HEX

File: //snap/certbot/5057/lib/python3.12/site-packages/cryptography/x509/__pycache__/ocsp.cpython-312.pyc
�

�F�h�1���ddlmZddlZddlmZddlmZmZddlm	Z	ddl
mZddlm
Z
ddlmZGd	�d
ej �ZGd�dej �Zej&ej(ej*ej,ej.fZdd
�ZGd�dej �ZGd�d�Ze	j8Ze	j:Ze	j<ZGd�d�ZGd�d�Z e	jBZ!e	jDZ"y)�)�annotationsN)�Iterable)�utils�x509)�ocsp)�hashes)� CertificateIssuerPrivateKeyTypes)�_reject_duplicate_extensionc��eZdZdZdZy)�OCSPResponderEncodingzBy HashzBy NameN)�__name__�
__module__�__qualname__�HASH�NAME����/build/snapcraft-certbot-c9aaebe726f8beb59a0eb2d8e1671bc4/parts/certbot/install/lib/python3.12/site-packages/cryptography/x509/ocsp.pyrrs���D��Drrc�$�eZdZdZdZdZdZdZdZy)�OCSPResponseStatusr�����N)	r
rr�
SUCCESSFUL�MALFORMED_REQUEST�INTERNAL_ERROR�	TRY_LATER�SIG_REQUIRED�UNAUTHORIZEDrrrrrs!���J����N��I��L��Lrrc�:�t|t�std��y)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)�
isinstance�_ALLOWED_HASHES�
ValueError)�	algorithms r�_verify_algorithmr'*s!���i��1��G�
�	
�2rc��eZdZdZdZdZy)�OCSPCertStatusrrrN)r
rr�GOOD�REVOKED�UNKNOWNrrrr)r)1s���D��G��Grr)c�4�eZdZ																dd�Zy)�_SingleResponsec	�H�t|�t|tj�std��|�%t|tj�std��||_||_||_||_||_t|t�std��|tjur|�td��|�Wtd��t|tj�std��|�%t|tj�std��||_||_||_y)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)r'r#�datetime�	TypeError�_resp�
_resp_hash�
_algorithm�_this_update�_next_updater)r+r%r�ReasonFlags�_cert_status�_revocation_time�_revocation_reason)	�self�resp�	resp_hashr&�cert_status�this_update�next_update�revocation_time�revocation_reasons	         r�__init__z_SingleResponse.__init__8s3��	�)�$��+�x�'8�'8�9��C�D�D��"�:���*�*�,
��K�L�L���
�#���#���'���'����+�~�6��J��
��n�4�4�4��*� �!���!�,� �"���
�o�x�/@�/@�A�� K�L�L� �,�Z�!�4�#3�#3�6� �#���
(��� /���"3��rN)r<z0tuple[x509.Certificate, x509.Certificate] | Noner=ztuple[bytes, bytes, int] | Noner&�hashes.HashAlgorithmr>r)r?�datetime.datetimer@�datetime.datetime | NonerArFrB�x509.ReasonFlags | None)r
