U ;g>@sXdZddlmZmZmZmZddlZddlmZddl m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZmZmZmZmZGdd d e ZGd d d eZGd d d eZGdddeZGdddeZ Gddde Z!GdddeZ"GdddeZ#GdddeZ$GdddeZ%GdddeZ&GdddeZ'Gd d!d!eZ(dS)"z ASN.1 type classes for certificate revocation lists (CRL). Exports the following items: - CertificateList() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_functionN)SignedDigestAlgorithm) Boolean EnumeratedGeneralizedTimeIntegerObjectIdentifierOctetBitStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntaxAuthorityKeyIdentifierCRLDistributionPointsDistributionPointName GeneralNamesName ReasonFlagsTimec@seZdZddddZdS)Versionv1Zv2v3)rrN__name__ __module__ __qualname___mapr"r"2/tmp/pip-unpacked-wheel-fr05hfkd/asn1crypto/crl.pyr+src @sdeZdZdedddfdedddfd ed ddfd ed dd fdedddfdedddfgZdS)IssuingDistributionPointdistribution_pointrTexplicitoptionalonly_contains_user_certsrF)implicitdefaultonly_contains_ca_certsronly_some_reasons)r*r( indirect_crlonly_contains_attribute_certsN)rrr rrr_fieldsr"r"r"r#r$3sr$c@s eZdZddddddddZd S) TBSCertListExtensionIdissuer_alt_name crl_numberdelta_crl_indicatorissuing_distribution_pointauthority_key_identifier freshest_crlauthority_information_access)z 2.5.29.18z 2.5.29.20z 2.5.29.27z 2.5.29.28z 2.5.29.35z 2.5.29.46z1.3.6.1.5.5.7.1.1Nrr"r"r"r#r4>sr4c@s@eZdZdefdeddifdefgZdZee e e e e e dZdS) TBSCertListExtensionextn_idcriticalr+F extn_valuer=r?)r5r6r7r8r9r:r;N)rrr r4rrr3 _oid_pairrr r$rrr _oid_specsr"r"r"r#r<Js r<c@seZdZeZdS)TBSCertListExtensionsN)rrr r< _child_specr"r"r"r#rC]srCc @s2eZdZddddddddd d d Zed d ZdS) CRLReason unspecifiedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdremove_from_crlprivilege_withdrawn aa_compromise) rrrr.r0r2 c Cs ddddddddd d d |jS) a :return: A unicode string with revocation description that is suitable to show to end-users. Starts with a lower case letter and phrased in such a way that it makes sense after the phrase "because of" or "due to". zan unspecified reasonza compromised keyzthe CA being compromisedzan affiliation changezcertificate supersessionza cessation of operationza certificate holdzremoval from the CRLzprivilege withdrawlzthe AA being compromised) rFrGrHrIrJrKrLrMrNrOnativeselfr"r"r#human_friendlyos  zCRLReason.human_friendlyN)rrr r!propertyrXr"r"r"r#rEas rEc@seZdZdddddZdS)CRLEntryExtensionId crl_reasonhold_instruction_codeinvalidity_datecertificate_issuer)z 2.5.29.21z 2.5.29.23z 2.5.29.24z 2.5.29.29Nrr"r"r"r#rZs rZc@s:eZdZdefdeddifdefgZdZee e e dZ dS) CRLEntryExtensionr=r>r+Fr?r@)r[r\r]r^N) rrr rZrrr3rArEr r rrBr"r"r"r#r_s r_c@seZdZeZdS)CRLEntryExtensionsN)rrr r_rDr"r"r"r#r`sr`c@seZdZdefdefdeddifgZdZdZdZ dZ dZ dZ dd Z ed d Zed d ZeddZeddZeddZdS)RevokedCertificateZuser_certificaterevocation_datecrl_entry_extensionsr(TFNcCsdt|_|dD]H}|dj}d|}t||rBt|||dj|djr|j|qd|_dS)v Sets common named extensions to private attributes and creates a list of critical extensions rcr= _%s_valuer?r>TNset_critical_extensionsrUhasattrsetattrparsedadd_processed_extensionsrW extensionnameZattribute_namer"r"r#_set_extensionss    z"RevokedCertificate._set_extensionscCs|js||jSz Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rmrqrhrVr"r"r#critical_extensionss z&RevokedCertificate.critical_extensionscCs|jdkr||jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)rmrq_crl_reason_valuerVr"r"r#crl_reason_values z#RevokedCertificate.crl_reason_valuecCs|jdkr||jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)rmrq_invalidity_date_valuerVr"r"r#invalidity_date_values z(RevokedCertificate.invalidity_date_valuecCs|jdkr||jS)a This extension indicates the issuer of the certificate in question, and is used in indirect CRLs. CRL entries without this extension are for certificates issued from the last seen issuer. :return: None or an x509.GeneralNames object F)rmrq_certificate_issuer_valuerVr"r"r#certificate_issuer_values z+RevokedCertificate.certificate_issuer_valuecCs>|jdkr8d|_|jr8|jD]}|jdkr|j|_q8q|jS)zi :return: None, or an asn1crypto.x509.Name object for the issuer of the cert FNZdirectory_name) _issuer_namerzrpchosen)rW general_namer"r"r# issuer_names   zRevokedCertificate.issuer_name)rrr r rr`r3rmrhrurwryr{rqrYrtrvrxrzr~r"r"r"r#ras*     rac@seZdZeZdS)RevokedCertificatesN)rrr