U g>@sXdZddlmZmZmZmZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZmZmZmZmZGdd d e ZGd d d eZGd d d eZGdddeZGdddeZ Gddde Z!GdddeZ"GdddeZ#GdddeZ$GdddeZ%GdddeZ&GdddeZ'Gd d!d!eZ(dS)"z ASN.1 type classes for certificate revocation lists (CRL). Exports the following items: - CertificateList() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_functionN)SignedDigestAlgorithm) Boolean EnumeratedGeneralizedTimeIntegerObjectIdentifierOctetBitStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntaxAuthorityKeyIdentifierCRLDistributionPointsDistributionPointName GeneralNamesName ReasonFlagsTimec@seZdZddddZdS)VersionZv1Zv2Zv3)rrN__name__ __module__ __qualname___mapr r 2/tmp/pip-unpacked-wheel-etcy_95o/asn1crypto/crl.pyr+src @sdeZdZdedddfdedddfd ed ddfd ed dd fdedddfdedddfgZdS)IssuingDistributionPointdistribution_pointrTexplicitoptionalZonly_contains_user_certsrF)implicitdefaultZonly_contains_ca_certsrZonly_some_reasons)r'r&Z indirect_crlZonly_contains_attribute_certsN)rrrrrr_fieldsr r r r!r"3sr"c@s eZdZddddddddZd S) TBSCertListExtensionIdissuer_alt_name crl_numberdelta_crl_indicatorissuing_distribution_pointauthority_key_identifier freshest_crlauthority_information_access)z 2.5.29.18z 2.5.29.20z 2.5.29.27z 2.5.29.28z 2.5.29.35z 2.5.29.46z1.3.6.1.5.5.7.1.1Nrr r r r!r->sr-c@s@eZdZdefdeddifdefgZdZee e e e e e dZdS) TBSCertListExtensionextn_idcriticalr(F extn_valuer6r8)r.r/r0r1r2r3r4N)rrrr-rrr, _oid_pairrr r"rrr _oid_specsr r r r!r5Js r5c@seZdZeZdS)TBSCertListExtensionsN)rrrr5 _child_specr r r r!r<]sr<c @s2eZdZddddddddd d d Zed d ZdS) CRLReason unspecifiedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdremove_from_crlprivilege_withdrawn aa_compromise) rrrr)r*r+ c Cs ddddddddd d d |jS) a :return: A unicode string with revocation description that is suitable to show to end-users. Starts with a lower case letter and phrased in such a way that it makes sense after the phrase "because of" or "due to". zan unspecified reasonza compromised keyzthe CA being compromisedzan affiliation changezcertificate supersessionza cessation of operationza certificate holdzremoval from the CRLzprivilege withdrawlzthe AA being compromised) r?r@rArBrCrDrErFrGrHnativeselfr r r!human_friendlyos  zCRLReason.human_friendlyN)rrrrpropertyrQr r r r!r>as r>c@seZdZdddddZdS)CRLEntryExtensionId crl_reasonhold_instruction_codeinvalidity_datecertificate_issuer)z 2.5.29.21z 2.5.29.23z 2.5.29.24z 2.5.29.29Nrr r r r!rSs rSc@s:eZdZdefdeddifdefgZdZee e e dZ dS) CRLEntryExtensionr6r7r(Fr8r9)rTrUrVrWN) rrrrSrrr,r:r>r r rr;r r r r!rXs rXc@seZdZeZdS)CRLEntryExtensionsN)rrrrXr=r r r r!rYsrYc@seZdZdefdefdeddifgZdZdZdZ dZ dZ dZ dd Z ed d Zed d ZeddZeddZeddZdS)RevokedCertificateZuser_certificateZrevocation_datecrl_entry_extensionsr&TFNcCsdt|_|dD]H}|dj}d|}t||rBt|||dj|djr|j|qd|_dS)v Sets common named extensions to private attributes and creates a list of critical extensions r[r6 _%s_valuer8r7TNset_critical_extensionsrNhasattrsetattrparsedadd_processed_extensionsrP extensionnameZattribute_namer r r!_set_extensionss    z"RevokedCertificate._set_extensionscCs|js||jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rerir`rOr r r!critical_extensionss z&RevokedCertificate.critical_extensionscCs|jdkr||jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)reri_crl_reason_valuerOr r r!crl_reason_values z#RevokedCertificate.crl_reason_valuecCs|jdkr||jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)reri_invalidity_date_valuerOr r r!invalidity_date_values z(RevokedCertificate.invalidity_date_valuecCs|jdkr||jS)a This extension indicates the issuer of the certificate in question, and is used in indirect CRLs. CRL entries without this extension are for certificates issued from the last seen issuer. :return: None or an x509.GeneralNames object F)reri_certificate_issuer_valuerOr r r!certificate_issuer_values z+RevokedCertificate.certificate_issuer_valuecCs>|jdkr8d|_|jr8|jD]}|jdkr|j|_q8q|jS)zi :return: None, or an asn1crypto.x509.Name object for the issuer of the cert FNZdirectory_name) _issuer_namerrrhchosen)rP general_namer r r! issuer_names   zRevokedCertificate.issuer_name)rrrr rrYr,rer`rmrorqrsrirRrlrnrprrrvr r r r!rZs*     