HOME

Mini Shell 1.0 Redirecting to https://devs.lapieza.net/iniciar-sesion Redirecting to https://devs.lapieza.net/iniciar-sesion.
DIR: /proc/self/root/usr/lib/python3/dist-packages/cryptography/x509/__pycache__/
Current File : //proc/self/root/usr/lib/python3/dist-packages/cryptography/x509/__pycache__/base.cpython-311.pyc
�

p�g���	��ddlZddlZddlZddlZddlmZddlmZddl	m
Z
mZddlm
Z
mZmZmZmZmZmZddlmZmZmZddlmZmZmZmZddlmZmZdd	l m!Z!ejd
dd��Z"Gd�d
e#��Z$deedej%eeddfd�Z&de!dej%ej'e!e(ej)e*fddfd�Z+dejdejfd�Z,Gd�d��Z-Gd�d��Z.Gd�dej/��Z0Gd�de#��Z1Gd�d ej2�!��Z3e3�4ej3��Gd"�d#ej2�!��Z5e5�4ej5��Gd$�d%e5��Z6Gd&�d'ej2�!��Z7e7�4ej7��Gd(�d)ej2�!��Z8e8�4ej8��	d;d*e(d+ej9de3fd,�Z:	d;d*e(d+ej9de3fd-�Z;	d;d*e(d+ej9de8fd.�Z<	d;d*e(d+ej9de8fd/�Z=	d;d*e(d+ej9de7fd0�Z>	d;d*e(d+ej9de7fd1�Z?Gd2�d3��Z@Gd4�d5��ZAGd6�d7��ZBGd8�d9��ZCde*fd:�ZDdS)<�N)�utils)�x509)�hashes�
serialization)�dsa�ec�ed25519�ed448�rsa�x25519�x448)�#CERTIFICATE_ISSUER_PUBLIC_KEY_TYPES�CERTIFICATE_PRIVATE_KEY_TYPES�CERTIFICATE_PUBLIC_KEY_TYPES)�	Extension�
ExtensionType�
Extensions�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��c�,��eZdZdededdf�fd�Z�xZS)�AttributeNotFound�msg�oid�returnNc�f��tt|���|��||_dS�N)�superr�__init__r)�selfrr�	__class__s   ��8/usr/lib/python3/dist-packages/cryptography/x509/base.pyr!zAttributeNotFound.__init__*s-���
���&�&�/�/��4�4�4������)�__name__�
__module__�__qualname__�strrr!�
__classcell__�r#s@r$rr)sS��������C��&6��4����������r%r�	extension�
extensionsrc�N�|D]!}|j|jkrtd����"dS)Nz$This extension has already been set.)r�
ValueError)r,r-�es   r$�_reject_duplicate_extensionr1/sD��
�E�E���5�I�M�!�!��C�D�D�D�"�E�Er%r�
attributesc�B�|D]\}}}||krtd����dS)Nz$This attribute has already been set.)r/)rr2�attr_oid�_s    r$�_reject_duplicate_attributer69sD��%�E�E���!�Q��s�?�?��C�D�D�D��E�Er%�timec��|j�D|���}|r|ntj��}|�d���|z
S|S)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)�tzinfo)r9�	utcoffset�datetime�	timedelta�replace)r7�offsets  r$�_convert_to_naive_utc_timer?EsP���{�����!�!��!�;���x�'9�';�';���|�|�4�|�(�(�6�1�1��r%c	��eZdZejjfdedededdfd�Z	e
defd���Ze
defd���Zdefd	�Z
d
edefd�Zdefd�ZdS)
�	Attributer�value�_typerNc�0�||_||_||_dSr)�_oid�_valuerC)r"rrBrCs    r$r!zAttribute.__init__Ts����	������
�
�
r%c��|jSr)rE�r"s r$rz
Attribute.oid^s
���y�r%c��|jSr)rFrHs r$rBzAttribute.valuebs
���{�r%c�B�d�|j|j��S)Nz<Attribute(oid={}, value={!r})>)�formatrrBrHs r$�__repr__zAttribute.__repr__fs��0�7�7���$�*�M�M�Mr%�otherc��t|t��stS|j|jko|j|jko|j|jkSr)�
isinstancerA�NotImplementedrrBrC�r"rMs  r$�__eq__zAttribute.__eq__isO���%��+�+�	"�!�!�
�H��	�!�
*��
�e�k�)�
*��
�e�k�)�	
r%c�D�t|j|j|jf��Sr)�hashrrBrCrHs r$�__hash__zAttribute.__hash__ss���T�X�t�z�4�:�6�7�7�7r%)r&r'r(r�
UTF8StringrBr�bytes�intr!�propertyrr)rL�object�boolrRrU�r%r$rArASs
������
�)�/�	��
�����	�

