
    )JfE              	      x   d dl mZ d dlZd dlZd dlZd dlZd dlZd dlmZ d dl	m
Z d dlmZmZ d dlmZmZmZmZmZmZmZmZ d dlmZmZmZ d dlmZmZmZm Z  d d	l!m"Z"m#Z# d d
l$m%Z%  ej        ddd          Z&ej'        ej(        ej)        ej*        ej+        ej,        ej-        ej.        ej/        f         Z0 G d de1          Z2d;dZ3d<dZ4d=dZ5 G d d          Z6 G d  d!          Z7 G d" d#ej8                  Z9 G d$ d%e1          Z: G d& d'ej;        (          Z<e<=                    ej<                    G d) d*ej;        (          Z>e>=                    ej>                    G d+ d,e>          Z? G d- d.ej;        (          Z@e@=                    ej@                    G d/ d0ej;        (          ZAeA=                    ejA                   ejB        ZBejC        ZCejD        ZDejE        ZEejF        ZFejG        ZGejH        ZH G d1 d2          ZI G d3 d4          ZJ G d5 d6          ZK G d7 d8          ZLd>d:ZMdS )?    )annotationsN)utils)x509)hashesserialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes)	Extension
ExtensionsExtensionType_make_sequence_methods)Name	_ASN1Type)ObjectIdentifieri     c                        e Zd Zd fdZ xZS )	AttributeNotFoundmsgstroidr   returnNonec                X    t                                          |           || _        d S N)super__init__r   )selfr   r   	__class__s      Y/home/alex/cs2snipeproduction/venv/lib/python3.11/site-packages/cryptography/x509/base.pyr%   zAttributeNotFound.__init__9   s&        )r   r   r   r   r    r!   __name__
__module____qualname__r%   __classcell__r'   s   @r(   r   r   8   s=                 r)   r   	extensionExtension[ExtensionType]
extensionslist[Extension[ExtensionType]]r    r!   c                N    |D ]!}|j         | j         k    rt          d          "d S )Nz$This extension has already been set.)r   
ValueError)r0   r2   es      r(   _reject_duplicate_extensionr7   >   sD    
  E E5IM!!CDDD "E Er)   r   r   
attributes0list[tuple[ObjectIdentifier, bytes, int | None]]c                B    |D ]\  }}}|| k    rt          d          d S )Nz$This attribute has already been set.)r5   )r   r8   attr_oid_s       r(   _reject_duplicate_attributer=   H   sD    
 % E E!Qs??CDDD E Er)   timedatetime.datetimec                    | j         D|                                 }|r|nt          j                    }|                     d          |z
  S | S )zNormalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    Ntzinfo)rB   	utcoffsetdatetime	timedeltareplace)r>   offsets     r(   _convert_to_naive_utc_timerH   R   sP     {!!!;x'9';';||4|((611r)   c                  v    e Zd Zej        j        fdd	Zedd
            Zedd            ZddZ	ddZ
ddZdS )	Attributer   r   valuebytes_typeintr    r!   c                0    || _         || _        || _        d S r#   )_oid_valuerM   )r&   r   rK   rM   s       r(   r%   zAttribute.__init__a   s     	


r)   c                    | j         S r#   )rP   r&   s    r(   r   zAttribute.oidk   s
    yr)   c                    | j         S r#   )rQ   rS   s    r(   rK   zAttribute.valueo   s
    {r)   r   c                (    d| j          d| j        dS )Nz<Attribute(oid=z, value=)>)r   rK   rS   s    r(   __repr__zAttribute.__repr__s   s    CCC4:CCCCr)   otherobjectboolc                    t          |t                    st          S | j        |j        k    o| j        |j        k    o| j        |j        k    S r#   )
isinstancerJ   NotImplementedr   rK   rM   r&   rX   s     r(   __eq__zAttribute.__eq__v   sO    %++ 	"!! H	! *
ek)*
ek)	
r)   c                D    t          | j        | j        | j        f          S r#   )hashr   rK   rM   rS   s    r(   __hash__zAttribute.__hash__   s    TXtz4:6777r)   N)r   r   rK   rL   rM   rN   r    r!   r    r   r    rL   r    r   rX   rY   r    rZ   r    rN   )r+   r,   r-   r   
UTF8StringrK   r%   propertyr   rW   r_   rb    r)   r(   rJ   rJ   `   s        
 )/	        X    XD D D D
 
 
 
