRequest.get_attribute_for_oid8r�r&Nr_rbr�r�r�r\r�)r(rgr�r])r(ra)r!rr(rZ)r+r,r-r�r�rVrYr�rdr�r�r�r3r7r�r�r�r�rnrer&r%r�r��s���������
	������
	������
��������
�����	.�������������
��������
��������
	������
��������
����������������
	�����r&r�c�,�tj|�Sr)�	rust_x509�load_pem_x509_certificate��data�backends  r%r�r�D����.�.�t�4�4r&c�,�tj|�Sr)r��load_pem_x509_certificates)r�s r%rrJs���/�/��5�5r&c�,�tj|�Sr)r��load_der_x509_certificater�s  r%rrOrr&c�,�tj|�Sr)r��load_pem_x509_csrr�s  r%rrV����&�&�t�,�,r&c�,�tj|�Sr)r��load_der_x509_csrr�s  r%r
r
]rr&c�,�tj|�Sr)r��load_pem_x509_crlr�s  r%rrdrr&c�,�tj|�Sr)r��load_der_x509_crlr�s  r%rrkrr&c�x�eZdZdggf					dd�Zd	d�Z						d
d�Zdd�							dd�Z	d							d
d�Zy)� CertificateSigningRequestBuilderNc�.�||_||_||_y)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_namer�rj)r"�subject_namer3r7s    r%r z)CertificateSigningRequestBuilder.__init__rs��*���%���%��r&c��t|t�std��|j�t	d��t||j|j�S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.�&The subject name may only be set once.)rRr�	TypeErrorrr1rr�rj�r"�names  r%rz-CertificateSigningRequestBuilder.subject_name�sR���$��%��9�:�:����)��E�F�F�/��$�"�"�D�$4�$4�
�	
r&c���t|t�std��t|j||�}t||j�t|j|j|gz|j�S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rRrrrr!r5r�rrrj�r"�extval�criticalr2s    r%�
add_extensionz.CertificateSigningRequestBuilder.add_extension�sk���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/�������	�{�*����
�	
r&)�_tagc�Z�t|t�std��t|t�std��|�t|t�std��t||j�|�
|j}nd}t|j|j|j|||fgz�S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)rRrrrZrr:rjrJrrr�)r"r!rJr �tags     r%�
add_attributez.CertificateSigningRequestBuilder.add_attribute�s����#�/�0��=�>�>��%��'��1�2�2���J�t�Y�$?��3�4�4�#�C��)9�)9�:����*�*�C��C�/�����������e�S� 1�2�2�
�	
r&c�^�|j�td��tj|||�S)zF
        Signs the request using the requestor's private key.
        z/A CertificateSigningRequest must have a subject)rr1r��create_x509_csr�r"�private_keyr�rs    r%�signz%CertificateSigningRequestBuilder.sign�s1�����%��N�O�O��(�(��{�I�F�Fr&)r�typing.Optional[Name]r3�%typing.List[Extension[ExtensionType]]r7�Htyping.List[typing.Tuple[ObjectIdentifier, bytes, typing.Optional[int]]])rrr(r)rrrrar(r)r!rrJrZr ztyping.Optional[_ASN1Type]r(rr)r'rr��"typing.Optional[_AllowedHashTypes]r�
typing.Anyr(r�)r+r,r-r rrr#r(rer&r%rrqs���/3�<>�
�

&�+�
&�:�
&�
�	
&�

�
�#�
�/3�
�	)�
�.,0�
�
�
��
�
)�
�
*�

�H#�	G�5�G�6�G��	G�

#�Gr&rc��eZdZUded<ddddddgf															dd�Zdd�Zdd�Z				dd�Zdd�Zdd	�Z	dd
�Z
						dd�Z	ddd�									dd
�Zy)�CertificateBuilderr*r�Nc��tj|_||_||_||_||_||_||_||_	yr)
rsrv�_version�_issuer_namer�_public_keyr��_not_valid_before�_not_valid_afterr�)r"�issuer_namerr�r�r�r�r3s        r%r zCertificateBuilder.__init__�sG�� �
�
��
�'���)���%���+���!1��� /���%��r&c	��t|t�std��|j�t	d��t||j|j|j|j|j|j�S)z3
        Sets the CA's distinguished name.
        r�%The issuer name may only be set once.)rRrrr2r1r/rr3r�r4r5r�rs  r%r6zCertificateBuilder.issuer_name�sx���$��%��9�:�:����(��D�E�E�!������������"�"��!�!����
�	
r&c	��t|t�std��|j�t	d��t|j||j|j|j|j|j�S)z:
        Sets the requestor's distinguished name.
        rr)rRrrrr1r/r2r3r�r4r5r�rs  r%rzCertificateBuilder.subject_name�sx���$��%��9�:�:����)��E�F�F�!������������"�"��!�!����
�	
r&c
���t|tjtjt
jtjtjtjtjf�std��|j �t#d��t%|j&|j(||j*|j,|j.|j0�S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)rRr�DSAPublicKeyr
�RSAPublicKeyr	�EllipticCurvePublicKeyr�Ed25519PublicKeyr
�Ed448PublicKeyr�X25519PublicKeyr�
X448PublicKeyrr3r1r/r2rr�r4r5r�)r"�keys  r%r�zCertificateBuilder.public_keys������ � �� � ��)�)��(�(��$�$��&�&��"�"�
�
��!��
����'��C�D�D�!������������"�"��!�!����
�	
r&c	�\�t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
|j|j|j||j|j|j�S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rRr[rr�r1�
bit_lengthr/r2rr3r4r5r��r"�numbers  r%r�z CertificateBuilder.serial_number,s����&�#�&��E�F�F����*��F�G�G��Q�;��D�E�E�����#�%��H��
�"������������"�"��!�!����
�	
r&c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j|j|j|j||j|j�S)z7
        Sets the certificate activation time.
        �Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rRr>rr4r1rC�_EARLIEST_UTC_TIMEr5r/r2rr3r�r��r"rAs  r%r�z#CertificateBuilder.not_valid_beforeGs����$�� 1� 1�2��8�9�9��!�!�-��I�J�J�)�$�/���$�$��$��
�� � �,���8M�8M�1M����
�"���������������!�!����
�	
r&c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j|j|j|j||j�S)z7
        Sets the certificate expiration time.
        rLz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rRr>rr5r1rCrMr4r/r2rr3r�r�rNs  r%r�z"CertificateBuilder.not_valid_afterds����$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��#��
�

�"�"�.��t�-�-�-����
�"��������������"�"�����
�	
r&c
�H�t|t�std��t|j||�}t||j�t|j|j|j|j|j|j|j|gz�S)z=
        Adds an X.509 extension to the certificate.
        r)rRrrrr!r5r�r/r2rr3r�r4r5rs    r%rz CertificateBuilder.add_extension�s����&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�!��������������"�"��!�!����	�{�*�
�	
r&)�rsa_paddingc��|j�td��|j�td��|j�td��|j�td��|j
�td��|j�td��|�Zt|tjtjf�std��t|tj�std��tj||||�S)	zC
        Signs the certificate using the CA's private key.
        z&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public keyzPadding must be PSS or PKCS1v15z&Padding is only supported for RSA keys)rr1r2r�r4r5r3rRr�PSS�PKCS1v15rr
�
RSAPrivateKeyr��create_x509_certificate)r"r'r�rrQs     r%r(zCertificateBuilder.sign�s������%��E�F�F����$��E�F�F����&��F�G�G��!�!�)��N�O�O�� � �(��M�N�N����#��C�D�D��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��0�0��+�y�+�
�	
r&)r6r)rr)r�z*typing.Optional[CertificatePublicKeyTypes]r��typing.Optional[int]r�r�r�r�r3r*r(r))rrr(r/)rBrr(r/)rJr[r(r/)rAr�r(r/)rrrrar(r/r)
r'rr�r,rr-rQz<typing.Optional[typing.Union[padding.PSS, padding.PKCS1v15]]r(r|)
r+r,r-�__annotations__r r6rr�r�r�r�rr(rer&r%r/r/�s��6�6�.2�.2�AE�.2�?C�>B�<>�&�*�&�,�&�?�	&�
,�&�=�
&�<�&�:�&�
�&�&
�$
�$#
�
&�#
�
�#
�J
�6
�:
�@
�#�
�/3�
�	�
�4#�	'
�
�'
�5�'
�6�'
��	'
�
�
'
�
�'
r&r/c��eZdZUded<ded<dddggf									d
d�Z				dd�Z				dd�Z				dd	�Z						dd
�Z				dd�Z		d							dd�Z
y)� CertificateRevocationListBuilderr*r�r��_revoked_certificatesNc�J�||_||_||_||_||_yr)r2�_last_update�_next_updater�r[)r"r6r�r�r3�revoked_certificatess      r%r z)CertificateRevocationListBuilder.__init__�s,��(���'���'���%���%9��"r&c���t|t�std��|j�t	d��t||j|j|j|j�S)Nrr8)
rRrrr2r1rZr]r^r�r[)r"r6s  r%r6z,CertificateRevocationListBuilder.issuer_name�sf���+�t�,��9�:�:����(��D�E�E�/������������&�&�
�	
r&c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j||j|j|j�S)NrL�!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rRr>rr]r1rCrMr^rZr2r�r[)r"r�s  r%r�z,CertificateRevocationListBuilder.last_update�s����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��M��
����(�[�4�;L�;L�-L��K��
�0������������&�&�
�	
r&c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j||j|j�S)NrLrbrcz8The next update date must be after the last update date.)rRr>rr^r1rCrMr]rZr2r�r[)r"r�s  r%r�z,CertificateRevocationListBuilder.next_update�s����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��M��
����(�[�4�;L�;L�-L��J��
�0������������&�&�
�	
r&c��t|t�std��t|j||�}t||j�t|j|j|j|j|gz|j�S)zM
        Adds an X.509 extension to the certificate revocation list.
        r)rRrrrr!r5r�rZr2r]r^r[rs    r%rz.CertificateRevocationListBuilder.add_extensions}���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/�������������	�{�*��&�&�
�	
r&c���t|t�std��t|j|j
|j|j|j|gz�S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rRr�rrZr2r]r^r�r[)r"�revoked_certificates  r%�add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificate(s_���-�/A�B��G�H�H�/��������������&�&�*=�)>�>�
�	
r&c��|j�td��|j�td��|j�td��t	j
|||�S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)r2r1r]r^r��create_x509_crlr&s    r%r(z%CertificateRevocationListBuilder.sign9sa�����$��=�>�>����$��A�B�B����$��A�B�B��(�(��{�I�F�Fr&)
r6r)r�r�r�r�r3r*r_r�)r6rr(rZ)r�r�r(rZ)r�r�r(rZ)rrrrar(rZ)rgr�r(rZr)r'rr�r,rr-r(r�)r+r,r-rXr r6r�r�rrhr(rer&r%rZrZ�s���6�6�:�:�.2�:>�:>�<>�@B�
:�*�:�8�:�8�	:�
:�:�>�
:�

