HEX
Server: Apache
System: Linux 185.122.168.184.host.secureserver.net 5.14.0-570.60.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Nov 5 05:00:59 EST 2025 x86_64
User: barbeatleanalyti (1024)
PHP: 8.1.33
Disabled: NONE
$ pwd: /var/opt/nydus/ops/cryptography/x509/__pycache__/
Upload Files
File: //var/opt/nydus/ops/cryptography/x509/__pycache__/ocsp.cpython-39.pyc
a

�,�h3A�@sVddlZddlZddlZddlmZddlmZddlmZddlm	Z	m
Z
ddlmZddl
mZmZmZGdd	�d	ej�ZGd
d�dej�Ze	je	je	je	je	jfZe	jdd�d
d�ZGdd�dej�ZGdd�d�ZGdd�dejd�ZGdd�dejd�Z Gdd�dejd�Z!Gdd�d�Z"Gdd�d�Z#e$ed�dd �Z%e$e!d�d!d"�Z&dS)#�N)�utils)�x509)�ocsp)�hashes�
serialization)�CERTIFICATE_PRIVATE_KEY_TYPES)�_EARLIEST_UTC_TIME�_convert_to_naive_utc_time�_reject_duplicate_extensionc@seZdZdZdZdS)�OCSPResponderEncodingzBy HashzBy NameN)�__name__�
__module__�__qualname__�HASH�NAME�rr�I/opt/nydus/tmp/pip-target-wkfpz8uv/lib64/python/cryptography/x509/ocsp.pyrsrc@s$eZdZdZdZdZdZdZdZdS)�OCSPResponseStatusr�����N)	rr
r�
SUCCESSFULZMALFORMED_REQUEST�INTERNAL_ERRORZ	TRY_LATERZSIG_REQUIRED�UNAUTHORIZEDrrrrrsr)�	algorithm�returncCst|t�std��dS)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512)�
isinstance�_ALLOWED_HASHES�
ValueError)rrrr�_verify_algorithm/s
�r!c@seZdZdZdZdZdS)�OCSPCertStatusrrrN)rr
rZGOOD�REVOKED�UNKNOWNrrrrr"6sr"c	@sHeZdZejejejeeje	j
eje	j
eje	j
ejd�dd�ZdS)�_SingleResponse)�cert�issuerr�cert_status�this_update�next_update�revocation_time�revocation_reasonc		Cst|tj�rt|tj�s td��t|�t|tj�s<td��|durXt|tj�sXtd��||_||_||_||_	||_
t|t�s�td��|tjur�|dur�t
d��|dur�t
d��nHt|tj�s�td��t|�}|tkr�t
d��|dur�t|tj�s�td	��||_||_||_dS)
N�%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)rr�Certificate�	TypeErrorr!�datetimeZ_certZ_issuer�
_algorithmZ_this_updateZ_next_updater"r#r r	r�ReasonFlagsZ_cert_statusZ_revocation_timeZ_revocation_reason)	�selfr&r'rr(r)r*r+r,rrr�__init__=sZ�
�
�
���
��z_SingleResponse.__init__N)
rr
rrr.r�
HashAlgorithmr"r0�typing�Optionalr2r4rrrrr%<s