�������%�����X����u�����X��N�#�N�N�N�N�
�F�
�t�
�
�
�
�8�#�8�8�8�8�8�8r%rAc�n�eZdZdejeddfd�Zed��\ZZ	Z
defd�Zde
defd�ZdS)	�
Attributesr2rNc�.�t|��|_dSr)�list�_attributes)r"r2s  r$r!zAttributes.__init__xs�� �
�+�+����r%rac�6�d�|j��S)Nz<Attributes({})>)rKrarHs r$rLzAttributes.__repr__�s��!�(�(��)9�:�:�:r%rc�p�|D]}|j|kr|cS�td�|��|���)NzNo {} attribute was found)rrrK)r"r�attrs   r$�get_attribute_for_oidz Attributes.get_attribute_for_oid�sK���	�	�D��x�3�������� � ;� B� B�3� G� G��M�M�Mr%)r&r'r(�typing�IterablerAr!r�__len__�__iter__�__getitem__r)rLrrer\r%r$r^r^ws�������,��O�I�.�,�
�,�,�,�,�&<�%;�M�%J�%J�"�G�X�{�;�#�;�;�;�;�N�)9�N�i�N�N�N�N�N�Nr%r^c��eZdZdZdZdS)�Versionr�N)r&r'r(�v1�v3r\r%r$rlrl�s������	
�B�	
�B�B�Br%rlc�,��eZdZdededdf�fd�Z�xZS)�InvalidVersionr�parsed_versionrNc�f��tt|���|��||_dSr)r rqr!rr)r"rrrr#s   �r$r!zInvalidVersion.__init__�s/���
�n�d�#�#�,�,�S�1�1�1�,����r%)r&r'r(r)rXr!r*r+s@r$rqrq�sR�������-�C�-��-��-�-�-�-�-�-�-�-�-�-r%rqc���eZdZejdejdefd���Zej	de
fd���Zej	defd���Z
ejdefd���Zej	dejfd���Zej	dejfd���Zej	defd	���Zej	defd
���Zej	dejejfd���Zej	defd���Zej	defd
���Zej	defd���Zej	defd���Zej	defd���Zejde de!fd���Z"ejde
fd���Z#ejde$j%defd���Z&dS)�Certificate�	algorithmrc��dS�z4
        Returns bytes using digest passed.
        Nr\�r"rvs  r$�fingerprintzCertificate.fingerprint�����r%c��dS)z3
        Returns certificate serial number
        Nr\rHs r$�
serial_numberzCertificate.serial_number�r{r%c��dS)z1
        Returns the certificate version
        Nr\rHs r$�versionzCertificate.version�r{r%c��dS�z(
        Returns the public key
        Nr\rHs r$�
public_keyzCertificate.public_key�r{r%c��dS)z?
        Not before time (represented as UTC datetime)
        Nr\rHs r$�not_valid_beforezCertificate.not_valid_before�r{r%c��dS)z>
        Not after time (represented as UTC datetime)
        Nr\rHs r$�not_valid_afterzCertificate.not_valid_after�r{r%c��dS)z1
        Returns the issuer name object.
        Nr\rHs r$�issuerzCertificate.issuer�r{r%c��dS�z2
        Returns the subject name object.
        Nr\rHs r$�subjectzCertificate.subject�r{r%c��dS�zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr\rHs r$�signature_hash_algorithmz$Certificate.signature_hash_algorithm�r{r%c��dS�zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr\rHs r$�signature_algorithm_oidz#Certificate.signature_algorithm_oid�r{r%c��dS)z/
        Returns an Extensions object.
        Nr\rHs r$r-zCertificate.extensions�r{r%c��dS�z.
        Returns the signature bytes.
        Nr\rHs r$�	signaturezCertificate.signature�r{r%c��dS)zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        Nr\rHs r$�tbs_certificate_bytesz!Certificate.tbs_certificate_bytes�r{r%c��dS)zh
        Returns the tbsCertificate payload bytes with the SCT list extension
