HEX
Server: Apache
System: Linux 185.122.168.184.host.secureserver.net 5.14.0-570.60.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Nov 5 05:00:59 EST 2025 x86_64
User: barbeatleanalyti (1024)
PHP: 8.1.33
Disabled: NONE
$ pwd: /var/opt/nydus/ops/cryptography/x509/__pycache__/
Upload Files
File: //var/opt/nydus/ops/cryptography/x509/__pycache__/base.cpython-39.pyc
a

�,�hӃ�@s�ddlZddlZddlZddlZddlmZddlmZddl	m
Z
mZddlm
Z
mZmZmZmZmZmZddlmZmZmZddlmZmZmZmZddlmZmZdd	l m!Z!e�d
dd�Z"Gdd
�d
e#�Z$eeej%eedd�dd�Z&e!ej%ej'e!e(ej)e*fdd�dd�Z+ejejd�dd�Z,Gdd�d�Z-Gdd�d�Z.Gdd�dej/�Z0Gdd�de#�Z1Gdd �d ej2d!�Z3e3�4ej3�Gd"d#�d#ej2d!�Z5e5�4ej5�Gd$d%�d%e5�Z6Gd&d'�d'ej2d!�Z7e7�4ej7�Gd(d)�d)ej2d!�Z8e8�4ej8�dBe(ej9e3d*�d+d,�Z:dCe(ej9e3d*�d-d.�Z;dDe(ej9e8d*�d/d0�Z<dEe(ej9e8d*�d1d2�Z=dFe(ej9e7d*�d3d4�Z>dGe(ej9e7d*�d5d6�Z?Gd7d8�d8�Z@Gd9d:�d:�ZAGd;d<�d<�ZBGd=d>�d>�ZCe*d?�d@dA�ZDdS)H�N)�utils)�x509)�hashes�
serialization)�dsa�ec�ed25519�ed448�rsa�x25519�x448)�#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES�CERTIFICATE_PRIVATE_KEY_TYPES�CERTIFICATE_PUBLIC_KEY_TYPES)�	Extension�
ExtensionType�
Extensions�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��cs&eZdZeedd��fdd�Z�ZS)�AttributeNotFoundN)�msg�oid�returncstt|��|�||_dS�N)�superr�__init__r)�selfrr��	__class__��I/opt/nydus/tmp/pip-target-wkfpz8uv/lib64/python/cryptography/x509/base.pyr*szAttributeNotFound.__init__)�__name__�
__module__�__qualname__�strrr�
__classcell__r"r"r r#r)sr)�	extension�
extensionsrcCs"|D]}|j|jkrtd��qdS)Nz$This extension has already been set.)r�
ValueError)r)r*�er"r"r#�_reject_duplicate_extension/sr-)r�
attributesrcCs$|D]\}}}||krtd��qdS)Nz$This attribute has already been set.)r+)rr.Zattr_oid�_r"r"r#�_reject_duplicate_attribute9sr0��timercCs:|jdur2|��}|r|nt��}|jdd�|S|SdS)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)�tzinfo)r3�	utcoffset�datetime�	timedelta�replace)r2�offsetr"r"r#�_convert_to_naive_utc_timeEs

r9c@sxeZdZejjfeeedd�dd�Z	e
ed�dd��Ze
ed�dd	��Zed�d
d�Z
eed�d
d�Zed�dd�ZdS)�	AttributeN)r�value�_typercCs||_||_||_dSr)�_oid�_valuer<)rrr;r<r"r"r#rTszAttribute.__init__�rcCs|jSr)r=�rr"r"r#r^sz
Attribute.oidcCs|jSr)r>r@r"r"r#r;bszAttribute.valuecCsd�|j|j�S)Nz<Attribute(oid={}, value={!r})>)�formatrr;r@r"r"r#�__repr__fszAttribute.__repr__��otherrcCs2t|t�stS|j|jko0|j|jko0|j|jkSr)�
isinstancer:�NotImplementedrr;r<�rrDr"r"r#�__eq__is