8 8 8 8 8 8r)   rJ   c                  D    e Zd ZddZ ed          \  ZZZddZddZ	dS )
Attributesr8   typing.Iterable[Attribute]r    r!   c                .    t          |          | _        d S r#   )list_attributes)r&   r8   s     r(   r%   zAttributes.__init__   s      
++r)   rp   r   c                    d| j          dS )Nz<Attributes(rV   )rp   rS   s    r(   rW   zAttributes.__repr__   s    2d.2222r)   r   r   rJ   c                R    | D ]}|j         |k    r|c S t          d| d|          )NzNo z attribute was found)r   r   )r&   r   attrs      r(   get_attribute_for_oidz Attributes.get_attribute_for_oid   sH     	 	Dx3    ?c ? ? ?EEEr)   N)r8   rm   r    r!   re   )r   r   r    rJ   )
r+   r,   r-   r%   r   __len____iter____getitem__rW   rt   rj   r)   r(   rl   rl      so        , , , , &<%;M%J%J"GX{3 3 3 3F F F F F Fr)   rl   c                      e Zd ZdZdZdS )Versionr      N)r+   r,   r-   v1v3rj   r)   r(   ry   ry      s        	
B	
BBBr)   ry   c                        e Zd Zd fdZ xZS )	InvalidVersionr   r   parsed_versionrN   r    r!   c                X    t                                          |           || _        d S r#   )r$   r%   r   )r&   r   r   r'   s      r(   r%   zInvalidVersion.__init__   s)    ,r)   )r   r   r   rN   r    r!   r*   r/   s   @r(   r~   r~      s=        - - - - - - - - - -r)   r~   c                     e Zd Zej        d+d            Zeej        d,d                        Zeej        d-d	                        Zej        d.d            Z	eej        d/d                        Z
eej        d/d                        Zeej        d/d                        Zeej        d/d                        Zeej        d0d                        Zeej        d0d                        Zeej        d1d                        Zeej        d2d                        Zeej        d3d                        Zeej        d4d                        Zeej        d5d                        Zeej        d5d                        Zeej        d5d                        Zej        d6d"            Zej        d,d#            Zej        d7d&            Zej        d8d)            Zd*S )9Certificate	algorithmhashes.HashAlgorithmr    rL   c                    dS z4
        Returns bytes using digest passed.
        Nrj   r&   r   s     r(   fingerprintzCertificate.fingerprint         r)   rN   c                    dS )z3
        Returns certificate serial number
        Nrj   rS   s    r(   serial_numberzCertificate.serial_number   r   r)   ry   c                    dS )z1
        Returns the certificate version
        Nrj   rS   s    r(   versionzCertificate.version   r   r)   r   c                    dS z(
        Returns the public key
        Nrj   rS   s    r(   
public_keyzCertificate.public_key   r   r)   r?   c                    dS )z?
        Not before time (represented as UTC datetime)
        Nrj   rS   s    r(   not_valid_beforezCertificate.not_valid_before   r   r)   c                    dS )zK
        Not before time (represented as a non-naive UTC datetime)
        Nrj   rS   s    r(   not_valid_before_utcz Certificate.not_valid_before_utc   r   r)   c                    dS )z>
        Not after time (represented as UTC datetime)
        Nrj   rS   s    r(   not_valid_afterzCertificate.not_valid_after   r   r)   c                    dS )zJ
        Not after time (represented as a non-naive UTC datetime)
        Nrj   rS   s    r(   not_valid_after_utczCertificate.not_valid_after_utc   r   r)   r   c                    dS )z1
        Returns the issuer name object.
        Nrj   rS   s    r(   issuerzCertificate.issuer   r   r)   c                    dS z2
        Returns the subject name object.
        Nrj   rS   s    r(   subjectzCertificate.subject   r   r)   hashes.HashAlgorithm | Nonec                    dS zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nrj   rS   s    r(   signature_hash_algorithmz$Certificate.signature_hash_algorithm   r   r)   r   c                    dS zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nrj   rS   s    r(   signature_algorithm_oidz#Certificate.signature_algorithm_oid   r   r)   0None | padding.PSS | padding.PKCS1v15 | ec.ECDSAc                    dS z=
        Returns the signature algorithm parameters.
        Nrj   rS   s    r(   signature_algorithm_parametersz*Certificate.signature_algorithm_parameters   r   r)   r   c                    dS )z/
        Returns an Extensions object.
        Nrj   rS   s    r(   r2   zCertificate.extensions  r   r)   c                    dS z.
        Returns the signature bytes.
        Nrj   rS   s    r(   	signaturezCertificate.signature	  r   r)   c                    dS )zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        Nrj   rS   s    r(   tbs_certificate_bytesz!Certificate.tbs_certificate_bytes  r   r)   c                    dS )zh
        Returns the tbsCertificate payload bytes with the SCT list extension
        stripped.
        Nrj   rS   s    r(   tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytes  r   r)   rX   rY   rZ   c                    dS z"
        Checks equality.
        Nrj   r^   s     r(   r_   zCertificate.__eq__  r   r)   c                    dS z"
        Computes a hash.
        Nrj   rS   s    r(   rb   zCertificate.__hash__%  r   r)   encodingserialization.Encodingc                    dS )zB
        Serializes the certificate to PEM or DER format.
        Nrj   r&   r   s     r(   public_byteszCertificate.public_bytes+  r   r)   r   r!   c                    dS )z
        This method verifies that certificate issuer name matches the
        issuer subject name and that the certificate is signed by the
        issuer's private key. No other validation is performed.
        Nrj   )r&   r   s     r(   verify_directly_issued_byz%Certificate.verify_directly_issued_by1  r   r)   Nr   r   r    rL   rg   )r    ry   r    r   r    r?   r    r   r    r   rc   r    r   r    r   rd   rf   r   r   r    rL   )r   r   r    r!   )r+   r,   r-   abcabstractmethodr   ri   r   r   r   r   r   r   r   r   r   r   r   r   r2   r   r   r   r_   rb   r   r   rj   r)   r(   r   r      s          
     X
     X
 	   
