Your IP : 216.73.216.189

Current Path : /snap/certbot/5603/lib/python3.12/site-packages/cryptography/x509/__pycache__/
Upload File :
Current File : //snap/certbot/5603/lib/python3.12/site-packages/cryptography/x509/__pycache__/base.cpython-312.pyc

�

'�j�e�	���ddlmZddlZddlZddlZddlmZddlmZddl	m
Zddlm
Z
ddlmZmZmZmZmZmZmZmZddlmZmZdd	lmZmZmZdd
lmZm Z ddl!m"Z"ejdd
d
�Z#ejHe
jJe
jLe
jNe
jPe
jRe
jTe
jVe
jXfZ-Gd�de.�Z/						d$d�Z0						d%d�Z1d&d�Z2Gd�d�Z3Gd�d�Z4Gd�dejj�Z6Gd�de.�Z7ejpZ8ejrZ9ejtZ:ejvZ;ejxZ<ejzZ=ej|Z>ej~Z?ej�Z@ej�ZAej�ZBGd�d�ZCGd�d�ZDGd�d �ZEGd!�d"�ZFd'd#�ZGy)(�)�annotationsN)�Iterable)�utils)�x509)�hashes)�dsa�ec�ed448�ed25519�padding�rsa�x448�x25519)� CertificateIssuerPrivateKeyTypes�CertificatePublicKeyTypes)�	Extension�
ExtensionType�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��c� ��eZdZd�fd�Z�xZS)�AttributeNotFoundc�2��t�|�|�||_y�N)�super�__init__�oid)�self�msgr�	__class__s   ���/build/snapcraft-certbot-54d6d23c1eba5f776fc280588daee8b3/parts/certbot/install/lib/python3.12/site-packages/cryptography/x509/base.pyrzAttributeNotFound.__init__6s���
��������)r!�strrr�return�None��__name__�
__module__�__qualname__r�
__classcell__�r"s@r#rr5s
����r$rc�Z�|D]&}|j|jk(s�td��y)Nz$This extension has already been set.)r�
ValueError)�	extension�
extensions�es   r#�_reject_duplicate_extensionr3;s1��
�E���5�5�I�M�M�!��C�D�D�Er$c�:�|D]\}}}||k(s�
td��y)Nz$This attribute has already been set.)r/)r�
attributes�attr_oid�_s    r#�_reject_duplicate_attributer8Es.��
%�E���!�Q��s�?��C�D�D�Er$c��|j�=|j�}|r|ntj�}|j	d��|z
S|S)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)�tzinfo)r:�	utcoffset�datetime�	timedelta�replace)�time�offsets  r#�_convert_to_naive_utc_timerAOsG���{�{�����!��!��x�'9�'9�';���|�|�4�|�(�6�1�1��r$c��eZdZejj
f							dd�Zed	d��Zed
d��Zdd�Z	dd�Z
d
d�Zy)�	Attributec�.�||_||_||_yr)�_oid�_value�_type)r r�valuerGs    r#rzAttribute.__init__^s����	������
r$c��|jSr)rE�r s r#rz
Attribute.oidhs���y�y�r$c��|jSr)rFrJs r#rHzAttribute.valuels���{�{�r$c�<�d|j�d|j�d�S)Nz<Attribute(oid=z, value=�)>)rrHrJs r#�__repr__zAttribute.__repr__ps�� ����
�(�4�:�:�.��C�Cr$c���t|t�stS|j|jk(xr4|j|jk(xr|j
|j
k(Sr)�
isinstancerC�NotImplementedrrHrG)r �others  r#�__eq__zAttribute.__eq__ssS���%��+�!�!�
�H�H��	�	�!�
*��
�
�e�k�k�)�
*��
�
�e�k�k�)�	
r$c�Z�t|j|j|jf�Sr)�hashrrHrGrJs r#�__hash__zAttribute.__hash__}s ���T�X�X�t�z�z�4�:�:�6�7�7r$N)rrrH�bytesrG�intr&r')r&r)r&rW�r&r%)rR�objectr&�bool�r&rX)r)r*r+r�
UTF8StringrHr�propertyrrNrSrV�r$r#rCrC]sv��
�)�)�/�/�	�
�����	�

����������D�
�8r$rCc�D�eZdZ				dd�Zed�\ZZZdd�Zdd�Z	y)	�
Attributesc�$�t|�|_yr)�list�_attributes)r r5s  r#rzAttributes.__init__�s�� �
�+��r$rdc�"�d|j�d�S)Nz<Attributes(rM)rdrJs r#rNzAttributes.__repr__�s���d�.�.�/�r�2�2r$c�V�|D]}|j|k(s�|cStd|�d�|��)NzNo z attribute was found)rr)r r�attrs   r#�get_attribute_for_oidz Attributes.get_attribute_for_oid�s:���	�D��x�x�3����	� �#�c�U�*>� ?��E�Er$N)r5zIterable[Attribute]r&r'rY)rrr&rC)
r)r*r+rr�__len__�__iter__�__getitem__rNrhr_r$r#rara�s7��,�'�,�
�,�&<�M�%J�"�G�X�{�3�Fr$rac��eZdZdZdZy)�Versionr�N)r)r*r+�v1�v3r_r$r#rmrm�s��	
�B�	
�Br$rmc� ��eZdZd�fd�Z�xZS)�InvalidVersionc�2��t�|�|�||_yr)rr�parsed_version)r r!rtr"s   �r#rzInvalidVersion.__init__�s���
�����,��r$)r!r%rtrXr&r'r(r-s@r#rrrr�s
���-�-r$rrc��eZdZdggf					d	d�Zd
d�Z						dd�Zdd�							dd�Z	d
ddd�											dd�Zy)� CertificateSigningRequestBuilderNc�.�||_||_||_y)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_name�_extensionsrd)r �subject_namer1r5s    r#rz)CertificateSigningRequestBuilder.__init__�s��*���%���%��r$c��t|t�std��|j�t	d��t||j|j�S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.�&The subject name may only be set once.)rPr�	TypeErrorrxr/rvryrd�r �names  r#rzz-CertificateSigningRequestBuilder.subject_name�sR���$��%��9�:�:����)��E�F�F�/��$�"�"�D�$4�$4�
�	
r$c���t|t�std��t|j||�}t||j�t|jg|j�|�|j�S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rPrr~rrr3ryrvrxrd�r �extval�criticalr0s    r#�
add_extensionz.CertificateSigningRequestBuilder.add_extension�sn���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/����*�d���*�	�*����
�	
r$)�_tagc�Z�t|t�std��t|t�std��|�t|t�std��t||j�|�
|j}nd}t|j|jg|j�|||f��S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)rPrr~rWrr8rdrHrvrxry)r rrHr��tags     r#�
add_attributez.CertificateSigningRequestBuilder.add_attribute�s����#�/�0��=�>�>��%��'��1�2�2���J�t�Y�$?��3�4�4�#�C��)9�)9�:����*�*�C��C�/�������2�d���2��e�S� 1�2�
�	
r$��rsa_padding�ecdsa_deterministicc�h�|j�td��|�Zt|tjtj
f�st
d��t|tj�st
d��|�%t|tj�st
d��tj|||||�S)zF
        Signs the request using the requestor's private key.
        z/A CertificateSigningRequest must have a subject�Padding must be PSS or PKCS1v15�&Padding is only supported for RSA keys�1Deterministic ECDSA is only supported for EC keys)
rxr/rPr�PSS�PKCS1v15r~r
�
RSAPrivateKeyr	�EllipticCurvePrivateKey�	rust_x509�create_x509_csr�r �private_key�	algorithm�backendr�r�s      r#�signz%CertificateSigningRequestBuilder.signs������%��N�O�O��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��*��k�2�+E�+E�F��G����(�(������
�	
r$)rz�Name | Noner1�list[Extension[ExtensionType]]r5�0list[tuple[ObjectIdentifier, bytes, int | None]])r�rr&rv)r�rr�r[r&rv)rrrHrWr�z_ASN1Type | Noner&rvr)r�rr��_AllowedHashTypes | Noner��
typing.Anyr��%padding.PSS | padding.PKCS1v15 | Noner��bool | Noner&�CertificateSigningRequest)r)r*r+rrzr�r�r�r_r$r#rvrv�s���%)�57�GI�	&�!�&�3�&�E�	&�

�
�#�
�/3�
�	)�
�."&�
�
�
��
�
�
�
*�

�H#�	!
�>B�+/�!
�5�!
�,�!
��	!
�;�
!
�)�!
�
#�!
r$rvc���eZdZUded<ddddddgf															dd�Zdd�Zdd�Z				dd�Zdd�Zdd	�Z	dd
�Z
						dd�Z	dddd�											dd
�Zy)�CertificateBuilderr�ryNc��tj|_||_||_||_||_||_||_||_	yr)
rmrp�_version�_issuer_namerx�_public_key�_serial_number�_not_valid_before�_not_valid_afterry)r �issuer_namerz�
public_key�
serial_number�not_valid_before�not_valid_afterr1s        r#rzCertificateBuilder.__init__'sG�� �
�
��
�'���)���%���+���!1��� /���%��r$c	��t|t�std��|j�t	d��t||j|j|j|j|j|j�S)z3
        Sets the CA's distinguished name.
        r|�%The issuer name may only be set once.)rPrr~r�r/r�rxr�r�r�r�ryrs  r#r�zCertificateBuilder.issuer_name:sx���$��%��9�:�:����(��D�E�E�!������������"�"��!�!����
�	
r$c	��t|t�std��|j�t	d��t|j||j|j|j|j|j�S)z:
        Sets the requestor's distinguished name.
        r|r})rPrr~rxr/r�r�r�r�r�r�ryrs  r#rzzCertificateBuilder.subject_nameLsx���$��%��9�:�:����)��E�F�F�!������������"�"��!�!����
�	
r$c
���t|tjtjt
jtjtjtjtjf�std��|j �t#d��t%|j&|j(||j*|j,|j.|j0�S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)rPr�DSAPublicKeyr
�RSAPublicKeyr	�EllipticCurvePublicKeyr�Ed25519PublicKeyr
�Ed448PublicKeyr�X25519PublicKeyr�
X448PublicKeyr~r�r/r�r�rxr�r�r�ry)r �keys  r#r�zCertificateBuilder.public_key^s������ � �� � ��)�)��(�(��$�$��&�&��"�"�
�
��!��
����'��C�D�D�!������������"�"��!�!����
�	
r$c	�\�t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
|j|j|j||j|j|j�S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rPrXr~r�r/�
bit_lengthr�r�rxr�r�r�ry�r �numbers  r#r�z CertificateBuilder.serial_number�s����&�#�&��E�F�F����*��F�G�G��Q�;��D�E�E�����#�%��E��
�"������������"�"��!�!����
�	
r$c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j|j|j|j||j|j�S)z7
        Sets the certificate activation time.
        �Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rPr<r~r�r/rA�_EARLIEST_UTC_TIMEr�r�r�rxr�r�ry�r r?s  r#r�z#CertificateBuilder.not_valid_before�s����$�� 1� 1�2��8�9�9��!�!�-��I�J�J�)�$�/���$�$��$��
�� � �,���8M�8M�1M����
�"���������������!�!����
�	
r$c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j|j|j|j||j�S)z7
        Sets the certificate expiration time.
        r�z)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rPr<r~r�r/rAr�r�r�r�rxr�r�ryr�s  r#r�z"CertificateBuilder.not_valid_after�s����$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��N��
�
�"�"�.��t�-�-�-����
�"��������������"�"�����
�	
r$c
�H�t|t�std��t|j||�}t||j�t|j|j|j|j|j|jg|j�|��S)z=
        Adds an X.509 extension to the certificate.
        r�)rPrr~rrr3ryr�r�rxr�r�r�r�r�s    r#r�z CertificateBuilder.add_extension�s����&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�!��������������"�"��!�!�*�d���*�	�*�
�	
r$r�c�N�|j�td��|j�td��|j�td��|j�td��|j
�td��|j�td��|�Zt|tjtjf�std��t|tj�std��|�%t|tj�std	��t!j"|||||�S)
zC
        Signs the certificate using the CA's private key.
        z&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public keyr�r�r�)rxr/r�r�r�r�r�rPrr�r�r~r
