HEX

File: //var/opt/nydus/ops/asn1crypto/__pycache__/ocsp.cpython-39.pyc
a

�,�hPJ�@sdZddlmZmZmZmZddlmZddlm	Z	m
Z
ddlmZm
Z
mZmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZdd	lmZm Z m!Z!m"Z"Gd
d�de�Z#Gdd
�d
e�Z$Gdd�de�Z%Gdd�de�Z&Gdd�de�Z'Gdd�de�Z(Gdd�de�Z)Gdd�de�Z*Gdd�de�Z+Gdd�de�Z,Gdd�de�Z-Gd d!�d!e�Z.Gd"d#�d#e�Z/Gd$d%�d%e�Z0Gd&d'�d'e�Z1Gd(d)�d)e�Z2Gd*d+�d+e�Z3Gd,d-�d-e�Z4Gd.d/�d/e�Z5Gd0d1�d1e�Z6Gd2d3�d3e
�Z7Gd4d5�d5e�Z8Gd6d7�d7e�Z9Gd8d9�d9e�Z:Gd:d;�d;e
�Z;Gd<d=�d=e�Z<Gd>d?�d?e�Z=Gd@dA�dAe�Z>GdBdC�dCe�Z?GdDdE�dEe�Z@GdFdG�dGe�ZAGdHdI�dIe�ZBGdJdK�dKe�ZCGdLdM�dMe�ZDGdNdO�dOe�ZEGdPdQ�dQe�ZFGdRdS�dSe�ZGGdTdU�dUe�ZHdVS)Wz�
ASN.1 type classes for the online certificate status protocol (OCSP). Exports
the following items:

 - OCSPRequest()
 - OCSPResponse()

Other type classes are defined that help compose the types listed above.
�)�unicode_literals�division�absolute_import�print_function�)�unwrap)�DigestAlgorithm�SignedDigestAlgorithm)
�Boolean�Choice�
Enumerated�GeneralizedTime�	IA5String�Integer�Null�ObjectIdentifier�OctetBitString�OctetString�ParsableOctetString�Sequence�
SequenceOf)�AuthorityInfoAccessSyntax�	CRLReason)�PublicKeyAlgorithm)�Certificate�GeneralName�GeneralNames�Namec@seZdZddiZdS)�Versionr�v1N��__name__�
__module__�__qualname__�_map�r%r%�@/opt/nydus/tmp/pip-target-wkfpz8uv/lib/python/asn1crypto/ocsp.pyr(s�rc@s(eZdZdefdefdefdefgZdS)�CertIdZhash_algorithmZissuer_name_hashZissuer_key_hashZ
serial_numberN)r!r"r#rrr�_fieldsr%r%r%r&r'.s
�r'c@seZdZdefdefgZdS)�ServiceLocatorZissuer�locatorN)r!r"r#rrr(r%r%r%r&r)7s�r)c@seZdZddiZdS)�RequestExtensionIdz1.3.6.1.5.5.7.48.1.7�service_locatorNr r%r%r%r&r+>s�r+c@s4eZdZdefdeddifdefgZdZdeiZ	dS)	�RequestExtension�extn_id�critical�defaultF�
extn_value�r.r1r,N)
r!r"r#r+r
rr(�	_oid_pairr)�
_oid_specsr%r%r%r&r-Ds��r-c@seZdZeZdS)�RequestExtensionsN)r!r"r#r-�_child_specr%r%r%r&r5Qsr5c@sPeZdZdefdeddd�fgZdZdZdZdd	�Z	e
d
d��Ze
dd
��ZdS)�RequestZreq_cert�single_request_extensionsrT��explicit�optionalFNcCsdt�|_|dD]H}|dj}d|}t||�rBt|||dj�|djr|j�|�qd|_dS)�v
        Sets common named extensions to private attributes and creates a list
        of critical extensions
        r8r.�	_%s_valuer1r/TN��set�_critical_extensions�native�hasattr�setattr�parsed�add�_processed_extensions��self�	extension�nameZattribute_namer%r%r&�_set_extensions_s


zRequest._set_extensionscCs|js|��|jS�z�
        Returns a set of the names (or OID if not a known extension) of the
        extensions marked as critical