     X
     X
     X
     X
     X
     X
     X     X
     X     X
     X
     X
     X 	   
 	   
 	   
 	     r)   r   )	metaclassc                      e Zd Zeej        d
d                        Zeej        dd                        Zeej        dd                        Zeej        dd                        Z	d	S )RevokedCertificater    rN   c                    dS )zG
        Returns the serial number of the revoked certificate.
        Nrj   rS   s    r(   r   z RevokedCertificate.serial_number?  r   r)   r?   c                    dS )zH
        Returns the date of when this certificate was revoked.
        Nrj   rS   s    r(   revocation_datez"RevokedCertificate.revocation_dateF  r   r)   c                    dS )zl
        Returns the date of when this certificate was revoked as a non-naive
        UTC datetime.
        Nrj   rS   s    r(   revocation_date_utcz&RevokedCertificate.revocation_date_utcM  r   r)   r   c                    dS )zW
        Returns an Extensions object containing a list of Revoked extensions.
        Nrj   rS   s    r(   r2   zRevokedCertificate.extensionsU  r   r)   Nrg   r   r   )
r+   r,   r-   ri   r   r   r   r   r   r2   rj   r)   r(   r   r   >  s            X
     X
     X     X  r)   r   c                  v    e Zd ZddZedd	            Zedd
            Zedd            Zedd            ZdS )_RawRevokedCertificater   rN   r   r?   r2   r   c                0    || _         || _        || _        d S r#   _serial_number_revocation_date_extensionsr&   r   r   r2   s       r(   r%   z_RawRevokedCertificate.__init__b  "     , /%r)   r    c                    | j         S r#   )r   rS   s    r(   r   z$_RawRevokedCertificate.serial_numberl  s    ""r)   c                R    t          j        dt          j        d           | j        S )Nuk   Properties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.rz   )
stacklevel)warningswarnr   DeprecatedIn42r   rS   s    r(   r   z&_RawRevokedCertificate.revocation_datep  s5    @ 		
 	
 	
 	
