U g)@s:ddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZmZddlmZddlmZdd lmZmZdd lmZdd lmZmZmZmZmZmZm Z m!Z!m"Z"dd l#m$Z$m%Z%dd l&m'Z'm(Z(m)Z)m*Z*ej+ddddZ,dddddZ-ddddZ.Gddde/Z0Gddde/Z1Gdddej2d Z3Gd!d"d"Z4Gd#d$d$e3Z5Gd%d&d&e3Z6Gd'd(d(e3Z7Gd)d*d*e3Z8Gd+d,d,e3Z9Gd-d.d.Z:Gd/d0d0e3Z;Gd1d2d2e3ZGd7d8d8Z?Gd9d:d:ej@ZAeAjBeAjCeAjDeAjEeAjFeAjGeAjHeAjId;ZJeAjBdeAjEd?eAjFd@eAjGdAeAjHdBeAjIdCiZKGdDdEdEe3ZLGdFdGdGe3ZMGdHdIdIZNGdJdKdKZOGdLdMdMZPGdNdOdOe3ZQGdPdQdQe3ZRGdRdSdSe3ZSGdTdUdUe3ZTGdVdWdWej@ZUdXdYeUDZVGdZd[d[e3ZWGd\d]d]e3ZXGd^d_d_e3ZYGd`dadaejZe,Z[GdbdcdcZ\Gdddedee3Z]Gdfdgdge3Z^Gdhdidie3Z_Gdjdkdke3Z`Gdldmdme3ZaGdndodoe3ZbGdpdqdqe3ZcGdrdsdse3ZdGdtdudue3ZeGdvdwdwe3ZfGdxdydye3ZgGdzd{d{e3ZhdS)|) annotationsN)utils)asn1)x509) constant_time serialization)EllipticCurvePublicKey) RSAPublicKey)CertificateIssuerPublicKeyTypesCertificatePublicKeyTypes)SignedCertificateTimestamp) DirectoryNameDNSName GeneralName IPAddress OtherName RegisteredID RFC822NameUniformResourceIdentifier_IPAddressTypes)NameRelativeDistinguishedName)CRLEntryExtensionOID ExtensionOIDObjectIdentifierOCSPExtensionOIDExtensionTypeVar ExtensionTypeT)bound covariantr bytes public_keyreturncCslt|tr |tjjtjj}n>t|tr@|tjj tjj }n|tjjtjj }t |}t|SN) isinstancer public_bytesrEncodingZDERZ PublicFormatZPKCS1rZX962ZUncompressedPointZSubjectPublicKeyInforZparse_spki_for_datahashlibsha1digest)r"dataZ serializedr,@/tmp/pip-unpacked-wheel-nr_9cwun/cryptography/x509/extensions.py_key_identifier_from_public_key2s    r.str field_namecs4ddfdd }fdd}fdd}|||fS) Nintr#cstt|Sr$)lengetattrselfr0r,r- len_methodKsz*_make_sequence_methods..len_methodcstt|Sr$)iterr5r6r0r,r- iter_methodNsz+_make_sequence_methods..iter_methodcst||Sr$)r5)r7idxr0r,r-getitem_methodQsz._make_sequence_methods..getitem_methodr,)r1r8r:r<r,r0r-_make_sequence_methodsJs  r=cs&eZdZddddfdd ZZS)DuplicateExtensionr/rNonemsgoidr#cst|||_dSr$super__init__rBr7rArB __class__r,r-rEXs zDuplicateExtension.__init____name__ __module__ __qualname__rE __classcell__r,r,rGr-r>Wsr>cs&eZdZddddfdd ZZS)ExtensionNotFoundr/rr?r@cst|||_dSr$rCrFrGr,r-rE^s zExtensionNotFound.__init__rIr,r,rGr-rN]srNc@s$eZdZUded<ddddZdS)rz!typing.ClassVar[ObjectIdentifier]rBr r3cCstd|dS)z7 Serializes the extension type to DER. z3public_bytes is not implemented for extension type N)NotImplementedErrorr6r,r,r-r&fszExtensionType.public_bytesN)rJrKrL__annotations__r&r,r,r,r-rcs ) metaclassc@sXeZdZdddddZdddd d Zd d d ddZed\ZZZ ddddZ dS) Extensionsz)typing.Iterable[Extension[ExtensionType]]r?) extensionsr#cCst||_dSr$)list _extensions)r7rSr,r,r-rEpszExtensions.__init__rzExtension[ExtensionType])rBr#cCs2|D]}|j|kr|Sqtd|d|dS)NNo  extension was found)rBrN)r7rBextr,r,r-get_extension_for_oidus  z Extensions.get_extension_for_oidztype[ExtensionTypeVar]zExtension[ExtensionTypeVar])extclassr#cCsF|tkrtd|D]}t|j|r|Sqtd|d|jdS)Nz|UnrecognizedExtension can't be used with get_extension_for_class because more than one instance of the class may be present.rVrW)UnrecognizedExtension TypeErrorr%valuerNrB)r7rZrXr,r,r-get_extension_for_class~s   z"Extensions.get_extension_for_classrUr/r3cCsd|jdS)Nz )rUr6r,r,r-__repr__szExtensions.