vKg8%SSKJr SSKrSSKrSSKrSSKrSSKrSSKJr SSK J r J r SSKJ r SSK Jr SSKJrJrJr SSKJrJr SS KJrJrJrJrJr SS KJr SS KJr SS KJ r! SS KJ"r# SSKJ$r% SSKJ&r' /SQr(\\RR\RT\RV\RX\RZ4r.\\R^\R`\Rb\Rd\Rf4r4\\.\44r5\\6\7\4r8\\7\S\744r9\#Rtr;S\S\S?5rdSTS@jreSUSAjrfSVSBjrgSWSXSCjjrh"SDSE5riSYSFjrjSLSZSGjjrkS[SHjrl\lrm\R"\l\WS5\XSIS*9 S\SJjrn\nro\R"\n\WS5\XSKS*9 g)]) annotationsN) b16encode)IterableSequence)partial)PathLike)AnyCallableUnion)utilsx509)dsaeced448ed25519rsa) byte_string)exception_from_error_queue)ffi)lib) make_assert) path_bytes) FILETYPE_ASN1 FILETYPE_PEM FILETYPE_TEXTTYPE_DSATYPE_RSAX509ErrorPKey X509ExtensionX509NameX509Req X509StoreX509StoreContextX509StoreContextErrorX509StoreFlagsdump_certificatedump_certificate_requestdump_privatekeydump_publickeyget_elliptic_curveget_elliptic_curvesload_certificateload_certificate_requestload_privatekeyload_publickey.intrrirrTYPE_DHTYPE_ECc\rSrSrSrSrg)rjz/ An error occurred in an `OpenSSL.crypto` API. N)__name__ __module__ __qualname____firstlineno____doc____static_attributes__r7N/var/www/highfloat_scraper/venv/lib/python3.13/site-packages/OpenSSL/crypto.pyrrjsr>rcbUc:[R"[R"55n[RnO?[R "SU5n[R "U[U55nU4SSjjn[U[R:g5 [R"X5nU$)z Allocate a new OpenSSL memory BIO. Arrange for the garbage collector to clean it up automatically. :param buffer: None or some bytes to use to put into the BIO so that they can be read out. char[]c.[R"U5$N)_libBIO_free)biorefs r?free_new_mem_buf..frees==% %r>)rFr rGr returnr ) rDBIO_new BIO_s_memrE_ffinewBIO_new_mem_buflen_openssl_assertNULLgc)bufferrFrHdatas r? _new_mem_bufrVts}~ll4>>+,}}xx&)""4V5'+ &C499$% ''# C Jr>c[R"S5n[R"X5n[R"USU5SS$)zG Copy the contents of an OpenSSL BIO object into a Python byte string. zchar**rN)rMrNrDBIO_get_mem_datarT)rF result_buffer buffer_lengths r?_bio_to_stringr[s=HHX&M))#=M ;;}Q' 7 ::r>c[U[5(d [S5e[U[R :g5 [ R"X5nUS:Xa [S5eg)a The the time value of an ASN1 time object. @param boundary: An ASN1_TIME pointer (or an object safely castable to that type) which will have its value set. @param when: A string representation of the desired time value. @raise TypeError: If C{when} is not a L{bytes} string. @raise ValueError: If C{when} does not represent a time in the required format. @raise RuntimeError: If the time value cannot be set for some other (unspecified) reason. zwhen must be a byte stringrzInvalid stringN) isinstancebytes TypeErrorrQrMrRrDASN1_TIME_set_string ValueError)boundarywhen set_results r?_set_asn1_timeresX dE " "455H )***8:JQ)**r>c[R"5n[U[R:g5 [R "U[R 5n[X5 U$)al Behaves like _set_asn1_time but returns a new ASN1_TIME object. @param when: A string representation of the desired time value. @raise TypeError: If C{when} is not a L{bytes} string. @raise ValueError: If C{when} does not represent a time in the required format. @raise RuntimeError: If the time value cannot be set for some other (unspecified) reason. )rD ASN1_TIME_newrQrMrRrSASN1_TIME_freere)rcrets r?_new_asn1_timerjsF    CC499$% ''#t** +C3 Jr>cb[R"SU5n[R"U5S:Xag[R"U5[R :Xa*[R "[R"U55$[R"S5n[R"X5 [US[R:g5 [R"SUS5n[R"U5n[R "U5n[R"US5 U$)aE Retrieve the time value of an ASN1 time object. @param timestamp: An ASN1_GENERALIZEDTIME* (or an object safely castable to that type) from which the time value will be retrieved. @return: The time value from C{timestamp} as a L{bytes} string in a certain format. Or C{None} if the object contains no time value. ASN1_STRING*rNzASN1_GENERALIZEDTIME**) rMcastrDASN1_STRING_lengthASN1_STRING_typeV_ASN1_GENERALIZEDTIMEstringASN1_STRING_get0_datarNASN1_TIME_to_generalizedtimerQrRASN1_GENERALIZEDTIME_free) timestampstring_timestampgeneralized_timestamp string_data string_results r?_get_asn1_timerzsyy; /0A5 ./43N3NN{{4556FGHH $)A B )))K-a0DII=>99^5J15MN001AB  K0  &&'c2\rSrSrSSjrSSjrSSjrSrg) _X509NameInvalidatorc/UlgrC_namesselfs r?__init___X509NameInvalidator.__init__s &( r>c:URRU5 grC)rappendrnames r?add_X509NameInvalidator.adds 4 r>c.URHnU?M grC)r_namers r?clear_X509NameInvalidator.clearsKKD  r>rNrJNonerr"rJr)r8r9r:r;rrrr=r7r>r?r|r|s)!r>r|cp\rSrSrSrSrSrSSjrSSjr\ SSj5r SSjr SS jr SS jr SS jrS rg )r z< A class representing an DSA or RSA public key or key pair. FTc[R"5n[R"U[R5UlSUlg)NF)rD EVP_PKEY_newrMrS EVP_PKEY_free_pkey _initializedrpkeys r?r PKey.__init__s0  "WWT4#5#56 !r>cSSKJnJn UR(a[ [ U5nU"U5$[ [ U5nU"US5$)z Export as a ``cryptography`` key. :rtype: One of ``cryptography``'s `key interfaces`_. .. _key interfaces: https://cryptography.io/en/latest/hazmat/ primitives/asymmetric/rsa/#key-interfaces .. versionadded:: 16.1.0 r)load_der_private_keyload_der_public_keyN),cryptography.hazmat.primitives.serializationrr _only_publicr+rr*)rrrders r?to_cryptography_keyPKey.to_cryptography_keysB    5C&s+ +!-6C'T2 2r>c [U[R[R[R [R [R[R[R[R[R[R4 5(d [!S5eSSKJnJnJnJn [U[R[R [R[R[R45(a4[-[.UR1UR2UR455$UR7UR2UR8U"55n[;[.U5$)z Construct based on a ``cryptography`` *crypto_key*. :param crypto_key: A ``cryptography`` key. :type crypto_key: One of ``cryptography``'s `key interfaces`_. :rtype: PKey .. versionadded:: 16.1.0 zUnsupported key typer)Encoding NoEncryption PrivateFormat PublicFormat)r]r DSAPrivateKey DSAPublicKeyrEllipticCurvePrivateKeyEllipticCurvePublicKeyrEd25519PrivateKeyEd25519PublicKeyrEd448PrivateKeyEd448PublicKeyr RSAPrivateKey RSAPublicKeyr_rrrrrr1r public_bytesDERSubjectPublicKeyInfo private_bytesPKCS8r0)cls crypto_keyrrrrrs r?from_cryptography_keyPKey.from_cryptography_keys2 !!  **))))((%%$$!!     