U gPJ@s dZddlmZmZmZmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZdd lmZm Z m!Z!m"Z"Gd d d eZ#Gd d d eZ$GdddeZ%GdddeZ&GdddeZ'GdddeZ(GdddeZ)GdddeZ*GdddeZ+GdddeZ,GdddeZ-Gd d!d!eZ.Gd"d#d#eZ/Gd$d%d%eZ0Gd&d'd'eZ1Gd(d)d)eZ2Gd*d+d+eZ3Gd,d-d-eZ4Gd.d/d/eZ5Gd0d1d1eZ6Gd2d3d3e Z7Gd4d5d5eZ8Gd6d7d7eZ9Gd8d9d9eZ:Gd:d;d;e Z;Gdd?d?eZ=Gd@dAdAeZ>GdBdCdCeZ?GdDdEdEeZ@GdFdGdGeZAGdHdIdIeZBGdJdKdKeZCGdLdMdMeZDGdNdOdOeZEGdPdQdQeZFGdRdSdSeZGGdTdUdUeZHdVS)Wz ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)unwrap)DigestAlgorithmSignedDigestAlgorithm) BooleanChoice EnumeratedGeneralizedTime IA5StringIntegerNullObjectIdentifierOctetBitString OctetStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntax CRLReason)PublicKeyAlgorithm) Certificate GeneralName GeneralNamesNamec@seZdZddiZdS)Versionrv1N__name__ __module__ __qualname___mapr%r%3/tmp/pip-unpacked-wheel-etcy_95o/asn1crypto/ocsp.pyr(src@s(eZdZdefdefdefdefgZdS)CertIdZhash_algorithmZissuer_name_hashZissuer_key_hashZ serial_numberN)r!r"r#rrr_fieldsr%r%r%r&r'.s r'c@seZdZdefdefgZdS)ServiceLocatorZissuerlocatorN)r!r"r#rrr(r%r%r%r&r)7sr)c@seZdZddiZdS)RequestExtensionIdz1.3.6.1.5.5.7.48.1.7service_locatorNr r%r%r%r&r+>sr+c@s4eZdZdefdeddifdefgZdZdeiZ dS) RequestExtensionextn_idcriticaldefaultF extn_valuer.r1r,N) r!r"r#r+r rr( _oid_pairr) _oid_specsr%r%r%r&r-Ds r-c@seZdZeZdS)RequestExtensionsN)r!r"r#r- _child_specr%r%r%r&r5Qsr5c@sPeZdZdefdedddfgZdZdZdZdd Z e d d Z e d d Z dS)RequestZreq_certsingle_request_extensionsrTexplicitoptionalFNcCsdt|_|dD]H}|dj}d|}t||rBt|||dj|djr|j|qd|_dS)v Sets common named extensions to private attributes and creates a list of critical extensions r8r. _%s_valuer1r/TNset_critical_extensionsnativehasattrsetattrparsedadd_processed_extensionsself extensionnameZattribute_namer%r%r&_set_extensions_s    zRequest._set_extensionscCs|js||jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rFrKr@rHr%r%r&critical_extensionsqs zRequest.critical_extensionscCs|jdkr||jS)z This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object F)rFrK_service_locator_valuerNr%r%r&service_locator_values zRequest.service_locator_value) r!r"r#r'r5r(rFr@rPrKpropertyrOrQr%r%r%r&r7Us r7c@seZdZeZdS)RequestsN)r!r"r#r7r6r%r%r%r&rSsrSc@seZdZddiZdS) ResponseTypez1.3.6.1.5.5.7.48.1.1basic_ocsp_responseNr r%r%r%r&rTsrTc@seZdZeZdS)AcceptableResponsesN)r!r"r#rTr6r%r%r%r&rVsrVc@s"eZdZdefdeddifgZdS)PreferredSignatureAlgorithmZsig_identifierZcert_identifierr;TN)r!r"r#r rr(r%r%r%r&rWs rWc@seZdZeZdS)PreferredSignatureAlgorithmsN)r!r"r#rWr6r%r%r%r&rXsrXc@seZdZddddZdS)TBSRequestExtensionIdnonceacceptable_responsespreferred_signature_algorithms)1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8Nr r%r%r%r&rYsrYc@s8eZdZdefdeddifdefgZdZee e dZ dS) TBSRequestExtensionr.r/r0Fr1r2)rZr[r\N) r!r"r#rYr rr(r3rrVrXr4r%r%r%r&r^s