__repr__N) rJrKrLrErYr^r=__len____iter__ __getitem__r`r,r,r,r-rRos  rRc@sneZdZejZdddddZdddd d Zdd d d Zdd ddZ e dd ddZ dd ddZ dS) CRLNumberr2r? crl_numberr#cCst|tstd||_dSNzcrl_number must be an integerr%r2r\ _crl_numberr7rfr,r,r-rEs zCRLNumber.__init__objectboolotherr#cCst|tstS|j|jkSr$)r%rdNotImplementedrfr7rnr,r,r-__eq__s zCRLNumber.__eq__r3cCs t|jSr$hashrfr6r,r,r-__hash__szCRLNumber.__hash__r/cCsd|jdS)Nz sz2AuthorityKeyIdentifier.__init__..z;authority_cert_issuer must be a list of GeneralName objectsz/authority_cert_serial_number must be an integer) ValueErrorrTallr\r%r2_key_identifier_authority_cert_issuer_authority_cert_serial_number)r7r}r~rr,r,r-rEs, zAuthorityKeyIdentifier.__init__r r!cCst|}||dddSNr}r~rr.)clsr"r*r,r,r-from_issuer_public_keys z-AuthorityKeyIdentifier.from_issuer_public_keySubjectKeyIdentifier)skir#cCs||jdddSrr*)rrr,r,r-"from_issuer_subject_key_identifiers z9AuthorityKeyIdentifier.from_issuer_subject_key_identifierr/r3cCsd|jd|jd|jdS)Nz'.@Every item in the descriptions list must be an AccessDescriptionrTrr\ _descriptionsr7rr,r,r-rEFs z#AuthorityInformationAccess.__init__rr/r3cCsd|jdS)Nz.rrrr,r,r-rEgs z!SubjectInformationAccess.__init__rr/r3cCsd|jdS)Nzformatr6r,r,r-r`szAccessDescription.__repr__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs    zAccessDescription.__eq__r2cCst|j|jfSr$)rsrrr6r,r,r-rtszAccessDescription.__hash__cCs|jSr$)rr6r,r,r-rszAccessDescription.access_methodcCs|jSr$)rr6r,r,r-rsz!AccessDescription.access_locationN) rJrKrLrEr`rqrtryrrr,r,r,r-rs  rc@seZdZejZddddddZedddd Zeddd d Z d dd dZ dddddZ ddddZ ddddZ dS)BasicConstraintsrlr|r?)ca path_lengthr#cCsXt|tstd|dk r&|s&td|dk rHt|tr@|dkrHtd||_||_dS)Nzca must be a boolean valuez)path_length must be None when ca is Falserz2path_length must be a non-negative integer or None)r%rlr\rr2_ca _path_length)r7rrr,r,r-rEs  zBasicConstraints.__init__r3cCs|jSr$)rr6r,r,r-rszBasicConstraints.cacCs|jSr$)rr6r,r,r-rszBasicConstraints.path_lengthr/cCs d|S)Nz:rr6r,r,r-r`szBasicConstraints.__repr__rkrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs zBasicConstraints.__eq__r2cCst|j|jfSr$)rsrrr6r,r,r-rtszBasicConstraints.__hash__r cCs t|Sr$rwr6r,r,r-r&szBasicConstraints.public_bytesN)rJrKrLrZBASIC_CONSTRAINTSrBrEryrrr`rqrtr&r,r,r,r-rsrc@sneZdZejZdddddZeddddZd d d d d Z ddddZ ddddZ ddddZ dS)DeltaCRLIndicatorr2r?recCst|tstd||_dSrgrhrjr,r,r-rEs zDeltaCRLIndicator.__init__r3cCs|jSr$rvr6r,r,r-rfszDeltaCRLIndicator.crl_numberrkrlrmcCst|tstS|j|jkSr$)r%rrorfrpr,r,r-rqs zDeltaCRLIndicator.__eq__cCs t|jSr$rrr6r,r,r-rtszDeltaCRLIndicator.