o vhPJ@s dZddlmZmZmZmZddlmZddlm Z m Z ddl m Z m Z mZmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZdd lmZm Z m!Z!m"Z"Gd d d eZ#Gd d d eZ$GdddeZ%GdddeZ&GdddeZ'GdddeZ(GdddeZ)GdddeZ*GdddeZ+GdddeZ,GdddeZ-Gd d!d!eZ.Gd"d#d#eZ/Gd$d%d%eZ0Gd&d'd'eZ1Gd(d)d)eZ2Gd*d+d+eZ3Gd,d-d-eZ4Gd.d/d/eZ5Gd0d1d1eZ6Gd2d3d3e Z7Gd4d5d5eZ8Gd6d7d7eZ9Gd8d9d9eZ:Gd:d;d;e Z;Gdd?d?eZ=Gd@dAdAeZ>GdBdCdCeZ?GdDdEdEeZ@GdFdGdGeZAGdHdIdIeZBGdJdKdKeZCGdLdMdMeZDGdNdOdOeZEGdPdQdQeZFGdRdSdSeZGGdTdUdUeZHdVS)Wz ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)unwrap)DigestAlgorithmSignedDigestAlgorithm) BooleanChoice EnumeratedGeneralizedTime IA5StringIntegerNullObjectIdentifierOctetBitString OctetStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntax CRLReason)PublicKeyAlgorithm) Certificate GeneralName GeneralNamesNamec@eZdZddiZdS)Versionrv1N__name__ __module__ __qualname___mapr&r&M/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/asn1crypto/ocsp.pyr(rc@s(eZdZdefdefdefdefgZdS)CertIdhash_algorithmissuer_name_hashissuer_key_hash serial_numberN)r"r#r$rrr_fieldsr&r&r&r'r).s r)c@seZdZdefdefgZdS)ServiceLocatorissuerlocatorN)r"r#r$rrr.r&r&r&r'r/7sr/c@r)RequestExtensionIdz1.3.6.1.5.5.7.48.1.7service_locatorNr!r&r&r&r'r2>r(r2c@s4eZdZdefdeddifdefgZdZdeiZ dS) RequestExtensionextn_idcriticaldefaultF extn_valuer5r8r3N) r"r#r$r2r rr. _oid_pairr/ _oid_specsr&r&r&r'r4Ds r4c@eZdZeZdS)RequestExtensionsN)r"r#r$r4 _child_specr&r&r&r'r=Qr=c@sPeZdZdefdedddfgZdZdZdZdd Z e d d Z e d d Z dS)Requestreq_certsingle_request_extensionsrTexplicitoptionalFNcCdt|_|dD]$}|dj}d|}t||r!t|||dj|djr,|j|qd|_dS)v Sets common named extensions to private attributes and creates a list of critical extensions rBr5 _%s_valuer8r6TNset_critical_extensionsnativehasattrsetattrparsedadd_processed_extensionsself extensionnameattribute_namer&r&r'_set_extensions_      zRequest._set_extensionscC|js||jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rQrWrKrSr&r&r'critical_extensionsq zRequest.critical_extensionscC|jdur ||jS)z This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object F)rQrW_service_locator_valuer\r&r&r'service_locator_value zRequest.service_locator_value) r"r#r$r)r=r.rQrKr`rWpropertyr]rar&r&r&r'r@Us  r@c@r<)RequestsN)r"r#r$r@r>r&r&r&r'rdr?rdc@r) ResponseTypez1.3.6.1.5.5.7.48.1.1basic_ocsp_responseNr!r&r&r&r'rer(rec@r<)AcceptableResponsesN)r"r#r$rer>r&r&r&r'rgr?rgc@s"eZdZdefdeddifgZdS)PreferredSignatureAlgorithmsig_identifiercert_identifierrETN)r"r#r$r rr.r&r&r&r'rhs rhc@r<)PreferredSignatureAlgorithmsN)r"r#r$rhr>r&r&r&r'rkr?rkc@seZdZddddZdS)TBSRequestExtensionIdnonceacceptable_responsespreferred_signature_algorithms)1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8Nr!r&r&r&r'rls  rlc@s8eZdZdefdeddifdefgZdZee e dZ dS) TBSRequestExtensionr5r6r7Fr8r9)rmrnroN) r"r#r$rlr rr.r:rrgrkr;r&r&r&r'rqs  rqc@r<)TBSRequestExtensionsN)r"r#r$rqr>r&r&r&r'rrr?rrc@s@eZdZdedddfdedddfd efd ed ddfgZd S) TBSRequestversionrr rDr7requestor_namerTrC request_listrequest_extensionsN)r"r#r$rrrdrrr.r&r&r&r'rss rsc@r<) CertificatesN)r"r#r$rr>r&r&r&r'rzr?rzc@s*eZdZdefdefdedddfgZdS) Signaturesignature_algorithm signaturecertsrTrCN)r"r#r$r rrzr.r&r&r&r'r{s r{c@speZdZdefdedddfgZdZdZdZdZ dZ dd Z e d d Z e d d Ze ddZe ddZdS) OCSPRequest tbs_requestoptional_signaturerTrCFNcCsht|_|ddD]$}|dj}d|}t||r#t|||dj|djr.|j|q d|_dS) rGrrxr5rHr8r6TNrIrRr&r&r'rWs     zOCSPRequest._set_extensionscCrYrZr[r\r&r&r'r]r^zOCSPRequest.critical_extensionscCr_)z This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object FrQrW _nonce_valuer\r&r&r' nonce_valuerbzOCSPRequest.nonce_valuecCr_)a( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object F)rQrW_acceptable_responses_valuer\r&r&r'acceptable_responses_values z&OCSPRequest.acceptable_responses_valuecCr_)aj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object F)rQrW%_preferred_signature_algorithms_valuer\r&r&r'$preferred_signature_algorithms_value  z0OCSPRequest.preferred_signature_algorithms_value)r"r#r$rsr{r.rQrKrrrrWrcr]rrrr&r&r&r'rs$   rc@eZdZdddddddZdS) OCSPResponseStatus successfulmalformed_requestinternal_error try_later sign_required unauthorized)rrryNr!r&r&r&r'r1s rc@s(eZdZdeddifdeddifgZdS) ResponderIdby_namerDrby_keyryN)r"r#r$rr _alternativesr&r&r&r'r<s  rc@ eZdZddZeddZdS) StatusGoodcC6|dur|dkrt|tsttdt|d|_dS)z` Sets the value of the object :param value: None or 'good' NgoodzK value must be one of None, "good", not %s  isinstancer ValueErrorrreprcontentsrSvaluer&r&r'rJE  zStatusGood.setcCdS)Nrr&r\r&r&r'rLWzStatusGood.nativeNr"r#r$rJrcrLr&r&r&r'rDrc@r) StatusUnknowncCr)zc Sets the value of the object :param value: None or 'unknown' NunknownzN value must be one of None, "unknown", not %s rrrr&r&r'rJ^rzStatusUnknown.setcCr)Nrr&r\r&r&r'rLprzStatusUnknown.nativeNrr&r&r&r'r]rrc@s$eZdZdefdedddfgZdS) RevokedInforevocation_timerevocation_reasonrTrCN)r"r#r$r rr.r&r&r&r'rusrc@s4eZdZdeddifdeddifdeddifgZdS) CertStatusrimplicitrrevokedrrryN)r"r#r$rrrrr&r&r&r'r|s    rc@s:eZdZdedddfdedddfdedddfgZd S) CrlIdcrl_urlrTrCcrl_numrcrl_timeryN)r"r#r$rrr r.r&r&r&r'rs rc@r) SingleResponseExtensionIdcrlarchive_cutoff crl_reasoninvalidity_datecertificate_issuer!