)JfE xddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z mZddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%ejd d d Z&ej'e j(e j)e j*e j+e j,e j-e j.e j/fZ0Gd de1Z2d;dZ3de>=e j>Gd+d,e>Z?Gd-d.ej;(Z@e@=e j@Gd/d0ej;(ZAeA=e jAe jBZBe jCZCe jDZDe jEZEe jFZFe jGZGe jHZHGd1d2ZIGd3d4ZJGd5d6ZKGd7d8ZLd>d:ZMdS)?) annotationsN)utils)x509)hashes serialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric eZdZdfd ZxZS) AttributeNotFoundmsgstroidrreturnNonecXt|||_dSN)super__init__r)selfrr __class__s Y/home/alex/cs2snipeproduction/venv/lib/python3.11/site-packages/cryptography/x509/base.pyr%zAttributeNotFound.__init__9s& )rrrrr r!__name__ __module__ __qualname__r% __classcell__r's@r(rr8s=r)r extensionExtension[ExtensionType] extensionslist[Extension[ExtensionType]]r r!cN|D]!}|j|jkrtd"dS)Nz$This extension has already been set.)r ValueError)r0r2es r(_reject_duplicate_extensionr7>sD EE 5IM ! !CDD D "EEr)rr attributes0list[tuple[ObjectIdentifier, bytes, int | None]]cB|D]\}}}||krtddS)Nz$This attribute has already been set.)r5)rr8attr_oid_s r(_reject_duplicate_attributer=HsD %EE!Q s??CDD D EEr)timedatetime.datetimec|jD|}|r|ntj}|d|z S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)rB utcoffsetdatetime timedeltareplace)r>offsets r(_convert_to_naive_utc_timerHRsP  {!!!;x'9';';||4|((611 r)cveZdZejjfdd Zedd Zedd Zdd Z ddZ ddZ dS) Attributerrvaluebytes_typeintr r!c0||_||_||_dSr#)_oid_valuerM)r&rrKrMs r(r%zAttribute.__init__as    r)c|jSr#)rPr&s r(rz Attribute.oidks yr)c|jSr#)rQrSs r(rKzAttribute.valueos {r)rc(d|jd|jdS)Nz)rrKrSs r(__repr__zAttribute.__repr__ssCCC4:CCCCr)otherobjectboolct|tstS|j|jko|j|jko|j|jkSr#) isinstancerJNotImplementedrrKrMr&rXs r(__eq__zAttribute.__eq__vsO%++ "! ! H ! * ek) * ek) r)cDt|j|j|jfSr#)hashrrKrMrSs r(__hash__zAttribute.__hash__sTXtz4:6777r)N)rrrKrLrMrNr r!r rr rLr rrXrYr rZr rN) r+r,r-r UTF8StringrKr%propertyrrWr_rbr)r(rJrJ`s )/ XXDDDD    888888r)rJcDeZdZddZed\ZZZddZdd Z d S) Attributesr8typing.Iterable[Attribute]r r!c.t||_dSr#)list _attributes)r&r8s r(r%zAttributes.__init__s ++r)rprcd|jdS)Nz Not after time (represented as UTC datetime) NrjrSs r(not_valid_afterzCertificate.not_valid_afterrr)cdS)zJ Not after time (represented as a non-naive UTC datetime) NrjrSs r(not_valid_after_utczCertificate.not_valid_after_utcrr)rcdS)z1 Returns the issuer name object. NrjrSs r(issuerzCertificate.issuerrr)cdSz2 Returns the subject name object. NrjrSs r(subjectzCertificate.subjectrr)hashes.HashAlgorithm | NonecdSzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. NrjrSs r(signature_hash_algorithmz$Certificate.signature_hash_algorithmrr)rcdSzJ Returns the ObjectIdentifier of the signature algorithm. NrjrSs r(signature_algorithm_oidz#Certificate.signature_algorithm_oidrr)0None | padding.PSS | padding.PKCS1v15 | ec.ECDSAcdSz= Returns the signature algorithm parameters. NrjrSs r(signature_algorithm_parametersz*Certificate.signature_algorithm_parametersrr)rcdS)z/ Returns an Extensions object. NrjrSs r(r2zCertificate.extensionsrr)cdSz. Returns the signature bytes. NrjrSs r( signaturezCertificate.signature rr)cdS)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. NrjrSs r(tbs_certificate_bytesz!Certificate.tbs_certificate_bytesrr)cdS)zh Returns the tbsCertificate payload bytes with the SCT list extension stripped. NrjrSs r(tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytesrr)rXrYrZcdSz" Checks equality. Nrjr^s r(r_zCertificate.