ó Àb‹Xc@`sddlmZmZmZddlZddlZddlZddlZddlm Z m Z ddl m Z m Z mZddlmZmZmZd„Zd„Zd„Zd „Zd „Zd „Zd „Zd „Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z!d„Z"d„Z#d„Z$d„Z%d„Z&d„Z'd„Z(d„Z)d„Z*d„Z+d„Z,d „Z-d!„Z.id"e j/j06d#e j/j16d$e j/j26d%e j/j36d&e j/j46d'e j/j56d(e j/j66d)e j/j76Z8d*„Z9d+„Z:d,„Z;d-„Z<ie'ej=6e+ej>6e%ej?6e*ej@6e*ejA6e.ejB6e&ejC6e ejD6e(ejE6e9ejF6eejG6e$ejH6e:ejI6e;ejJ6ZKie*ejA6e&ejC6e(ejE6eejL6ZMie*ejN6eejO6eejP6ZQdS(.i(tabsolute_importtdivisiontprint_functionN(tutilstx509(t_CRL_ENTRY_REASON_ENUM_TO_CODEt_DISTPOINT_TYPE_FULLNAMEt_DISTPOINT_TYPE_RELATIVENAME(tCRLEntryExtensionOIDt ExtensionOIDtNameOIDcC`sb|j|ƒ}|jj||jjƒ}|jj||jjƒ}|j||jjkƒ|S(s Converts a python integer to an ASN1_INTEGER. The returned ASN1_INTEGER will not be garbage collected (to support adding them to structs that take ownership of the object). Be sure to register it for GC if it will be discarded after use. (t _int_to_bnt_ffitgct_libtBN_freetBN_to_ASN1_INTEGERtNULLtopenssl_assert(tbackendtxti((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_ints cC`s.t||ƒ}|jj||jjƒ}|S(N(RR R RtASN1_INTEGER_free(RRR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_int_gc*scC`s>|jjƒ}|jj|||ƒ}|j|dkƒ|S(s@ Create an ASN1_OCTET_STRING from a Python byte string. i(RtASN1_OCTET_STRING_newtASN1_OCTET_STRING_setR(Rtdatatlengthtstres((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_str0scC`sV|jjƒ}|jj||jdƒt|jdƒƒƒ}|j|dkƒ|S(s³ Create an ASN1_UTF8STRING from a Python unicode string. This object will be an ASN1_STRING with UTF8 type in OpenSSL and can be decoded with ASN1_STRING_to_UTF8. tutf8i(RtASN1_UTF8STRING_newtASN1_STRING_settencodetlenR(RtstringRR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_utf8_str:s  'cC`s1t|||ƒ}|jj||jjƒ}|S(N(RR R RtASN1_OCTET_STRING_free(RRRR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_asn1_str_gcHscC`st||jƒS(N(Rt skip_certs(Rtinhibit_any_policy((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_inhibit_any_policyNscC`sœ|jjƒ}x†|jD]{}d}xl|D]d}t||ƒ}|jj||jjƒ}|jj||d|ƒ}|j|dkƒd}q,WqW|S(sP The X509_NAME created will not be gc'd. Use _encode_name_gc if needed. iiÿÿÿÿi( Rt X509_NAME_newtrdnst_encode_name_entryR R tX509_NAME_ENTRY_freetX509_NAME_add_entryR(Rtnametsubjecttrdntset_flagt attributet name_entryR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt _encode_nameRs   cC`s.t||ƒ}|jj||jjƒ}|S(N(R7R R RtX509_NAME_free(Rt attributesR2((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_name_gcfscC`s[|jjƒ}xE|D]=}t||ƒ}|jj||ƒ}|j|dkƒqW|S(s9 The sk_X50_NAME_ENTRY created will not be gc'd. i(Rtsk_X509_NAME_ENTRY_new_nullR.tsk_X509_NAME_ENTRY_pushR(RR9tstackR5R6R((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_sk_name_entryls  