23 3      ))(($$    "''LL,"C"C ** m11<>C#=#6 6r>c [U[5(d [S5e[U[5(d [S5eU[:XaUS::a [ S5e[ R "5n[R"U[ R5n[ R"U[ R5 [ R"5n[ R"XBU[R5n[US:H5 [ R "UR"U5n[US:H5 GOU[$:XGa[ R&"5n[U[R:g5 [R"U[ R(5n[ R*"Xb[RS[R[R[R5n[US:H5 [[ R,"U5S:H5 [[ R."UR"U5S:H5 O [1S5eSUlg) a Generate a key pair of the given type, with the given number of bits. This generates a key "into" the this object. :param type: The key type. :type type: :py:data:`TYPE_RSA` or :py:data:`TYPE_DSA` :param bits: The number of bits. :type bits: :py:data:`int` ``>= 0`` :raises TypeError: If :py:data:`type` or :py:data:`bits` isn't of the appropriate type. :raises ValueError: If the number of bits isn't an integer of the appropriate size. :return: ``None`` ztype must be an integerzbits must be an integerrzInvalid number of bitszNo such key typeTN)r]r2r_rrarDBN_newrMrSBN_free BN_set_wordRSA_F4RSA_newRSA_generate_key_exrRrQEVP_PKEY_assign_RSArrDSA_newDSA_freeDSA_generate_parameters_exDSA_generate_keyEVP_PKEY_set1_DSArr)rtypebitsexponentrresultrress r? generate_keyPKey.generate_keyKs $$$56 6$$$56 6 8 qy !9::{{}Hwwx6H   Xt{{ 3,,.C--c499MF FaK (--djj#>F FaK ( X ,,.C C499, -''#t}}-C11499aDIItyyC C1H % D11#6!; < D224::sCqH I*+ + r>cUR(a [S5e[R"UR 55[R :wa [S5e[R "UR5n[R"U[R5n[R"U5nUS:Xag[5 g)a@ Check the consistency of an RSA private key. This is the Python equivalent of OpenSSL's ``RSA_check_key``. :return: ``True`` if key is consistent. :raise OpenSSL.crypto.Error: if the key is inconsistent. :raise TypeError: if the key is of a type which cannot be checked. Only RSA keys can currently be checked. zpublic key onlyz'Only RSA keys can currently be checked.rTN) rr_rD EVP_PKEY_typer EVP_PKEY_RSAEVP_PKEY_get1_RSArrMrSRSA_free RSA_check_key_raise_current_error)rrrs r?check PKey.checks   -. .   diik *d.?.? ?EF F$$TZZ0ggc4==)##C( Q;r>cB[R"UR5$)z< Returns the type of the key :return: The type of the key. )rD EVP_PKEY_idrrs r?r PKey.types  ++r>cB[R"UR5$)zP Returns the number of bits of the key :return: The number of bits of the key. )rD EVP_PKEY_bitsrrs r?r PKey.bitss !!$**--r>)rrNr)rJ_Key)rrrJr )rr2rr2rJrrJboolrJr2)r8r9r:r;r<rrrr classmethodrrrrrr=r7r>r?r r sGLL" 3.7777r6!p4,.r>r c^\rSrSrSrSrS U4Sjjr\S Sj5r\S Sj5r \SSj5r SSjr SS jr SS jr S rU=r$)_EllipticCurveiaB A representation of a supported elliptic curve. @cvar _curves: :py:obj:`None` until an attempt is made to load the curves. Thereafter, a :py:type:`set` containing :py:type:`_EllipticCurve` instances each of which represents one curve supported by the system. @type _curves: :py:type:`NoneType` or :py:type:`set` NcX>[U[5(a[TU] U5$[$)z Implement cooperation with the right-hand side argument of ``!=``. Python 3 seems to have dropped this cooperation in this very narrow circumstance. )r]rsuper__ne__NotImplemented)rother __class__s r?r_EllipticCurve.__ne__s' e^ , ,7>%( (r>c^^TR[RS5n[R"SU5nTRX25 [ UU4SjU55$)z Get the curves supported by OpenSSL. :param lib: The OpenSSL library binding object. :return: A :py:type:`set` of ``cls`` instances giving the names of the elliptic curves the underlying library supports. rzEC_builtin_curve[]c3Z># UH!nTRTUR5v M# g7frC)from_nidnid).0crrs r? 7_EllipticCurve._load_elliptic_curves..s#D^3<<QUU++^s(+)EC_get_builtin_curvesrMrRrNset)rr num_curvesbuiltin_curvess`` r?_load_elliptic_curves$_EllipticCurve._load_elliptic_curvessM..tyy!< "6 C !!.=D^DDDr>c`URcURU5UlUR$)z Get, cache, and return the curves supported by OpenSSL. :param lib: The OpenSSL library binding object. :return: A :py:type:`set` of ``cls`` instances giving the names of the elliptic curves the underlying library supports. )_curvesr)rrs r?_get_elliptic_curves#_EllipticCurve._get_elliptic_curvess* ;; 33C8CK{{r>c xU"X[R"URU55RS55$)a Instantiate a new :py:class:`_EllipticCurve` associated with the given OpenSSL NID. :param lib: The OpenSSL library binding object. :param nid: The OpenSSL NID the resulting curve object will represent. This must be a curve NID (and not, for example, a hash NID) or subsequent operations will fail in unpredictable ways. :type nid: :py:class:`int` :return: The curve object. ascii)rMrq OBJ_nid2sndecode)rrrs r?r_EllipticCurve.from_nids.3T[[)<=DDWMNNr>c(XlX lX0lg)aA :param _lib: The :py:mod:`cryptography` binding instance used to interface with OpenSSL. :param _nid: The OpenSSL NID identifying the curve this object represents. :type _nid: :py:class:`int` :param name: The OpenSSL short name identifying the curve this object represents. :type name: :py:class:`unicode` NrD_nidr)rrrrs r?r_EllipticCurve.__init__s   r>c$SUR<S3$)Nzrrs r?__repr___EllipticCurve.__repr__s Q''r>cURRUR5n[R"U[R 5$)z Create a new OpenSSL EC_KEY structure initialized to use this curve. The structure is automatically garbage collected when the Python object is garbage collected. )rDEC_KEY_new_by_curve_namerrMrS EC_KEY_free)rkeys r? _to_EC_KEY_EllipticCurve._to_EC_KEY s3ii00;wwsD,,--r>rrr rJr)rr rJset[_EllipticCurve])rr rr2rJr)rr rr2rstrrJrrJrrJr )r8r9r:r;r<rrrrrrrr rr= __classcell__rs@r?rrshG EE"  OO "(..r>rc4[R[5$)as Return a set of objects representing the elliptic curves supported in the OpenSSL build in use. The curve objects have a :py:class:`unicode` ``name`` attribute by which they identify themselves. The curve objects are useful as values for the argument accepted by :py:meth:`Context.set_tmp_ecdh` to specify which elliptical curve should be used for ECDHE key exchange. )rrrDr7r>r?r-r-s  . .t 44r>zSget_elliptic_curves is deprecated. You should use the APIs in cryptography instead.r-r cd[5HnURU:XdMUs $ [SU5e)a8 Return a single curve object selected by name. See :py:func:`get_elliptic_curves` for information about curve objects. :param name: The OpenSSL short name identifying the curve object to retrieve. :type name: :py:class:`unicode` If the named curve is not supported then :py:class:`ValueError` is raised. zunknown curve name)_get_elliptic_curves_internalrra)rcurves r?r,r,2s2/0 :: L1 )4 00r>zRget_elliptic_curve is deprecated. You should use the APIs in cryptography instead.r,c^\rSrSrSrS SjrSU4SjjrSSjrSSjrSSjr SSjr SS jr SS jr SS jr S rU=r$)r"iPa An X.509 Distinguished Name. :ivar countryName: The country of the entity. :ivar C: Alias for :py:attr:`countryName`. :ivar stateOrProvinceName: The state or province of the entity. :ivar ST: Alias for :py:attr:`stateOrProvinceName`. :ivar localityName: The locality of the entity. :ivar L: Alias for :py:attr:`localityName`. :ivar organizationName: The organization name of the entity. :ivar O: Alias for :py:attr:`organizationName`. :ivar organizationalUnitName: The organizational unit of the entity. :ivar OU: Alias for :py:attr:`organizationalUnitName` :ivar commonName: The common name of the entity. :ivar CN: Alias for :py:attr:`commonName`. :ivar emailAddress: The e-mail address of the entity. c[R"UR5n[R"U[R 5Ulg)z~ Create a new X509Name, copying the given X509Name instance. :param name: The name to copy. :type name: :py:class:`X509Name` N)rD X509_NAME_duprrMrSX509_NAME_freers r?rX509Name.__init__js0!!