r^c@seZdZeZdS)TBSRequestExtensionsN)r!r"r#r^r6r%r%r%r&r_sr_c@s@eZdZdedddfdedddfd efd ed ddfgZd S) TBSRequestversionrrr:r0Zrequestor_namerTr9Z request_listrequest_extensionsN)r!r"r#rrrSr_r(r%r%r%r&r`s r`c@seZdZeZdS) CertificatesN)r!r"r#rr6r%r%r%r&resrec@s*eZdZdefdefdedddfgZdS) Signaturesignature_algorithm signaturecertsrTr9N)r!r"r#r rrer(r%r%r%r&rfsrfc@speZdZdefdedddfgZdZdZdZdZ dZ dd Z e d d Z e d d Ze ddZe ddZdS) OCSPRequest tbs_requestZoptional_signaturerTr9FNcCsht|_|ddD]H}|dj}d|}t||rFt|||dj|djr|j|qd|_dS) r<rkrcr.r=r1r/TNr>rGr%r%r&rKs   zOCSPRequest._set_extensionscCs|js||jSrLrMrNr%r%r&rOs zOCSPRequest.critical_extensionscCs|jdkr||jS)z This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object FrFrK _nonce_valuerNr%r%r& nonce_values zOCSPRequest.nonce_valuecCs|jdkr||jS)a( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object F)rFrK_acceptable_responses_valuerNr%r%r&acceptable_responses_values z&OCSPRequest.acceptable_responses_valuecCs|jdkr||jS)aj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object F)rFrK%_preferred_signature_algorithms_valuerNr%r%r&$preferred_signature_algorithms_value s z0OCSPRequest.preferred_signature_algorithms_value)r!r"r#r`rfr(rFr@rmrorqrKrRrOrnrprrr%r%r%r&rjs"   rjc@seZdZdddddddZdS) OCSPResponseStatusZ successfulZmalformed_requestZinternal_errorZ try_laterZ sign_required unauthorized)rrrdNr r%r%r%r&rs1srsc@s(eZdZdeddifdeddifgZdS) ResponderIdZby_namer:rby_keyrdN)r!r"r#rr _alternativesr%r%r%r&rx<s  rxc@s eZdZddZeddZdS) StatusGoodcCs6|dk r,|dkr,t|ts,ttdt|d|_dS)z` Sets the value of the object :param value: None or 'good' NgoodzK value must be one of None, "good", not %s  isinstancer ValueErrorrreprcontentsrHvaluer%r%r&r?Es zStatusGood.setcCsdS)Nr|r%rNr%r%r&rAWszStatusGood.nativeNr!r"r#r?rRrAr%r%r%r&r{Dsr{c@s eZdZddZeddZdS) StatusUnknowncCs6|dk r,|dkr,t|ts,ttdt|d|_dS)zc Sets the value of the object :param value: None or 'unknown' NunknownzN value must be one of None, "unknown", not %s r}r~rr%r%r&r?^s zStatusUnknown.setcCsdS)Nrr%rNr%r%r&rApszStatusUnknown.nativeNrr%r%r%r&r]src@s$eZdZdefdedddfgZdS) RevokedInfoZrevocation_timeZrevocation_reasonrTr9N)r!r"r#r rr(r%r%r%r&rusrc@s4eZdZdeddifdeddifdeddifgZdS) CertStatusr|ZimplicitrZrevokedrrrdN)r!r"r#r{rrrzr%r%r%r&r|s   rc@s:eZdZdedddfdedddfdedddfgZd S) CrlIdZcrl_urlrTr9Zcrl_numrZcrl_timerdN)r!r"r#rrr r(r%r%r%r&rsrc@seZdZdddddddZdS) SingleResponseExtensionIdcrlarchive_cutoff crl_reasoninvalidity_datecertificate_issuer!