cC`s||jjdƒ}t||jjƒ}|jtjkrH|jj}n |jj }|jj |j j |||dƒ}|S(NR iÿÿÿÿ( tvalueR#t _txt2obj_gctoidt dotted_stringR t COUNTRY_NAMERt MBSTRING_ASCt MBSTRING_UTF8tX509_NAME_ENTRY_create_by_OBJR R(RR5R?tobjttypeR6((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR.xs  cC`st||jƒS(N(Rt crl_number(RRI((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_crl_number‡scC`sv|jjƒ}|j||jjkƒ|jj||jjƒ}|jj|t|j ƒ}|j|dkƒ|S(Ni( RtASN1_ENUMERATED_newRR RR tASN1_ENUMERATED_freetASN1_ENUMERATED_setRtreason(Rt crl_reasontasn1enumR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_crl_reason‹s cC`se|jj|jjtj|jjƒƒƒ}|j||jjkƒ|jj ||jj ƒ}|S(N( RtASN1_GENERALIZEDTIME_setR Rtcalendarttimegmtinvalidity_datet timetupleRR tASN1_GENERALIZEDTIME_free(RRUttime((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_invalidity_date—s  c C`sF|jjƒ}|j||jjkƒ|jj||jjƒ}xü|D]ô}|jjƒ}|j||jjkƒ|jj||ƒ}|j|dkƒt ||j j ƒ}||_ |j rJ|jjƒ}|j||jjkƒx@|j D]5}|jjƒ} |j| |jjkƒ|jj|| ƒ}|j|dkƒt|tjƒr¬t |tjj ƒ| _t||jdƒt|jdƒƒƒ| j_qùt |tjj ƒ| _|jjƒ} |j| |jjkƒ| | j_|jrt ||jƒ| _!nt"||j#ƒ| _$qùW||_%qJqJW|S(Nitascii(&Rtsk_POLICYINFO_new_nullRR RR tsk_POLICYINFO_freetPOLICYINFO_newtsk_POLICYINFO_pusht_txt2objtpolicy_identifierRBtpolicyidtpolicy_qualifierstsk_POLICYQUALINFO_new_nulltPOLICYQUALINFO_newtsk_POLICYQUALINFO_pusht isinstancetsixt text_typeRtOID_CPS_QUALIFIERtpqualidRR#R$tdtcpsuritOID_CPS_USER_NOTICEtUSERNOTICE_newt usernoticet explicit_textR&texptextt_encode_notice_referencetnotice_referencet noticereft qualifiers( Rtcertificate_policiestcpt policy_infotpiRRAtpqist qualifiertpqitun((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_certificate_policies£sJ    !  cC`s¾|dkr|jjS|jjƒ}|j||jjkƒt||jƒ|_|jjƒ}||_ xH|j D]=}t ||ƒ}|jj ||ƒ}|j|dkƒquW|SdS(Ni( tNoneR RRt NOTICEREF_newRR&t organizationtsk_ASN1_INTEGER_new_nullt noticenostnotice_numbersRtsk_ASN1_INTEGER_push(Rtnoticetnrt notice_stacktnumbertnumR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyRrÕs   cC`sA|jdƒ}|jj|dƒ}|j||jjkƒ|S(s_ Converts a Python string with an ASN.1 object ID in dotted form to a ASN1_OBJECT. RZi(R#Rt OBJ_txt2objRR R(RR1RG((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR_èscC`s.t||ƒ}|jj||jjƒ}|S(N(R_R R RtASN1_OBJECT_free(RR1RG((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR@óscC`st|ddƒS(sg The OCSP No Check extension is defined as a null ASN.1 value embedded in an ASN.1 string. si(R((Rtext((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_ocsp_nocheckùscC`sø|jj}|jjƒ}|jj||jjƒ}||d|jƒ}|j|dkƒ||d|jƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ||d|j ƒ}|j|dkƒ|j rª||d|jƒ}|j|dkƒ||d |jƒ}|j|dkƒnJ||ddƒ}|j|dkƒ||d dƒ}|j|dkƒ|S( Niiiiiiiii(RtASN1_BIT_STRING_set_bittASN1_BIT_STRING_newR R