�
�zAttribute.__eq__cCst|j|j|jf�Sr)�hashrr;r<r@r"r"r#�__hash__sszAttribute.__hash__)r$r%r&rZ
UTF8Stringr;r�bytes�intr�propertyrr'rB�object�boolrHrJr"r"r"r#r:Ss��

r:c@sNeZdZejedd�dd�Zed�\ZZ	Z
ed�dd�Ze
ed	�d
d�ZdS)�
AttributesN)r.rcCst|�|_dSr)�list�_attributes)rr.r"r"r#rxszAttributes.__init__rRr?cCsd�|j�S)Nz<Attributes({})>)rArRr@r"r"r#rB�szAttributes.__repr__�rrcCs0|D]}|j|kr|Sqtd�|�|��dS)NzNo {} attribute was found)rrrA)rr�attrr"r"r#�get_attribute_for_oid�s

z Attributes.get_attribute_for_oid)r$r%r&�typing�Iterabler:rr�__len__�__iter__�__getitem__r'rBrrUr"r"r"r#rPws�rPc@seZdZdZdZdS)�Versionr�N)r$r%r&�v1�v3r"r"r"r#r[�sr[cs&eZdZeedd��fdd�Z�ZS)�InvalidVersionN)r�parsed_versionrcstt|��|�||_dSr)rr_rr`)rrr`r r"r#r�szInvalidVersion.__init__)r$r%r&r'rLrr(r"r"r r#r_�sr_c@sbeZdZejejed�dd��Zej	e
d�dd��Zej	ed�dd��Z
ejed�d	d
��Zej	ejd�dd��Zej	ejd�d
d��Zej	ed�dd��Zej	ed�dd��Zej	ejejd�dd��Zej	ed�dd��Zej	ed�dd��Zej	ed�dd��Zej	ed�dd��Zejee d�dd��Z!eje
d�d d!��Z"eje#j$ed"�d#d$��Z%d%S)&�Certificate��	algorithmrcCsdS�z4
        Returns bytes using digest passed.
        Nr"�rrcr"r"r#�fingerprint�szCertificate.fingerprintr?cCsdS)z3
        Returns certificate serial number
        Nr"r@r"r"r#�
serial_number�szCertificate.serial_numbercCsdS)z1
        Returns the certificate version
        Nr"r@r"r"r#�version�szCertificate.versioncCsdS�z(
        Returns the public key
        Nr"r@r"r"r#�
public_key�szCertificate.public_keycCsdS)z?
        Not before time (represented as UTC datetime)
        Nr"r@r"r"r#�not_valid_before�szCertificate.not_valid_beforecCsdS)z>
        Not after time (represented as UTC datetime)
        Nr"r@r"r"r#�not_valid_after�szCertificate.not_valid_aftercCsdS)z1
        Returns the issuer name object.
        Nr"r@r"r"r#�issuer�szCertificate.issuercCsdS�z2
        Returns the subject name object.
        Nr"r@r"r"r#�subject�szCertificate.subjectcCsdS�zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr"r@r"r"r#�signature_hash_algorithm�sz$Certificate.signature_hash_algorithmcCsdS�zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr"r@r"r"r#�signature_algorithm_oid�sz#Certificate.signature_algorithm_oidcCsdS)z/
        Returns an Extensions object.
        Nr"r@r"r"r#r*�szCertificate.extensionscCsdS�z.
        Returns the signature bytes.
        Nr"r@r"r"r#�	signature�szCertificate.signaturecCsdS)zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        Nr"r@r"r"r#�tbs_certificate_bytes�sz!Certificate.tbs_certificate_bytesrCcCsdS�z"
        Checks equality.
        Nr"rGr"r"r#rH�szCertificate.__eq__cCsdS�z"
        Computes a hash.
        Nr"r@r"r"r#rJ�szCertificate.__hash__��encodingrcCsdS)zB
        Serializes the certificate to PEM or DER format.
        Nr"�rrzr"r"r#�public_bytes�szCertificate.public_bytesN)&r$r%r&�abc�abstractmethodr�
HashAlgorithmrKrf�abstractpropertyrLrgr[rhrrjr5rkrlrrmrorV�Optionalrqrrsrr*rurvrNrOrHrJr�Encodingr|r"r"r"r#ra�sB
�ra)�	metaclassc@sJeZdZejed�dd��Zejejd�dd��Zeje	d�dd��Z
dS)	�RevokedCertificater?cCsdS)zG
        Returns the serial number of the revoked certificate.
        Nr"r@r"r"r#rgsz RevokedCertificate.serial_numbercCsdS)zH
        Returns the date of when this certificate was revoked.
        Nr"r@r"r"r#�revocation_datesz"RevokedCertificate.revocation_datecCsdS)zW
        Returns an Extensions object containing a list of Revoked extensions.
        Nr"r@r"r"r#r*szRevokedCertificate.extensionsN)r$r%r&r}r�rLrgr5r�rr*r"r"r"r#r��sr�c@sXeZdZeejed�dd�Zeed�dd��Zeejd�dd��Z	eed�d	d
��Z
dS)�_RawRevokedCertificate�rgr�r*cCs||_||_||_dSr��_serial_number�_revocation_date�_extensions�rrgr�r*r"r"r#rsz_RawRevokedCertificate.__init__r?cCs|jSr)r�r@r"r"r#rg"sz$_RawRevokedCertificate.serial_numbercCs|jSr)r�r@r"r"r#r�&sz&_RawRevokedCertificate.revocation_datecCs|jSr)r�r@r"r"r#r**sz!_RawRevokedCertificate.extensionsN)r$r%r&rLr5rrrMrgr�r*r"r"r"r#r�s�
r�c@s�eZdZejejed�dd��Zeje	j
ed�dd��Zejee
jed�dd	��Zeje
je	j
d
�dd��Zejed
�d
d��Zejed
�dd��Zeje
jejd
�dd��Zejejd
�dd��Zejed
�dd��Zejed
�dd��Zejed
�dd��Zejeed�dd��Z ejed
�dd��Z!e
j"eed �d!d"��Z#e
j"e$e
j%ed �d#d"��Z#eje
j&ee$fe
j&ee
j%efd �d$d"��Z#eje
j'ed
�d%d&��Z(eje)ed'�d(d)��Z*d*S)+�CertificateRevocationListrycCsdS)z:
        Serializes the CRL to PEM or DER format.
        Nr"r{r"r"r#r|0sz&CertificateRevocationList.public_bytesrbcCsdSrdr"rer"r"r#rf6sz%CertificateRevocationList.fingerprint)rgrcCsdS)zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nr")rrgr"r"r#�(get_revoked_certificate_by_serial_number<szBCertificateRevocationList.get_revoked_certificate_by_serial_numberr?cCsdSrpr"r@r"r"r#rqEsz2CertificateRevocationList.signature_hash_algorithmcCsdSrrr"r@r"r"r#rsNsz1CertificateRevocationList.signature_algorithm_oidcCsdS)zC
        Returns the X509Name with the issuer of this CRL.
        Nr"r@r"r"r#rmTsz CertificateRevocationList.issuercCsdS)z?
        Returns the date of next update for this CRL.
        Nr"r@r"r"r#�next_updateZsz%CertificateRevocationList.next_updatecCsdS)z?
        Returns the date of last update for this CRL.
        Nr"r@r"r"r#�last_update`sz%CertificateRevocationList.last_updatecCsdS)zS
        Returns an Extensions object containing a list of CRL extensions.
        Nr"r@r"r"r#r*fsz$CertificateRevocationList.extensionscCsdSrtr"r@r"r"r#rulsz#CertificateRevocationList.signaturecCsdS)zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        Nr"r@r"r"r#�tbs_certlist_bytesrsz,CertificateRevocationList.tbs_certlist_bytesrCcCsdSrwr"rGr"r"r#rHxsz CertificateRevocationList.__eq__cCsdS)z<
        Number of revoked certificates in the CRL.