$**-''$(;(;< r>c >URS5(a[T U] X5$[U5[La#[ S[U5R SS35e[R"[U55nU[R:Xa[5 [S5e[[R"UR 55Hn[R""UR U5n[R$"U5n[R&"U5nX7:XdMW[R("UR U5n[R*"U5 O [-U[5(aUR/S5n[R0"UR U[R2USSS5nU(d [5 gg![a GN@f=f) N_z$attribute name must be string, not 'z.200'No such attributeutf-8r) startswithr __setattr__rrr_r8rD OBJ_txt2nid _byte_string NID_undefrrAttributeErrorrangeX509_NAME_entry_countrX509_NAME_get_entryX509_NAME_ENTRY_get_object OBJ_obj2nidX509_NAME_delete_entryX509_NAME_ENTRY_freer]encodeX509_NAME_add_entry_by_NID MBSTRING_UTF8) rrvaluerientent_objent_nid add_resultrs r?r+X509Name.__setattr__ts ??3  7&t3 3 :S K((.a1  |D12 $..  $&!!45 5t11$**=>A**4::q9C55c:G&&w/G~11$**a@))#.? eS ! !LL)E44 JJT//B  ")  s G GGc[R"[U55nU[R:Xa[ 5 [ S5e[R"URUS5nUS:Xag[R"URU5n[R"U5n[R"S5n[R"Xe5n[US:5 [R"USU5SSR!S5n[R""US5 U$![ a Nf=f![R""US5 f=f)z Find attribute. An X509Name object has the following attributes: countryName (alias C), stateOrProvince (alias ST), locality (alias L), organization (alias O), organizationalUnit (alias OU), commonName (alias CN) and more... r'r)Nunsigned char**rr()rDr,r-r.rrr/X509_NAME_get_index_by_NIDrr2X509_NAME_ENTRY_get_datarMrNASN1_STRING_to_UTF8rQrTr OPENSSL_free) rrr entry_indexentryrUrY data_lengthrs r? __getattr__X509Name.__getattr__s$|D12 $..  $&!!45 555djj#rJ " (([A,,U3!23 ..}C  q() 0[[q!1;?BIIF   mA. / -  *   mA. /s D,%,D<, D98D9<Ec[U[5(d[$[R"UR UR 5S:H$Nrr]r"rrD X509_NAME_cmprrrs r?__eq__X509Name.__eq__s5%**! !!!$**ekk:a??r>c[U[5(d[$[R"UR UR 5S:$rMrNrPs r?__lt__X509Name.__lt__s5%**! !!!$**ekk:Q>>r>c&[R"SS5n[R"URU[ U55n[ U[R:g5 SR[R"U5RS55$)z& String representation of an X509Name rAizr() rMrNrDX509_NAME_onelinerrPrQrRformatrqr)rrY format_results r?r X509Name.__repr__sq3/ .. JJ s='9   23'.. KK & - -g 6  r>cB[R"UR5$)z Return an integer representation of the first four bytes of the MD5 digest of the DER representation of the name. This is the Python equivalent of OpenSSL's ``X509_NAME_hash``. :return: The (integer) hash of this name. :rtype: :py:class:`int` )rDX509_NAME_hashrrs r?hash X509Name.hashs""4::..r>c[R"S5n[R"URU5n[ US:5 [R "USU5SSn[R"US5 U$)zn Return the DER encoding of this name. :return: The DER encoded form of this name. :rtype: :py:class:`bytes` rBrN)rMrNrD i2d_X509_NAMErrQrTrF)rrY encode_resultrys r?r X509Name.dersi!23 **4::}E  *+ M!$4mDQG  -*+r>c./n[[R"UR55Hn[R"URU5n[R "U5n[R "U5n[R"U5n[R"U5n[R"[R"U5[R"U55SSnUR[R"U5U45 M U$)z Returns the components of this name, as a sequence of 2-tuples. :return: The components of this name. :rtype: :py:class:`list` of ``name, value`` tuples. N)r0rDr1rr2r3rDr4rrMrTrrrnrrq) rrr;r<fnamefvalrrr:s r?get_componentsX509Name.get_componentsst11$**=>A**4::q9C33C8E005D""5)C??3'DKK**40$2I2I$2OE MM4;;t,e4 5?  r>)rr)rrr:r rJr)rrrJ str | NonerrrrJr^)rJzlist[tuple[bytes, bytes]])r8r9r:r;r<rr+rJrQrTr r]rrfr=rrs@r?r"r"Ps=0=%#N&P@ ?   / r>r"c\rSrSr%SrSSSjjr\SSj5r\RS\RS\RS0r S \ S 'SS jrSS jrSS jrSSjrSSjrSrg)r!ize An X.509 v3 certificate extension. .. deprecated:: 23.3.0 Use cryptography's X509 APIs instead. Nc[R"S5n[R"U[R[R[R[RS5 [R "U5 Ub1[ U[5(d [S5eURUl Ub1[ U[5(d [S5eURUl U(aSU-n[R"[RXaU5nU[R:Xa [5 [R"U[R5Ulg)ae Initializes an X509 extension. :param type_name: The name of the type of extension_ to create. :type type_name: :py:data:`bytes` :param bool critical: A flag indicating whether this is a critical extension. :param value: The OpenSSL textual representation of the extension's value. :type value: :py:data:`bytes` :param subject: Optional X509 certificate to use as subject. :type subject: :py:class:`X509` :param issuer: Optional X509 certificate to use as issuer. :type issuer: :py:class:`X509` .. _extension: https://www.openssl.org/docs/manmaster/man5/ x509v3_config.html#STANDARD-EXTENSIONS z X509V3_CTX*rNzissuer must be an X509 instancez subject must be an X509 instances critical,)rMrNrDX509V3_set_ctxrRX509V3_set_ctx_nodbr]rr__x509 issuer_cert subject_certX509V3_EXT_nconfrrSX509_EXTENSION_free _extension)r type_namecriticalr:subjectissuerctx extensions r?rX509Extension.__init__s<hh}% CDIItyy$))QO   %  fd++ ABB$llCO  gt,, BCC&}}C  !5(E))$))SUK  ! "'')T-E-EFr>cj[R"[R"UR55$rC)rDr4X509_EXTENSION_get_objectrsrs r?rX509Extension._nid`s'  * *4?? ;  r>emailDNSURIztyping.ClassVar[dict[int, str]] _prefixesc6[R"S[R"UR55n[R "U[R 5n/n[[R"U55Hn[R"X5nURURn[R"URRRURRR 5SSR#S5nUR%US-U-5 M SR/U5$![&aN [)5n[R*"Xt5 UR%[-U5R#S55 GMf=f)NzGENERAL_NAMES*r(:z, )rMrmrDX509V3_EXT_d2irsrSGENERAL_NAMES_freer0sk_GENERAL_NAME_numsk_GENERAL_NAME_valuerrrTdia5rUlengthrrKeyErrorrVGENERAL_NAME_printr[join)rnamespartsr;rlabelr:rFs r?_subjectAltNameString#X509Extension._subjectAltNameStringls1 d11$//B t667t//67A--e7D 2tyy1  DFFJJOOTVVZZ5F5FG&/ US[5018yy B"n''2 ^C077@AA BsEAFFc[RUR:XaUR5$[ 5n[R "XR SS5n[US:g5 [U5RS5$)z6 :return: a nice text representation of the extension rr() rDNID_subject_alt_namerrrVX509V3_EXT_printrsrQr[r)rrF print_results r?__str__X509Extension.__str__sg  $ $ 1--/ /n,,S//1aH  )*c"))'22r>cB[R"UR5$)zS Returns the critical field of this X.509 extension. :return: The critical field. )rDX509_EXTENSION_get_criticalrsrs r? get_criticalX509Extension.get_criticals //@@r>c[R"UR5n[R"U5n[R"U5nU[ R :wa[ R"U5$g)z Returns the short type name of this X.509 extension. The result is a byte string such as :py:const:`b"basicConstraints"`. :return: The short type name. :rtype: :py:data:`bytes` .. versionadded:: 0.12 sUNDEF)rDr|rsr4rrMrRrq)robjrbufs r?get_short_nameX509Extension.get_short_namesV,,T__=s#ooc" $)) ;;s# #r>c[R"UR5n[R"SU5n[R "U5n[R "U5n[R"X45SS$)z Returns the data of the X509 extension, encoded as ASN.1. :return: The ASN.1 encoded data of this X509 extension. :rtype: :py:data:`bytes` .. versionadded:: 0.12 rlN)rDX509_EXTENSION_get_datarsrMrmrrrnrT)r octet_resultry char_result result_lengths r?get_dataX509Extension.get_datas\33DOOD  .,? 00? // > {{;6q99r>)rsNN) rtr^rurr:r^rv X509 | NonerwrrJrrrrri)r8r9r:r;r<rpropertyrrD GEN_EMAILGEN_DNSGEN_URIr__annotations__rrrrrr=r7r>r?r!r!s $" CGCGCG CG  CG  CG CGJ   e e2I.  , 3A, :r>r!zZX509Extension support in pyOpenSSL is deprecated. You should use the APIs in cryptography.c\rSrSrSrSSjrSSjr\SSj5rSSjr SSjr SSjr SS jr SS jr SS jrSS jrSS jrSSjrSrg)r#iz~ An X.509 certificate signing requests. .. deprecated:: 24.2.0 Use `cryptography.x509.CertificateSigningRequest` instead. c[R"5n[R"U[R5UlUR S5 grM)rD X509_REQ_newrMrS X509_REQ_free_req set_version)rreqs r?rX509Req.