__eq__rr)cdSz" Computes a hash. NrjrSs r(rbzCertificate.__hash__%rr)encodingserialization.EncodingcdS)zB Serializes the certificate to PEM or DER format. Nrjr&rs r( public_byteszCertificate.public_bytes+rr)rr!cdS)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nrj)r&rs r(verify_directly_issued_byz%Certificate.verify_directly_issued_by1rr)Nrrr rLrg)r ryr rr r?r rr rrcr rr rrdrfrrr rL)rrr r!)r+r,r-abcabstractmethodrrirrrrrrrrrrrrr2rrrr_rbrrrjr)r(rrs       X    X         X    X    X    X    X    X    X    X    X    X    X    X    X                       r)r) metaclassceZdZeejd dZeejd dZeejd dZeejd dZ d S) RevokedCertificater rNcdS)zG Returns the serial number of the revoked certificate. NrjrSs r(rz RevokedCertificate.serial_number?rr)r?cdS)zH Returns the date of when this certificate was revoked. NrjrSs r(revocation_datez"RevokedCertificate.revocation_dateFrr)cdS)zl Returns the date of when this certificate was revoked as a non-naive UTC datetime. NrjrSs r(revocation_date_utcz&RevokedCertificate.revocation_date_utcMrr)rcdS)zW Returns an Extensions object containing a list of Revoked extensions. NrjrSs r(r2zRevokedCertificate.extensionsUrr)Nrgrr) r+r,r-rirrrrrr2rjr)r(rr>s    X    X    X    X   r)rcveZdZddZedd Zedd Zedd Zedd Zd S)_RawRevokedCertificaterrNrr?r2rc0||_||_||_dSr#_serial_number_revocation_date _extensionsr&rrr2s r(r%z_RawRevokedCertificate.__init__b" , /%r)r c|jSr#)rrSs r(rz$_RawRevokedCertificate.serial_numberls ""r)cRtjdtjd|jS)NukProperties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.rz) stacklevel)warningswarnrDeprecatedIn42rrSs r(rz&_RawRevokedCertificate.revocation_dateps5  @       $$r)cV|jtjjS)NrA)rrFrDtimezoneutcrSs r(rz*_RawRevokedCertificate.revocation_date_utczs"$,,H4E4I,JJJr)c|jSr#)rrSs r(r2z!_RawRevokedCertificate.extensions~s r)N)rrNrr?r2rrgrr) r+r,r-r%rirrrr2rjr)r(rras&&&&###X#%%%X%KKKXK   X   r)rceZdZejd3dZejd4dZejd5d Zeejd6dZ eejd7dZ eejd8dZ eejd9dZ eejd:dZ eejd:dZeejd;dZeejd;dZeejdd"Zejd?d#Zejd@d&ZejdAd)ZejdBd,ZejdCd.ZejdDd1Zd2S)ECertificateRevocationListrrr rLcdS)z: Serializes the CRL to PEM or DER format. Nrjrs r(rz&CertificateRevocationList.public_bytesrr)rrcdSrrjrs r(rz%CertificateRevocationList.fingerprintrr)rrNRevokedCertificate | NonecdS)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nrj)r&rs r((get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_numberrr)rcdSrrjrSs r(rz2CertificateRevocationList.signature_hash_algorithmrr)rcdSrrjrSs r(rz1CertificateRevocationList.signature_algorithm_oidrr)rcdSrrjrSs r(rz8CertificateRevocationList.signature_algorithm_parametersrr)rcdS)zC Returns the X509Name with the issuer of this CRL. NrjrSs r(rz CertificateRevocationList.issuerrr)datetime.datetime | NonecdS)z? Returns the date of next update for this CRL. NrjrSs r( next_updatez%CertificateRevocationList.next_updaterr)cdS)zc Returns the date of next update for this CRL as a non-naive UTC datetime. NrjrSs r(next_update_utcz)CertificateRevocationList.next_update_utcrr)r?cdS)z? Returns the date of last update for this CRL. NrjrSs r( last_updatez%CertificateRevocationList.last_updaterr)cdS)zc Returns the date of last update for this CRL as a non-naive UTC datetime. NrjrSs r(last_update_utcz)CertificateRevocationList.last_update_utcrr)rcdS)zS Returns an Extensions object containing a list of CRL extensions. NrjrSs r(r2z$CertificateRevocationList.extensionsrr)cdSrrjrSs r(rz#CertificateRevocationList.signaturerr)cdS)zO Returns the tbsCertList payload bytes as defined in RFC 5280. NrjrSs r(tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytesrr)rXrYrZcdSrrjr^s r(r_z CertificateRevocationList.