��

�	)�

�
�,�
�	)�
�0
�,�
�	)�
�0
�#�
�/3�
�	)�
�&
�#5�
�	)�
�*#�	G�5�G�6�G��	G�

#�Gr&rZc�\�eZdZddgf					dd�Zdd�Z				d	d�Z						d
d�Zddd�Zy)
�RevokedCertificateBuilderNc�.�||_||_||_yrr�r�s    r%r z"RevokedCertificateBuilder.__init__Lr�r&c��t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
||j|j�S)NrDrErz$The serial number should be positiverFrG)	rRr[rr�r1rHrlr�r�rIs  r%r�z'RevokedCertificateBuilder.serial_numberVs����&�#�&��E�F�F����*��F�G�G��Q�;��C�D�D�����#�%��H��
�)��D�)�)�4�+;�+;�
�	
r&c��t|tj�std��|j�t	d��t|�}|tkrt	d��t|j||j�S)NrLz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rRr>rr�r1rCrMrlr�r�rNs  r%r�z)RevokedCertificateBuilder.revocation_datehs}���$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��L��
�)�����t�'7�'7�
�	
r&c���t|t�std��t|j||�}t||j�t|j|j|j|gz�S)Nr)
rRrrrr!r5r�rlr�r�rs    r%rz'RevokedCertificateBuilder.add_extensionxsk���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�(�����!�!����	�{�*�
�	
r&c���|j�td��|j�td��t|j|jt	|j
��S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r1r�r�rr�)r"rs  r%�buildzRevokedCertificateBuilder.build�se�����&��N�O�O�� � �(��C��
�&�����!�!��t�'�'�(�
�	
r&)r�rWr�r�r3r*)rJr[r(rl)rAr�r(rl)rrrrar(rlr)rr-r(r�)r+r,r-r r�r�rrrrer&r%rlrlKsj��/3�>B�<>�	&�+�&�<�&�:�	&�
�$
�%�
�	"�
� 
�#�
�/3�
�	"�
�
r&rlc�Z�tjtjd�d�dz	S)N��bigr)r[�
from_bytes�os�urandomrer&r%�random_serial_numberry�s ���>�>�"�*�*�R�.�%�0�A�5�5r&)r2zExtension[ExtensionType]r3r*r(r))r!rr7r+r(r))rAr�r(r�r)r�rZrr-r(r|)r�rZr(ztyping.List[Certificate])r�rZrr-r(r�)r�rZrr-r(r�rb)M�
__future__rr�r>rwr��cryptographyr�"cryptography.hazmat.bindings._rustrr��cryptography.hazmat.primitivesrr�)cryptography.hazmat.primitives.asymmetricrr	r
rrr
rr�/cryptography.hazmat.primitives.asymmetric.typesrrr�cryptography.x509.extensionsrrrr�cryptography.x509.namerr�cryptography.x509.oidrrM�Union�SHA224�SHA256�SHA384�SHA512�SHA3_224�SHA3_256�SHA3_384�SHA3_512�_AllowedHashTypes�	Exceptionrr5r:rCrErg�Enumrsrx�ABCMetar|�registerr�r�r�r�r�rrrr
rrrr/rZrlryrer&r%�<module>r�s���
#�
��	�
��@�@�	�	�	���
��3�2�&�X�&�&�t�Q��2���L�L�
�M�M�
�M�M�
�M�M�
�M�M�
�O�O�
�O�O�
�O�O�
�O�O��	���	��E�'�E�5�E�
�E�	E�	�	E��	E�

�	E��!8�!8�HF�F�(�e�j�j��
-�Y�-�F�C�K�K�F�T���Y�*�*�+��3�;�;��0���I�8�8�9� �/� �0y�#�+�+�y�x�"�"�9�#F�#F�G�Y�#�+�+�Y�z�"�"�9�#F�#F�G�
(,�5�
�5�$�5��5�6�(,�5�
�5�$�5��5�(,�-�
�-�$�-��-�(,�-�
�-�$�-��-�(,�-�
�-�$�-��-�(,�-�
�-�$�-��-�YG�YG�xt
�t
�nDG�DG�NF
�F
�R6r&

Zerion Mini Shell 1.0