�r%c@s�eZdZejed�dd��Zejed�dd��Zejej	d�dd��Z
ejed�dd	��Zej
ejed
�dd��Zejejd�d
d��ZdS)�OCSPRequest�rcCsdS�z3
        The hash of the issuer public key
        Nr�r3rrr�issuer_key_hash�szOCSPRequest.issuer_key_hashcCsdS�z-
        The hash of the issuer name
        Nrr;rrr�issuer_name_hash�szOCSPRequest.issuer_name_hashcCsdS�zK
        The hash algorithm used in the issuer name and key hashes
        Nrr;rrr�hash_algorithm�szOCSPRequest.hash_algorithmcCsdS�zM
        The serial number of the cert whose status is being checked
        Nrr;rrr�
serial_number�szOCSPRequest.serial_number��encodingrcCsdS)z/
        Serializes the request to DER
        Nr�r3rDrrr�public_bytes�szOCSPRequest.public_bytescCsdS)zP
        The list of request extensions. Not single request extensions.
        Nrr;rrr�
extensions�szOCSPRequest.extensionsN)rr
r�abc�abstractproperty�bytesr<r>rr5r@�intrB�abstractmethodr�EncodingrFr�
ExtensionsrGrrrrr8�sr8)�	metaclassc@s�eZdZejed�dd��Zejeje	j	d�dd��Z
ejejejd�dd��Z
eje	j	d�dd	��Zejeje	j	d�d
d��Zejed�dd
��Zejed�dd��Zejejd�dd��Zejed�dd��ZdS)�OCSPSingleResponser9cCsdS�zY
        The status of the certificate (an element from the OCSPCertStatus enum)
        Nrr;rrr�certificate_status�sz%OCSPSingleResponse.certificate_statuscCsdS�z^
        The date of when the certificate was revoked or None if not
        revoked.
        Nrr;rrrr+�sz"OCSPSingleResponse.revocation_timecCsdS�zi
        The reason the certificate was revoked or None if not specified or
        not revoked.
        Nrr;rrrr,�sz$OCSPSingleResponse.revocation_reasoncCsdS�z�
        The most recent time at which the status being indicated is known by
        the responder to have been correct
        Nrr;rrrr)�szOCSPSingleResponse.this_updatecCsdS�zC
        The time when newer information will be available
        Nrr;rrrr*�szOCSPSingleResponse.next_updatecCsdSr:rr;rrrr<�sz"OCSPSingleResponse.issuer_key_hashcCsdSr=rr;rrrr>�sz#OCSPSingleResponse.issuer_name_hashcCsdSr?rr;rrrr@�sz!OCSPSingleResponse.hash_algorithmcCsdSrArr;rrrrB�sz OCSPSingleResponse.serial_numberN)rr
rrHrIr"rRr6r7r0r+rr2r,r)r*rJr<r>rr5r@rKrBrrrrrP�s$rPc@seZdZejejed�dd��Zeje	d�dd��Z
ejejd�dd��Z
ejejejd�dd	��Zejed�d
d��Zejed�dd
��Zejejejd�dd��Zejejed�dd��Zejejejd�dd��Zejejd�dd��Zejed�dd��Zejejejd�dd��Zejejej d�dd��Z!ejejd�dd��Z"ejejejd�dd��Z#ejed�d d!��Z$ejed�d"d#��Z%ejejd�d$d%��Z&eje'd�d&d'��Z(ejej)d�d(d)��Z*ejej)d�d*d+��Z+ej,e-j.ed,�d-d.��Z/d/S)0�OCSPResponser9cCsdS)z_
        An iterator over the individual SINGLERESP structures in the
        response
        Nrr;rrr�	responses�szOCSPResponse.responsescCsdS)zm
        The status of the response. This is a value from the OCSPResponseStatus
        enumeration
        Nrr;rrr�response_status�szOCSPResponse.response_statuscCsdS)zA
        The ObjectIdentifier of the signature algorithm
        Nrr;rrr�signature_algorithm_oid�sz$OCSPResponse.signature_algorithm_oidcCsdS)zX
        Returns a HashAlgorithm corresponding to the type of the digest signed
        Nrr;rrr�signature_hash_algorithm�sz%OCSPResponse.signature_hash_algorithmcCsdS)z%
        The signature bytes
        Nrr;rrr�	signatureszOCSPResponse.signaturecCsdS)z+
        The tbsResponseData bytes
        Nrr;rrr�tbs_response_bytesszOCSPResponse.tbs_response_bytescCsdS)z�
        A list of certificates used to help build a chain to verify the OCSP
        response. This situation occurs when the OCSP responder uses a delegate
        certificate.
        Nrr;rrr�certificatesszOCSPResponse.certificatescCsdS)z2
        The responder's key hash or None
        Nrr;rrr�responder_key_hashszOCSPResponse.responder_key_hashcCsdS)z.
        The responder's Name or None
        Nrr;rrr�responder_nameszOCSPResponse.responder_namecCsdS)z4
        The time the response was produced
        Nrr;rrr�produced_at szOCSPResponse.produced_atcCsdSrQrr;rrrrR&szOCSPResponse.certificate_statuscCsdSrSrr;rrrr+,szOCSPResponse.revocation_timecCsdSrTrr;rrrr,3szOCSPResponse.revocation_reasoncCsdSrUrr;rrrr):szOCSPResponse.this_updatecCsdSrVrr;rrrr*AszOCSPResponse.next_updatecCsdSr:rr;rrrr<GszOCSPResponse.issuer_key_hashcCsdSr=rr;rrrr>MszOCSPResponse.issuer_name_hashcCsdSr?rr;rrrr@SszOCSPResponse.hash_algorithmcCsdSrArr;rrrrBYszOCSPResponse.serial_numbercCsdS)zR
        The list of response extensions. Not single response extensions.
        Nrr;rrrrG_szOCSPResponse.extensionscCsdS)zR
        The list of single response extensions. Not response extensions.
        Nrr;rrr�single_extensionseszOCSPResponse.single_extensionsrCcCsdS)z0
        Serializes the response to DER
        NrrErrrrFkszOCSPResponse.public_bytesN)0rr
rrHrIr6�IteratorrPrXrrYrZObjectIdentifierrZr7rr5r[rJr\r]�Listr.r^r_�Namer`r0rar"rRr+r2r,r)r*r<r>r@rKrBrNrGrbrLrrMrFrrrrrW�sZ
�rWc@s�eZdZdgfejejejejej	fej
ejejdd�dd�Z
ejejej	dd�dd�Zejedd�d	d
�Zed�dd
�ZdS)�OCSPRequestBuilderN)�requestrGrcCs||_||_dS�N)�_request�_extensions)r3rgrGrrrr4ss	zOCSPRequestBuilder.__init__)r&r'rrcCsL|jdurtd��t|�t|tj�r2t|tj�s:td��t|||f|j�S)Nz.Only one certificate can be added to a requestr-)	rir r!rrr.r/rfrj)r3r&r'rrrr�add_certificates
�z"OCSPRequestBuilder.add_certificate��extval�criticalrcCsDt|tj�std��t�|j||�}t||j�t|j	|j|g�S�Nz"extension must be an ExtensionType)
rr�
ExtensionTyper/�	Extension�oidr
rjrfri�r3rmrn�	extensionrrr�
add_extension�s�z OCSPRequestBuilder.add_extensionr9cCs|jdurtd��t�|�S)Nz*You must add a certificate before building)rir rZcreate_ocsp_requestr;rrr�build�s
zOCSPRequestBuilder.build)rr
rr6r7�Tuplerr.rr5rdrqrpr4rk�boolrur8rvrrrrrfrs(������
rfc
@s
eZdZdddgfejeejejeje	fejej
ejej
ejejd�dd�Z
ejejejeejejejejejejejdd�	dd�Ze	ejdd�d	d
�Zejejdd�dd
�Zejedd�dd�Zeejejed�dd�Zeeed�dd��ZdS)�OCSPResponseBuilderN)�response�responder_id�certsrGcCs||_||_||_||_dSrh)�	_response�
_responder_id�_certsrj)r3rzr{r|rGrrrr4�s	zOCSPResponseBuilder.__init__)	r&r'rr(r)r*r+r,rc	
	Cs<|jdurtd��t||||||||�}	t|	|j|j|j�S)Nz#Only one response per OCSPResponse.)r}r r%ryr~rrj)
r3r&r'rr(r)r*r+r,Z
singleresprrr�add_response�s$
�
�z OCSPResponseBuilder.add_response)rD�responder_certrcCsP|jdurtd��t|tj�s&td��t|t�s8td��t|j||f|j	|j
�S)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding)r~r rrr.r/rryr}rrj)r3rDr�rrrr{�s