__eq__rr)cdS)z< Number of revoked certificates in the CRL. NrjrSs r(ruz!CertificateRevocationList.__len__rr)idxrcdSr#rjr&rs r(rwz%CertificateRevocationList.__getitem__ r)slicelist[RevokedCertificate]cdSr#rjrs r(rwz%CertificateRevocationList.__getitem__rr) int | slice-RevokedCertificate | list[RevokedCertificate]cdS)zS Returns a revoked certificate (or slice of revoked certificates). Nrjrs r(rwz%CertificateRevocationList.__getitem__rr)#typing.Iterator[RevokedCertificate]cdS)z8 Iterator over the revoked certificates NrjrSs r(rvz"CertificateRevocationList.__iter__ rr)rrcdS)zQ Verifies signature of revocation list against given public key. Nrj)r&rs r(is_signature_validz,CertificateRevocationList.is_signature_validrr)Nrr)rrNr rrrcrr)r rrrrdrfrg)rrNr r)rrr r)rrr r)r r)rrr rZ)r+r,r-rrrrrrirrrrrrrrr2rrr_rutypingoverloadrwrvr rjr)r(rrsp                 X    X    X    X    X    X    X    X    X    X    X            _   _  _   _                  r)rczeZdZejd dZejd!dZejd"d Zeejd#d Z eejd$d Z eejd%dZ eejd&dZ eejd'dZ eejd(dZejd)dZeejd*dZeejd*dZeejd+dZejd,dZdS)-CertificateSigningRequestrXrYr rZcdSrrjr^s r(r_z CertificateSigningRequest.__eq__rr)rNcdSrrjrSs r(rbz"CertificateSigningRequest.__hash__"rr)rcdSrrjrSs r(rz$CertificateSigningRequest.public_key(rr)rcdSrrjrSs r(rz!CertificateSigningRequest.subject.rr)rcdSrrjrSs r(rz2CertificateSigningRequest.signature_hash_algorithm5rr)rcdSrrjrSs r(rz1CertificateSigningRequest.signature_algorithm_oid?rr)rcdSrrjrSs r(rz8CertificateSigningRequest.signature_algorithm_parametersFrr)rcdS)z@ Returns the extensions in the signing request. NrjrSs r(r2z$CertificateSigningRequest.extensionsOrr)rlcdS)z/ Returns an Attributes object. NrjrSs r(r8z$CertificateSigningRequest.attributesVrr)rrrLcdS)z; Encodes the request to PEM or DER format. Nrjrs r(rz&CertificateSigningRequest.public_bytes]rr)cdSrrjrSs r(rz#CertificateSigningRequest.signaturecrr)cdS)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. NrjrSs r(tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytesjrr)cdS)z8 Verifies signature of signing request. NrjrSs r(r z,CertificateSigningRequest.is_signature_validrrr)rcdS)z: Get the attribute value for a given OID. Nrj)r&rs r(rtz/CertificateSigningRequest.get_attribute_for_oidyrr)Nrfrgrrrrcrr)r rlrrd)r rZ)rrr rL)r+r,r-rrr_rbrrirrrrr2r8rrrr rtrjr)r(r r sd                 X    X    X    X    X    X         X    X    X        r)r cNeZdZdggfd%dZd&d Zd'dZddd(dZ d)ddd*d$ZdS)+ CertificateSigningRequestBuilderN subject_name Name | Noner2r3r8r9c0||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_namerrp)r&rr2r8s r(r%z)CertificateSigningRequestBuilder.__init__s"*%%r)namerr ct|tstd|jt dt ||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.)r\r TypeErrorr"r5rrrpr&r#s r(rz-CertificateSigningRequestBuilder.subject_names\$%% ;9:: :   )EFF F/ $"D$4   r)extvalrcriticalrZct|tstdt|j||}t ||jt|jg|j||j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) r\rr'rrr7rrr"rpr&r)r*r0s r( add_extensionz.CertificateSigningRequestBuilder.add_extensionsz &-00 B@AA Afj(F;; #It/?