        :return:
            A set of unicode strings
        �rFrKr@�rHr%r%r&�critical_extensionsqs
zRequest.critical_extensionscCs|jdur|��|jS)z�
        This extension is used when communicating with an OCSP responder that
        acts as a proxy for OCSP requests

        :return:
            None or a ServiceLocator object
        F)rFrK�_service_locator_valuerNr%r%r&�service_locator_values

zRequest.service_locator_value)
r!r"r#r'r5r(rFr@rPrK�propertyrOrQr%r%r%r&r7Us�

r7c@seZdZeZdS)�RequestsN)r!r"r#r7r6r%r%r%r&rS�srSc@seZdZddiZdS)�ResponseTypez1.3.6.1.5.5.7.48.1.1�basic_ocsp_responseNr r%r%r%r&rT�s�rTc@seZdZeZdS)�AcceptableResponsesN)r!r"r#rTr6r%r%r%r&rV�srVc@s"eZdZdefdeddifgZdS)�PreferredSignatureAlgorithmZsig_identifierZcert_identifierr;TN)r!r"r#r	rr(r%r%r%r&rW�s�rWc@seZdZeZdS)�PreferredSignatureAlgorithmsN)r!r"r#rWr6r%r%r%r&rX�srXc@seZdZdddd�ZdS)�TBSRequestExtensionId�nonce�acceptable_responses�preferred_signature_algorithms)�1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8Nr r%r%r%r&rY�s�rYc@s8eZdZdefdeddifdefgZdZee	e
d�ZdS)	�TBSRequestExtensionr.r/r0Fr1r2)rZr[r\N)r!r"r#rYr
rr(r3rrVrXr4r%r%r%r&r^�s��r^c@seZdZeZdS)�TBSRequestExtensionsN)r!r"r#r^r6r%r%r%r&r_�sr_c@s@eZdZdeddd�fdeddd�fd	efd
eddd�fgZdS)
�
TBSRequest�versionrr�r:r0Zrequestor_namerTr9Zrequest_list�request_extensions�N)r!r"r#rrrSr_r(r%r%r%r&r`�s
�r`c@seZdZeZdS)�CertificatesN)r!r"r#rr6r%r%r%r&re�srec@s*eZdZdefdefdeddd�fgZdS)�	Signature�signature_algorithm�	signature�certsrTr9N)r!r"r#r	rrer(r%r%r%r&rf�s�rfc@speZdZdefdeddd�fgZdZdZdZdZ	dZ
dd	�Zed
d��Z
edd
��Zedd��Zedd��ZdS)�OCSPRequest�tbs_requestZoptional_signaturerTr9FNcCsht�|_|ddD]H}|dj}d|}t||�rFt|||dj�|djr|j�|�qd|_dS)	r<rkrcr.r=r1r/TNr>rGr%r%r&rK�s


zOCSPRequest._set_extensionscCs|js|��|jSrLrMrNr%r%r&rO�s
zOCSPRequest.critical_extensionscCs|jdur|��|jS)z�
        This extension is used to prevent replay attacks by including a unique,
        random value with each request/response pair

        :return:
            None or an OctetString object
        F�rFrK�_nonce_valuerNr%r%r&�nonce_values

zOCSPRequest.nonce_valuecCs|jdur|��|jS)a(
        This extension is used to allow the client and server to communicate
        with alternative response formats other than just basic_ocsp_response,
        although no other formats are defined in the standard.

        :return:
            None or an AcceptableResponses object
        F)rFrK�_acceptable_responses_valuerNr%r%r&�acceptable_responses_values
z&OCSPRequest.acceptable_responses_valuecCs|jdur|��|jS)aj
        This extension is used by the client to define what signature algorithms
        are preferred, including both the hash algorithm and the public key
        algorithm, with a level of detail down to even the public key algorithm
        parameters, such as curve name.