tASN1_BIT_STRING_freetdigital_signatureRtcontent_commitmenttkey_enciphermenttdata_enciphermentt key_agreementt key_cert_signtcrl_signt encipher_onlyt decipher_only(Rt key_usagetset_bittkuR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_key_usages6  cC`sÈ|jjƒ}|j||jjkƒ|jj||jjƒ}|jdk rvt ||jt |jƒƒ|_ n|j dk rt ||j ƒ|_n|jdk rÄt||jƒ|_n|S(N(RtAUTHORITY_KEYID_newRR RR tAUTHORITY_KEYID_freetkey_identifierRRR$tkeyidtauthority_cert_issuert_encode_general_namestissuertauthority_cert_serial_numberRtserial(Rtauthority_keyidtakid((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt _encode_authority_key_identifier!scC`sv|jjƒ}|jj||jjƒ}|jr9dnd|_|jrr|jdk rrt||jƒ|_ n|S(Niÿi( RtBASIC_CONSTRAINTS_newR R tBASIC_CONSTRAINTS_freetcat path_lengthRRtpathlen(Rtbasic_constraintst constraints((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_basic_constraints9s cC`sÈ|jjƒ}|j||jjkƒ|jj||jjƒ}x~|D]v}|jjƒ}t||j j ƒ}t ||j ƒ}||_ ||_|jj||ƒ}|j|dkƒqJW|S(Ni(Rtsk_ACCESS_DESCRIPTION_new_nullRR RR tsk_ACCESS_DESCRIPTION_freetACCESS_DESCRIPTION_newR_t access_methodRBt_encode_general_nametaccess_locationtmethodtlocationtsk_ACCESS_DESCRIPTION_push(Rtauthority_info_accesstaiataccess_descriptiontadR¹tgnR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt$_encode_authority_information_accessGs    cC`st|jjƒ}|j||jjkƒxE|D]=}t||ƒ}|jj||ƒ}|j|dkƒq/W|S(Ni(RtGENERAL_NAMES_newRR RR·tsk_GENERAL_NAME_push(Rtnamest general_namesR1RÀR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR¤[s cC`s.t||ƒ}|jj||jjƒ}|S(N(R¤R R RtGENERAL_NAMES_free(RtsanRÅ((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_alt_namefs cC`st||jt|jƒƒS(N(R(tdigestR$(Rtski((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_subject_key_identifiernscC`s]xMddgD]?}|j|ƒr |t|ƒ}|jdƒtj|ƒSq Wtj|ƒS(Ns*.t.RZ(t startswithR$R#tidna(R?tprefix((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt _idna_encoders cC`st|tjƒrÀ|jjƒ}|j||jjkƒ|jj|_ |jj ƒ}|j||jjkƒt |j ƒ}|jj ||t|ƒƒ}|j|dkƒ||j_nSt|tjƒrU|jjƒ}|j||jjkƒ|jj|_ |jj|j jjdƒdƒ}|j||jjkƒ||j_n¾t|tjƒr¿|jjƒ}|j||jjkƒt||j ƒ}|jj|_ ||j_nTt|tjƒr½|jjƒ}|j||jjkƒt|j tjƒr:|j jjt j!d |j j"dƒ}nMt|j tj#ƒr{|j jjt j!d |j j"dƒ}n |j j}t$||t|ƒƒ} |jj%|_ | |j_&nVt|tj'ƒr|jjƒ}|j||jjkƒ|jj(ƒ} |j| |jjkƒ|jj|j)jjdƒdƒ} |j| |jjkƒ|jj*d|j ƒ} |jj*dƒ} | | d <|jj+|jj| t|j ƒƒ}||jjkrâ|j,ƒt-d ƒ‚n| | _)|| _ |jj.|_ | |j_/nt|tj0ƒrˆ|jjƒ}|j||jjkƒt$||j1t|j1ƒƒ}|jj2|_ ||j_3n‹t|tj4ƒrþ|jjƒ}|j||jjkƒt$||j1t|j1ƒƒ}|jj5|_ ||j_6nt-d j7|ƒƒ‚|S(NiRZi ii€isunsigned char[]sunsigned char **isInvalid ASN.1 datas"{0} is an unknown GeneralName typeIl (8RfRtDNSNameRtGENERAL_NAME_newRR RtGEN_DNSRHtASN1_IA5STRING_newRÐR?R"R$RktdNSNamet RegisteredIDtGEN_RIDR‹RBR#t registeredIDt DirectoryNameR7t GEN_DIRNAMEt directoryNamet IPAddresst ipaddresst