__hash__r/cCsd|jdS)Nz.?distribution_points must be a list of DistributionPoint objectsrTrr\_distribution_pointsr7rr,r,r-rEszCRLDistributionPoints.__init__rr/r3cCsd|jdS)Nz.rrrr,r,r-rE szFreshestCRL.__init__rr/r3cCsd|jdS)Nz szFreshestCRL.public_bytesN)rJrKrLrZ FRESHEST_CRLrBrEr=rarbrcr`rqrtr&r,r,r,r-rs rc@seZdZddddddddZdd d d Zd d dddZdd ddZedd ddZedd ddZ edd ddZ edd ddZ dS)rr{ RelativeDistinguishedName | Nonefrozenset[ReasonFlags] | Noner?) full_name relative_namereasons crl_issuerr#cCs|r|rtd|s$|s$|s$td|dk rNt|}tdd|DsNtd|rdt|tsdtd|dk rt|}tdd|Dstd|rt|trtd d|Dstd |rtj|kstj |krtd ||_ ||_ ||_ ||_ dS) NzOYou cannot provide both full_name and relative_name, at least one must be None.z?Either full_name, relative_name or crl_issuer must be provided.css|]}t|tVqdSr$rrr,r,r-rWsz-DistributionPoint.__init__..z/full_name must be a list of GeneralName objectsz1relative_name must be a RelativeDistinguishedNamecss|]}t|tVqdSr$rrr,r,r-rdsz2crl_issuer must be None or a list of general namescss|]}t|tVqdSr$r% ReasonFlagsrr,r,r-rksz0reasons must be None or frozenset of ReasonFlagszLunspecified and remove_from_crl are not valid reasons in a DistributionPoint)rrTrr\r%r frozensetr unspecifiedremove_from_crl _full_name_relative_name_reasons _crl_issuer)r7rrrrr,r,r-rECsV  zDistributionPoint.__init__r/r3cCs d|S)Nz}rr6r,r,r-r`}szDistributionPoint.__repr__rkrlrmcCs>t|tstS|j|jko<|j|jko<|j|jko<|j|jkSr$)r%rrorrrrrpr,r,r-rqs     zDistributionPoint.__eq__r2cCsH|jdk rt|j}nd}|jdk r0t|j}nd}t||j|j|fSr$)rrrrsrr)r7fnrr,r,r-rts    zDistributionPoint.__hash__rcCs|jSr$rr6r,r,r-rszDistributionPoint.full_namecCs|jSr$rr6r,r,r-rszDistributionPoint.relative_namecCs|jSr$)rr6r,r,r-rszDistributionPoint.reasonscCs|jSr$)rr6r,r,r-rszDistributionPoint.crl_issuerN) rJrKrLrEr`rqrtryrrrrr,r,r,r-rBs:  rc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) rrZ keyCompromiseZ cACompromiseZaffiliationChanged supersededZcessationOfOperationZcertificateHoldZprivilegeWithdrawnZ aACompromiseZ removeFromCRLN) rJrKrLrkey_compromise ca_compromiseaffiliation_changedrcessation_of_operationcertificate_holdprivilege_withdrawn aa_compromiserr,r,r,r-rsr)rrrrrrrrc@seZdZejZddddddZdddd Zd d d d dZddddZ e ddddZ e ddddZ ddddZ dS)PolicyConstraintsr|r?)require_explicit_policyinhibit_policy_mappingr#cCs\|dk rt|tstd|dk r4t|ts4td|dkrL|dkrLtd||_||_dS)Nz>require_explicit_policy must be a non-negative integer or Nonez=inhibit_policy_mapping must be a non-negative integer or NonezSAt least one of require_explicit_policy and inhibit_policy_mapping must not be None)r%r2r\r_require_explicit_policy_inhibit_policy_mapping)r7rrr,r,r-rEs(  zPolicyConstraints.__init__r/r3cCs d|S)Nz{rr6r,r,r-r`szPolicyConstraints.__repr__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs    zPolicyConstraints.__eq__r2cCst|j|jfSr$)rsrrr6r,r,r-rt s zPolicyConstraints.