__init__s6!GGC!3!34  r>c>SSKJn [[U5nU"U5$)z Export as a ``cryptography`` certificate signing request. :rtype: ``cryptography.x509.CertificateSigningRequest`` .. versionadded:: 17.1.0 r)load_der_x509_csr)cryptography.x509r"_dump_certificate_request_internalr)rrrs r?to_cryptographyX509Req.to_cryptographys 80E %%r>c[U[R5(d [S5eSSKJn UR UR5n[[U5$)z Construct based on a ``cryptography`` *crypto_req*. :param crypto_req: A ``cryptography`` X.509 certificate signing request :type crypto_req: ``cryptography.x509.CertificateSigningRequest`` :rtype: X509Req .. versionadded:: 17.1.0 z%Must be a certificate signing requestrr) r]r CertificateSigningRequestr_rrrr"_load_certificate_request_internalr)r crypto_reqrrs r?from_cryptographyX509Req.from_cryptographysG*d&D&DEECD DI%%hll31-EEr>cv[R"URUR5n[ US:H5 g)z Set the public key of the certificate signing request. :param pkey: The public key to use. :type pkey: :py:class:`PKey` :return: ``None`` rN)rDX509_REQ_set_pubkeyrrrQrrrds r? set_pubkeyX509Req.set_pubkeys*--diiD  a(r>cD[R[5n[R"UR5Ul[ UR [R:g5 [R"UR [R5UlSUl U$)zk Get the public key of the certificate signing request. :return: The public key. :rtype: :py:class:`PKey` T) r __new__rDX509_REQ_get_pubkeyrrrQrMrRrSrrrs r? get_pubkeyX509Req.get_pubkeysf||D!--dii8  dii/0WWTZZ););<   r>c[U[5(d [S5eUS:wa [S5e[R "UR U5n[US:H5 g)z Set the version subfield (RFC 2986, section 4.1) of the certificate request. :param int version: The version number. :return: ``None`` zversion must be an intrz9Invalid version. The only valid version for X509Req is 0.rN)r]r2r_rarDX509_REQ_set_versionrrQ)rversionrds r?rX509Req.set_versionsX'3''45 5 a<K ..tyy'B  a(r>cB[R"UR5$)z Get the version subfield (RFC 2459, section 4.1.2.1) of the certificate request. :return: The value of the version subfield. :rtype: :py:class:`int` )rDX509_REQ_get_versionrrs r? get_versionX509Req.get_version's((33r>c[R[5n[R"UR5Ul[ UR [R:g5 Xl U$)a Return the subject of this certificate signing request. This creates a new :class:`X509Name` that wraps the underlying subject name field on the certificate signing request. Modifying it will modify the underlying signing request, and will have the effect of modifying any other :class:`X509Name` that refers to this subject. :return: The subject of this certificate signing request. :rtype: :class:`X509Name` ) r"rrDX509_REQ_get_subject_namerrrQrMrR_ownerrs r? get_subjectX509Req.get_subject1sK)33DII>  dii/0  r>c[R"S[SS9 [R"5n[ U[ R:g5 [ R"U[R5nUHCn[U[5(d [S5e[R"X#R5 ME [R"UR U5n[ US:H5 g)z Add extensions to the certificate signing request. :param extensions: The X.509 extensions to add. :type extensions: iterable of :py:class:`X509Extension` :return: ``None`` This API is deprecated and will be removed in a future version of pyOpenSSL. You should use pyca/cryptography's X.509 APIs instead. stacklevel+One of the elements is not an X509ExtensionrN)warningswarnDeprecationWarningrDsk_X509_EXTENSION_new_nullrQrMrRrSsk_X509_EXTENSION_freer]_X509ExtensionInternalrask_X509_EXTENSION_pushrsX509_REQ_add_extensionsr)r extensionsstackextr?s r?add_extensionsX509Req.add_extensionsGs  &  //1*+t::;Cc#9:: !NOO  ' '~~ > 11$))UC  a(r>c[R"S[SS9 /n[R"UR 5n[ R"US5n[[R"U55Hn[R[5n[R"[R"X#55n[ R"U[R5UlUR!U5 M U$)z Get X.509 extensions in the certificate signing request. :return: The X.509 extensions in this request. :rtype: :py:class:`list` of :py:class:`X509Extension` objects. .. versionadded:: 0.15 rrrcv[R"U[R"[RS55$)Nrr)rDsk_X509_EXTENSION_pop_freerM addressof _original_lib)xs r?(X509Req.get_extensions..s'd55t113HIr>)rrrrDX509_REQ_get_extensionsrrMrSr0sk_X509_EXTENSION_numrrX509_EXTENSION_dupsk_X509_EXTENSION_valuerrrsr)rextsnative_exts_objr;rrys r?get_extensionsX509Req.get_extensionsjs  &  66tyyA''   t11/BCA(001GHC//,,_@I"WWY0H0HICN KK  D r>cdUR(a [S5eUR(d [S5e[R"[ U55nU[ R:Xa [S5e[R"URURU5n[US:5 g)a! Sign the certificate signing request with this key and digest type. :param pkey: The key pair to sign with. :type pkey: :py:class:`PKey` :param digest: The name of the message digest to use for the signature, e.g. :py:data:`"sha256"`. :type digest: :py:class:`str` :return: ``None`` zKey has only public partKey is uninitializedNo such digest methodrN) rrarrDEVP_get_digestbynamer-rMrR X509_REQ_signrrrQ)rrdigest digest_obj sign_results r?sign X509Req.signs   78 8  34 4..|F/CD  "45 5((DJJ K  a(r>c[U[5(d [S5e[R"UR UR 5nUS::a [5 U$)a Verifies the signature on this certificate signing request. :param PKey key: A public key. :return: ``True`` if the signature is correct. :rtype: bool :raises OpenSSL.crypto.Error: If the signature is invalid or there is a problem verifying the signature. pkey must be a PKey instancer)r]r r_rDX509_REQ_verifyrrr)rrrs r?verifyX509Req.verifysI$%%:; ;%%dii< Q; " r>)rNr)rJx509.CertificateSigningRequest)rrrJr#rr rJrrJr rr2rJrrrJr"rz Iterable[_X509ExtensionInternal]rJr)rJzlist[_X509ExtensionInternal]rr rrrJr)rr rJr)r8r9r:r;r<rrrrrrrrrrrrr r=r7r>r?r#r#sx &F7F FF* ) )"4,!):!) !)F$L)0r>r#zPCSR support in pyOpenSSL is deprecated. You should use the APIs in cryptography.c\rSrSrSrS%Sjr\S&Sj5rS'Sjr\S(Sj5r S)Sjr S*Sjr S+S jr S,S jr S-S jrS.S jrS/S jrS.SjrS0SjrS*SjrS1SjrS1SjrS2SjrS3SjrS4SjrS5SjrS6SjrS4SjrS6SjrS7SjrS8SjrS9SjrS:Sjr S9Sjr!S;Sjr"S*S jr#Sriz An X.509 certificate. c[R"5n[U[R:g5 [R "U[R 5Ul[5Ul [5Ul grC) rDX509_newrQrMrRrS X509_freernr|_issuer_invalidator_subject_invalidator)rr s r?r X509.__init__sJ}} )*WWT4>>2 #7#9 $8$:!r>cURU5n[R"U[R5Ul[ 5Ul[ 5UlU$rC) rrMrSrDrrnr|rr)rr certs r?