@@@/   *d * *     r))_tagrrrKrLr/_ASN1Type | Nonecnt|tstdt|tstd|$t|tstdt ||j||j}nd}t|j |j g|j|||fS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) r\rr'rLrr=rprKrr"r)r&rrKr/tags r( add_attributez.CertificateSigningRequestBuilder.add_attributes#/00 ?=>> >%'' 3122 2  JtY$?$? 344 4#C)9:::  *CCC/     2d 2eS 1 2   r) rsa_padding private_keyrr_AllowedHashTypes | Nonebackend typing.Anyr5%padding.PSS | padding.PKCS1v15 | Noner c|jtd|^t|tjtjfst dt|tjst dtj ||||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys) r"r5r\r PSSPKCS1v15r'r RSAPrivateKey rust_x509create_x509_csrr&r6rr8r5s r(signz%CertificateSigningRequestBuilder.signs   %NOO O  "kGK9I+JKK C ABBBk3+<== J HIII( +y+   r))rr r2r3r8r9)r#rr r)r)rr*rZr r)rrrKrLr/r0r rr#) r6rrr7r8r9r5r:r r )r+r,r-r%rr.r3rDrjr)r(rrs%)57GI & & & & &         ."&       H#  >B         r)rc|eZdZUded<ddddddgfd0dZd1dZd1dZd2dZd3dZd4dZ d4dZ d5d$Z d6dd%d7d/Z dS)8CertificateBuilderr3rN issuer_namer rr CertificatePublicKeyTypes | Noner int | Nonerrrr2r r!ctj|_||_||_||_||_||_||_||_ dSr#) ryr|_version _issuer_namer" _public_keyr_not_valid_before_not_valid_afterr)r&rGrrrrrr2s r(r%zCertificateBuilder.__init__sK  ')%+!1 /%r)r#rc t|tstd|jt dt ||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. r%N%The issuer name may only be set once.) r\rr'rLr5rFr"rMrrNrOrr(s r(rGzCertificateBuilder.issuer_name sv$%% ;9:: :   (DEE E!         "  !     r)c t|tstd|jt dt |j||j|j|j |j |j S)z: Sets the requestor's distinguished name. r%Nr&) r\rr'r"r5rFrLrMrrNrOrr(s r(rzCertificateBuilder.subject_namesv$%% ;9:: :   )EFF F!         "  !     r)keyrc lt|tjtjt jtjtj tj tjfstd|jt#dt%|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)r\r DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyrX25519PublicKeyr X448PublicKeyr'rMr5rFrLr"rrNrOr)r&rSs r(rzCertificateBuilder.public_key/s   )($&"     !    'CDD D!         "  !     r)numberrNc Tt|tstd|jt d|dkrt d|dkrt dt |j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) r\rNr'rr5 bit_lengthrFrLr"rMrNrOrr&r\s r(rz CertificateBuilder.serial_numberTs&#&& GEFF F   *FGG G Q;;DEE E     # % %H "         "  !     r)r>r?c zt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)r\rDr'rNr5rH_EARLIEST_UTC_TIMErOrFrLr"rMrrr&r>s r(rz#CertificateBuilder.not_valid_beforeos$ 122 :899 9  ! -IJJ J)$// $ $ $$   ,8M1M1M "           !     r)c zt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. reNz)The not valid after may only be set once.zr?r'r r@rAcreate_x509_certificaterCs r(rDzCertificateBuilder.signs    %EFF F   $EFF F   &FGG G  ! )NOO O  (MNN N   #CDD D  "kGK9I+JKK C ABBBk3+<== J HIII0 +y+   r))rGr rr rrHrrIrrrrr2r3r r!)r#rr rF)rSrr rF)r\rNr rF)r>r?r rF)r)rr*rZr rFr#) r6rrr7r8r9r5r:r r) r+r,r-__annotations__r%rGrrrrrr.rDrjr)r(rFrFs////$($(7;$(594857&&&&&&    $    $# # # # J    6    :    @    4# % >B % % % % % % % % r)rFcreZdZUded<ded<dddggfd'd Zd(dZd)dZd*dZd+dZd,dZ d-ddd.d&Z dS)/ CertificateRevocationListBuilderr3rr_revoked_certificatesNrGr rrrr2revoked_certificatescL||_||_||_||_||_dSr#)rL _last_update _next_updaterro)r&rGrrr2rps r(r%z)CertificateRevocationListBuilder.__init__s2(''%%9"""r)rr ct|tstd|jt dt ||j|j|j|j S)Nr%rQ) r\rr'rLr5rnrrrsrro)r&rGs r(rGz,CertificateRevocationListBuilder.issuer_namesj+t,, ;9:: :   (DEE E/         &    r)r?cbt|tjstd|jt dt |}|t krt d|j||jkrt dt|j ||j|j |j S)Nre!