F/ji ddlmZddlZddlZddlZddlmZddlmZddl m Z ddl m Z ddlmZmZmZmZmZmZmZmZmZddlmZmZdd lmZmZmZdd lm Z m!Z!dd l"m#Z#ejd d d Z$ejJe jLe jNe jPe jRe jTe jVe jXe jZfZ.Gdde/Z0 d$dZ1 d%dZ2d&dZ3GddZ4GddZ5GddejlZ7Gdde/Z8e jrZ9e jtZ:e jvZ;e jxZe j~Z?e jZ@e jZAe jZBe jZCGddZDGddZEGdd ZFGd!d"ZGd'd#ZHy)() annotationsN)Iterable)utils)x509)hashes) dsaeced448ed25519mldsapaddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificatePublicKeyTypes) Extension ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric eZdZdfd ZxZS)AttributeNotFoundc2t||||_yN)super__init__oid)selfmsgr __class__s T/var/www/html/maxservice/venv/lib/python3.12/site-packages/cryptography/x509/base.pyrzAttributeNotFound.__init__7s )r"strr rreturnNone__name__ __module__ __qualname__r __classcell__r#s@r$rr6s r%rcZ|D]&}|j|jk(stdy)Nz$This extension has already been set.)r ValueError) extension extensionses r$_reject_duplicate_extensionr4<s1 E 55IMM !CD DEr%c:|D]\}}}||k(s tdy)Nz$This attribute has already been set.)r0)r attributesattr_oid_s r$_reject_duplicate_attributer9Fs. %E!Q s?CD DEr%c|j=|j}|r|ntj}|j d|z S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. N)tzinfo)r; utcoffsetdatetime timedeltareplace)timeoffsets r$_convert_to_naive_utc_timerBPsG  {{!!x'9'9';||4|(611 r%ceZdZejj f ddZed dZed dZd dZ d dZ d dZ y) Attributec.||_||_||_yr)_oid_value_type)r!r valuerHs r$rzAttribute.__init___s    r%c|jSr)rFr!s r$r z Attribute.oidis yyr%c|jSr)rGrKs r$rIzAttribute.valuems {{r%c<d|jd|jdS)Nz)r rIrKs r$__repr__zAttribute.__repr__qs  (4::.CCr%ct|tstS|j|jk(xr4|j|jk(xr|j |j k(Sr) isinstancerDNotImplementedr rIrH)r!others r$__eq__zAttribute.__eq__tsS%+! ! HH ! * ekk) * ekk) r%cZt|j|j|jfSr)hashr rIrHrKs r$__hash__zAttribute.__hash__~s TXXtzz4::677r%N)r rrIbytesrHintr'r()r'r)r'rXr'r&)rSobjectr'boolr'rY) r*r+r,r UTF8StringrIrpropertyr rOrTrWr%r$rDrD^sv ))//     D 8r%rDcDeZdZ ddZed\ZZZddZddZ y) Attributesc$t||_yr)list _attributes)r!r6s r$rzAttributes.__init__s +r%rec"d|jdS)Nz ?EEr%N)r6zIterable[Attribute]r'r(rZ)r rr'rD) r*r+r,rr__len____iter__ __getitem__rOrir`r%r$rbrbs7,', , & >%'12 2  JtY$?34 4#C)9)9:  **CC/       2d 2eS 1 2  r% rsa_paddingecdsa_deterministicch|j td|Zt|tjtj fs t dt|tjs t d|%t|tjs t dtj|||||S)zF Signs the request using the requestor's private key. z/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys1Deterministic ECDSA is only supported for EC keys) ryr0rQr PSSPKCS1v15rr RSAPrivateKeyr EllipticCurvePrivateKey rust_x509create_x509_csrr! private_key algorithmbackendrrs r$signz%CertificateSigningRequestBuilder.signs    %NO O  "kGKK9I9I+JK ABBk3+<+<= HII  *k2+E+EFG((        r%)r{ Name | Noner2list[Extension[ExtensionType]]r60list[tuple[ObjectIdentifier, bytes, int | None]])rrr'rw)rrrr\r'rw)r rrIrXrz_ASN1Type | Noner'rwr) rrr_AllowedHashTypes | Noner typing.Anyr%padding.PSS | padding.PKCS1v15 | Noner bool | Noner'CertificateSigningRequest)r*r+r,rr{rrrr`r%r$rwrws%)57GI &! &3 &E &   # /3 ) ."&      *  H# ! >B+/! 5! ,!  ! ; ! )!  #! r%rwceZdZUded<ddddddgdf ddZddZddZdd ddZdd Zdd Z dd Z dd Z dddd  ddZ y)CertificateBuilderrrzNc tj|_||_||_||_||_||_||_||_ ||_ yr) rnrq_version _issuer_namery _public_key_serial_number_not_valid_before_not_valid_afterrz_public_key_rsa_padding) r! issuer_namer{ public_key serial_numbernot_valid_beforenot_valid_afterr2public_key_rsa_paddings r$rzCertificateBuilder.__init__(sO  ')%+!1 /%'=$r%c t|ts td|j t dt ||j |j|j|j|j|j|jS)z3 Sets the CA's distinguished name. r}%The issuer name may only be set once.) rQrrrr0rryrrrrrzrrs r$rzCertificateBuilder.issuer_name=s$%9: :    (DE E!            " "  ! !     ( (  r%c t|ts td|j t dt |j ||j|j|j|j|j|jS)z: Sets the requestor's distinguished name. r}r~) rQrrryr0rrrrrrrzrrs r$r{zCertificateBuilder.subject_namePs$%9: :    )EF F!            " "  ! !     ( (  r%)rc t|tjtjt j tjtjtjtjtjtj t"j$f s t'd|B|t(j*ur t'dt|tjs t'd|j, t/dt1|j2|j4||j6|j8|j:|j<|S)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, MLDSA44PublicKey, MLDSA65PublicKey, MLDSA87PublicKey, X25519PublicKey, or X448PublicKey.z2rsa_padding must be the PSS class, not an instancez2rsa_padding is only supported with RSA public keysz$The public key may only be set once.)rQr DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyr MLDSA44PublicKeyMLDSA65PublicKeyMLDSA87PublicKeyrX25519PublicKeyr X448PublicKeyrr rrr0rrryrrrrz)r!keyrs r$rzCertificateBuilder.public_keycs+     ))(($$&&&&&&&&""  !   "'++-Hc3#3#34H    'CD D!            " "  ! !      r%c rt|ts td|j t d|dkr t d|j dk\r t dt |j|j|j||j|j|j|jS)z5 Sets the certificate serial number. 'Serial number must be of integral type.'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.)rQrYrrr0 bit_lengthrrryrrrrzrr!numbers r$rz CertificateBuilder.serial_numbers&#&EF F    *FG G Q;DE E    # %E "            " "  ! !     ( (  r%c t|tjs td|j t dt |}|t kr t d|j||jkDr t dt|j|j|j|j||j|j|jS)z7 Sets the certificate activation time. Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rQr=rrr0rB_EARLIEST_UTC_TIMErrrryrrrzrr!r@s r$rz#CertificateBuilder.not_valid_befores$ 1 1289 9  ! ! -IJ J)$/ $ $$   ,8M8M1M "               ! !     ( (  r%c t|tjs td|j t dt |}|t kr t d|j||jkr t dt|j|j|j|j|j||j|jS)z7 Sets the certificate expiration time. rz)The not valid after may only be set once.z >">5 > " > 3 >2>3>!9> >* & .15 3 &3 . 3  3 j 8 < @ # /3  6# 0 >B+/0 50 ,0  0 ; 0 )0  0 r%rceZdZUded<ded<dddggf ddZ ddZ ddZ dd Z dd Z dd Z dddd  dd Z y) CertificateRevocationListBuilderrrzlist[RevokedCertificate]_revoked_certificatesNcJ||_||_||_||_||_yr)r _last_update _next_updaterzr)r!r last_update next_updater2revoked_certificatess r$rz)CertificateRevocationListBuilder.__init__@s,(''%%9"r%ct|ts td|j t dt ||j |j|j|jS)Nr}r) rQrrrr0rrrrzr)r!rs r$rz,CertificateRevocationListBuilder.issuer_nameNsf+t,9: :    (DE E/            & &   r%crt|tjs td|j t dt |}|t kr t d|j||jkDr t dt|j||j|j|jS)Nr!