_from_raw_x509_ptrX509._from_raw_x509_ptrsA{{3WWT4>>2 #7#9 $8$:! r>c>SSKJn [[U5nU"U5$)zp Export as a ``cryptography`` certificate. :rtype: ``cryptography.x509.Certificate`` .. versionadded:: 17.1.0 r)load_der_x509_certificate)rr!r(r)rr!rs r?rX509.to_cryptographys @}d3(--r>c[U[R5(d [S5eSSKJn UR UR5n[[U5$)z Construct based on a ``cryptography`` *crypto_cert*. :param crypto_key: A ``cryptography`` X.509 certificate. :type crypto_key: ``cryptography.x509.Certificate`` :rtype: X509 .. versionadded:: 17.1.0 zMust be a certificaterr) r]r Certificater_rrrrr.r)r crypto_certrrs r?rX509.from_cryptographysG+t'7'78834 4I&&x||4 s33r>c[U[5(d [S5e[[R "UR U5S:H5 g)z Set the version number of the certificate. Note that the version value is zero-based, eg. a value of 0 is V1. :param version: The version number of the certificate. :type version: :py:class:`int` :return: ``None`` zversion must be an integerrN)r]r2r_rQrDX509_set_versionrn)rrs r?rX509.set_versions;'3''89 9--djj'BaGHr>cB[R"UR5$)zx Return the version number of the certificate. :return: The version number of the certificate. :rtype: :py:class:`int` )rDX509_get_versionrnrs r?rX509.get_versions$$TZZ00r>cH[R[5n[R"UR5UlUR [ R:Xa [5 [ R"UR [R5UlSUl U$)z[ Get the public key of the certificate. :return: The public key. :rtype: :py:class:`PKey` T) r rrDX509_get_pubkeyrnrrMrRrrSrrrs r?rX509.get_pubkeysg||D!))$**5 :: " "WWTZZ););<   r>c[U[5(d [S5e[R"UR UR 5n[US:H5 g)z} Set the public key of the certificate. :param pkey: The public key. :type pkey: :py:class:`PKey` :return: :py:data:`None` r rN)r]r r_rDX509_set_pubkeyrnrrQrs r?rX509.set_pubkey)sC$%%:; ;))$**djjA  a(r>c[U[5(d [S5eUR(a [ S5eUR (d [ S5e[ R"[U55nU[R:Xa [ S5e[ R"URURU5n[US:5 g)z Sign the certificate with this key and digest type. :param pkey: The key to sign with. :type pkey: :py:class:`PKey` :param digest: The name of the message digest to use. :type digest: :py:class:`str` :return: :py:data:`None` r zKey only has public partrrrN)r]r r_rrarrDrr-rMrR X509_signrnrrQ)rrrevp_mdrs r?r X509.sign8s$%%:; ;   78 8  34 4**<+?@ TYY 45 5nnTZZVD  a(r>c[R"UR5n[R"S5n[R "U[R [R U5 [R"US5nU[R:Xa [S5e[R"[R"U55$)z Return the signature algorithm used in the certificate. :return: The name of the algorithm. :rtype: :py:class:`bytes` :raises ValueError: If the signature algorithm is undefined. .. versionadded:: 0.13 zASN1_OBJECT **rzUndefined signature algorithm) rDX509_get0_tbs_sigalgrnrMrNX509_ALGOR_get0rRr4r.rarq OBJ_nid2ln)rsig_algalgrs r?get_signature_algorithmX509.get_signature_algorithmTs++DJJ7hh'( S$))TYY@s1v& $.. <= ={{4??3/00r>c[R"[U55nU[R:Xa [ S5e[R "S[R5n[R "SS5n[U5US'[R"URX#U5n[US:H5 SR[R"X4S5Vs/sHn[U5R5PM sn5$s snf)z Return the digest of the X509 object. :param digest_name: The name of the digest algorithm to use. :type digest_name: :py:class:`str` :return: The digest of the object, formatted as :py:const:`b":"`-delimited hex pairs. :rtype: :py:class:`bytes` rzunsigned char[]zunsigned int[]rr:)rDrr-rMrRrarNEVP_MAX_MD_SIZErP X509_digestrnrQrrTrupper)r digest_namerrYr digest_resultchs r?r X509.digestgs**< +DE TYY 45 5!2D4H4HI !115 }- a(( JJ}   *+yy++m15EF FB" ##%F    s"DcB[R"UR5$)zc Return the hash of the X509 subject. :return: The hash of the subject. :rtype: :py:class:`bytes` )rDX509_subject_name_hashrnrs r?subject_name_hashX509.subject_name_hashs**4::66r>ct[U[5(d [S5e[U5SSnUR S5n[ R "S5n[R"XC5n[U[ R:g5 [R"US[ R5n[R"US5 [U[ R:g5 [ R"U[R5n[R"UR U5n[US:H5 g)z Set the serial number of the certificate. :param serial: The new serial number. :type serial: :py:class:`int` :return: :py:data`None` zserial must be an integerrNrzBIGNUM**rr)r]r2r_hexr7rMrNrD BN_hex2bnrQrRBN_to_ASN1_INTEGERrrSASN1_INTEGER_freeX509_set_serialNumberrn)rserial hex_serialhex_serial_bytes bignum_serialr asn1_serialrds r?set_serial_numberX509.set_serial_numbers&#&&78 8[_ %,,W5,  @$))+,--mA.> J  ]1%& tyy01ggk4+A+AB // KH  a(r>c[R"UR5n[R"U[R 5n[R "U5n[R"U5n[US5nU[R"U5 [R"U5 $![R"U5 f=f![R"U5 f=f)zX Return the serial number of this certificate. :return: The serial number. :rtype: int ) rDX509_get_serialNumberrnASN1_INTEGER_to_BNrMrR BN_bn2hexrqr2rFr)rrVrUrShexstring_serialrRs r?get_serial_numberX509.get_serial_numbers00< // TYYG  ( 6J .#';;z#: -r2!!*- LL '!!*- LL 's$C #B.C .CC C!c[U[5(d [S5e[R"UR 5n[R "X!5 g)z Adjust the time stamp on which the certificate stops being valid. :param int amount: The number of seconds by which to adjust the timestamp. :return: ``None`` amount must be an integerN)r]r2r_rDX509_getm_notAfterrnX509_gmtime_adj)ramountnotAfters r?gmtime_adj_notAfterX509.gmtime_adj_notAfters?&#&&78 8**4::6 X.r>c[U[5(d [S5e[R"UR 5n[R "X!5 g)z Adjust the timestamp on which the certificate starts being valid. :param amount: The number of seconds by which to adjust the timestamp. :return: ``None`` rbN)r]r2r_rDX509_getm_notBeforernrd)rre notBefores r?gmtime_adj_notBeforeX509.gmtime_adj_notBefores?&#&&78 8,,TZZ8  Y/r>c4UR5nUc [S5eURS5n[RR US5n[R R n[RRU5RSS9nX5:$)z Check whether the certificate has expired. :return: ``True`` if the certificate has expired, ``False`` otherwise. :rtype: bool NzUnable to determine notAfterr(z %Y%m%d%H%M%SZ)tzinfo) get_notAfterrardatetimestrptimetimezoneutcnowreplace)r time_bytes time_string not_afterUTCutcnows r? has_expiredX509.has_expireds&&(  ;< < ''0 %%..{OL ##""&&s+3343@!!r>c8[U"UR55$rC)rzrn)rwhichs r?_get_boundary_timeX509._get_boundary_timeseDJJ/00r>c@UR[R5$)z Get the timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME:: YYYYMMDDhhmmssZ :return: A timestamp string, or ``None`` if there is none. :rtype: bytes or NoneType )rrDrjrs r? get_notBeforeX509.get_notBefores&&t'?'?@@r>c:[U"UR5U5$rC)rern)rrrcs r?_set_boundary_timeX509._set_boundary_timeseDJJ/66r>cBUR[RU5$)z Set the timestamp at which the certificate starts being valid. The timestamp is formatted as an ASN.1 TIME:: YYYYMMDDhhmmssZ :param bytes when: A timestamp string. :return: ``None`` )rrDrjrrcs r? set_notBeforeX509.set_notBefores&&t'?'?FFr>c@UR[R5$)z Get the timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME:: YYYYMMDDhhmmssZ :return: A timestamp string, or ``None`` if there is none. :rtype: bytes or NoneType )rrDrcrs r?rpX509.get_notAfter s&&t'>'>??r>cBUR[RU5$)z Set the timestamp at which the certificate stops being valid. The timestamp is formatted as an ASN.1 TIME:: YYYYMMDDhhmmssZ :param bytes when: A timestamp string. :return: ``None`` )rrDrcrs r? set_notAfterX509.set_notAfters&&t'>'>EEr>c[R[5nU"UR5Ul[ UR[ R :g5 XlU$rC)r"rrnrrQrMrRr)rrrs r? _get_nameX509._get_name'sC)4::&  dii/0  r>c[U[5(d [S5eU"URUR5n[ US:H5 g)Nzname must be an X509Namer)r]r"r_rnrrQ)rrrrds r? _set_nameX509._set_name2s;$))67 74::tzz2  a(r>czUR[R5nURR U5 U$)ae Return the issuer of this certificate. This creates a new :class:`X509Name` that wraps the underlying issuer name field on the certificate. Modifying it will modify the underlying certificate, and will have the effect of modifying any other :class:`X509Name` that refers to this issuer. :return: The issuer of this certificate. :rtype: :class:`X509Name` )rrDX509_get_issuer_namerrrs r? get_issuerX509.get_issuer8s1~~d778   $$T* r>cxUR[RU5 URR 5 g)zw Set the issuer of this certificate. :param issuer: The issuer. :type issuer: :py:class:`X509Name` :return: ``None`` N)rrDX509_set_issuer_namerr)rrws r? set_issuerX509.set_issuerHs* t00&9   &&(r>czUR[R5nURR U5 U$)ai Return the subject of this certificate. This creates a new :class:`X509Name` that wraps the underlying subject name field on the certificate. Modifying it will modify the underlying certificate, and will have the effect of modifying any other :class:`X509Name` that refers to this subject. :return: The subject of this certificate. :rtype: :class:`X509Name` )rrDX509_get_subject_namerrrs r?rX509.get_subjectTs1~~d889 !!