        Nr"r@r"r"r#rX~sz!CertificateRevocationList.__len__)�idxrcCsdSrr"�rr�r"r"r#rZ�sz%CertificateRevocationList.__getitem__cCsdSrr"r�r"r"r#rZ�scCsdS)zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nr"r�r"r"r#rZ�scCsdS)z8
        Iterator over the revoked certificates
        Nr"r@r"r"r#rY�sz"CertificateRevocationList.__iter__)rjrcCsdS)zQ
        Verifies signature of revocation list against given public key.
        Nr")rrjr"r"r#�is_signature_valid�sz,CertificateRevocationList.is_signature_validN)+r$r%r&r}r~rr�rKr|rrrfrLrVr�r�r�r�rqrrsrrmr5r�r�rr*rur�rNrOrHrX�overloadrZ�slice�List�Union�IteratorrYr
r�r"r"r"r#r�/sV�
���r�c@s eZdZejeed�dd��Zejed�dd��Z	eje
d�dd��Zeje
d�d	d
��Zejejejd�dd��Zejed�d
d��Zejed�dd��Zejed�dd��Zejejed�dd��Zejed�dd��Zejed�dd��Zejed�dd��Z ejeed�dd��Z!dS) �CertificateSigningRequestrCcCsdSrwr"rGr"r"r#rH�sz CertificateSigningRequest.__eq__r?cCsdSrxr"r@r"r"r#rJ�sz"CertificateSigningRequest.__hash__cCsdSrir"r@r"r"r#rj�sz$CertificateSigningRequest.public_keycCsdSrnr"r@r"r"r#ro�sz!CertificateSigningRequest.subjectcCsdSrpr"r@r"r"r#rq�sz2CertificateSigningRequest.signature_hash_algorithmcCsdSrrr"r@r"r"r#rs�sz1CertificateSigningRequest.signature_algorithm_oidcCsdS)z@
        Returns the extensions in the signing request.
        Nr"r@r"r"r#r*�sz$CertificateSigningRequest.extensionscCsdS)z/
        Returns an Attributes object.
        Nr"r@r"r"r#r.�sz$CertificateSigningRequest.attributesrycCsdS)z;
        Encodes the request to PEM or DER format.
        Nr"r{r"r"r#r|�sz&CertificateSigningRequest.public_bytescCsdSrtr"r@r"r"r#ru�sz#CertificateSigningRequest.signaturecCsdS)zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        Nr"r@r"r"r#�tbs_certrequest_bytes�sz/CertificateSigningRequest.tbs_certrequest_bytescCsdS)z8
        Verifies signature of signing request.
        Nr"r@r"r"r#r��sz,CertificateSigningRequest.is_signature_validrScCsdS)z:
        Get the attribute value for a given OID.
        Nr")rrr"r"r#rU�sz/CertificateSigningRequest.get_attribute_for_oidN)"r$r%r&r}r~rNrOrHrLrJrrjr�rrorVr�rrrqrrsrr*rPr.rr�rKr|rur�r�rUr"r"r"r#r��s6
�r�)�data�backendrcCs
t�|�Sr)�	rust_x509�load_pem_x509_certificate�r�r�r"r"r#r��sr�cCs
t�|�Sr)r��load_der_x509_certificater�r"r"r#r�sr�cCs
t�|�Sr)r��load_pem_x509_csrr�r"r"r#r�
sr�cCs
t�|�Sr)r��load_der_x509_csrr�r"r"r#r�sr�cCs
t�|�Sr)r��load_pem_x509_crlr�r"r"r#r�sr�cCs
t�|�Sr)r��load_der_x509_crlr�r"r"r#r�"sr�c	@s�eZdZdggfejeejeeejej	e
eejefd�dd�Z
edd�dd�Zeedd�d	d
�Zdd�e
eejedd�d
d�Zdeejejejed�dd�ZdS)� CertificateSigningRequestBuilderN)�subject_namer*r.cCs||_||_||_dS)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_namer�rR)rr�r*r.r"r"r#r)sz)CertificateSigningRequestBuilder.__init__��namercCs4t|t�std��|jdur$td��t||j|j�S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.N�&The subject name may only be set once.)rEr�	TypeErrorr�r+r�r�rR�rr�r"r"r#r�8s