 $$r)   c                V    | j                             t          j        j                  S )NrA   )r   rF   rD   timezoneutcrS   s    r(   r   z*_RawRevokedCertificate.revocation_date_utcz  s"    $,,H4E4I,JJJr)   c                    | j         S r#   )r   rS   s    r(   r2   z!_RawRevokedCertificate.extensions~  s    r)   N)r   rN   r   r?   r2   r   rg   r   r   )	r+   r,   r-   r%   ri   r   r   r   r2   rj   r)   r(   r   r   a  s        & & & & # # # X# % % % X% K K K XK       X     r)   r   c                     e Zd Zej        d3d            Zej        d4d            Zej        d5d            Zeej        d6d                        Z	eej        d7d                        Z
eej        d8d                        Zeej        d9d                        Zeej        d:d                        Zeej        d:d                        Zeej        d;d                        Zeej        d;d                        Zeej        d<d                        Zeej        d=d                        Zeej        d=d                        Zej        d>d"            Zej        d?d#            Zej        d@d&            Zej        dAd)            Zej        dBd,            Zej        dCd.            Zej        dDd1            Zd2S )ECertificateRevocationListr   r   r    rL   c                    dS )z:
        Serializes the CRL to PEM or DER format.
        Nrj   r   s     r(   r   z&CertificateRevocationList.public_bytes  r   r)   r   r   c                    dS r   rj   r   s     r(   r   z%CertificateRevocationList.fingerprint  r   r)   r   rN   RevokedCertificate | Nonec                    dS )zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nrj   )r&   r   s     r(   (get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_number  r   r)   r   c                    dS r   rj   rS   s    r(   r   z2CertificateRevocationList.signature_hash_algorithm  r   r)   r   c                    dS r   rj   rS   s    r(   r   z1CertificateRevocationList.signature_algorithm_oid  r   r)   r   c                    dS r   rj   rS   s    r(   r   z8CertificateRevocationList.signature_algorithm_parameters  r   r)   r   c                    dS )zC
        Returns the X509Name with the issuer of this CRL.
        Nrj   rS   s    r(   r   z CertificateRevocationList.issuer  r   r)   datetime.datetime | Nonec                    dS )z?
        Returns the date of next update for this CRL.
        Nrj   rS   s    r(   next_updatez%CertificateRevocationList.next_update  r   r)   c                    dS )zc
        Returns the date of next update for this CRL as a non-naive UTC
        datetime.
        Nrj   rS   s    r(   next_update_utcz)CertificateRevocationList.next_update_utc  r   r)   r?   c                    dS )z?
        Returns the date of last update for this CRL.
        Nrj   rS   s    r(   last_updatez%CertificateRevocationList.last_update  r   r)   c                    dS )zc
        Returns the date of last update for this CRL as a non-naive UTC
        datetime.
        Nrj   rS   s    r(   last_update_utcz)CertificateRevocationList.last_update_utc  r   r)   r   c                    dS )zS
        Returns an Extensions object containing a list of CRL extensions.
        Nrj   rS   s    r(   r2   z$CertificateRevocationList.extensions  r   r)   c                    dS r   rj   rS   s    r(   r   z#CertificateRevocationList.signature  r   r)   c                    dS )zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        Nrj   rS   s    r(   tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytes  r   r)   rX   rY   rZ   c                    dS r   rj   r^   s     r(   r_   z CertificateRevocationList.__eq__  r   r)   c                    dS )z<
        Number of revoked certificates in the CRL.
        Nrj   rS   s    r(   ru   z!CertificateRevocationList.__len__  r   r)   idxr   c                    d S r#   rj   r&   r   s     r(   rw   z%CertificateRevocationList.__getitem__      r)   slicelist[RevokedCertificate]c                    d S r#   rj   r   s     r(   rw   z%CertificateRevocationList.__getitem__  r   r)   int | slice-RevokedCertificate | list[RevokedCertificate]c                    dS )zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nrj   r   s     r(   rw   z%CertificateRevocationList.__getitem__  r   r)   #typing.Iterator[RevokedCertificate]c                    dS )z8
        Iterator over the revoked certificates
        Nrj   rS   s    r(   rv   z"CertificateRevocationList.__iter__	  r   r)   r   r   c                    dS )zQ
        Verifies signature of revocation list against given public key.
        Nrj   )r&   r   s     r(   is_signature_validz,CertificateRevocationList.is_signature_valid  r   r)   Nr   r   )r   rN   r    r   r   rc   r   r   )r    r   r   r   rd   rf   rg   )r   rN   r    r   )r   r   r    r  )r   r  r    r  )r    r  )r   r   r    rZ   )r+   r,   r-   r   r   r   r   r   ri   r   r   r   r   r   r   r   r   r2   r   r   r_   ru   typingoverloadrw   rv   r	  rj   r)   r(   r   r     sp          
 	   
 	        X     X
     X     X
     X
     X     X
     X     X
     X
     X
 	   
 	   
 _   _ _   _ 	    	   
 	     r)   r   c                  z   e Zd Zej        d d            Zej        d!d            Zej        d"d	            Zeej        d#d                        Z	eej        d$d                        Z
eej        d%d                        Zeej        d&d                        Zeej        d'd                        Zeej        d(d                        Zej        d)d            Zeej        d*d                        Zeej        d*d                        Zeej        d+d                        Zej        d,d            ZdS )-CertificateSigningRequestrX   rY   r    rZ   c                    dS r   rj   r^   s     r(   r_   z CertificateSigningRequest.__eq__  r   r)   rN   c                    dS r   rj   rS   s    r(   rb   z"CertificateSigningRequest.__hash__"  r   r)   r   c                    dS r   rj   rS   s    r(   r   z$CertificateSigningRequest.public_key(  r   r)   r   c                    dS r   rj   rS   s    r(   r   z!CertificateSigningRequest.subject.  r   r)   r   c                    dS r   rj   rS   s    r(   r   z2CertificateSigningRequest.signature_hash_algorithm5  r   r)   r   c                    dS r   rj   rS   s    r(   r   z1CertificateSigningRequest.signature_algorithm_oid?  r   r)   r   c                    dS r   rj   rS   s    r(   r   z8CertificateSigningRequest.signature_algorithm_parametersF  r   r)   r   c                    dS )z@
        Returns the extensions in the signing request.
        Nrj   rS   s    r(   r2   z$CertificateSigningRequest.extensionsO  r   r)   rl   c                    dS )z/
        Returns an Attributes object.
        Nrj   rS   s    r(   r8   z$CertificateSigningRequest.attributesV  r   r)   r   r   rL   c                    dS )z;
        Encodes the request to PEM or DER format.
        Nrj   r   s     r(   r   z&CertificateSigningRequest.public_bytes]  r   r)   c                    dS r   rj   rS   s    r(   r   z#CertificateSigningRequest.signaturec  r   r)   c                    dS )zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        Nrj   rS   s    r(   tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytesj  r   r)   c                    dS )z8
        Verifies signature of signing request.
        Nrj   rS   s    r(   r	  z,CertificateSigningRequest.is_signature_validr  r   r)   r   c                    dS )z:
        Get the attribute value for a given OID.
        Nrj   )r&   r   s     r(   rt   z/CertificateSigningRequest.get_attribute_for_oidy  r   r)   Nrf   rg   r   r   r   rc   r   r   )r    rl   r   rd   )r    rZ   )r   r   r    rL   )r+   r,   r-   r   r   r_   rb   r   ri   r   r   r   r   r2   r8   r   r   r  r	  rt   rj   r)   r(   r  r    sd          
 	   