rrrCrrrr.r.7sU��64�>�64�3�64�(�	64�
$�64�'�
64�.�64�2�64�3�64rr.c�z�eZdZddgf							dd�Z								dd�Z										d	d�Z						d
d�Zdd�Zy)�OCSPRequestBuilderNc�.�||_||_||_y�N)�_request�
_request_hash�_extensions)r;�request�request_hash�
extensionss    rrCzOCSPRequestBuilder.__init__ws�� ��
�)���%��rc�$�|j�|j�td��t|�t	|t
j�rt	|t
j�std��t|||f|j|j�S)N�.Only one certificate can be added to a request�%cert and issuer must be a Certificate)
rLrMr%r'r#r�Certificater1rIrN)r;�cert�issuerr&s    r�add_certificatez"OCSPRequestBuilder.add_certificate�s����=�=�$��(:�(:�(F��M�N�N��)�$��$�� 0� 0�1���D�$�$�:
��C�D�D�!�
�6�9�%�t�'9�'9�4�;K�;K�
�	
rc��|j�|j�td��t|t�std��t
|�tjd|�tjd|�|jt|�k7s|jt|�k7rtd��t|j||||f|j�S)NrS� serial_number must be an integer�issuer_name_hash�issuer_key_hash�`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm)
rLrMr%r#�intr1r'r�_check_bytes�digest_size�lenrIrN)r;r[r\�
serial_numberr&s     r�add_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hash�s����=�=�$��(:�(:�(F��M�N�N��-��-��>�?�?��)�$�
���-�/?�@�
���,�o�>�� � �C��%
�
�
�
"�
"�c�/�&:�
:��6��
�
"��M�M�
��
�y�I����
�	
rc��t|tj�std��tj|j
||�}t
||j�t|j|jg|j�|��S�Nz"extension must be an ExtensionType)r#r�
ExtensionTyper1�	Extension�oidr
rNrIrLrM�r;�extval�critical�	extensions    r�
add_extensionz OCSPRequestBuilder.add_extension�su���&�$�"4�"4�5��@�A�A��N�N�6�:�:�x��@�	�#�I�t�/?�/?�@�!��M�M�4�-�-�/M��1A�1A�/M�9�/M�
�	
rc�r�|j�|j�td��tj|�S)Nz*You must add a certificate before building)rLrMr%r�create_ocsp_request)r;s r�buildzOCSPRequestBuilder.build�s4���=�=� �T�%7�%7�%?��I�J�J��'�'��-�-r)rOzFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | NonerPz5tuple[bytes, bytes, int, hashes.HashAlgorithm] | NonerQ�(list[x509.Extension[x509.ExtensionType]]�return�None)rV�x509.CertificaterWrtr&rDrrrI)
r[�bytesr\rurbr^r&rDrrrI)rj�x509.ExtensionTyperk�boolrrrI)rr�OCSPRequest)r
rrrCrXrcrmrprrrrIrIvs�����?A�&��&��
&�=�&�
�&�
��
�!�
�(�	
�

�
�&
��
��
��	
�
(�
�
�

�<
�(�
�48�
�	�
�.rrIc���eZdZdddgf							d
d�Z																		dd�Z																				dd�Z						d
d�Z				dd�Z						dd�Z						dd�Z	e
				dd	��Zy)�OCSPResponseBuilderNc�<�||_||_||_||_yrK)�	_response�
_responder_id�_certsrN)r;�response�responder_id�certsrQs     rrCzOCSPResponseBuilder.__init__�s"��"���)������%��rc	
�.�|j�td��t|tj�rt|tj�std��t
||fd||||||�}	t|	|j|j|j�S)N�#Only one response per OCSPResponse.rT)r|r%r#rrUr1r.rzr}r~rN)
r;rVrWr&r>r?r@rArB�
singleresps
          r�add_responsez OCSPResponseBuilder.add_response�s����>�>�%��B�C�C��$�� 0� 0�1���D�$�$�:
��C�D�D�$�
�6�N��������	
�
�#������K�K����	
�	
rc

���|j�td��t|t�st	d��tjd|�tjd|�t|�|jt|�k7s|jt|�k7rtd��td|||f||||||	�}
t|
|j|j|j�S)Nr�rZr[r\r])r|r%r#r^r1rr_r'r`rar.rzr}r~rN)r;r[r\rbr&r>r?r@rArBr�s           r�add_response_by_hashz(OCSPResponseBuilder.add_response_by_hash�s����>�>�%��B�C�C��-��-��>�?�?�
���-�/?�@�
���,�o�>��)�$�� � �C��%
�
�
�
"�
"�c�/�&:�
:��6��
�
%��
��
�>�������	
�
�#������K�K����	
�	
rc��|j�td��t|tj�std��t|t�std��t|j||f|j|j�S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)r}r%r#rrUr1rrzr|r~rN)r;�encoding�responder_certs   rr�z OCSPResponseBuilder.responder_id*s������)��@�A�A��.�$�*:�*:�;��B�C�C��(�$9�:��H��
�#��N�N�
�X�&��K�K����	
�	
rc�
�|j�td��t|�}t|�dk(rtd��t	d�|D��std��t
|j|j||j�S)Nz!certificates may only be set oncerzcerts must not be an empty listc3�PK�|]}t|tj���� y�wrK)r#rrU)�.0�xs  r�	<genexpr>z3OCSPResponseBuilder.certificates.<locals>.<genexpr>Es����B�q�:�a��!1�!1�2�B�s�$&z$certs must be a list of Certificates)
r~r%�listra�allr1rzr|r}rN)r;r�s  r�certificatesz OCSPResponseBuilder.certificates=s}���;�;�"��@�A�A��U����u�:��?��>�?�?��B�E�B�B��B�C�C�"��N�N��������	
�	
rc�.�t|tj�std��tj|j
||�}t
||j�t|j|j|jg|j�|��Sre)r#rrfr1rgrhr
rNrzr|r}r~ris    rrmz!OCSPResponseBuilder.add_extensionNs}���&�$�"4�"4�5��@�A�A��N�N�6�:�:�x��@�	�#�I�t�/?�/?�@�"��N�N�����K�K�*�d���*�	�*�	
�	
rc��|j�td��|j�td��tjt
j|||�S)Nz&You must add a response before signingz*You must add a responder_id before signing)r|r%r}r�create_ocsp_responserr)r;�private_keyr&s   r�signzOCSPResponseBuilder.sign^sT��
�>�>�!��E�F�F����%��I�J�J��(�(��)�)�4��i�
�	
rc��t|t�std��|tjurt	d��tj|ddd�S)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r#rr1rr%rr�)�cls�response_statuss  r�build_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfullsS���/�+=�>��I��
��0�;�;�;��C�D�D��(�(��$��d�K�Kr)rz_SingleResponse | Noner�z5tuple[x509.Certificate, OCSPResponderEncoding] | Noner�zlist[x509.Certificate] | NonerQrq)rVrtrWrtr&rDr>r)r?rEr@rFrArFrBrGrrrz)r[rur\rurbr^r&rDr>r)r?rEr@rFrArFrBrGrrrz)r�rr�rtrrrz)r�zIterable[x509.Certificate]rrrz)rjrvrkrwrrrz)r�r	r&zhashes.HashAlgorithm | Nonerr�OCSPResponse)r�rrrr�)r
rrrCr�r�r�r�rmr��classmethodr�rrrrzrz�s���,0��/3�?A�
&�(�&��&�
-�&�=�
&�"
��"
�!�"
�(�	"
�
$�"
�'�
"
�.�"
�2�"
�3�"
�
�"
�H,
��,
��,
��	,
�
(�,
�$�
,
�'�,
�.�,
�2�,
�3�,
�
�,
�\
�-�
�?O�
�	�
�&
�/�
�	�
�"
�(�
�48�
�	�
� 
�5�
�/�
�
�	
��
L�0�
L�	�
L��
Lrrz)r&rDrrrs)#�
__future__rr0�collections.abcr�cryptographyrr�"cryptography.hazmat.bindings._rustr�cryptography.hazmat.primitivesr�/cryptography.hazmat.primitives.asymmetric.typesr	�cryptography.x509.baser
�Enumrr�SHA1�SHA224�SHA256�SHA384�SHA512r$r'r)r.rxr��OCSPSingleResponserIrz�load_der_ocsp_request�load_der_ocsp_responserrr�<module>r�s���
#��$�$�3�1��?��E�J�J��
������K�K�
�M�M�
�M�M�
�M�M�
�M�M���
��U�Z�Z��74�74�t����� � ���,�,��Q.�Q.�hmL�mL�`�2�2���4�4�r