__hash__cCs|jSr$)rr6r,r,r-rsz)PolicyConstraints.require_explicit_policycCs|jSr$)rr6r,r,r-rsz(PolicyConstraints.inhibit_policy_mappingr cCs t|Sr$rwr6r,r,r-r&szPolicyConstraints.public_bytesN)rJrKrLrZPOLICY_CONSTRAINTSrBrEr`rqrtryrrr&r,r,r,r-rs rc@sjeZdZejZdddddZed\ZZ Z ddd d Z d d d ddZ ddddZ ddddZdS)CertificatePoliciesz"typing.Iterable[PolicyInformation]r?)policiesr#cCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr$)r%PolicyInformationrr,r,r-r#sz/CertificatePolicies.__init__..z;Every item in the policies list must be a PolicyInformation)rTrr\ _policies)r7rr,r,r-rE!s zCertificatePolicies.__init__rr/r3cCsd|jdS)Nz.zMpolicy_qualifiers must be a list of strings and/or UserNotice objects or None)r%rr\_policy_identifierrTr_policy_qualifiers)r7rrr,r,r-rE>s zPolicyInformation.__init__r/r3cCs d|S)Nzerr6r,r,r-r`TszPolicyInformation.__repr__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqZs    zPolicyInformation.__eq__r2cCs(|jdk rt|j}nd}t|j|fSr$)rrrsr)r7Zpqr,r,r-rtcs  zPolicyInformation.__hash__cCs|jSr$)rr6r,r,r-rmsz#PolicyInformation.policy_identifierzlist[str | UserNotice] | NonecCs|jSr$)rr6r,r,r-rqsz#PolicyInformation.policy_qualifiersN) rJrKrLrEr`rqrtryrrr,r,r,r-r=s  rc@sneZdZddddddZddd d Zd d d ddZddddZeddddZeddddZ dS)rzNoticeReference | None str | Noner?)notice_reference explicit_textr#cCs&|rt|tstd||_||_dS)Nz2notice_reference must be None or a NoticeReference)r%NoticeReferencer\_notice_reference_explicit_text)r7rrr,r,r-rEyszUserNotice.__init__r/r3cCs d|S)NzVrr6r,r,r-r`szUserNotice.__repr__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs    zUserNotice.__eq__r2cCst|j|jfSr$)rsrrr6r,r,r-rtszUserNotice.__hash__cCs|jSr$)rr6r,r,r-rszUserNotice.notice_referencecCs|jSr$)rr6r,r,r-rszUserNotice.explicit_textN) rJrKrLrEr`rqrtryrrr,r,r,r-rxs rc@sneZdZddddddZddd d Zd d d ddZddddZeddddZeddddZ dS)rrztyping.Iterable[int]r?) organizationnotice_numbersr#cCs2||_t|}tdd|Ds(td||_dS)Ncss|]}t|tVqdSr$)r%r2rr,r,r-rsz+NoticeReference.__init__..z)notice_numbers must be a list of integers) _organizationrTrr\_notice_numbers)r7rrr,r,r-rEs zNoticeReference.__init__r/r3cCs d|S)NzUrr6r,r,r-r`szNoticeReference.__repr__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs    zNoticeReference.__eq__r2cCst|jt|jfSr$)rsrrrr6r,r,r-rtszNoticeReference.__hash__cCs|jSr$)rr6r,r,r-rszNoticeReference.organizationz list[int]cCs|jSr$)rr6r,r,r-rszNoticeReference.notice_numbersN) rJrKrLrEr`rqrtryrrr,r,r,r-rs  rc@sjeZdZejZdddddZed\ZZ Z ddd d Z d d d ddZ ddddZ ddddZdS)ExtendedKeyUsage!typing.Iterable[ObjectIdentifier]r?)usagesr#cCs,t|}tdd|Ds"td||_dS)Ncss|]}t|tVqdSr$r%rrr,r,r-rsz,ExtendedKeyUsage.__init__..z9Every item in the usages list must be an ObjectIdentifier)rTrr\_usages)r7rr,r,r-rEs zExtendedKeyUsage.__init__rr/r3cCsd|jdS)Nzr,r6r,r,r-r`szOCSPNoCheck.__repr__r cCs t|Sr$rwr6r,r,r-r&szOCSPNoCheck.public_bytesN) rJrKrLrZ OCSP_NO_CHECKrBrqrtr`r&r,r,r,r-rs rc@sLeZdZejZdddddZdddd Zd dd d Zd dddZ dS) PrecertPoisonrkrlrmcCst|tstSdSr)r%rrorpr,r,r-rqs zPrecertPoison.