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z 2.5.29.21z 2.5.29.24z 2.5.29.29z1.3.6.1.4.1.11129.2.4.5Nr r%r%r%r&rsrc@s>eZdZdefdeddifdefgZdZee e e e e dZ dS) SingleResponseExtensionr.r/r0Fr1r2)rrrrrrN)r!r"r#rr rr(r3rr rrrr4r%r%r%r&rs rc@seZdZeZdS)SingleResponseExtensionsN)r!r"r#rr6r%r%r%r&rsrc @seZdZdefdefdefdedddfded ddfgZd Zd Z d Z d Z d Z d Z d Zd d ZeddZeddZeddZeddZeddZeddZd S)SingleResponseZcert_idZ cert_statusZ this_updateZ next_updaterTr9single_extensionsrFNcCsdt|_|dD]H}|dj}d|}t||rBt|||dj|djr|j|qd|_dS)r<rr.r=r1r/TNr>rGr%r%r&rKs    zSingleResponse._set_extensionscCs|js||jSrLrMrNr%r%r&rOs z"SingleResponse.critical_extensionscCs|jdkr||jS)z This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object F)rFrK _crl_valuerNr%r%r& crl_values zSingleResponse.crl_valuecCs|jdkr||jS)z This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object F)rFrK_archive_cutoff_valuerNr%r%r&archive_cutoff_values z#SingleResponse.archive_cutoff_valuecCs|jdkr||jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)rFrK_crl_reason_valuerNr%r%r&crl_reason_values zSingleResponse.crl_reason_valuecCs|jdkr||jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)rFrK_invalidity_date_valuerNr%r%r&invalidity_date_value s z$SingleResponse.invalidity_date_valuecCs|jdkr||jS)z This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object F)rFrK_certificate_issuer_valuerNr%r%r&certificate_issuer_values z'SingleResponse.certificate_issuer_value)r!r"r#r'rr rr(rFr@rrrrrrKrRrOrrrrrr%r%r%r&rs4     rc@seZdZeZdS) ResponsesN)r!r"r#rr6r%r%r%r&r(src@seZdZdddZdS)ResponseDataExtensionIdrZextended_revoke)r]z1.3.6.1.5.5.7.48.1.9Nr r%r%r%r&r,src@s6eZdZdefdeddifdefgZdZee dZ dS) ResponseDataExtensionr.r/r0Fr1r2)rZrN) r!r"r#rr rr(r3rrr4r%r%r%r&r3s rc@seZdZeZdS)ResponseDataExtensionsN)r!r"r#rr6r%r%r%r&rAsrc @s>eZdZdedddfdefdefdefded d d fgZd S) ResponseDatararrrbZ responder_idZ produced_at responsesresponse_extensionsrTr9N) r!r"r#rrxr rrr(r%r%r%r&rEs rc@s0eZdZdefdefdefdedddfgZdS) BasicOCSPResponsetbs_response_datargrhrirTr9N)r!r"r#rr rrer(r%r%r%r&rOs rc@s(eZdZdefdefgZdZdeiZdS) ResponseBytes response_typeresponse)rrrUN) r!r"r#rTrr(r3rr4r%r%r%r&rXsrc@sxeZdZdefdedddfgZdZdZdZdZ dd Z e d d Z e d d Z e ddZe ddZe ddZdS) OCSPResponseZresponse_statusresponse_bytesrTr9FNcCsrt|_|ddjddD]H}|dj}d|}t||rPt|||dj|djr|j|qd |_d S) r<rrrrr.r=r1r/TN)r?r@rDrArBrCrErFrGr%r%r&rKos   zOCSPResponse._set_extensionscCs|js||jSrLrMrNr%r%r&rOs z OCSPResponse.critical_extensionscCs|jdkr||jS)z This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object FrlrNr%r%r&rns zOCSPResponse.nonce_valuecCs|jdkr||jS)z This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) F)rFrK_extended_revoke_valuerNr%r%r&extended_revoke_values z"OCSPResponse.extended_revoke_valuecCs|ddjS)z A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object rrrDrNr%r%r&rUs z OCSPResponse.basic_ocsp_responsecCs|ddjdS)z A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object rrrrrNr%r%r& response_datas zOCSPResponse.response_data)r!r"r#rsrr(rFr@rmrrKrRrOrnrrUrr%r%r%r&rds$    rN)I__doc__ __future__rrrr_errorsrZalgosrr corer r r r rrrrrrrrrrrrkeysrx509rrrrrr'r)r+r-r5r7rSrTrVrWrXrYr^r_r`rerfrjrsrxr{rrrrrrrrrrrrrrrrr%r%r%r&sZ  <   9 Z x