2ie ddlmZddlZddlZddlZddlmZddlmZddl m Z ddl m Z ddlmZmZmZmZmZmZmZmZddlmZmZdd lmZmZmZdd lmZm Z dd l!m"Z"ejd d d Z#ejHe jJe jLe jNe jPe jRe jTe jVe jXfZ-Gdde.Z/ d$dZ0 d%dZ1d&dZ2GddZ3GddZ4GddejjZ6Gdde.Z7e jpZ8e jrZ9e jtZ:e jvZ;e jxZe j~Z?e jZ@e jZAe jZBGddZCGddZDGdd ZEGd!d"ZFd'd#ZGy)() annotationsN)Iterable)utils)x509)hashes)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificatePublicKeyTypes) Extension ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric eZdZdfd ZxZS)AttributeNotFoundc2t||||_yN)super__init__oid)selfmsgr __class__s L/var/www/html/qr/venv/lib/python3.12/site-packages/cryptography/x509/base.pyrzAttributeNotFound.__init__6s )r!strrrreturnNone__name__ __module__ __qualname__r __classcell__r"s@r#rr5s r$rcZ|D]&}|j|jk(stdy)Nz$This extension has already been set.)r ValueError) extension extensionses r#_reject_duplicate_extensionr3;s1 E 55IMM !CD DEr$c:|D]\}}}||k(s tdy)Nz$This attribute has already been set.)r/)r attributesattr_oid_s r#_reject_duplicate_attributer8Es. %E!Q s?CD DEr$c|j=|j}|r|ntj}|j d|z S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. N)tzinfo)r: utcoffsetdatetime timedeltareplace)timeoffsets r#_convert_to_naive_utc_timerAOsG  {{!!x'9'9';||4|(611 r$ceZdZejj f ddZed dZed dZd dZ d dZ d dZ y) Attributec.||_||_||_yr)_oid_value_type)r rvaluerGs r#rzAttribute.__init__^s    r$c|jSr)rEr s r#rz Attribute.oidhs yyr$c|jSr)rFrJs r#rHzAttribute.valuels {{r$c<d|jd|jdS)Nz)rrHrJs r#__repr__zAttribute.__repr__ps  (4::.CCr$ct|tstS|j|jk(xr4|j|jk(xr|j |j k(Sr) isinstancerCNotImplementedrrHrG)r others r#__eq__zAttribute.__eq__ssS%+! ! HH ! * ekk) * ekk) r$cZt|j|j|jfSr)hashrrHrGrJs r#__hash__zAttribute.__hash__}s TXXtzz4::677r$N)rrrHbytesrGintr&r')r&r)r&rWr&r%)rRobjectr&boolr&rX) r)r*r+r UTF8StringrHrpropertyrrNrSrVr$r#rCrC]sv ))//     D 8r$rCcDeZdZ ddZed\ZZZddZddZ y) Attributesc$t||_yr)list _attributes)r r5s r#rzAttributes.__init__s +r$rdc"d|jdS)Nz ?EEr$N)r5zIterable[Attribute]r&r'rY)rrr&rC) r)r*r+rr__len____iter__ __getitem__rNrhr_r$r#raras7,', , & >%'12 2  JtY$?34 4#C)9)9:  **CC/       2d 2eS 1 2  r$ rsa_paddingecdsa_deterministicch|j td|Zt|tjtj fs t dt|tjs t d|%t|tjs t dtj|||||S)zF Signs the request using the requestor's private key. z/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys1Deterministic ECDSA is only supported for EC keys) rxr/rPr PSSPKCS1v15r~r RSAPrivateKeyr EllipticCurvePrivateKey rust_x509create_x509_csrr private_key algorithmbackendrrs r#signz%CertificateSigningRequestBuilder.signs    %NO O  "kGKK9I9I+JK ABBk3+<+<= HII  *k2+E+EFG((        r$)rz Name | Noner1list[Extension[ExtensionType]]r50list[tuple[ObjectIdentifier, bytes, int | None]])rrr&rv)rrrr[r&rv)rrrHrWrz_ASN1Type | Noner&rvr) rrr_AllowedHashTypes | Noner typing.Anyr%padding.PSS | padding.PKCS1v15 | Noner bool | Noner&CertificateSigningRequest)r)r*r+rrzrrrr_r$r#rvrvs%)57GI &! &3 &E &   # /3 ) ."