__eq__r2r3cCsttSr$)rsrr6r,r,r-rtszPrecertPoison.__hash__r/cCsdS)Nzr,r6r,r,r-r`szPrecertPoison.__repr__r cCs t|Sr$rwr6r,r,r-r& szPrecertPoison.public_bytesN) rJrKrLrZPRECERT_POISONrBrqrtr`r&r,r,r,r-rs rc@sjeZdZejZdddddZed\ZZ Z ddd d Z d d d ddZ ddddZ ddddZdS) TLSFeatureztyping.Iterable[TLSFeatureType]r?)featuresr#cCs8t|}tdd|Dr&t|dkr.td||_dS)Ncss|]}t|tVqdSr$)r%TLSFeatureTyperr,r,r-rsz&TLSFeature.__init__..rz@features must be a list of elements from the TLSFeatureType enum)rTrr4r\ _features)r7rr,r,r-rEs zTLSFeature.__init__rr/r3cCsd|jdS)Nz<src@sneZdZejZdddddZdddd Zd d d d dZddddZ e ddddZ ddddZ dS)InhibitAnyPolicyr2r?) skip_certsr#cCs,t|tstd|dkr"td||_dS)Nzskip_certs must be an integerrz)skip_certs must be a non-negative integer)r%r2r\r _skip_certs)r7rr,r,r-rEBs  zInhibitAnyPolicy.__init__r/r3cCsd|jdS)Nz.z@permitted_subtrees must be a list of GeneralName objects or Nonez2excluded_subtrees must be a non-empty list or Nonecss|]}t|tVqdSr$rrr,r,r-rsz?excluded_subtrees must be a list of GeneralName objects or NonezIAt least one of permitted_subtrees and excluded_subtrees must not be None)rTrrr\_validate_tree_permitted_subtrees_excluded_subtrees)r7rrr,r,r-rEs8  zNameConstraints.__init__rkrlrmcCs&t|tstS|j|jko$|j|jkSr$)r%rrorrrpr,r,r-rqs    zNameConstraints.__eq__typing.Iterable[GeneralName])treer#cCs||||dSr$)_validate_ip_name_validate_dns_namer7r$r,r,r-r s zNameConstraints._validate_treecCstdd|DrtddS)Ncss.|]&}t|to$t|jtjtjf VqdSr$)r%rr] ipaddress IPv4Network IPv6Networkrnamer,r,r-rs   z4NameConstraints._validate_ip_name..zGIPAddress name constraints must be an IPv4Network or IPv6Network object)anyr\r'r,r,r-r%s z!NameConstraints._validate_ip_namecCstdd|DrtddS)Ncss"|]}t|tod|jkVqdS)*N)r%rr]r+r,r,r-r,sz5NameConstraints._validate_dns_name..zDDNSName name constraints must not contain the '*' wildcard character)r-rr'r,r,r-r&+s z"NameConstraints._validate_dns_namer/r3cCsd|jd|jdS)Nz$.z^Every item in the general_names list must be an object conforming to the GeneralName interface)rTrr\_general_namesr7r:r,r,r-rEs zGeneralNames.__init__r;Btype[DNSName] | type[UniformResourceIdentifier] | type[RFC822Name] list[str]typer#cCsdSr$r,r7r@r,r,r-get_values_for_typesz GeneralNames.get_values_for_typetype[DirectoryName] list[Name]cCsdSr$r,rAr,r,r-rBstype[RegisteredID]list[ObjectIdentifier]cCsdSr$r,rAr,r,r-rBstype[IPAddress]list[_IPAddressTypes]cCsdSr$r,rAr,r,r-rBstype[OtherName]list[OtherName]cCsdSr$r,rAr,r,r-rBstype[DNSName] | type[DirectoryName] | type[IPAddress] | type[OtherName] | type[RFC822Name] | type[RegisteredID] | type[UniformResourceIdentifier]Ylist[_IPAddressTypes] | list[str] | list[OtherName] | list[Name] | list[ObjectIdentifier]cs0fdd|D}tkr(dd|DSt|S)Nc3s|]}t|r|VqdSr$)r%rir@r,r-rs