        :return:
            None or a PreferredSignatureAlgorithms object
        F)rFrK�%_preferred_signature_algorithms_valuerNr%r%r&�$preferred_signature_algorithms_value s
z0OCSPRequest.preferred_signature_algorithms_value)r!r"r#r`rfr(rFr@rmrorqrKrRrOrnrprrr%r%r%r&rj�s"�


rjc@seZdZddddddd�ZdS)	�OCSPResponseStatusZ
successfulZmalformed_requestZinternal_errorZ	try_laterZ
sign_required�unauthorized)rrrd���Nr r%r%r%r&rs1s�rsc@s(eZdZdeddifdeddifgZdS)�ResponderIdZby_namer:r�by_keyrdN)r!r"r#rr�
_alternativesr%r%r%r&rx<s�rxc@s eZdZdd�Zedd��ZdS)�
StatusGoodcCs6|dur,|dkr,t|t�s,ttdt|����d|_dS)z`
        Sets the value of the object

        :param value:
            None or 'good'
        N�goodzK
                value must be one of None, "good", not %s
                ���
isinstancer�
ValueErrorr�repr�contents�rH�valuer%r%r&r?Es�zStatusGood.setcCsdS)Nr|r%rNr%r%r&rAWszStatusGood.nativeN�r!r"r#r?rRrAr%r%r%r&r{Dsr{c@s eZdZdd�Zedd��ZdS)�
StatusUnknowncCs6|dur,|dkr,t|t�s,ttdt|����d|_dS)zc
        Sets the value of the object

        :param value:
            None or 'unknown'
        N�unknownzN
                value must be one of None, "unknown", not %s
                r}r~r�r%r%r&r?^s�zStatusUnknown.setcCsdS)Nr�r%rNr%r%r&rApszStatusUnknown.nativeNr�r%r%r%r&r�]sr�c@s$eZdZdefdeddd�fgZdS)�RevokedInfoZrevocation_timeZrevocation_reasonrTr9N)r!r"r#r
rr(r%r%r%r&r�us�r�c@s4eZdZdeddifdeddifdeddifgZdS)	�
CertStatusr|ZimplicitrZrevokedrr�rdN)r!r"r#r{r�r�rzr%r%r%r&r�|s�r�c@s:eZdZdeddd�fdeddd�fdeddd�fgZd	S)
�CrlIdZcrl_urlrTr9Zcrl_numrZcrl_timerdN)r!r"r#rrr
r(r%r%r%r&r��s�r�c@seZdZddddddd�ZdS)	�SingleResponseExtensionId�crl�archive_cutoff�
crl_reason�invalidity_date�certificate_issuer�!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z	2.5.29.21z	2.5.29.24z	2.5.29.29z1.3.6.1.4.1.11129.2.4.5Nr r%r%r%r&r��s�r�c@s>eZdZdefdeddifdefgZdZee	e
e	eed�Z
dS)	�SingleResponseExtensionr.r/r0Fr1r2)r�r�r�r�r�r�N)r!r"r#r�r
rr(r3r�r
rrrr4r%r%r%r&r��s��r�c@seZdZeZdS)�SingleResponseExtensionsN)r!r"r#r�r6r%r%r%r&r��sr�c	@s�eZdZdefdefdefdeddd�fded	dd�fgZd
ZdZ	dZ
dZdZdZ
dZdd
�Zedd��Zedd��Zedd��Zedd��Zedd��Zedd��ZdS)�SingleResponseZcert_idZcert_statusZthis_updateZnext_updaterTr9�single_extensionsrFNcCsdt�|_|dD]H}|dj}d|}t||�rBt|||dj�|djr|j�|�qd|_dS)r<r�r.r=r1r/TNr>rGr%r%r&rK�s


zSingleResponse._set_extensionscCs|js|��|jSrLrMrNr%r%r&rO�s
z"SingleResponse.critical_extensionscCs|jdur|��|jS)z�
        This extension is used to locate the CRL that a certificate's revocation
        is contained within.

        :return:
            None or a CrlId object
        F)rFrK�
_crl_valuerNr%r%r&�	crl_value�s

zSingleResponse.crl_valuecCs|jdur|��|jS)z�
        This extension is used to indicate the date at which an archived
        (historical) certificate status entry will no longer be available.

        :return:
            None or a GeneralizedTime object
        F)rFrK�_archive_cutoff_valuerNr%r%r&�archive_cutoff_value�s

z#SingleResponse.archive_cutoff_valuecCs|jdur|��|jS)z�
        This extension indicates the reason that a certificate was revoked.

        :return:
            None or a CRLReason object
        F)rFrK�_crl_reason_valuerNr%r%r&�crl_reason_value�s	
zSingleResponse.crl_reason_valuecCs|jdur|��|jS)a=
        This extension indicates the suspected date/time the private key was
        compromised or the certificate became invalid. This would usually be
        before the revocation date, which is when the CA processed the
        revocation.