��z OCSPResponseBuilder.responder_id)r|rcCs\|jdurtd��t|�}t|�dkr.td��tdd�|D��sHtd��t|j|j||j	�S)Nz!certificates may only be set oncerzcerts must not be an empty listcss|]}t|tj�VqdSrh)rrr.)�.0�xrrr�	<genexpr>��z3OCSPResponseBuilder.certificates.<locals>.<genexpr>z$certs must be a list of Certificates)
rr �list�len�allr/ryr}r~rj)r3r|rrrr^�s
�z OCSPResponseBuilder.certificatesrlcCsLt|tj�std��t�|j||�}t||j�t|j	|j
|j|j|g�Sro)rrrpr/rqrrr
rjryr}r~rrsrrrru�s
�z!OCSPResponseBuilder.add_extension)�private_keyrrcCs6|jdurtd��|jdur$td��t�tj|||�S)Nz&You must add a response before signingz*You must add a responder_id before signing)r}r r~r�create_ocsp_responserr)r3r�rrrr�signs


�zOCSPResponseBuilder.sign)rYrcCs4t|t�std��|tjur$td��t�|ddd�S)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)rrr/rr rr�)�clsrYrrr�build_unsuccessfuls
�
z&OCSPResponseBuilder.build_unsuccessful)rr
rr6r7r%rwrr.rrdrqrpr4rr5r"r0r2r�r{�Iterabler^rxrurrWr��classmethodrr�rrrrry�sN���


� �
��
��ry)�datarcCs
t�|�Srh)r�load_der_ocsp_request�r�rrrr�"sr�cCs
t�|�Srh)r�load_der_ocsp_responser�rrrr�&sr�)'rHr0r6ZcryptographyrrZ"cryptography.hazmat.bindings._rustrZcryptography.hazmat.primitivesrrZ/cryptography.hazmat.primitives.asymmetric.typesrZcryptography.x509.baserr	r
�Enumrr�SHA1�SHA224�SHA256�SHA384�SHA512rr5r!r"r%�ABCMetar8rPrWrfryrJr�r�rrrr�<module>s6
�	F&;2~
@ Telegram