        stripped.
        Nr\rHs r$�tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytes�r{r%rMc��dS�z"
        Checks equality.
        Nr\rQs  r$rRzCertificate.__eq__�r{r%c��dS�z"
        Computes a hash.
        Nr\rHs r$rUzCertificate.__hash__�r{r%�encodingc��dS)zB
        Serializes the certificate to PEM or DER format.
        Nr\�r"r�s  r$�public_byteszCertificate.public_bytes�r{r%N)'r&r'r(�abc�abstractmethodr�
HashAlgorithmrWrz�abstractpropertyrXr}rlrrr�r;r�r�rr�r�rf�Optionalr�rr�rr-r�r�r�rZr[rRrUr�Encodingr�r\r%r$ruru�s���������V�%9��e�������
	���s�������
	����������
	���8�������
	���(�"3�������
	����!2�������
	����������
	����������
	���	���-�	.�������	���)9�������
	���J�������
	���5�������
	���u�������
	���%�������	���F��t�������
	���#�������
	���]�%;����������r%ru)�	metaclassc��eZdZejdefd���Zejdejfd���Zejde	fd���Z
dS)�RevokedCertificaterc��dS)zG
        Returns the serial number of the revoked certificate.
        Nr\rHs r$r}z RevokedCertificate.serial_numberr{r%c��dS)zH
        Returns the date of when this certificate was revoked.
        Nr\rHs r$�revocation_datez"RevokedCertificate.revocation_date
r{r%c��dS)zW
        Returns an Extensions object containing a list of Revoked extensions.
        Nr\rHs r$r-zRevokedCertificate.extensionsr{r%N)r&r'r(r�r�rXr}r;r�rr-r\r%r$r�r�s����������s�������
	����!2�������
	���J��������r%r�c��eZdZdedejdefd�Zedefd���Zedejfd���Z	edefd���Z
d	S)
�_RawRevokedCertificater}r�r-c�0�||_||_||_dSr��_serial_number�_revocation_date�_extensions�r"r}r�r-s    r$r!z_RawRevokedCertificate.__init__�"��,��� /���%����r%rc��|jSr)r�rHs r$r}z$_RawRevokedCertificate.serial_number)s���"�"r%c��|jSr)r�rHs r$r�z&_RawRevokedCertificate.revocation_date-s���$�$r%c��|jSr)r�rHs r$r-z!_RawRevokedCertificate.extensions1s����r%N)r&r'r(rXr;rr!rYr}r�r-r\r%r$r�r�s�������&��&�"�*�&��	&�&�&�&��#�s�#�#�#��X�#��%��!2�%�%�%��X�%�� �J� � � ��X� � � r%r�c���eZdZejdejdefd���Zejde	j
defd���Zejdede
jefd���Zejde
je	j
fd���Zejdefd	���Zejdefd
���Zejde
jejfd���Zejdejfd���Zejdefd
���Zejdefd���Zejdefd���Zejdedefd���Z ejdefd���Z!e
j"dedefd���Z#e
j"de$de
j%efd���Z#ejde
j&ee$fde
j&ee
j%effd���Z#ejde
j'efd���Z(ejde)defd���Z*dS)�CertificateRevocationListr�rc��dS)z:
        Serializes the CRL to PEM or DER format.
        Nr\r�s  r$r�z&CertificateRevocationList.public_bytes7r{r%rvc��dSrxr\rys  r$rzz%CertificateRevocationList.fingerprint=r{r%r}c��dS)zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nr\)r"r}s  r$�(get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_numberCr{r%c��dSr�r\rHs r$r�z2CertificateRevocationList.signature_hash_algorithmLr{r%c��dSr�r\rHs r$r�z1CertificateRevocationList.signature_algorithm_oidUr{r%c��dS)zC