&      *  H# ! >B+/! 5! ,!  ! ; ! )!  #! r$rvceZdZUded<ddddddgf ddZddZddZ ddZddZdd Z dd Z dd Z dddd  dd Z y)CertificateBuilderrryNctj|_||_||_||_||_||_||_||_ yr) rmrp_version _issuer_namerx _public_key_serial_number_not_valid_before_not_valid_afterry)r issuer_namerz public_key serial_numbernot_valid_beforenot_valid_afterr1s r#rzCertificateBuilder.__init__'sG  ')%+!1 /%r$c t|ts td|j t dt ||j |j|j|j|j|jS)z3 Sets the CA's distinguished name. r|%The issuer name may only be set once.) rPrr~rr/rrxrrrrryrs r#rzCertificateBuilder.issuer_name:sx$%9: :    (DE E!            " "  ! !     r$c t|ts td|j t dt |j ||j|j|j|j|jS)z: Sets the requestor's distinguished name. r|r}) rPrr~rxr/rrrrrrryrs r#rzzCertificateBuilder.subject_nameLsx$%9: :    )EF F!            " "  ! !     r$c t|tjtjt j tjtjtjtjfs td|j t#dt%|j&|j(||j*|j,|j.|j0S)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)rPr DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyrX25519PublicKeyr X448PublicKeyr~rr/rrrxrrrry)r keys r#rzCertificateBuilder.public_key^s     ))(($$&&""   !     'CD D!            " "  ! !     r$c \t|ts td|j t d|dkr t d|j dk\r t dt |j|j|j||j|j|jS)z5 Sets the certificate serial number. 'Serial number must be of integral type.'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) rPrXr~rr/ bit_lengthrrrxrrrryr numbers r#rz CertificateBuilder.serial_numbers&#&EF F    *FG G Q;DE E    # %E "            " "  ! !     r$c t|tjs td|j t dt |}|t kr t d|j||jkDr t dt|j|j|j|j||j|jS)z7 Sets the certificate activation time. Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rPr<r~rr/rA_EARLIEST_UTC_TIMErrrrxrrryr r?s r#rz#CertificateBuilder.not_valid_befores$ 1 1289 9  ! ! -IJ J)$/ $ $$   ,8M8M1M "               ! !     r$c t|tjs td|j t dt |}|t kr t d|j||jkr t dt|j|j|j|j|j||jS)z7 Sets the certificate expiration time. rz)The not valid after may only be set once.z # /3  4# 0 >B+/0 50 ,0  0 ; 0 )0  0 r$rceZdZUded<ded<dddggf ddZ ddZ ddZ dd Z dd Z dd Z dddd  dd Z y) CertificateRevocationListBuilderrrylist[RevokedCertificate]_revoked_certificatesNcJ||_||_||_||_||_yr)r _last_update _next_updateryr)r r last_update next_updater1revoked_certificatess r#rz)CertificateRevocationListBuilder.__init__'s,(''%%9"r$ct|ts td|j t dt ||j |j|j|jS)Nr|r) rPrr~rr/rrrryr)r rs r#rz,CertificateRevocationListBuilder.issuer_name5sf+t,9: :    (DE E/            & &   r$crt|tjs td|j t dt |}|t kr t d|j||jkDr t dt|j||j|j|jS)Nr!