 	   
     X
     X     X
     X     X
     X
 	   
     X
     X     X
 	     r)   r  c                  N    e Zd Zdg g fd%dZd&dZd'dZddd(dZ	 d)ddd*d$ZdS )+ CertificateSigningRequestBuilderNsubject_nameName | Noner2   r3   r8   r9   c                0    || _         || _        || _        dS )zB
        Creates an empty X.509 certificate request (v1).
        N)_subject_namer   rp   )r&   r  r2   r8   s       r(   r%   z)CertificateSigningRequestBuilder.__init__  s"     *%%r)   namer   r    c                    t          |t                    st          d          | j        t	          d          t          || j        | j                  S )zF
        Sets the certificate requestor's distinguished name.
        Expecting x509.Name object.N&The subject name may only be set once.)r\   r   	TypeErrorr"  r5   r  r   rp   r&   r#  s     r(   r  z-CertificateSigningRequestBuilder.subject_name  s\     $%% 	;9:::)EFFF/$"D$4
 
 	
r)   extvalr   criticalrZ   c                    t          |t                    st          d          t          |j        ||          }t          || j                   t          | j        g | j        || j	                  S )zE
        Adds an X.509 extension to the certificate request.
        "extension must be an ExtensionType)
r\   r   r'  r   r   r7   r   r  r"  rp   r&   r)  r*  r0   s       r(   add_extensionz.CertificateSigningRequestBuilder.add_extension  sz     &-00 	B@AAAfj(F;;	#It/?@@@/*d*	*
 
 	
r)   )_tagr   r   rK   rL   r/  _ASN1Type | Nonec               n   t          |t                    st          d          t          |t                    st          d          |$t          |t                    st          d          t          || j                   ||j        }nd}t          | j	        | j
        g | j        |||f          S )zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)r\   r   r'  rL   r   r=   rp   rK   r  r"  r   )r&   r   rK   r/  tags        r(   add_attributez.CertificateSigningRequestBuilder.add_attribute  s     #/00 	?=>>>%'' 	31222JtY$?$?3444#C)9:::*CCC/2d2eS 12
 
 	
r)   rsa_paddingprivate_keyr   r   _AllowedHashTypes | Nonebackend
typing.Anyr5  %padding.PSS | padding.PKCS1v15 | Noner  c                  | j         t          d          |^t          |t          j        t          j        f          st          d          t          |t          j                  st          d          t          j
        | |||          S )zF
        Signs the request using the requestor's private key.
        Nz/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys)r"  r5   r\   r   PSSPKCS1v15r'  r   RSAPrivateKey	rust_x509create_x509_csrr&   r6  r   r8  r5  s        r(   signz%CertificateSigningRequestBuilder.sign  s     %NOOO"kGK9I+JKK C ABBBk3+<== J HIII(+y+
 
 	
r)   )r  r   r2   r3   r8   r9   )r#  r   r    r  )r)  r   r*  rZ   r    r  )r   r   rK   rL   r/  r0  r    r  r#   )
r6  r   r   r7  r8  r9  r5  r:  r    r  )r+   r,   r-   r%   r  r.  r3  rD  rj   r)   r(   r  r    s         %)57GI	& & & & &

 

 

 


 
 
 
. "&
 
 
 
 
 
H #	
 >B
 
 
 
 
 