        Returns the X509Name with the issuer of this CRL.
        Nr\rHs r$r�z CertificateRevocationList.issuer[r{r%c��dS)z?
        Returns the date of next update for this CRL.
        Nr\rHs r$�next_updatez%CertificateRevocationList.next_updatear{r%c��dS)z?
        Returns the date of last update for this CRL.
        Nr\rHs r$�last_updatez%CertificateRevocationList.last_updategr{r%c��dS)zS
        Returns an Extensions object containing a list of CRL extensions.
        Nr\rHs r$r-z$CertificateRevocationList.extensionsmr{r%c��dSr�r\rHs r$r�z#CertificateRevocationList.signaturesr{r%c��dS)zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        Nr\rHs r$�tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytesyr{r%rMc��dSr�r\rQs  r$rRz CertificateRevocationList.__eq__r{r%c��dS)z<
        Number of revoked certificates in the CRL.
        Nr\rHs r$rhz!CertificateRevocationList.__len__�r{r%�idxc��dSrr\�r"r�s  r$rjz%CertificateRevocationList.__getitem__�����r%c��dSrr\r�s  r$rjz%CertificateRevocationList.__getitem__�r�r%c��dS)zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nr\r�s  r$rjz%CertificateRevocationList.__getitem__�r{r%c��dS)z8
        Iterator over the revoked certificates
        Nr\rHs r$riz"CertificateRevocationList.__iter__�r{r%r�c��dS)zQ
        Verifies signature of revocation list against given public key.
        Nr\)r"r�s  r$�is_signature_validz,CertificateRevocationList.is_signature_valid�r{r%N)+r&r'r(r�r�rr�rWr�rr�rzrXrfr�r�r�r�r�rr�rr�r;r�r�rr-r�r�rZr[rRrh�overloadrj�slice�List�Union�Iteratorrirr�r\r%r$r�r�6s����������]�%;���������
	���V�%9��e�������
	��� ��	��+�	,�������	���	���-�	.�������	���)9�������
	����������
	���V�_�X�->�?�������
	���X�.�������
	���J�������
	���5�������
	���E�������
	���F��t�������
	����������
�_��s��'9�����_���_��u����5G�)H�����_��	����<��U�
�+��	��(�&�+�6H�*I�I�	J�������	���&�/�*<�=�������
	���=��	
��������r%r�c�2�eZdZejdedefd���Zejdefd���Z	ejde
fd���Zejde
fd���Zejdejejfd���Zejdefd���Zejdefd	���Zejdefd
���Zejdejdefd���Zejdefd
���Zejdefd���Zejdefd���Z ejdedefd���Z!dS)�CertificateSigningRequestrMrc��dSr�r\rQs  r$rRz CertificateSigningRequest.__eq__�r{r%c��dSr�r\rHs r$rUz"CertificateSigningRequest.__hash__�r{r%c��dSr�r\rHs r$r�z$CertificateSigningRequest.public_key�r{r%c��dSr�r\rHs r$r�z!CertificateSigningRequest.subject�r{r%c��dSr�r\rHs r$r�z2CertificateSigningRequest.signature_hash_algorithm�r{r%c��dSr�r\rHs r$r�z1CertificateSigningRequest.signature_algorithm_oid�r{r%c��dS)z@
        Returns the extensions in the signing request.
        Nr\rHs r$r-z$CertificateSigningRequest.extensions�r{r%c��dS)z/
        Returns an Attributes object.
        Nr\rHs r$r2z$CertificateSigningRequest.attributes�r{r%r�c��dS)z;
        Encodes the request to PEM or DER format.