%%d+ r>cxUR[RU5 URR 5 g)z{ Set the subject of this certificate. :param subject: The subject. :type subject: :py:class:`X509Name` :return: ``None`` N)rrDX509_set_subject_namerr)rrvs r? set_subjectX509.set_subjectds* t117; !!'')r>cB[R"UR5$)z Get the number of extensions on this certificate. :return: The number of extensions. :rtype: :py:class:`int` .. versionadded:: 0.12 )rDX509_get_ext_countrnrs r?get_extension_countX509.get_extension_countps&&tzz22r>c[R"S[SS9 UH]n[U[5(d [ S5e[ R"URURS5n[US:H5 M_ g)z Add extensions to the certificate. :param extensions: The extensions to add. :type extensions: An iterable of :py:class:`X509Extension` objects. :return: ``None`` rrrrr)rN) rrrr]rrarD X509_add_extrnrsrQ)rrrr?s r?rX509.add_extensions{sk  &  Cc#9:: !NOO**4::s~~rJJ J!O , r>c[R"S[SS9 [R [5n[ R "URU5UlUR[R:Xa [S5e[ R"UR5n[R"U[ R5UlU$)a Get a specific extension of the certificate by index. Extensions on a certificate are kept in order. The index parameter selects which extension will be returned. :param int index: The index of the extension to retrieve. :return: The extension at the specified index. :rtype: :py:class:`X509Extension` :raises IndexError: If the extension index was out of bounds. .. versionadded:: 0.12 rrrzextension index out of bounds)rrrrrrD X509_get_extrnrsrMrR IndexErrorrrSrr)rindexrrys r? get_extensionX509.get_extensions  &  %,,-CD**4::u= >>TYY &<= =++CNN; D,D,DE r>)rrrnNr)r r rJr)rJx509.Certificate)r%rrJrrrrrrri)rDrrJr^)rRr2rJr)rer2rJrr)rr rJ bytes | None)rJr)rzCallable[..., Any]rcr^rJr)rcr^rJr)rr rJr")rr rr"rJrr)rwr"rJr)rvr"rJrr)rr2rJr)'r8r9r:r;r<rrrrrrrrrrr=rrJrWr_rgrlr|rrrrrprrrrrrrrrrr=r7r>r?rrs; .44& I1  ))81& >7)8(( / 0""1 A7'7/47 7 G @ F )  ) * 3-:- -6r>rcn\rSrSr%Sr\R rS\S'\Rr S\S'\Rr S\S'\RrS\S'\RrS\S'\R"rS\S '\R&rS\S '\R*rS\S '\R.rS\S '\R2rS\S 'Srg)r'iz Flags for X509 verification, used to change the behavior of :class:`X509Store`. See `OpenSSL Verification Flags`_ for details. .. _OpenSSL Verification Flags: https://www.openssl.org/docs/manmaster/man3/X509_VERIFY_PARAM_set_flags.html r2 CRL_CHECK CRL_CHECK_ALLIGNORE_CRITICAL X509_STRICTALLOW_PROXY_CERTS POLICY_CHECKEXPLICIT_POLICY INHIBIT_MAPCHECK_SS_SIGNATURE PARTIAL_CHAINr7N)r8r9r:r;r<rDX509_V_FLAG_CRL_CHECKrrX509_V_FLAG_CRL_CHECK_ALLrX509_V_FLAG_IGNORE_CRITICALrX509_V_FLAG_X509_STRICTrX509_V_FLAG_ALLOW_PROXY_CERTSrX509_V_FLAG_POLICY_CHECKrX509_V_FLAG_EXPLICIT_POLICYrX509_V_FLAG_INHIBIT_MAPrX509_V_FLAG_CHECK_SS_SIGNATURErX509_V_FLAG_PARTIAL_CHAINrr=r7r>r?r'r's//Is/77M37;;OS;33K3!??s?55L#5;;OS;33K3"AAA77M37r>r'cd\rSrSrSrS SjrS SjrS SjrSSjrSSjr SSS jjr S r g)r$ia An X.509 store. An X.509 store is used to describe a context in which to verify a certificate. A description of a context may include a set of certificates to trust, a set of certificate revocation lists, verification flags and more. An X.509 store, being only a description, cannot be used by itself to verify a certificate. To carry out the actual verification process, see :class:`X509StoreContext`. c[R"5n[R"U[R5UlgrC)rDX509_STORE_newrMrSX509_STORE_free_storerstores r?rX509Store.__init__s(##%ggeT%9%9: r>c[U[5(d [5e[R"UR UR 5n[US:H5 g)a Adds a trusted certificate to this store. Adding a certificate with this method adds this certificate as a *trusted* certificate. :param X509 cert: The certificate to add to this store. :raises TypeError: If the certificate is not an :class:`X509`. :raises OpenSSL.crypto.Error: If OpenSSL was unhappy with your certificate. :return: ``None`` if the certificate was added successfully. rN)r]rr_rDX509_STORE_add_certrrnrQ)rrrs r?add_certX509Store.add_certs? $%%+ &&t{{DJJ?q!r>c[U[R5(aSSKJn [ UR UR55n[R"U[R5n[U[R:g5 [R"U[R5nO [S5e[[R "UR"U5S:g5 g)a Add a certificate revocation list to this store. The certificate revocation lists added to a store will only be used if the associated flags are configured to check certificate revocation lists. .. versionadded:: 16.1.0 :param crl: The certificate revocation list to add to this store. :type crl: ``cryptography.x509.CertificateRevocationList`` :return: ``None`` if the certificate revocation list was added successfully. rrz?CRL must be of type cryptography.x509.CertificateRevocationListN)r]r CertificateRevocationListrrrVrrrDd2i_X509_CRL_biorMrRrQrS X509_CRL_freer_X509_STORE_add_crlr)rcrlrrF openssl_crls r?add_crlX509Store.add_crls c499 : : Ms// =>C//TYY?K K4994 5''+t'9'9:C>  // SAQFGr>c^[[R"URU5S:g5 g)ab Set verification flags to this store. Verification flags can be combined by oring them together. .. note:: Setting a verification flag sometimes requires clients to add additional information to the store, otherwise a suitable error will be raised. For example, in setting flags to enable CRL checking a suitable CRL must be added to the store otherwise an error will be raised. .. versionadded:: 16.1.0 :param int flags: The verification flags to set on this store. See :class:`X509StoreFlags` for available constants. :return: ``None`` if the verification flags were successfully set. rN)rQrDX509_STORE_set_flagsr)rflagss r? set_flagsX509Store.set_flagss", 11$++uEJKr>cD[R"5n[R"U[R5n[R "U[ R"UR555 [[R"URU5S:g5 g)a\ Set the time against which the certificates are verified. Normally the current time is used. .. note:: For example, you can determine if a certificate was valid at a given time. .. versionadded:: 17.0.0 :param datetime vfy_time: The verification time to set