r�r	r�r��create_x509_certificater�s      r#r�zCertificateBuilder.sign�s%�����%��E�F�F����$��E�F�F����&��F�G�G��!�!�)��N�O�O�� � �(��M�N�N����#��C�D�D��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��*��k�2�+E�+E�F��G����0�0������
�	
r$)r�r�rzr�r�z CertificatePublicKeyTypes | Noner��
int | Noner��datetime.datetime | Noner�r�r1r�r&r')r�rr&r�)r�rr&r�)r�rXr&r�)r?�datetime.datetimer&r�)r�rr�r[r&r�r)r�rr�r�r�r�r�r�r�r�r&�Certificate)
r)r*r+�__annotations__rr�rzr�r�r�r�r�r�r_r$r#r�r�$s��/�/�$(�$(�7;�$(�59�48�57�&� �&�"�&�5�	&�
"�&�3�
&�2�&�3�&�
�&�&
�$
�$#
�
&�#
�
�#
�J
�6
�:
�>
�#�
�/3�
�	�
�4#�	0
�>B�+/�0
�5�0
�,�0
��	0
�;�
0
�)�0
�
�0
r$r�c���eZdZUded<ded<dddggf									dd�Z				dd�Z				dd�Z				dd	�Z						dd
�Z				dd�Z		dddd�											dd
�Z
y)� CertificateRevocationListBuilderr�ry�list[RevokedCertificate]�_revoked_certificatesNc�J�||_||_||_||_||_yr)r��_last_update�_next_updateryr�)r r��last_update�next_updater1�revoked_certificatess      r#rz)CertificateRevocationListBuilder.__init__'s,��(���'���'���%���%9��"r$c���t|t�std��|j�t	d��t||j|j|j|j�S)Nr|r�)
rPrr~r�r/r�r�r�ryr�)r r�s  r#r�z,CertificateRevocationListBuilder.issuer_name5sf���+�t�,��9�:�:����(��D�E�E�/������������&�&�
�	
r$c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j||j|j|j�S)Nr��!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rPr<r~r�r/rAr�r�r�r�ryr�)r r�s  r#r�z,CertificateRevocationListBuilder.last_updateDs����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��J��
����(�[�4�;L�;L�-L��K��
�0������������&�&�
�	
r$c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j||j|j�S)Nr�r�r�z8The next update date must be after the last update date.)rPr<r~r�r/rAr�r�r�r�ryr�)r r�s  r#r�z,CertificateRevocationListBuilder.next_update\s����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��J��
����(�[�4�;L�;L�-L��J��
�0������������&�&�
�	
r$c��t|t�std��t|j||�}t||j�t|j|j|jg|j�|�|j�S)zM
        Adds an X.509 extension to the certificate revocation list.
        r�)rPrr~rrr3ryr�r�r�r�r�r�s    r#r�z.CertificateRevocationListBuilder.add_extensionts����&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/����������*�d���*�	�*��&�&�
�	
r$c���t|t�std��t|j|j
|j|jg|j�|��S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rP�RevokedCertificater~r�r�r�r�ryr�)r �revoked_certificates  r#�add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificate�sa���-�/A�B��G�H�H�/�������������>�d�(�(�>�*=�>�
�	
r$r�c���|j�td��|j�td��|j�td��|�Zt	|t
jt
jf�std��t	|tj�std��|�%t	|tj�std��tj|||||�S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timer�r�r�)r�r/r�r�rPrr�r�r~r
r�r	r�r��create_x509_crlr�s      r#r�z%CertificateRevocationListBuilder.sign�s������$��=�>�>����$��A�B�B����$��A�B�B��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��*��k�2�+E�+E�F��G����(�(������
�	
r$)
r�r�r�r�r�r�r1r�r�r�)r�rr&r�)r�r�r&r�)r�r�r&r�)r�rr�r[r&r�)r�r�r&r�r)r�rr�r�r�r�r�r�r�r�r&�CertificateRevocationList)r)r*r+r�rr�r�r�r�r�r�r_r$r#r�r�#s��/�/�3�3�$(�04�04�57�9;�
:� �:�.�:�.�	:�
3�:�7�
:�

��

�	)�

�
�,�
�	)�
�0
�,�
�	)�
�0
�#�
�/3�
�	)�
�&
�#5�
�	)�
�*#�	$
�>B�+/�$
�5�$
�,�$
��	$
�;�
$
�)�$
�
#�$
r$r�c�\�eZdZddgf					dd�Zdd�Z				d	d�Z						d
d�Zddd�Zy)
�RevokedCertificateBuilderNc�.�||_||_||_yr)r��_revocation_datery)r r��revocation_dater1s    r#rz"RevokedCertificateBuilder.__init__�s��,��� /���%��r$c��t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
||j|j�S)Nr�r�rz$The serial number should be positiver�r�)	rPrXr~r�r/r�r�r�ryr�s  r#r�z'RevokedCertificateBuilder.serial_number�s����&�#�&��E�F�F����*��F�G�G��Q�;��C�D�D�����#�%��E��
�)��D�)�)�4�+;�+;�
�	
r$c��t|tj�std��|j�t	d��t|�}|tkrt	d��t|j||j�S)Nr�z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rPr<r~r�r/rAr�r�r�ryr�s  r#r�z)RevokedCertificateBuilder.revocation_date�s}���$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��I��
�)�����t�'7�'7�
�	
r$c���t|t�std��t|j||�}t||j�t|j|jg|j�|��S)Nr�)
rPrr~rrr3ryr�r�r�r�s    r#r�z'RevokedCertificateBuilder.add_extension�sn���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�(�����!�!�*�d���*�	�*�
�	
r$c��|j�td��|j�td��tj|�S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r/r�r��create_revoked_certificate)r r�s  r#�buildzRevokedCertificateBuilder.build�sI�����&��N�O�O�� � �(��C��
��3�3�D�9�9r$)r�r�r�r�r1r�)r�rXr&r�)r?r�r&r�)r�rr�r[r&r�r)r�r�r&r�)r)r*r+rr�r�r�r�r_r$r#r�r��sj��%)�48�57�	&�!�&�2�&�3�	&�
�$
�%�
�	"�
� 
�#�
�/3�
�	"�
�:r$r�c�Z�tjtjd�d�dz	S)N��bigr)rX�
from_bytes�os�urandomr_r$r#�random_serial_numberr�s ���>�>�"�*�*�R�.�%�0�A�5�5r$)r0zExtension[ExtensionType]r1r�r&r')rrr5r�r&r')r?r�r&r�r\)H�
__future__rr<r��typing�collections.abcr�cryptographyr�"cryptography.hazmat.bindings._rustrr��cryptography.hazmat.primitivesr�)cryptography.hazmat.primitives.asymmetricrr	r
rrr
rr�/cryptography.hazmat.primitives.asymmetric.typesrr�cryptography.x509.extensionsrrr�cryptography.x509.namerr�cryptography.x509.oidrr��Union�SHA224�SHA256�SHA384�SHA512�SHA3_224�SHA3_256�SHA3_384�SHA3_512�_AllowedHashTypes�	Exceptionrr3r8rArCra�Enumrmrrr�r�r�r��load_pem_x509_certificate�load_der_x509_certificate�load_pem_x509_certificates�load_pem_x509_csr�load_der_x509_csr�load_pem_x509_crl�load_der_x509_crlrvr�r�r�r�r_r$r#�<module>rs���
#��	�
�$��@�1�	�	�	����
3�2�&�X�&�&�t�Q��2���L�L�
�M�M�
�M�M�
�M�M�
�M�M�
�O�O�
�O�O�
�O�O�
�O�O��	���	��E�'�E�.�E�
�E�E�	�E�@�E�
�E��!8�!8�HF�F�(�e�j�j��
-�Y�-��#�#���1�1��&�?�?��%�?�?��&�?�?��%�?�?��&�A�A���/�/���/�/���/�/���/�/��m
�m
�`|
�|
�~Y
�Y
�xB:�B:�J6r$