�z-CertificateSigningRequestBuilder.subject_name��extval�criticalrcCsDt|t�std��t|j||�}t||j�t|j|j|g|j	�S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rErr�rrr-r�r�r�rR�rr�r�r)r"r"r#�
add_extensionDs

�z.CertificateSigningRequestBuilder.add_extension)�_tag)rr;r�rcCs|t|t�std��t|t�s$td��|dur>t|t�s>td��t||j�|durZ|j}nd}t|j	|j
|j|||fg�S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)rErr�rKrr0rRr;r�r�r�)rrr;r��tagr"r"r#�
add_attributeVs


�z.CertificateSigningRequestBuilder.add_attribute��private_keyrcr�rcCs |jdurtd��t�|||�S)zF
        Signs the request using the requestor's private key.
        Nz/A CertificateSigningRequest must have a subject)r�r+r�Zcreate_x509_csr�rr�rcr�r"r"r#�signvs	
z%CertificateSigningRequestBuilder.sign)N)r$r%r&rVr�rr�rr�TuplerrKrLrr�rOr�rr�rrr�Anyr�r�r"r"r"r#r�(s8���
���$�
�r�c
@seZdZUejeeed<ddddddgfeje	eje	eje
ejeejejejejejeedd�dd�Z
e	dd�dd�Ze	dd�d	d
�Ze
dd�dd
�Zedd�dd�Zejdd�dd�Zejdd�dd�Zeedd�dd�Zdeejejejed�dd�ZdS)�CertificateBuilderr�N)�issuer_namer�rjrgrkrlr*rcCs6tj|_||_||_||_||_||_||_||_	dSr)
r[r^�_version�_issuer_namer��_public_keyr��_not_valid_before�_not_valid_afterr�)rr�r�rjrgrkrlr*r"r"r#r�s
zCertificateBuilder.__init__r�cCsDt|t�std��|jdur$td��t||j|j|j|j	|j
|j�S)z3
        Sets the CA's distinguished name.
        r�N�%The issuer name may only be set once.)rErr�r�r+r�r�r�r�r�r�r�r�r"r"r#r��s

�zCertificateBuilder.issuer_namecCsDt|t�std��|jdur$td��t|j||j|j|j	|j
|j�S)z:
        Sets the requestor's distinguished name.
        r�Nr�)rErr�r�r+r�r�r�r�r�r�r�r�r"r"r#r��s

�zCertificateBuilder.subject_name)�keyrc	Cs`t|tjtjtjtjt	j
tjt
jf�s.td��|jdur@td��t|j|j||j|j|j|j�S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rErZDSAPublicKeyr
ZRSAPublicKeyrZEllipticCurvePublicKeyrZEd25519PublicKeyr	ZEd448PublicKeyrZX25519PublicKeyrZ
X448PublicKeyr�r�r+r�r�r�r�r�r�r�)rr�r"r"r#rj�s2���
�zCertificateBuilder.public_key��numberrcCsht|t�std��|jdur$td��|dkr4td��|��dkrHtd��t|j|j|j	||j
|j|j�S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.N�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rErLr�r�r+�
bit_lengthr�r�r�r�r�r�r��rr�r"r"r#rg�s&

��z CertificateBuilder.serial_numberr1cCszt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j
|j|j||j|j
�S)z7
        Sets the certificate activation time.
        �Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rEr5r�r�r+r9�_EARLIEST_UTC_TIMEr�r�r�r�r�r�r��rr2r"r"r#rk�s,
���z#CertificateBuilder.not_valid_beforecCszt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j
|j|j|j||j
�S)z7
        Sets the certificate expiration time.
        r�Nz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rEr5r�r�r+r9r�r�r�r�r�r�r�r�r�r"r"r#rls2
�����z"CertificateBuilder.not_valid_afterr�c	CsTt|t�std��t|j||�}t||j�t|j|j	|j
|j|j|j
|j|g�S)z=
        Adds an X.509 extension to the certificate.
        r�)rErr�rrr-r�r�r�r�r�r�r�r�r�r"r"r#r�=s

�z CertificateBuilder.add_extensionr�cCsz|jdurtd��|jdur$td��|jdur6td��|jdurHtd��|jdurZtd��|jdurltd��t�|||�S)zC
        Signs the certificate using the CA's private key.
        Nz&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public key)	r�r+r�r�r�r�r�r�Zcreate_x509_certificater�r"r"r#r�Ss	





zCertificateBuilder.sign)N)r$r%r&rVr�rr�__annotations__r�rrrLr5rr�r�rjrgrkrlrOr�rrrr�rar�r"r"r"r#r��sL
�

��%�!��
�r�c@s�eZdZUejeeed<ejeed<dddggfej	e
ej	ejej	ejejeeejed�dd�Ze
dd�dd	�Z
ejdd
�dd�Zejdd
�dd�Zeedd�dd�Zedd�dd�Zdeej	ejejed�dd�ZdS)� CertificateRevocationListBuilderr��_revoked_certificatesN)r�r�r�r*�revoked_certificatescCs"||_||_||_||_||_dSr)r��_last_update�_next_updater�r�)rr�r�r�r*r�r"r"r#rus
z)CertificateRevocationListBuilder.__init__)r�rcCs<t|t�std��|jdur$td��t||j|j|j|j	�S)Nr�r�)
rErr�r�r+r�r�r�r�r�)rr�r"r"r#r��s

�z,CertificateRevocationListBuilder.issuer_name)r�rcCsrt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	||j|j
|j�S)Nr��!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rEr5r�r�r+r9r�r�r�r�r�r�)rr�r"r"r#r��s(
���z,CertificateRevocationListBuilder.last_update)r�rcCsrt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j||j
|j�S)Nr�r�r�z8The next update date must be after the last update date.)rEr5r�r�r+r9r�r�r�r�r�r�)rr�r"r"r#r��s(
���z,CertificateRevocationListBuilder.next_updater�cCsLt|t�std��t|j||�}t||j�t|j|j	|j
|j|g|j�S)zM
        Adds an X.509 extension to the certificate revocation list.
        r�)rErr�rrr-r�r�r�r�r�r�r�r"r"r#r��s

�z.CertificateRevocationListBuilder.add_extension)�revoked_certificatercCs2t|t�std��t|j|j|j|j|j|g�S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rEr�r�r�r�r�r�r�r�)rr�r"r"r#�add_revoked_certificate�s

�z8CertificateRevocationListBuilder.add_revoked_certificater�cCsD|jdurtd��|jdur$td��|jdur6td��t�|||�S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)r�r+r�r�r�Zcreate_x509_crlr�r"r"r#r��s


z%CertificateRevocationListBuilder.sign)N)r$r%r&rVr�rrr�r�r�rr5rr�r�r�rOr�r�rrrr�r�r�r"r"r"r#r�qsH
�

�������
�r�c@s�eZdZddgfejeejejejee	d�dd�Z
edd�dd�Zejdd�d	d
�Ze	e
dd�dd
�Zdejed�dd�ZdS)�RevokedCertificateBuilderNr�cCs||_||_||_dSrr�r�r"r"r#r�sz"RevokedCertificateBuilder.__init__r�cCsXt|t�std��|jdur$td��|dkr4td��|��dkrHtd��t||j|j�S)Nr�r�rz$The serial number should be positiver�r�)	rErLr�r�r+r�r�r�r�r�r"r"r#rgs

�
�z'RevokedCertificateBuilder.serial_numberr1cCsNt|tj�std��|jdur&td��t|�}|tkr>td��t|j||j	�S)Nr�z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rEr5r�r�r+r9r�r�r�r�r�r"r"r#r�s
�
�z)RevokedCertificateBuilder.revocation_dater�cCsDt|t�std��t|j||�}t||j�t|j|j	|j|g�S)Nr�)
rErr�rrr-r�r�r�r�r�r"r"r#r�%s

�z'RevokedCertificateBuilder.add_extension)r�rcCs:|jdurtd��|jdur$td��t|j|jt|j��S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r+r�r�rr�)rr�r"r"r#�build3s

��zRevokedCertificateBuilder.build)N)r$r%r&rVr�rLr5r�rrrrgr�rOr�r�r�r�r"r"r"r#r��s �
�
��r�r?cCst�t�d�d�d?S)N��bigr)rL�
from_bytes�os�urandomr"r"r"r#�random_serial_numberAsr�)N)N)N)N)N)N)Er}r5r�rVZcryptographyrZ"cryptography.hazmat.bindings._rustrr�Zcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrr	r
rrZ/cryptography.hazmat.primitives.asymmetric.typesr
rrZcryptography.x509.extensionsrrrrZcryptography.x509.namerrZcryptography.x509.oidrr��	Exceptionrr�r-r�rKr�rLr0r9r:rP�Enumr[r_�ABCMetara�registerr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r"r"r"r#�<module>s�$	���$ftU������������\nI
@ Telegram