 
 
r)   r  c                  |    e Zd ZU ded<   ddddddg fd0dZd1dZd1dZd2dZd3dZd4dZ	d4dZ
d5d$Z	 d6dd%d7d/ZdS )8CertificateBuilderr3   r   Nissuer_namer   r  r    CertificatePublicKeyTypes | Noner   
int | Noner   r   r   r2   r    r!   c                    t           j        | _        || _        || _        || _        || _        || _        || _        || _	        d S r#   )
ry   r|   _version_issuer_namer"  _public_keyr   _not_valid_before_not_valid_afterr   )r&   rG  r  r   r   r   r   r2   s           r(   r%   zCertificateBuilder.__init__  sK      
')%+!1 /%r)   r#  r   c           	         t          |t                    st          d          | j        t	          d          t          || j        | j        | j        | j	        | j
        | j                  S )z3
        Sets the CA's distinguished name.
        r%  N%The issuer name may only be set once.)r\   r   r'  rL  r5   rF  r"  rM  r   rN  rO  r   r(  s     r(   rG  zCertificateBuilder.issuer_name  sv     $%% 	;9:::(DEEE!"!
 
 	
r)   c           	         t          |t                    st          d          | j        t	          d          t          | j        || j        | j        | j	        | j
        | j                  S )z:
        Sets the requestor's distinguished name.
        r%  Nr&  )r\   r   r'  r"  r5   rF  rL  rM  r   rN  rO  r   r(  s     r(   r  zCertificateBuilder.subject_name  sv     $%% 	;9:::)EFFF!"!
 
 	
r)   keyr   c           
     l   t          |t          j        t          j        t
          j        t          j        t          j
        t          j        t          j        f          st          d          | j        t#          d          t%          | j        | j        || j        | j        | j        | j                  S )zT
        Sets the requestor's public key (as found in the signing request).
        zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)r\   r   DSAPublicKeyr   RSAPublicKeyr	   EllipticCurvePublicKeyr   Ed25519PublicKeyr
   Ed448PublicKeyr   X25519PublicKeyr   X448PublicKeyr'  rM  r5   rF  rL  r"  r   rN  rO  r   )r&   rS  s     r(   r   zCertificateBuilder.public_key/  s       )($&"
 
 	 !   'CDDD!"!
 
 	
r)   numberrN   c           	     T   t          |t                    st          d          | j        t	          d          |dk    rt	          d          |                                dk    rt	          d          t          | j        | j        | j	        || j
        | j        | j                  S )z5
        Sets the certificate serial number.
        'Serial number must be of integral type.N'The serial number may only be set once.r   z%The serial number should be positive.   3The serial number should not be more than 159 bits.)r\   rN   r'  r   r5   
bit_lengthrF  rL  r"  rM  rN  rO  r   r&   r\  s     r(   r   z CertificateBuilder.serial_numberT  s     &#&& 	GEFFF*FGGGQ;;DEEE #%%H   ""!
 
 	
r)   r>   r?   c           	     z   t          |t          j                  st          d          | j        t	          d          t          |          }|t          k     rt	          d          | j        || j        k    rt	          d          t          | j	        | j
        | j        | j        || j        | j                  S )z7
        Sets the certificate activation time.
        Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)r\   rD   r'  rN  r5   rH   _EARLIEST_UTC_TIMErO  rF  rL  r"  rM  r   r   r&   r>   s     r(   r   z#CertificateBuilder.not_valid_beforeo  s     $ 122 	:8999!-IJJJ)$//$$$$    ,8M1M1M   "!
 
 	
r)   c           	     z   t          |t          j                  st          d          | j        t	          d          t          |          }|t          k     rt	          d          | j        || j        k     rt	          d          t          | j	        | j
        | j        | j        | j        || j                  S )z7
        Sets the certificate expiration time.
        re  Nz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)r\   rD   r'  rO  r5   rH   rf  rN  rF  rL  r"  rM  r   r   rg  s     r(   r   z"CertificateBuilder.not_valid_after  s     $ 122 	:8999 ,HIII)$//$$$#  
 ".t---   ""
 
 	
r)   r)  r   r*  rZ   c           
        t          |t                    st          d          t          |j        ||          }t          || j                   t          | j        | j	        | j
        | j        | j        | j        g | j        |          S )z=
        Adds an X.509 extension to the certificate.
        r,  )r\   r   r'  r   r   r7   r   rF  rL  r"  rM  r   rN  rO  r-  s       r(   r.  z CertificateBuilder.add_extension  s     &-00 	B@AAAfj(F;;	#It/?@@@!"!*d*	*
 