        :return:
            None or a GeneralizedTime object
        F)rFrK�_invalidity_date_valuerNr%r%r&�invalidity_date_value
s
z$SingleResponse.invalidity_date_valuecCs|jdur|��|jS)z�
        This extension indicates the issuer of the certificate in question.

        :return:
            None or an x509.GeneralNames object
        F)rFrK�_certificate_issuer_valuerNr%r%r&�certificate_issuer_values	
z'SingleResponse.certificate_issuer_value)r!r"r#r'r�r
r�r(rFr@r�r�r�r�r�rKrRrOr�r�r�r�r�r%r%r%r&r��s4�




r�c@seZdZeZdS)�	ResponsesN)r!r"r#r�r6r%r%r%r&r�(sr�c@seZdZddd�ZdS)�ResponseDataExtensionIdrZ�extended_revoke)r]z1.3.6.1.5.5.7.48.1.9Nr r%r%r%r&r�,s�r�c@s6eZdZdefdeddifdefgZdZee	d�Z
dS)	�ResponseDataExtensionr.r/r0Fr1r2)rZr�N)r!r"r#r�r
rr(r3rrr4r%r%r%r&r�3s��r�c@seZdZeZdS)�ResponseDataExtensionsN)r!r"r#r�r6r%r%r%r&r�Asr�c	@s>eZdZdeddd�fdefdefdefded	d
d�fgZdS)
�ResponseDatararrrbZresponder_idZproduced_at�	responses�response_extensionsrTr9N)	r!r"r#rrxr
r�r�r(r%r%r%r&r�Es�r�c@s0eZdZdefdefdefdeddd�fgZdS)	�BasicOCSPResponse�tbs_response_datargrhrirTr9N)r!r"r#r�r	rrer(r%r%r%r&r�Os
�r�c@s(eZdZdefdefgZdZdeiZdS)�
ResponseBytes�
response_type�response)r�r�rUN)	r!r"r#rTrr(r3r�r4r%r%r%r&r�Xs��r�c@sxeZdZdefdeddd�fgZdZdZdZdZ	dd	�Z
ed
d��Zedd
��Z
edd��Zedd��Zedd��ZdS)�OCSPResponseZresponse_status�response_bytesrTr9FNcCsrt�|_|ddjddD]H}|dj}d|}t||�rPt|||dj�|djr|j�|�qd	|_d
S)r<r�r�r�r�r.r=r1r/TN)r?r@rDrArBrCrErFrGr%r%r&rKos


zOCSPResponse._set_extensionscCs|js|��|jSrLrMrNr%r%r&rO�s
z OCSPResponse.critical_extensionscCs|jdur|��|jS)z�
        This extension is used to prevent replay attacks on the request/response
        exchange

        :return:
            None or an OctetString object
        FrlrNr%r%r&rn�s

zOCSPResponse.nonce_valuecCs|jdur|��|jS)z�
        This extension is used to signal that the responder will return a
        "revoked" status for non-issued certificates.

        :return:
            None or a Null object (if present)
        F)rFrK�_extended_revoke_valuerNr%r%r&�extended_revoke_value�s

z"OCSPResponse.extended_revoke_valuecCs|ddjS)z�
        A shortcut into the BasicOCSPResponse sequence

        :return:
            None or an asn1crypto.ocsp.BasicOCSPResponse object
        r�r��rDrNr%r%r&rU�s	z OCSPResponse.basic_ocsp_responsecCs|ddjdS)z�
        A shortcut into the parsed, ResponseData sequence

        :return:
            None or an asn1crypto.ocsp.ResponseData object
        r�r�r�r�rNr%r%r&�
response_data�s	zOCSPResponse.response_data)r!r"r#rsr�r(rFr@rmr�rKrRrOrnr�rUr�r%r%r%r&r�ds$�




r�N)I�__doc__�
__future__rrrr�_errorsrZalgosrr	�corer
rrr
rrrrrrrrrr�rr�keysr�x509rrrrrr'r)r+r-r5r7rSrTrVrWrXrYr^r_r`rerfrjrsrxr{r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r%r%r%r&�<module>sZ
<	
9	Zx