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) rQr=rrr0rBrrrrrzr)r!rs r$rz,CertificateRevocationListBuilder.last_update]s+x'8'8989 9    (@A A0= + +J     ([4;L;L-LK 0            & &   r%crt|tjs td|j t dt |}|t kr t d|j||jkr t dt|j|j||j|jS)Nrrrz8The next update date must be after the last update date.) rQr=rrr0rBrrrrrzr)r!rs r$rz,CertificateRevocationListBuilder.next_updateus+x'8'8989 9    (@A A0= + +J     ([4;L;L-LJ 0            & &   r%ct|ts tdt|j||}t ||j t|j|j|jg|j ||jS)zM Adds an X.509 extension to the certificate revocation list. r) rQrrrr r4rzrrrrrrs r$rz.CertificateRevocationListBuilder.add_extensions &-0@A Afjj(F; #It/?/?@/          *d * *  & &   r%ct|ts tdt|j|j |j |jg|j|S)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) rQRevokedCertificaterrrrrrzr)r!revoked_certificates r$add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificatesa -/ABGH H/             >d(( >*= >   r%rc|j td|j td|j td|Zt |t j t jfs tdt |tjs td|%t |tjs tdtj|||||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timerrr)rr0rrrQr rrrrrr rrcreate_x509_crlrs r$rz%CertificateRevocationListBuilder.signs    $=> >    $AB B    $AB B  "kGKK9I9I+JK ABBk3+<+<= HII  *k2+E+EFG((        r%) rrrrrrr2rrr)rrr'r)rrr'r)rrr'r)rrrr\r'r)rrr'rr) rrrrrrrrrrr'CertificateRevocationList) r*r+r,rrrrrrrrr`r%r$rr<s//33$(0404579; :  :. :. : 3 : 7 :    )   , ) 0 , ) 0 # /3 ) & #5 ) *# $ >B+/$ 5$ ,$  $ ; $ )$  #$ r%rc\eZdZddgf ddZddZ d dZ d dZd d dZy) RevokedCertificateBuilderNc.||_||_||_yr)r_revocation_daterz)r!rrevocation_dater2s r$rz"RevokedCertificateBuilder.__init__s , /%r%ct|ts td|j t d|dkr t d|j dk\r t dt ||j|jS)Nrrrz$The serial number should be positiverr) rQrYrrr0rrrrzrs r$rz'RevokedCertificateBuilder.serial_numbers&#&EF F    *FG G Q;CD D    # %E ) D))4+;+;  r%ct|tjs td|j t dt |}|t kr t dt|j||jS)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rQr=rrr0rBrrrrzrs r$rz)RevokedCertificateBuilder.revocation_dates}$ 1 1289 9  ,HI I)$/ $ $I )   t'7'7  r%ct|ts tdt|j||}t ||j t|j|jg|j |S)Nr) rQrrrr r4rzrrrrs r$rz'RevokedCertificateBuilder.add_extensionsn&-0@A Afjj(F; #It/?/?@(     ! ! *d * *  r%c|j td|j tdtj|S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr0rrcreate_revoked_certificate)r!rs r$buildzRevokedCertificateBuilder.buildsI    &NO O  (C 33D99r%)rrrrr2r)rrYr'r)r@rr'r)rrrr\r'rr)rrr'r)r*r+r,rrrrrr`r%r$rrsj%)4857 &!&2&3 & $ % "  #  /3  "  :r%rcZtjtjdddz S)Nbigr)rY from_bytesosurandomr`r%r$random_serial_numberrs >>"**R.% 0A 55r%)r1zExtension[ExtensionType]r2rr'r()r rr6rr'r()r@rr'rr])I __future__rr=rtypingcollections.abcr cryptographyr"cryptography.hazmat.bindings._rustrrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricrr r r r r rrr/cryptography.hazmat.primitives.asymmetric.typesrrcryptography.x509.extensionsrrrcryptography.x509.namerrcryptography.x509.oidrrUnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr4r9rBrDrbEnumrnrsrrrrload_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrwrrrrr`r%r$r"s # $@1    32&X&&tQ2LL MM MM MM MM OO OO OO OO   E'E.E EE E@E E !8!8HFF( ejj -Y- ## 11&??%??&??%??&AA////////m m `T T nY Y xB:B:J6r%