 	
r)   r4  r6  r   r   r7  r8  r9  r5  r:  r   c                  | j         t          d          | j        t          d          | j        t          d          | j        t          d          | j        t          d          | j        t          d          |^t          |t          j	        t          j
        f          st          d          t          |t          j                  st          d	          t          j        | |||          S )
zC
        Signs the certificate using the CA's private key.
        Nz&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public keyr<  r=  )r"  r5   rL  r   rN  rO  rM  r\   r   r>  r?  r'  r   r@  rA  create_x509_certificaterC  s        r(   rD  zCertificateBuilder.sign  s	    %EFFF$EFFF&FGGG!)NOOO (MNNN#CDDD"kGK9I+JKK C ABBBk3+<== J HIII0+y+
 
 	
r)   )rG  r   r  r   r   rH  r   rI  r   r   r   r   r2   r3   r    r!   )r#  r   r    rF  )rS  r   r    rF  )r\  rN   r    rF  )r>   r?   r    rF  )r)  r   r*  rZ   r    rF  r#   )
r6  r   r   r7  r8  r9  r5  r:  r    r   )r+   r,   r-   __annotations__r%   rG  r  r   r   r   r   r.  rD  rj   r)   r(   rF  rF    s        //// $($(7;$(594857& & & & &&
 
 
 
$
 
 
 
$#
 #
 #
 #
J
 
 
 
6
 
 
 
:
 
 
 
@
 
 
 
4 #	%
 >B%
 %
 %
 %
 %
 %
 %
 %
r)   rF  c                  r    e Zd ZU ded<   ded<   dddg g fd'dZd(dZd)dZd*dZd+dZd,dZ		 d-ddd.d&Z
dS )/ CertificateRevocationListBuilderr3   r   r  _revoked_certificatesNrG  r   r   r   r   r2   revoked_certificatesc                L    || _         || _        || _        || _        || _        d S r#   )rL  _last_update_next_updater   ro  )r&   rG  r   r   r2   rp  s         r(   r%   z)CertificateRevocationListBuilder.__init__  s2     (''%%9"""r)   r   r    c                    t          |t                    st          d          | j        t	          d          t          || j        | j        | j        | j	                  S )Nr%  rQ  )
r\   r   r'  rL  r5   rn  rr  rs  r   ro  )r&   rG  s     r(   rG  z,CertificateRevocationListBuilder.issuer_name  sj     +t,, 	;9:::(DEEE/&
 
 	
r)   r?   c                b   t          |t          j                  st          d          | j        t	          d          t          |          }|t          k     rt	          d          | j        || j        k    rt	          d          t          | j	        || j        | j
        | j                  S )Nre  !Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)r\   rD   r'  rr  r5   rH   rf  rs  rn  rL  r   ro  )r&   r   s     r(   r   z,CertificateRevocationListBuilder.last_update  s     +x'899 	:8999(@AAA0==+++M   ([4;L-L-LK   0&
 
 	
r)   c                b   t          |t          j                  st          d          | j        t	          d          t          |          }|t          k     rt	          d          | j        || j        k     rt	          d          t          | j	        | j        || j
        | j                  S )Nre  rv  rw  z8The next update date must be after the last update date.)r\   rD   r'  rs  r5   rH   rf  rr  rn  rL  r   ro  )r&   r   s     r(   r   z,CertificateRevocationListBuilder.next_update#  s     +x'899 	:8999(@AAA0==+++M   ([4;L-L-LJ   0&
 
 	
r)   r)  r   r*  rZ   c                    t          |t                    st          d          t          |j        ||          }t          || j                   t          | j        | j	        | j
        g | j        || j                  S )zM
        Adds an X.509 extension to the certificate revocation list.
        r,  )r\   r   r'  r   r   r7   r   rn  rL  rr  rs  ro  r-  s       r(   r.  z.CertificateRevocationListBuilder.add_extension;  s     &-00 	B@AAAfj(F;;	#It/?@@@/*d*	*&
 
 	
r)   revoked_certificater   c                    t          |t                    st          d          t          | j        | j        | j        | j        g | j        |          S )z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	r\   r   r'  rn  rL  rr  rs  r   ro  )r&   rz  s     r(   add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificateN  sc     -/ABB 	IGHHH/>d(>*=>
 
 	
r)   r4  r6  r   r   r7  r8  r9  r5  r:  r   c               t   | j         t          d          | j        t          d          | j        t          d          |^t	          |t
          j        t
          j        f          st          d          t	          |t          j
                  st          d          t          j        | |||          S )NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timer<  r=  )rL  r5   rr  rs  r\   r   r>  r?  r'  r   r@  rA  create_x509_crlrC  s        r(   rD  z%CertificateRevocationListBuilder.sign_  s     $=>>>$ABBB$ABBB"kGK9I+JKK C ABBBk3+<== J HIII(+y+
 
 	
r)   )
rG  r   r   r   r   r   r2   r3   rp  r  )rG  r   r    rn  )r   r?   r    rn  )r   r?   r    rn  )r)  r   r*  rZ   r    rn  )rz  r   r    rn  r#   )
r6  r   r   r7  r8  r9  r5  r:  r    r   )r+   r,   r-   rl  r%   rG  r   r   r.  r|  rD  rj   r)   r(   rn  rn    s         ////3333 $(0404579;: : : : :
 