        Nr\r�s  r$r�z&CertificateSigningRequest.public_bytes�r{r%c��dSr�r\rHs r$r�z#CertificateSigningRequest.signature�r{r%c��dS)zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        Nr\rHs r$�tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytes�r{r%c��dS)z8
        Verifies signature of signing request.
        Nr\rHs r$r�z,CertificateSigningRequest.is_signature_valid�r{r%rc��dS)z:
        Get the attribute value for a given OID.
        Nr\)r"rs  r$rez/CertificateSigningRequest.get_attribute_for_oid�r{r%N)"r&r'r(r�r�rZr[rRrXrUrr�r�rr�rfr�rr�r�rr�rr-r^r2rr�rWr�r�r�r�rer\r%r$r�r��sg���������F��t�������
	���#�������
	���8�������
	����������
	���	���-�	.�������	���)9�������
	���J�������
	���J�������
	���]�%;���������
	���5�������
	���u�������	���D�������
	���)9��e��������r%r��data�backendc�*�tj|��Sr)�	rust_x509�load_pem_x509_certificate�r�r�s  r$r�r�����.�t�4�4�4r%c�*�tj|��Sr)r��load_der_x509_certificater�s  r$r�r�
r�r%c�*�tj|��Sr)r��load_pem_x509_csrr�s  r$r�r�����&�t�,�,�,r%c�*�tj|��Sr)r��load_der_x509_csrr�s  r$r�r�r�r%c�*�tj|��Sr)r��load_pem_x509_crlr�s  r$r�r�"r�r%c�*�tj|��Sr)r��load_der_x509_crlr�s  r$r�r�)r�r%c�H�eZdZdggfdejedejeedejej	e
eejeffd�Z
deddfd�Zd	ed
eddfd�Zdd�d
e
dedejeddfd�Z	ddedejejdejdefd�ZdS)� CertificateSigningRequestBuilderN�subject_namer-r2c�0�||_||_||_dS)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_namer�ra)r"rr-r2s    r$r!z)CertificateSigningRequestBuilder.__init__0s"��*���%���%����r%�namerc��t|t��std���|j�t	d���t||j|j��S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.N�&The subject name may only be set once.)rOr�	TypeErrorrr/r�r�ra�r"rs  r$rz-CertificateSigningRequestBuilder.subject_name?s\���$��%�%�	;��9�:�:�:���)��E�F�F�F�/��$�"�D�$4�
�
�	
r%�extval�criticalc���t|t��std���t|j||��}t||j��t|j|j|gz|j	��S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rOrrrrr1r�r�rra�r"r	r
r,s    r$�
add_extensionz.CertificateSigningRequestBuilder.add_extensionKsw���&�-�0�0�	B��@�A�A�A��f�j�(�F�;�;�	�#�I�t�/?�@�@�@�/�����	�{�*���
�
�	
r%)�_tagrrBrc�n�t|t��std���t|t��std���|�$t|t��std���t||j��|�|j}nd}t|j	|j
|j|||fgz��S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)rOrrrWrr6rarBr�rr�)r"rrBr�tags     r$�
add_attributez.CertificateSigningRequestBuilder.add_attribute]s����#�/�0�0�	?��=�>�>�>��%��'�'�	3��1�2�2�2���J�t�Y�$?�$?���3�4�4�4�#�C��)9�:�:�:����*�C�C��C�/��������e�S� 1�2�2�
�
�	
r%�private_keyrvr�c�Z�|j�td���tj|||��S)zF
        Signs the request using the requestor's private key.
        Nz/A CertificateSigningRequest must have a subject)rr/r��create_x509_csr�r"rrvr�s    r$�signz%CertificateSigningRequestBuilder.sign}s1����%��N�O�O�O��(��{�I�F�F�Fr%r)r&r'r(rfr�rr�rr�TuplerrWrXr!rr[rrrrrr��Anyr�rr\r%r$r�r�/s�������/3�<>�
�

&�
&��o�d�+�
&��K�	�-� 8�9�
&��K��L�)�5�&�/�#�2F�F�G�
�	
&�
&�
&�
&�

��

�*L�

�

�

�

�
�#�
�/3�
�	+�
�
�
�
�.,0�
�
�
�
�
��
�
�o�i�(�
�
,�

�
�
�
�H#�	G�G�2�G��?�6�#7�8�G���	G�

#�G�G�G�G�G�Gr%r�c��eZdZUejeeed<ddddddgfdeje	deje	deje
dejedejejdejejd	ejeed
dfd�Z
de	d
dfd
�Zde	d
dfd�Zde
d
dfd�Zded
dfd�Zdejd
dfd�Zdejd
dfd�Zdeded
dfd�Z	ddedejejdejd
efd�ZdS)�CertificateBuilderr�N�issuer_namerr�r}r�r�r-rc��tj|_||_||_||_||_||_||_||_	dSr)
rlro�_version�_issuer_namer�_public_keyr��_not_valid_before�_not_valid_afterr�)r"rrr�r}r�r�r-s        r$r!zCertificateBuilder.__init__�sK�� �
��
�'���)���%���+���!1��� /���%����r%rc	���t|t��std���|j�t	d���t||j|j|j|j	|j
|j��S)z3
        Sets the CA's distinguished name.
        rN�%The issuer name may only be set once.)rOrrrr/rrr r�r!r"r�rs  r$rzCertificateBuilder.issuer_name�sv���$��%�%�	;��9�:�:�:���(��D�E�E�E�!���������"��!���
�
�	
r%c	���t|t��std���|j�t	d���t|j||j|j|j	|j
|j��S)z:
        Sets the requestor's distinguished name.
        rNr)rOrrrr/rrr r�r!r"r�rs  r$rzCertificateBuilder.subject_name�sv���$��%�%�	;��9�:�:�:���)��E�F�F�F�!���������"��!���
�
�	
r%�keyc
�l�t|tjtjt
jtjtj
tjtjf��std���|j�t#d���t%|j|j||j|j|j|j��S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rOr�DSAPublicKeyr�RSAPublicKeyr�EllipticCurvePublicKeyr	�Ed25519PublicKeyr
�Ed448PublicKeyr�X25519PublicKeyr
�
X448PublicKeyrr r/rrrr�r!r"r�)r"r&s  r$r�zCertificateBuilder.public_key�s������ �� ��)��(��$��&��"�
�
�
�	��!���
���'��C�D�D�D�!���������"��!���
�
�	
r%�numberc	�T�t|t��std���|j�t	d���|dkrt	d���|���dkrt	d���t
|j|j|j	||j
|j|j��S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.N�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rOrXrr�r/�
bit_lengthrrrr r!r"r��r"r/s  r$r}z CertificateBuilder.serial_number�s����&�#�&�&�	G��E�F�F�F���*��F�G�G�G��Q�;�;��D�E�E�E������#�%�%��H���
�"���������"��!���
�
�	
r%r7c	�z�t|tj��std���|j�t	d���t|��}|tkrt	d���|j�||jkrt	d���t|j	|j
|j|j||j|j
��S)z7
        Sets the certificate activation time.
        �Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rOr;rr!r/r?�_EARLIEST_UTC_TIMEr"rrrr r�r��r"r7s  r$r�z#CertificateBuilder.not_valid_befores����$�� 1�2�2�	:��8�9�9�9��!�-��I�J�J�J�)�$�/�/���$�$�$��$���
�� �,���8M�1M�1M�����
�"�����������!���
�
�	
r%c	�z�t|tj��std���|j�t	d���t|��}|tkrt	d���|j�||jkrt	d���t|j	|j
|j|j|j||j
��S)z7
        Sets the certificate expiration time.
        r8Nz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rOr;rr"r/r?r9r!rrrr r�r�r:s  r$r�z"CertificateBuilder.not_valid_after$s����$�� 1�2�2�	:��8�9�9�9�� �,��H�I�I�I�)�$�/�/���$�$�$��#���
�

�"�.��t�-�-�-�����
�"����������"����
�
�	
r%r	r
c
��t|t��std���t|j||��}t||j��t|j|j	|j
|j|j|j
|j|gz��S)z=
        Adds an X.509 extension to the certificate.
        r)rOrrrrr1r�rrrr r�r!r"r
s    r$rz CertificateBuilder.add_extensionDs����&�-�0�0�	B��@�A�A�A��f�j�(�F�;�;�	�#�I�t�/?�@�@�@�!����������"��!���	�{�*�
�
�	
r%rrvr�c�6�|j�td���|j�td���|j�td���|j�td���|j�td���|j�td���tj|||��S)zC
        Signs the certificate using the CA's private key.
        Nz&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public key)	rr/rr�r!r"r r��create_x509_certificaters    r$rzCertificateBuilder.signZs�����%��E�F�F�F���$��E�F�F�F���&��F�G�G�G��!�)��N�O�O�O�� �(��M�N�N�N���#��C�D�D�D��0��{�I�N�N�Nr%r)r&r'r(rfr�rr�__annotations__r�rrrXr;r!rrr�r}r�r�r[rrrr�rrurr\r%r$rr�sN���������Y�}�5�6�6�6�6�.2�.2�DH�.2�?C�>B�<>�&�&��_�T�*�&��o�d�+�&��O�$@�A�	&�
��s�+�&�!�/�(�*;�<�
&� ���):�;�&��K�	�-� 8�9�&�
�&�&�&�&�&
��
�)=�
�
�
�
�$
��
�*>�
�
�
�
�$#
�
)�#
�
�#
�#
�#
�#
�J
�C�
�,@�
�
�
�
�6
��%�
�	�
�
�
�
�>
�H�$5�
�:N�
�
�
�
�@
�#�
�/3�
�	�
�
�
�
�4#�	O�O�2�O��?�6�#7�8�O���	O�

�O�O�O�O�O�Or%rc��eZdZUejeeed<ejeed<dddggfdej	e
dej	ejdej	ejdejeedejef
d	�Zde
d
dfd�Z
dejd
dfd�Zdejd
dfd
�Zdeded
dfd�Zded
dfd�Z	ddedej	ejdejd
efd�ZdS)� CertificateRevocationListBuilderr��_revoked_certificatesNrr�r�r-�revoked_certificatesc�L�||_||_||_||_||_dSr)r�_last_update�_next_updater�rB)r"rr�r�r-rCs      r$r!z)CertificateRevocationListBuilder.__init__|s2��(���'���'���%���%9��"�"�"r%rc���t|t��std���|j�t	d���t||j|j|j|j	��S)Nrr$)
rOrrrr/rArErFr�rB)r"rs  r$rz,CertificateRevocationListBuilder.issuer_name�sj���+�t�,�,�	;��9�:�:�:���(��D�E�E�E�/���������&�
�
�	
r%c�b�t|tj��std���|j�t	d���t|��}|tkrt	d���|j�||jkrt	d���t|j	||j|j
|j��S)Nr8�!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rOr;rrEr/r?r9rFrArr�rB)r"r�s  r$r�z,CertificateRevocationListBuilder.last_update�s����+�x�'8�9�9�	:��8�9�9�9���(��@�A�A�A�0��=�=���+�+�+��M���
���(�[�4�;L�-L�-L��K���
�0���������&�
�
�	
r%c�b�t|tj��std���|j�t	d���t|��}|tkrt	d���|j�||jkrt	d���t|j	|j||j
|j��S)Nr8rIrJz8The next update date must be after the last update date.)rOr;rrFr/r?r9rErArr�rB)r"r�s  r$r�z,CertificateRevocationListBuilder.next_update�s����+�x�'8�9�9�	:��8�9�9�9���(��@�A�A�A�0��=�=���+�+�+��M���
���(�[�4�;L�-L�-L��J���
�0���������&�
�
�	
r%r	r
c��t|t��std���t|j||��}t||j��t|j|j	|j
|j|gz|j��S)zM
        Adds an X.509 extension to the certificate revocation list.
        r)rOrrrrr1r�rArrErFrBr
s    r$rz.CertificateRevocationListBuilder.add_extension�s����&�-�0�0�	B��@�A�A�A��f�j�(�F�;�;�	�#�I�t�/?�@�@�@�/���������	�{�*��&�
�
�	
r%�revoked_certificatec��t|t��std���t|j|j|j|j|j|gz��S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rOr�rrArrErFr�rB)r"rMs  r$�add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificate�sa���-�/A�B�B�	I��G�H�H�H�/����������&�*=�)>�>�
�
�	
r%rrvr�c��|j�td���|j�td���|j�td���t	j|||��S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)rr/rErFr��create_x509_crlrs    r$rz%CertificateRevocationListBuilder.sign�sa����$��=�>�>�>���$��A�B�B�B���$��A�B�B�B��(��{�I�F�F�Fr%r)r&r'r(rfr�rrr?r�r�rr;r!rr�r�r[rrOrrr�rr�rr\r%r$rArAxs����������Y�}�5�6�6�6�6�!�;�'9�:�:�:�:�.2�:>�:>�<>�@B�
:�:��_�T�*�:��_�X�%6�7�:��_�X�%6�7�	:�
�K�	�-� 8�9�:�%�k�*<�=�
:�:�:�:�

��

�	+�

�

�

�

�
�#�,�
�	+�
�
�
�
�0
�#�,�
�	+�
�
�
�
�0
�#�
�/3�
�	+�
�
�
�
�&
�#5�
�	+�
�
�
�
�*#�	G�G�2�G��?�6�#7�8�G���	G�

#�G�G�G�G�G�Gr%rAc	���eZdZddgfdejedejejdejee	fd�Z
deddfd�Zd	ejddfd
�Zde	de
ddfd
�Zddejdefd�ZdS)�RevokedCertificateBuilderNr}r�r-c�0�||_||_||_dSrr�r�s    r$r!z"RevokedCertificateBuilder.__init__r�r%r/rc�$�t|t��std���|j�t	d���|dkrt	d���|���dkrt	d���t
||j|j��S)Nr1r2rz$The serial number should be positiver3r4)	rOrXrr�r/r5rSr�r�r6s  r$r}z'RevokedCertificateBuilder.serial_number
s����&�#�&�&�	G��E�F�F�F���*��F�G�G�G��Q�;�;��C�D�D�D������#�%�%��H���
�)��D�)�4�+;�
�
�	
r%r7c��t|tj��std���|j�t	d���t|��}|tkrt	d���t|j||j	��S)Nr8z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rOr;rr�r/r?r9rSr�r�r:s  r$r�z)RevokedCertificateBuilder.revocation_dates����$�� 1�2�2�	:��8�9�9�9�� �,��H�I�I�I�)�$�/�/���$�$�$��L���
�)����t�'7�
�
�	
r%r	r
c���t|t��std���t|j||��}t||j��t|j|j	|j|gz��S)Nr)
rOrrrrr1r�rSr�r�r
s    r$rz'RevokedCertificateBuilder.add_extension,sw���&�-�0�0�	B��@�A�A�A��f�j�(�F�;�;�	�#�I�t�/?�@�@�@�(����!���	�{�*�
�
�	
r%r�c��|j�td���|j�td���t|j|jt	|j����S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r/r�r�rr�)r"r�s  r$�buildzRevokedCertificateBuilder.build:sf����&��N�O�O�O�� �(��C���
�&����!��t�'�(�(�
�
�	
r%r)r&r'r(rfr�rXr;r�rrr!r}r�r[rrr�rYr\r%r$rSrS�s������/3�>B�<>�	&�&���s�+�&� ���):�;�&��K�	�-� 8�9�	&�&�&�&�
�C�
�,G�
�
�
�
�$
��%�
�	$�
�
�
�
� 
�#�
�/3�
�	$�
�
�
�
�
�
�V�Z�
�3E�
�
�
�
�
�
r%rSc�b�t�tjd��d��dz	S)N��bigr)rX�
from_bytes�os�urandomr\r%r$�random_serial_numberr`Hs#���>�>�"�*�R�.�.�%�0�0�A�5�5r%r)Er�r;r^rf�cryptographyr�"cryptography.hazmat.bindings._rustrr��cryptography.hazmat.primitivesrr�)cryptography.hazmat.primitives.asymmetricrrr	r
rrr
�/cryptography.hazmat.primitives.asymmetric.typesrrr�cryptography.x509.extensionsrrrr�cryptography.x509.namerr�cryptography.x509.oidrr9�	Exceptionrr�r1rrWr�rXr6r?rAr^�Enumrlrq�ABCMetaru�registerr�r�r�r�rr�r�r�r�r�r�r�rrArSr`r\r%r$�<module>rms����
�
�
�����	�	�	�	�
�
�
�
�������@�@�@�@�@�@�@�@�@�@�@�@�@�@�����������������������������
������������3�2�2�2�2�2�2�2�2�2�2�2�2�2�'�X�&�t�Q��2�2�������	����E���'�E���I�m�4�5�E�
�E�E�E�E�	E�	�	E�����%�u�f�o�c�.B�B�C��	E�

�	E�	E�	E�	E��X�%6��8�;L�����!8�!8�!8�!8�!8�!8�!8�!8�HN�N�N�N�N�N�N�N�(�����e�j����
-�-�-�-�-�Y�-�-�-�i�i�i�i�i�C�K�i�i�i�i�Z���Y�*�+�+�+������3�;�����*���I�8�9�9�9� � � � � �/� � � �0q�q�q�q�q�#�+�q�q�q�q�h�"�"�9�#F�G�G�G�Q�Q�Q�Q�Q�#�+�Q�Q�Q�Q�j�"�"�9�#F�G�G�G�
(,�5�5�
�5� �*�5��5�5�5�5�(,�5�5�
�5� �*�5��5�5�5�5�(,�-�-�
�-� �*�-��-�-�-�-�(,�-�-�
�-� �*�-��-�-�-�-�(,�-�-�
�-� �*�-��-�-�-�-�(,�-�-�
�-� �*�-��-�-�-�-�YG�YG�YG�YG�YG�YG�YG�YG�xjO�jO�jO�jO�jO�jO�jO�jO�ZDG�DG�DG�DG�DG�DG�DG�DG�NF
�F
�F
�F
�F
�F
�F
�F
�R6�c�6�6�6�6�6�6r%