on this store. :return: ``None`` if the verification time was successfully set. rN) rDX509_VERIFY_PARAM_newrMrSX509_VERIFY_PARAM_freeX509_VERIFY_PARAM_set_timecalendartimegm timetuplerQX509_STORE_set1_paramr)rvfy_timeparams r?set_timeX509Store.set_time-sm **,t::; '' 8??8#5#5#78  224;;F!KLr>NcUc[RnO [U5nUc[RnO [U5n[R"UR X5nU(d [ 5 gg)a Let X509Store know where we can find trusted certificates for the certificate chain. Note that the certificates have to be in PEM format. If *capath* is passed, it must be a directory prepared using the ``c_rehash`` tool included with OpenSSL. Either, but not both, of *cafile* or *capath* may be ``None``. .. note:: Both *cafile* and *capath* may be set simultaneously. Call this method multiple times to add more than one location. For example, CA certificates, and certificate revocation list bundles may be passed in *cafile* in subsequent calls to this method. .. versionadded:: 20.0 :param cafile: In which file we can find the certificates (``bytes`` or ``unicode``). :param capath: In which directory we can find the certificates (``bytes`` or ``unicode``). :return: ``None`` if the locations were set successfully. :raises OpenSSL.crypto.Error: If both *cafile* and *capath* is ``None`` or the locations could not be set for any reason. N)rMrR _path_bytesrDX509_STORE_load_locationsrr)rcafilecapath load_results r?load_locationsX509Store.load_locationsEs^B >YYF (F >YYF (F44 KK  "r>rr)rrrJr)rzx509.CertificateRevocationListrJr)rr2rJr)rzdatetime.datetimerJrrC)rStrOrBytesPathrzStrOrBytesPath | NonerJr) r8r9r:r;r<rrrrrrr=r7r>r?r$r$sL ;",H<L0M2GK/#$/#.C/# /#/#r>r$c@^\rSrSrSrSU4SjjrSrU=r$)r&iwz An exception raised when an error occurred while verifying a certificate using `OpenSSL.X509StoreContext.verify_certificate`. :ivar certificate: The certificate which caused verificate failure. :type certificate: :class:`X509` c<>[TU]U5 X lX0lgrC)rrerrors certificate)rmessagerrrs r?rX509StoreContextError.__init__s ! &r>)rr)rrrz list[Any]rrrJr)r8r9r:r;r<rr=rrs@r?r&r&ws2''$-'<@' ''r>r&c\rSrSrSrS S Sjjr\SSj5r\SSj5rSSjr SSjr SS jr SS jr S r g)r%ia  An X.509 store context. An X.509 store context is used to carry out the actual verification process of a certificate in a described context. For describing such a context, see :class:`X509Store`. :param X509Store store: The certificates which will be trusted for the purposes of any verifications. :param X509 certificate: The certificate to be verified. :param chain: List of untrusted certificates that may be used for building the certificate chain. May be ``None``. :type chain: :class:`list` of :class:`X509` NcHXlX lURU5UlgrC)r_cert_build_certificate_stack_chain)rrrchains r?rX509StoreContext.__init__s   33E: r>c,SSjnUb[U5S:Xa[R$[R"5n[ U[R:g5 [R "X!5nUHn[U[5(d [S5e[ [R"UR5S:5 [R"X#R5S::dMu[R"UR5 [5 M U$)Nc[[R"U55H/n[R"X5n[R"U5 M1 [R "U5 grC)r0rD sk_X509_num sk_X509_valuer sk_X509_free)sr;rs r?cleanup:X509StoreContext._build_certificate_stack..cleanupsJ4++A./&&q,q!0   a r>rz+One of the elements is not an X509 instance)r r rJr)rPrMrRrDsk_X509_new_nullrQrSr]rr_ X509_up_refrn sk_X509_pushrr) certificatesr rrs r?r)X509StoreContext._build_certificate_stacks !  3|#4#999 %%'*+' DdD)) MNN D,,TZZ81< =   3q8tzz*$&! r>c[R"[R"[R"U555R S5n[R"U5[R "U5U/n[R"U5n[R"U5n[RU5n[XU5$)z Convert an OpenSSL native context error failure into a Python exception. When a call to native OpenSSL X509_verify_cert fails, additional information about the failure can be obtained from the store context. r() rMrqrDX509_verify_cert_error_stringX509_STORE_CTX_get_errorrX509_STORE_CTX_get_error_depthX509_STORE_CTX_get_current_certX509_duprrr&) store_ctxrrrnrpycerts r?_exception_from_context(X509StoreContext._exception_from_contexts++  . .--i8   &/   ) )) 4  / / :  44Y? e$((/$Wf==r>c[R"5n[U[R:g5 [R "U[R 5n[R"XRRURRUR5n[US:H5 [R"U5nUS::aURU5eU$)a Verifies the certificate and runs an X509_STORE_CTX containing the results. :raises X509StoreContextError: If an error occurred when validating a certificate in the context. Sets ``certificate`` attribute to indicate which certificate caused the error. rr)rDX509_STORE_CTX_newrQrMrRrSX509_STORE_CTX_freeX509_STORE_CTX_initrrrnrX509_verify_certr)rrris r?_verify_certificate$X509StoreContext._verify_certificates++-  TYY./GGIt'?'?@ && {{))4::+;+;T[[  q!##I. !8..y9 9r>cXlg)z Set the context's X.509 store. .. versionadded:: 0.15 :param X509Store store: The store description which will be used for the purposes of any *future* verifications. Nrrs r? set_storeX509StoreContext.set_stores  r>c$UR5 g)z Verify a certificate in a context. .. versionadded:: 0.15 :raises X509StoreContextError: If an error occurred when validating a certificate in the context. Sets ``certificate`` attribute to indicate which certificate caused the error. N)r#rs r?verify_certificate#X509StoreContext.verify_certificates   "r>cUR5n[R"U5n[U[R :g5 /n[ [R"U55H[n[R"X$5n[U[R :g5 [RU5nURU5 M] [R"U5 U$)a Verify a certificate in a context and return the complete validated chain. :raises X509StoreContextError: If an error occurred when validating a certificate in the context. Sets ``certificate`` attribute to indicate which certificate caused the error. .. versionadded:: 20.0 ) r#rDX509_STORE_CTX_get1_chainrQrMrRr0r r rrrr )rr cert_stackrr;rrs r?get_verified_chain#X509StoreContext.get_verified_chain s,,. 33I>  dii/0t'' 34A%%j4D DDII- .,,T2F MM& ! 5 *% r>)rrrrC)rr$rrrSequence[X509] | NonerJr)rr0rJr)rr rJr&r)rr$rJrr)rJz list[X509])r8r9r:r;r<r staticmethodrrr#r&r)r.r=r7r>r?r%r%s &(, ;;;% ;  ;+ :>>20  #r>r%c[U[5(aURS5n[U5nU[:XaD[ R "U[R[R[R5nO;U[:Xa&[ R"U[R5nO [S5eU[R:Xa [5 [RU5$)z Load a certificate (X509) from the string *buffer* encoded with the type *type*. :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param bytes buffer: The buffer the certificate is stored in :return: The X509 object r3type argument must be FILETYPE_PEM or FILETYPE_ASN1)r]rr7rVrrDPEM_read_bio_X509rMrRr d2i_X509_biorarrr)rrTrFr s r?r.r.&s&#w' v C |%%c499diiK    dii0NOO tyy  " "4 ((r>cd[5nU[:Xa![R"X!R5nOcU[ :Xa![R "X!R5nO8U[:Xa#[R"X!RSS5nO [S5e[US:H5 [U5$)z Dump the certificate *cert* into a buffer string encoded with the type *type*. :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT) :param cert: The certificate to dump :return: The buffer with the dumped certificate in rCtype argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXTr) rVrrDPEM_write_bio_X509rnr i2d_X509_bior X509_print_exrarQr[)rrrF result_codes r?r(r(Cs .C |--c::>  ''ZZ8  ((jj!Q?    