z3GeneralNames.get_values_for_type..cSsg|] }|jqSr,rrMr,r,r- sz4GeneralNames.get_values_for_type..)rrT)r7r@objsr,rOr-rBsr/r3cCsd|jdS)Nzr?cCsdSr$r,rAr,r,r-rBsz*SubjectAlternativeName.get_values_for_typerCrDcCsdSr$r,rAr,r,r-rBsrErFcCsdSr$r,rAr,r,r-rBsrGrHcCsdSr$r,rAr,r,r-rBsrIrJcCsdSr$r,rAr,r,r-rBsrKrLcCs |j|Sr$r;rBrAr,r,r-rBsr/r3cCsd|jdS)Nzr?cCsdSr$r,rAr,r,r-rB-sz)IssuerAlternativeName.get_values_for_typerCrDcCsdSr$r,rAr,r,r-rB6srErFcCsdSr$r,rAr,r,r-rB=srGrHcCsdSr$r,rAr,r,r-rBDsrIrJcCsdSr$r,rAr,r,r-rBJsrKrLcCs |j|Sr$rWrAr,r,r-rBNsr/r3cCsd|jdS)Nzr?cCsdSr$r,rAr,r,r-rBxsz%CertificateIssuer.get_values_for_typerCrDcCsdSr$r,rAr,r,r-rBsrErFcCsdSr$r,rAr,r,r-rBsrGrHcCsdSr$r,rAr,r,r-rBsrIrJcCsdSr$r,rAr,r,r-rBsrKrLcCs |j|Sr$rWrAr,r,r-rBsr/r3cCsd|jdS)Nz.YEvery item in the signed_certificate_timestamps list must be a SignedCertificateTimestamprTrr\_signed_certificate_timestampsr7rgr,r,r-rEsz2PrecertificateSignedCertificateTimestamps.__init__rlr/r3cCsdt|dS)Nz+.rjrkrmr,r,r-rE#sz$SignedCertificateTimestamps.__init__rlr/r3cCsdt|dS)Nzs  z"SignedCertificateTimestamps.__eq__r cCs t|Sr$rwr6r,r,r-r&Gsz(SignedCertificateTimestamps.public_bytesN)rJrKrLrZSIGNED_CERTIFICATE_TIMESTAMPSrBrEr=rarbrcr`rtrqr&r,r,r,r-rp s  rpc@sneZdZejZdddddZdddd d Zd d d dZdd ddZ e dd ddZ dd ddZ dS) OCSPNoncer r?)noncer#cCst|tstd||_dS)Nznonce must be bytes)r%r r\_nonce)r7rrr,r,r-rENs zOCSPNonce.__init__rkrlrmcCst|tstS|j|jkSr$)r%rqrorrrpr,r,r-rqTs zOCSPNonce.__eq__r2r3cCs t|jSr$)rsrrr6r,r,r-rtZszOCSPNonce.__hash__r/cCsd|jdS)Nz.z'All responses must be ObjectIdentifiers)rTr-r\ _responses)r7rur,r,r-rEksz OCSPAcceptableResponses.__init__rkrlrmcCst|tstS|j|jkSr$)r%rtrorwrpr,r,r-rqrs zOCSPAcceptableResponses.__eq__r2r3cCstt|jSr$)rsrrwr6r,r,r-rtxsz OCSPAcceptableResponses.__hash__r/cCsd|jdS)Nz#.z:only_some_reasons must be None or frozenset of ReasonFlagszTunspecified and remove_from_crl are not valid reasons in an IssuingDistributionPointzuonly_contains_user_certs, only_contains_ca_certs, indirect_crl and only_contains_attribute_certs must all be boolean.cSsg|] }|r|qSr,r,rr,r,r-rPsz5IssuingDistributionPoint.__init__..rzOnly one of the following can be set to True: only_contains_user_certs, only_contains_ca_certs, indirect_crl, only_contains_attribute_certszCannot create empty extension: if only_contains_user_certs, only_contains_ca_certs, indirect_crl, and only_contains_attribute_certs are all False, then either full_name, relative_name, or only_some_reasons must have a value.)rTr%rrr\rrrrrlr4r-_only_contains_user_certs_only_contains_ca_certs _indirect_crl_only_contains_attribute_certs_only_some_reasonsrr) r7rrryrzr{r|r}Zcrl_constraintsr,r,r-rEst  z!IssuingDistributionPoint.__init__r/r3cCs>d|jd|jd|jd|jd|jd|jd|jdS) Nz$rNABCMetarrRrdrzrrrrrrrrrEnumrrrrrrrrrZ_REASON_BIT_MAPPINGZ_CRLREASONFLAGSrrrrrrrrrrZ_TLS_FEATURE_TYPE_TO_ENUMrr rGenericr0r8rUrYrZr[r_rdrprqrtrxrr[r,r,r,r-s       ,   'l$!!(.%%k  A;+("  s0SKKK++!;