 
 

 
 
 
0
 
 
 
0
 
 
 
&
 
 
 
* #	
 >B
 
 
 
 
 
 
 
r)   rn  c                  @    e Zd Zddg fddZddZddZddZdddZdS )RevokedCertificateBuilderNr   rI  r   r   r2   r3   c                0    || _         || _        || _        d S r#   r   r   s       r(   r%   z"RevokedCertificateBuilder.__init__|  r   r)   r\  rN   r    c                $   t          |t                    st          d          | j        t	          d          |dk    rt	          d          |                                dk    rt	          d          t          || j        | j                  S )Nr^  r_  r   z$The serial number should be positiver`  ra  )	r\   rN   r'  r   r5   rb  r  r   r   rc  s     r(   r   z'RevokedCertificateBuilder.serial_number  s    &#&& 	GEFFF*FGGGQ;;CDDD #%%H   )D)4+;
 
 	
r)   r>   r?   c                   t          |t          j                  st          d          | j        t	          d          t          |          }|t          k     rt	          d          t          | j        || j	                  S )Nre  z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
r\   rD   r'  r   r5   rH   rf  r  r   r   rg  s     r(   r   z)RevokedCertificateBuilder.revocation_date  s     $ 122 	:8999 ,HIII)$//$$$L   )t'7
 
 	
r)   r)  r   r*  rZ   c                    t          |t                    st          d          t          |j        ||          }t          || j                   t          | j        | j	        g | j        |          S )Nr,  )
r\   r   r'  r   r   r7   r   r  r   r   r-  s       r(   r.  z'RevokedCertificateBuilder.add_extension  sz     &-00 	B@AAAfj(F;;	#It/?@@@(!*d*	*
 
 	
r)   r8  r9  r   c                    | j         t          d          | j        t          d          t          | j         | j        t	          | j                            S )Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r   r5   r   r   r   r   )r&   r8  s     r(   buildzRevokedCertificateBuilder.build  sf    &NOOO (C   &!t'((
 
 	
r)   )r   rI  r   r   r2   r3   )r\  rN   r    r  )r>   r?   r    r  )r)  r   r*  rZ   r    r  r#   )r8  r9  r    r   )r+   r,   r-   r%   r   r   r.  r  rj   r)   r(   r  r  {  s         %)4857	& & & & &
 
 
 
$
 
 
 
 
 
 
 

 
 
 
 
 
 
r)   r  rN   c                 b    t                               t          j        d          d          dz	  S )N   bigr   )rN   
from_bytesosurandomrj   r)   r(   random_serial_numberr    s#    >>"*R..%00A55r)   )r0   r1   r2   r3   r    r!   )r   r   r8   r9   r    r!   )r>   r?   r    r?   rg   )N
__future__r   r   rD   r  r
  r   cryptographyr   "cryptography.hazmat.bindings._rustr   rA  cryptography.hazmat.primitivesr   r   )cryptography.hazmat.primitives.asymmetricr   r	   r
   r   r   r   r   r   /cryptography.hazmat.primitives.asymmetric.typesr   r   r   cryptography.x509.extensionsr   r   r   r   cryptography.x509.namer   r   cryptography.x509.oidr   rf  UnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes	Exceptionr   r7   r=   rH   rJ   rl   Enumry   r~   ABCMetar   registerr   r   r   r  load_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlr  rF  rn  r  r  rj   r)   r(   <module>r     s  
 # " " " " " 



  				         @ @ @ @ @ @ @ @ @ @ @ @ @ @	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	 	         
            3 2 2 2 2 2 2 2 2 2 2 2 2 2&X&tQ22  L
M
M
M
M
O
O
O
O	     	   E E E EE E E E   !8 !8 !8 !8 !8 !8 !8 !8HF F F F F F F F(    ej   
- - - - -Y - - -T T T T TCK T T T Tp   Y* + + +    3;    @   I8 9 9 9         /      DR R R R R#+ R R R Rj  " "9#F G G Gb b b b b#+ b b b bL  " "9#F G G G &? %? &A / / / / b
 b
 b
 b
 b
 b
 b
 b
Jr
 r
 r
 r
 r
 r
 r
 r
jN
 N
 N
 N
 N
 N
 N
 N
bF
 F
 F
 F
 F
 F
 F
 F
R6 6 6 6 6 6r)   