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) rPr<r~rr/rArrrrryr)r rs r#rz,CertificateRevocationListBuilder.last_updateDs+x'8'8989 9    (@A A0= + +J     ([4;L;L-LK 0            & &   r$crt|tjs td|j t dt |}|t kr t d|j||jkr t dt|j|j||j|jS)Nrrrz8The next update date must be after the last update date.) rPr<r~rr/rArrrrryr)r rs r#rz,CertificateRevocationListBuilder.next_update\s+x'8'8989 9    (@A A0= + +J     ([4;L;L-LJ 0            & &   r$ct|ts tdt|j||}t ||j t|j|j|jg|j ||jS)zM Adds an X.509 extension to the certificate revocation list. r) rPrr~rrr3ryrrrrrrs r#rz.CertificateRevocationListBuilder.add_extensionts &-0@A Afjj(F; #It/?/?@/          *d * *  & &   r$ct|ts tdt|j|j |j |jg|j|S)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) rPRevokedCertificater~rrrrryr)r revoked_certificates r#add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificatesa -/ABGH H/             >d(( >*= >   r$rc|j td|j td|j td|Zt |t j t jfs tdt |tjs td|%t |tjs tdtj|||||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timerrr)rr/rrrPr rrr~r rr rrcreate_x509_crlrs r#rz%CertificateRevocationListBuilder.signs    $=> >    $AB B    $AB B  "kGKK9I9I+JK ABBk3+<+<= HII  *k2+E+EFG((        r$) rrrrrrr1rrr)rrr&r)rrr&r)rrr&r)rrrr[r&r)rrr&rr) rrrrrrrrrrr&CertificateRevocationList) r)r*r+rrrrrrrrr_r$r#rr#s//33$(0404579; :  :. :. : 3 : 7 :    )   , ) 0 , ) 0 # /3 ) & #5 ) *# $ >B+/$ 5$ ,$  $ ; $ )$  #$ r$rc\eZdZddgf ddZddZ d dZ d dZd d dZy) RevokedCertificateBuilderNc.||_||_||_yr)r_revocation_datery)r rrevocation_dater1s r#rz"RevokedCertificateBuilder.__init__s , /%r$ct|ts td|j t d|dkr t d|j dk\r t dt ||j|jS)Nrrrz$The serial number should be positiverr) rPrXr~rr/rrrryrs r#rz'RevokedCertificateBuilder.serial_numbers&#&EF F    *FG G Q;CD D    # %E ) D))4+;+;  r$ct|tjs td|j t dt |}|t kr t dt|j||jS)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rPr<r~rr/rArrrryrs r#rz)RevokedCertificateBuilder.revocation_dates}$ 1 1289 9  ,HI I)$/ $ $I )   t'7'7  r$ct|ts tdt|j||}t ||j t|j|jg|j |S)Nr) rPrr~rrr3ryrrrrs r#rz'RevokedCertificateBuilder.add_extensionsn&-0@A Afjj(F; #It/?/?@(     ! ! *d * *  r$c|j td|j tdtj|S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr/rrcreate_revoked_certificate)r rs r#buildzRevokedCertificateBuilder.buildsI    &NO O  (C 33D99r$)rrrrr1r)rrXr&r)r?rr&r)rrrr[r&rr)rrr&r)r)r*r+rrrrrr_r$r#rrsj%)4857 &!&2&3 & $ % "  #  /3  "  :r$rcZtjtjdddz S)Nbigr)rX from_bytesosurandomr_r$r#random_serial_numberrs >>"**R.% 0A 55r$)r0zExtension[ExtensionType]r1rr&r')rrr5rr&r')r?rr&rr\)H __future__rr<rtypingcollections.abcr cryptographyr"cryptography.hazmat.bindings._rustrrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricrr r r r r rr/cryptography.hazmat.primitives.asymmetric.typesrrcryptography.x509.extensionsrrrcryptography.x509.namerrcryptography.x509.oidrrUnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr3r8rArCraEnumrmrrrrrrload_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrvrrrrr_r$r#rs # $@1    32&X&&tQ2LL MM MM MM MM OO OO OO OO   E'E.E EE E@E E !8!8HFF( ejj -Y- ## 11&??%??&??%??&AA////////m m `| | ~Y Y xB:B:J6r$