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z 2.5.29.21z 2.5.29.24z 2.5.29.29z1.3.6.1.4.1.11129.2.4.5Nr!r&r&r&r'rs rc@s>eZdZdefdeddifdefgZdZee e e e e dZ dS) SingleResponseExtensionr5r6r7Fr8r9)rrrrrrN)r"r#r$rr rr.r:rr rrrr;r&r&r&r'rs  rc@r<)SingleResponseExtensionsN)r"r#r$rr>r&r&r&r'rr?rc @seZdZdefdefdefdedddfded ddfgZd Zd Z d Z d Z d Z d Z d Zd d ZeddZeddZeddZeddZeddZeddZd S)SingleResponsecert_id cert_status this_update next_updaterTrCsingle_extensionsrFNcCrF)rGrr5rHr8r6TNrIrRr&r&r'rWrXzSingleResponse._set_extensionscCrYrZr[r\r&r&r'r]r^z"SingleResponse.critical_extensionscCr_)z This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object F)rQrW _crl_valuer\r&r&r' crl_valuerbzSingleResponse.crl_valuecCr_)z This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object F)rQrW_archive_cutoff_valuer\r&r&r'archive_cutoff_valuerbz#SingleResponse.archive_cutoff_valuecCr_)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)rQrW_crl_reason_valuer\r&r&r'crl_reason_value zSingleResponse.crl_reason_valuecCr_)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)rQrW_invalidity_date_valuer\r&r&r'invalidity_date_value rz$SingleResponse.invalidity_date_valuecCr_)z This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object F)rQrW_certificate_issuer_valuer\r&r&r'certificate_issuer_valuerz'SingleResponse.certificate_issuer_value)r"r#r$r)rr rr.rQrKrrrrrrWrcr]rrrrrr&r&r&r'rs6     rc@r<) ResponsesN)r"r#r$rr>r&r&r&r'r(r?rc@seZdZdddZdS)ResponseDataExtensionIdrmextended_revoke)rpz1.3.6.1.5.5.7.48.1.9Nr!r&r&r&r'r,s rc@s6eZdZdefdeddifdefgZdZee dZ dS) ResponseDataExtensionr5r6r7Fr8r9)rmrN) r"r#r$rr rr.r:rrr;r&r&r&r'r3s  rc@r<)ResponseDataExtensionsN)r"r#r$rr>r&r&r&r'rAr?rc @s>eZdZdedddfdefdefdefded d d fgZd S) ResponseDatartrr ru responder_id produced_at responsesresponse_extensionsrTrCN) r"r#r$rrr rrr.r&r&r&r'rEsrc@s0eZdZdefdefdefdedddfgZdS) BasicOCSPResponsetbs_response_datar|r}r~rTrCN)r"r#r$rr rrzr.r&r&r&r'rOs rc@s(eZdZdefdefgZdZdeiZdS) ResponseBytes response_typeresponse)rrrfN) r"r#r$rerr.r:rr;r&r&r&r'rXsrc@sxeZdZdefdedddfgZdZdZdZdZ dd Z e d d Z e d d Z e ddZe ddZe ddZdS) OCSPResponseresponse_statusresponse_bytesrTrCFNcCsrt|_|ddjddD]$}|dj}d|}t||r(t|||dj|djr3|j|qd |_d S) rGrrrrr5rHr8r6TN)rJrKrOrLrMrNrPrQrRr&r&r'rWos     zOCSPResponse._set_extensionscCrYrZr[r\r&r&r'r]r^z OCSPResponse.critical_extensionscCr_)z This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object Frr\r&r&r'rrbzOCSPResponse.nonce_valuecCr_)z This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) F)rQrW_extended_revoke_valuer\r&r&r'extended_revoke_valuerbz"OCSPResponse.extended_revoke_valuecCs|ddjS)z A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object rrrOr\r&r&r'rfs z OCSPResponse.basic_ocsp_responsecCs|ddjdS)z A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object rrrrr\r&r&r' response_datas zOCSPResponse.response_data)r"r#r$rrr.rQrKrrrWrcr]rrrfrr&r&r&r'rds&     rN)I__doc__ __future__rrrr_errorsralgosrr corer r r r rrrrrrrrrrrrkeysrx509rrrrrr)r/r2r4r=r@rdrergrhrkrlrqrrrsrzr{rrrrrrrrrrrrrrrrrrrrr&r&r&r's\ <   9 Z x