rarDr"r"r"r#rsrc @sTeZdZdeddifdefdefdefdeddifdeddifd ed dd fgZ d S) TbsCertListversionr(T signatureissuer this_update next_updaterevoked_certificatescrl_extensionsrr&N) rrr rrrrrrCr3r"r"r"r#rs   rc@seZdZdefdefdefgZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZddZedd Zed d Zed d ZeddZeddZeddZeddZeddZeddZeddZeddZ eddZ!ed d!Z"ed"d#Z#ed$d%Z$dS)&CertificateList tbs_cert_listsignature_algorithmrFNcCsht|_|ddD]H}|dj}d|}t||rFt|||dj|djr|j|qd|_dS) rdrrr=rer?r>TNrfrnr"r"r#rq4s   zCertificateList._set_extensionscCs|js||jSrrrsrVr"r"r#rtFs z#CertificateList.critical_extensionscCs|jdkr||jS)z This extension allows associating one or more alternative names with the issuer of the CRL. :return: None or an x509.GeneralNames object F)rmrq_issuer_alt_name_valuerVr"r"r#issuer_alt_name_valueTs z%CertificateList.issuer_alt_name_valuecCs|jdkr||jS)z This extension adds a monotonically increasing number to the CRL and is used to distinguish different versions of the CRL. :return: None or an Integer object F)rmrq_crl_number_valuerVr"r"r#crl_number_valuebs z CertificateList.crl_number_valuecCs|jdkr||jS)z This extension indicates a CRL is a delta CRL, and contains the CRL number of the base CRL that it is a delta from. :return: None or an Integer object F)rmrq_delta_crl_indicator_valuerVr"r"r#delta_crl_indicator_valueps z)CertificateList.delta_crl_indicator_valuecCs|jdkr||jS)z This extension includes information about what types of revocations and certificates are part of the CRL. :return: None or an IssuingDistributionPoint object F)rmrq!_issuing_distribution_point_valuerVr"r"r# issuing_distribution_point_value~s z0CertificateList.issuing_distribution_point_valuecCs|jdkr||jS)z This extension helps in identifying the public key with which to validate the authenticity of the CRL. :return: None or an AuthorityKeyIdentifier object F)rmrq_authority_key_identifier_valuerVr"r"r#authority_key_identifier_values z.CertificateList.authority_key_identifier_valuecCs|jdkr||jS)z This extension is used in complete CRLs to indicate where a delta CRL may be located. :return: None or a CRLDistributionPoints object F)rmrq_freshest_crl_valuerVr"r"r#freshest_crl_values z"CertificateList.freshest_crl_valuecCs|jdkr||jS)z This extension is used to provide a URL with which to download the certificate used to sign this CRL. :return: None or an AuthorityInfoAccessSyntax object F)rmrq#_authority_information_access_valuerVr"r"r#"authority_information_access_values z2CertificateList.authority_information_access_valuecCs |ddS)z_ :return: An asn1crypto.x509.Name object for the issuer of the CRL rrr"rVr"r"r#rszCertificateList.issuercCs|js dS|jdjS)z :return: None or a byte string of the key_identifier from the authority key identifier extension Nkey_identifier)rrUrVr"r"r#r9sz(CertificateList.authority_key_identifiercCsp|jdkrjg|_|jrj|jD]L}|djdkr|d}|jdkrBq|j}|dddkr|j|q|jS) z :return: A list of unicode strings that are URLs that should contain either an individual DER-encoded X.509 certificate, or a DER-encoded CMS message containing multiple certificates N access_methodZ ca_issuersaccess_locationuniform_resource_identifierrzhttp://)_issuer_cert_urlsrrUrplowerappend)rWentrylocationurlr"r"r#issuer_cert_urlss   z CertificateList.issuer_cert_urlscCsb|jdkr\g|_|jdk r\|jD]:}|d}|jdkr8q |jD]}|jdkr>|j|q>q |jS)z Returns delta CRL URLs - only applies to complete CRLs :return: A list of zero or more DistributionPoint objects Nr%Zname_relative_to_crl_issuerr)_delta_crl_distribution_pointsrrpr|r)rWr%Zdistribution_point_namer}r"r"r#delta_crl_distribution_pointss      z-CertificateList.delta_crl_distribution_pointscCs |djS)zE :return: A byte string of the signature rrTrVr"r"r#rszCertificateList.signaturecCs$|jdkrt||_|jS)zf :return: The SHA1 hash of the DER-encoded bytes of this certificate list N)_sha1hashlibsha1dumpdigestrVr"r"r#rs zCertificateList.sha1cCs$|jdkrt||_|jS)zi :return: The SHA-256 hash of the DER-encoded bytes of this certificate list N)_sha256rsha256rrrVr"r"r#rs zCertificateList.sha256)%rrr rrr r3rmrhrrrrrrrrrrrrqrYrtrrrrrrrrr9rrrrrr"r"r"r#rs`              r))__doc__ __future__rrrrrZalgosrcorerr r r r r rrrx509rrrrrrrrrr$r4r<rCrErZr_r`rarrrr"r"r"r#s$  , (  & k