K1$% # r>c[5nU[:Xa[RnO&U[:Xa[R nO [ S5eU"X!R5nUS:wa [5 [U5$)z Dump a public key to a buffer. :param type: The file type (one of :data:`FILETYPE_PEM` or :data:`FILETYPE_ASN1`). :param PKey pkey: The public key to dump :return: The buffer with the dumped key in it. :rtype: bytes r3r) rVrrDPEM_write_bio_PUBKEYri2d_PUBKEY_biorarrr[)rrrF write_bior;s r?r+r+_sd .C |--  '' NOOC,Ka # r>c [5n[U[5(d [S5eUbMUc [S5e[R "[ U55nU[R:Xa [S5eO[Rn[X5nU[:XaY[R"UURU[RSURUR5nUR!5 OU[":Xa![R$"XAR5nOU[&:Xa[R("UR5[R*:wa [S5e[R,"[R."UR5[R05n[R2"XHS5nO [S5e[5US:g5 [7U5$)aU Dump the private key *pkey* into a buffer string encoded with the type *type*. Optionally (if *type* is :const:`FILETYPE_PEM`) encrypting it using *cipher* and *passphrase*. :param type: The file type (one of :const:`FILETYPE_PEM`, :const:`FILETYPE_ASN1`, or :const:`FILETYPE_TEXT`) :param PKey pkey: The PKey to dump :param cipher: (optional) if encrypted PEM format, the cipher to use :param passphrase: (optional) if encrypted PEM format, this can be either the passphrase to use, or a callback for providing the passphrase. :return: The buffer with the dumped key in :rtype: bytes zpkey must be a PKeyzDif a value is given for cipher one must also be given for passphrasezInvalid cipher namerz-Only RSA keys are supported for FILETYPE_TEXTr7)rVr]r r_rDEVP_get_cipherbynamer-rMrRra_PassphraseHelperrPEM_write_bio_PrivateKeyrcallback callback_argsraise_if_problemri2d_PrivateKey_biorrrrSrr RSA_printrQr[) rrcipher passphraserF cipher_objhelperr;rs r?r*r*xs* .C dD ! !-..   8 ..|F/CD  "23 3 #YY t 0F |33  JJ  II OO    !  --c::>     DJJ '4+<+< <KL Lggd,,TZZ8$--HnnSq1    K1$% # r>c\rSrSrS S Sjjr\S Sj5r\S Sj5r\4S Sjjr S Sjr Sr g)rBicfU[:waUb [S5eX lX0lX@l/Ulg)Nz0only FILETYPE_PEM key format supports encryption)rra _passphrase _more_args _truncate _problems)rrrJ more_argstruncates r?r_PassphraseHelper.__init__s: < J$:B &#!*,r>cURc[R$[UR[5(d[ UR5(a![R "SUR5$[S5e)Npem_password_cb2Last argument must be a byte string or a callable.) rOrMrRr]r^callablerD_read_passphraser_rs r?rD_PassphraseHelper.callbacksc    #99  ((% 0 0HT=M=M4N4N==!2D4I4IJ JD r>cURc[R$[UR[5(d[ UR5(a[R$[ S5e)NrX)rOrMrRr]r^rYr_rs r?rE_PassphraseHelper.callback_argssU    #99  ((% 0 0HT=M=M4N4N99 D r>cUR(a'[U5 URRS5eg!Ua N$f=frM)rR_exception_from_error_queuepop)r exceptionTypes r?rF"_PassphraseHelper.raise_if_problemsF >> +M:..$$Q' ' !  s :AAc>[UR5(a6UR(aURX#U5nO-URU5nOURceURn[U[5(d [ S5e[ U5U:a"UR(aUSUnO [ S5e[[ U55H nXVUS-X'M [ U5$![a%nURRU5 SnAgSnAff=f)NzBytes expectedz+passphrase returned by callback is too longrr) rYrOrPr]r^rarPrQr0 ExceptionrRr)rrsizerwflaguserdatarr;es r?rZ"_PassphraseHelper._read_passphrases (())??!--dHEF!--f5F''333))fe,, !1226{T!>>#ET]F$E3v;'AE*(v;   NN ! !! $ sC*C-- D7DD)rPrOrRrQN)FF) rr2rJPassphraseCallableT | NonerSrrTrrJrr)raztype[Exception]rJr) rr rer2rfr rgr rJr2) r8r9r:r;rrrDrErrFrZr=r7r>r?rBrBs   --/- -  -  - AF(!+.:= r>rBcJ[U[5(aURS5n[U5nU[:XaD[ R "U[R[R[R5nO;U[:Xa&[ R"U[R5nO [S5eU[R:Xa [5 [R[5n[R"U[ R 5UlSUlU$)a Load a public key from a buffer. :param type: The file type (one of :data:`FILETYPE_PEM`, :data:`FILETYPE_ASN1`). :param buffer: The buffer the key is stored in. :type buffer: A Python string object, either unicode or bytestring. :return: The PKey object. :rtype: :class:`PKey` rr3T)r]rr7rVrrDPEM_read_bio_PUBKEYrMrRrd2i_PUBKEY_biorarr rrSrrr)rrTrFevp_pkeyrs r?r1r1 s&#w' v C |++ DIItyy   &&sDII6NOO499 << D4#5#56DJD Kr>cb[U[5(aURS5n[U5n[ X5nU[ :XaL[ R"U[RURUR5nUR5 O;U[:Xa&[ R"U[R5nO [S5eU[R:Xa [!5 ["R%["5n[R&"U[ R(5UlU$)a Load a private key (PKey) from the string *buffer* encoded with the type *type*. :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param buffer: The buffer the key is stored in :param passphrase: (optional) if encrypted PEM format, this can be either the passphrase to use, or a callback for providing the passphrase. :return: The PKey object rr3)r]rr7rVrBrrDPEM_read_bio_PrivateKeyrMrRrDrErFrd2i_PrivateKey_biorarr rrSrr)rrTrJrFrLrnrs r?r0r0- s"&#w' v C t 0F |// FOOV-A-A  !  **3 :NOO499 << D4#5#56DJ Kr>cd[5nU[:Xa![R"X!R5nOcU[ :Xa![R "X!R5nO8U[:Xa#[R"X!RSS5nO [S5e[US:g5 [U5$)aV Dump the certificate request *req* into a buffer string encoded with the type *type*. :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param req: The certificate request to dump :return: The buffer with the dumped certificate request in .. deprecated:: 24.2.0 Use `cryptography.x509.CertificateSigningRequest` instead. rr7) rVrrDPEM_write_bio_X509_REQrri2d_X509_REQ_biorX509_REQ_print_exrarQr[)rrrFr;s r?r)r)V s .C |11#xx@  ++C:  ,,S((AqA    K1$% # r>r)c8[U[5(aURS5n[U5nU[:XaD[ R "U[R[R[R5nO;U[:Xa&[ R"U[R5nO [S5e[U[R:g5 [R[5n[R"U[ R 5UlU$)as Load a certificate request (X509Req) from the string *buffer* encoded with the type *type*. :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param buffer: The buffer the certificate request is stored in :return: The X509Req object .. deprecated:: 24.2.0 Use `cryptography.x509.load_der_x509_csr` or `cryptography.x509.load_pem_x509_csr` instead. rr3)r]rr7rVrrDPEM_read_bio_X509_REQrMrRrd2i_X509_REQ_biorarQ_X509ReqInternalrrSrr)rrTrFrx509reqs r?r/r/ s&#w' v C |((diiDIIN  ##C3NOOC499$%&&'78G773 2 23GL Nr>r/rC)rTrrJr )rFr rJr^)rbr rcr^rJr)rcr^rJr )rur rJr)rJr)rrrJr)rr2rTr^rJr)rr2rrrJr^)rr2rr rJr^r) rr2rr rIrhrJrjrJr^)rr2rT str | bytesrJr )rr2rTr{rJrjrJr )rr2rr#rJr^)rr2rTr^rJr#)p __future__rrrq functoolstypingrbase64rcollections.abcrrrosrr r r cryptographyr r )cryptography.hazmat.primitives.asymmetricrrrrr OpenSSL._utilrr-rr_rrMrrDr _make_assertrr__all__rrrrr _PrivateKeyrrrrr _PublicKeyrrr^rPassphraseCallableTSSL_FILETYPE_PEMrrSSL_FILETYPE_ASN1rrrr EVP_PKEY_DSAr EVP_PKEY_DHr3 EVP_PKEY_ECr4rdrrrQrVr[rerjrzr|r rr-r deprecatedr8rr,total_orderingr"r!rr#ryrr'r$r&r%r.r(r+r*rBr1r0r)rr/rr7r>r?rs" . % :         [* $%sE8+,E8CJ#778)) c)++ s+ !!#!!!#!I :EBu%4;+2&:  ~.~.Bd.d.N 5!4    1$     Dg:g:T'    qqh     iiX88.e#e#P'I'"[[|):88-1 B B B B+ B  BJKK\J.2& & &+& &R@&>"   # @&>"   # r>