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) r\rDr'rrr5rHrfrsrnrLrro)r&rs r(rz,CertificateRevocationListBuilder.last_update s+x'899 :899 9   (@AA A0== + + +M    ([4;L-L-LK 0         &    r)cbt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j||j |j S)Nrervrwz8The next update date must be after the last update date.) r\rDr'rsr5rHrfrrrnrLrro)r&rs r(rz,CertificateRevocationListBuilder.next_update#s+x'899 :899 9   (@AA A0== + + +M    ([4;L-L-LJ 0         &    r)r)rr*rZct|tstdt|j||}t ||jt|j|j |j g|j||j S)zM Adds an X.509 extension to the certificate revocation list. r,) r\rr'rrr7rrnrLrrrsror-s r(r.z.CertificateRevocationListBuilder.add_extension;s &-00 B@AA Afj(F;; #It/?@@@/       *d * *  &    r)revoked_certificaterct|tstdt|j|j|j|jg|j|S)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) r\rr'rnrLrrrsrro)r&rzs r(add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificateNsc -/ABB IGHH H/         >d( >*= >    r)r4r6rrr7r8r9r5r:rct|jtd|jtd|jtd|^t |t jt jfstdt |tj stdtj ||||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timer<r=) rLr5rrrsr\r r>r?r'r r@rAcreate_x509_crlrCs r(rDz%CertificateRevocationListBuilder.sign_s   $=>> >   $ABB B   $ABB B  "kGK9I+JKK C ABBBk3+<== J HIII( +y+   r)) rGr rrrrr2r3rpr)rGrr rn)rr?r rn)rr?r rn)r)rr*rZr rn)rzrr rnr#) r6rrr7r8r9r5r:r r) r+r,r-rlr%rGrrr.r|rDrjr)r(rnrns////3333$(0404579; : : : : :         0    0    &    *#  >B         r)rnc@eZdZddgfddZdd ZddZddZdddZdS)RevokedCertificateBuilderNrrIrrr2r3c0||_||_||_dSr#rrs r(r%z"RevokedCertificateBuilder.__init__|rr)r\rNr c$t|tstd|jt d|dkrt d|dkrt dt ||j|jS)Nr^r_rz$The serial number should be positiver`ra) r\rNr'rr5rbrrrrcs r(rz'RevokedCertificateBuilder.serial_numbers&#&& GEFF F   *FGG G Q;;CDD D     # % %H ) D)4+;   r)r>r?ct|tjstd|jt dt |}|t krt dt|j||j S)Nrez)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) r\rDr'rr5rHrfrrrrgs r(rz)RevokedCertificateBuilder.revocation_dates$ 122 :899 9  ,HII I)$// $ $ $L )  t'7   r)r)rr*rZct|tstdt|j||}t ||jt|j|j g|j|S)Nr,) r\rr'rrr7rrrrr-s r(r.z'RevokedCertificateBuilder.add_extensionsz&-00 B@AA Afj(F;; #It/?@@@(    ! *d * *   r)r8r9rc|jtd|jtdt|j|jt |jS)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr5rrrr)r&r8s r(buildzRevokedCertificateBuilder.buildsf   &NOO O  (C &    ! t' ( (   r))rrIrrr2r3)r\rNr r)r>r?r r)r)rr*rZr rr#)r8r9r r)r+r,r-r%rrr.rrjr)r(rr{s%)4857 &&&&&    $                r)rrNcbttjdddz S)Nbigr)rN from_bytesosurandomrjr)r(random_serial_numberrs# >>"*R..% 0 0A 55r))r0r1r2r3r r!)rrr8r9r r!)r>r?r r?rg)N __future__rrrDrr r cryptographyr"cryptography.hazmat.bindings._rustrrAcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrr r r r r rr/cryptography.hazmat.primitives.asymmetric.typesrrrcryptography.x509.extensionsrrrrcryptography.x509.namerrcryptography.x509.oidrrfUnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr7r=rHrJrlEnumryr~ABCMetarregisterrrrr load_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrrFrnrrrjr)r(rs #"""""  @@@@@@@@@@@@@@                      32222222222222&X&tQ22L M M M M O O O O   EEEEEEEE    !8!8!8!8!8!8!8!8HFFFFFFFF(     ej   -----Y--- T T T T T CKT T T T p Y*+++     3;    @I8999     /   DR R R R R #+R R R R j""9#FGGGb b b b b #+b b b b L""9#FGGG&?%?&A////b b b b b b b b Jr r r r r r r r jN N N N N N N N bF F F F F F F F R666666r)