rZc@seZdZeZdS)RevokedCertificatesN)rrrrZr=r r r r!rwsrwc @sTeZdZdeddifdefdefdefdeddifdeddifd ed dd fgZ d S) TbsCertListversionr&T signatureissuerZ this_updateZ next_updateZrevoked_certificatescrl_extensionsrr$N) rrrrrrrrwr<r,r r r r!rxs   rxc@seZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZddZedd Zed d Zed d ZeddZeddZeddZeddZeddZeddZeddZeddZ eddZ!ed d!Z"ed"d#Z#ed$d%Z$dS)&CertificateList tbs_cert_listZsignature_algorithmrzFNcCsht|_|ddD]H}|dj}d|}t||rFt|||dj|djr|j|qd|_dS) r\r~r|r6r]r8r7TNr^rfr r r!ri4s   zCertificateList._set_extensionscCs|js||jSrjrkrOr r r!rlFs z#CertificateList.critical_extensionscCs|jdkr||jS)z This extension allows associating one or more alternative names with the issuer of the CRL. :return: None or an x509.GeneralNames object F)reri_issuer_alt_name_valuerOr r r!issuer_alt_name_valueTs z%CertificateList.issuer_alt_name_valuecCs|jdkr||jS)z This extension adds a monotonically increasing number to the CRL and is used to distinguish different versions of the CRL. :return: None or an Integer object F)reri_crl_number_valuerOr r r!crl_number_valuebs z CertificateList.crl_number_valuecCs|jdkr||jS)z This extension indicates a CRL is a delta CRL, and contains the CRL number of the base CRL that it is a delta from. :return: None or an Integer object F)reri_delta_crl_indicator_valuerOr r r!delta_crl_indicator_valueps z)CertificateList.delta_crl_indicator_valuecCs|jdkr||jS)z This extension includes information about what types of revocations and certificates are part of the CRL. :return: None or an IssuingDistributionPoint object F)reri!_issuing_distribution_point_valuerOr r r! issuing_distribution_point_value~s z0CertificateList.issuing_distribution_point_valuecCs|jdkr||jS)z This extension helps in identifying the public key with which to validate the authenticity of the CRL. :return: None or an AuthorityKeyIdentifier object F)reri_authority_key_identifier_valuerOr r r!authority_key_identifier_values z.CertificateList.authority_key_identifier_valuecCs|jdkr||jS)z This extension is used in complete CRLs to indicate where a delta CRL may be located. :return: None or a CRLDistributionPoints object F)reri_freshest_crl_valuerOr r r!freshest_crl_values z"CertificateList.freshest_crl_valuecCs|jdkr||jS)z This extension is used to provide a URL with which to download the certificate used to sign this CRL. :return: None or an AuthorityInfoAccessSyntax object F)reri#_authority_information_access_valuerOr r r!"authority_information_access_values z2CertificateList.authority_information_access_valuecCs |ddS)z_ :return: An asn1crypto.x509.Name object for the issuer of the CRL r~r{r rOr r r!r{szCertificateList.issuercCs|js dS|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension NZkey_identifier)rrNrOr r r!r2sz(CertificateList.authority_key_identifiercCsp|jdkrjg|_|jrj|jD]L}|djdkr|d}|jdkrBq|j}|dddkr|j|q|jS) z :return: A list of unicode strings that are URLs that should contain either an individual DER-encoded X.509 certificate, or a DER-encoded CMS message containing multiple certificates NZ access_methodZ ca_issuersZaccess_locationuniform_resource_identifierrzhttp://)_issuer_cert_urlsrrNrhlowerappend)rPentrylocationurlr r r!issuer_cert_urlss   z CertificateList.issuer_cert_urlscCsb|jdkr\g|_|jdk r\|jD]:}|d}|jdkr8q |jD]}|jdkr>|j|q>q |jS)z Returns delta CRL URLs - only applies to complete CRLs :return: A list of zero or more DistributionPoint objects Nr#Zname_relative_to_crl_issuerr)_delta_crl_distribution_pointsrrhrtr)rPr#Zdistribution_point_namerur r r!delta_crl_distribution_pointss      z-CertificateList.delta_crl_distribution_pointscCs |djS)zE :return: A byte string of the signature rzrMrOr r r!rzszCertificateList.signaturecCs$|jdkrt||_|jS)zf :return: The SHA1 hash of the DER-encoded bytes of this certificate list N)_sha1hashlibsha1dumpdigestrOr r r!rs zCertificateList.sha1cCs$|jdkrt||_|jS)zi :return: The SHA-256 hash of the DER-encoded bytes of this certificate list N)_sha256rsha256rrrOr r r!rs zCertificateList.sha256)%rrrrxrr r,rer`rrrrrrrrrrrrirRrlrrrrrrrr{r2rrrzrrr r r r!r}s`              r}))__doc__ __future__rrrrrZalgosrcorerr r r r r rrrx509rrrrrrrrrr"r-r5r<r>rSrXrYrZrwrxr}r r r r!s$  , (  & k