IPv4Networktnetwork_addresstpackedRt int_to_bytest num_addressest IPv6NetworkRt GEN_IPADDt iPAddresst OtherNamet OTHERNAME_newttype_idtnewt d2i_ASN1_TYPEt_consume_errorst ValueErrort GEN_OTHERNAMEt otherNamet RFC822Namet_encodedt GEN_EMAILt rfc822NametUniformResourceIdentifiertGEN_URItuniformResourceIdentifiertformat(RR1RÀtia5R?RRGtdir_nameRàtipaddrt other_nameRèRt data_ptr_ptrtasn1_str((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR·{s”            cC`sy|jjƒ}|jj||jjƒ}xH|D]@}t||jƒ}|jj||ƒ}|j|dkƒq1W|S(Ni( Rtsk_ASN1_OBJECT_new_nullR R tsk_ASN1_OBJECT_freeR_RBtsk_ASN1_OBJECT_pushR(Rtextended_key_usagetekuRARGR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_extended_key_usageØs iiiiiiiic C`s |jjƒ}|jj||jjƒ}xÚ|D]Ò}|jjƒ}|j||jjkƒ|jrß|jj ƒ}|j||jjkƒ||_xC|jD]5}|jj |t |dƒ}|j|dkƒq£Wn|j r=|jj ƒ}|j||jjkƒt|_t||j ƒ|j_||_n|jrº|jj ƒ}|j||jjkƒt|_t||jƒ} |j| |jjkƒ| |j_||_n|jrÛt||jƒ|_n|jj||ƒ}|j|dkƒq1W|S(Ni(Rtsk_DIST_POINT_new_nullR R tsk_DIST_POINT_freetDIST_POINT_newRRtreasonsRRt_CRLREASONFLAGSt full_nametDIST_POINT_NAME_newRRHR¤R1tfullnamet distpointt relative_nameRR>t relativenamet crl_issuert CRLissuertsk_DIST_POINT_push( Rtcrl_distribution_pointstcdptpointtdptbitmaskRNRtdpnR ((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_crl_distribution_pointsïs@            cC`s}|jjƒ}|j||jjkƒ|jj||jjƒ}t||jƒ}||_ t||j ƒ}||_ |S(N( RtNAME_CONSTRAINTS_newRR RR tNAME_CONSTRAINTS_freet_encode_general_subtreetpermitted_subtreestpermittedSubtreestexcluded_subtreestexcludedSubtrees(Rtname_constraintstnct permittedtexcluded((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_name_constraintss  cC`s•|jjƒ}|j||jjkƒ|jj||jjƒ}|jdk rjt ||jƒ|_ n|j dk r‘t ||j ƒ|_ n|S(N( RtPOLICY_CONSTRAINTS_newRR RR tPOLICY_CONSTRAINTS_freetrequire_explicit_policyRRtrequireExplicitPolicytinhibit_policy_mappingtinhibitPolicyMapping(Rtpolicy_constraintstpc((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyt_encode_policy_constraints)scC`st|dkr|jjS|jjƒ}xD|D]<}|jjƒ}t||ƒ|_|jj||ƒ}q,W|SdS(N( RR RRtsk_GENERAL_SUBTREE_new_nulltGENERAL_SUBTREE_newR·tbasetsk_GENERAL_SUBTREE_push(Rtsubtreestgeneral_subtreesR1tgsR((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyR:s   (Rt __future__RRRRSRÝRÎRgt cryptographyRRt0cryptography.hazmat.backends.openssl.decode_asn1RRRtcryptography.x509.oidRR R RRRR&R(R+R7R:R>R.RJRQRYR~RrR_R@RŽRžRªR²RÁR¤RÈRËRÐR·Rt ReasonFlagstkey_compromiset ca_compromisetaffiliation_changedt supersededtcessation_of_operationtcertificate_holdtprivilege_withdrawnt aa_compromiseRRR#R,RtBASIC_CONSTRAINTStSUBJECT_KEY_IDENTIFIERt KEY_USAGEtSUBJECT_ALTERNATIVE_NAMEtISSUER_ALTERNATIVE_NAMEtEXTENDED_KEY_USAGEtAUTHORITY_KEY_IDENTIFIERtCERTIFICATE_POLICIEStAUTHORITY_INFORMATION_ACCESStCRL_DISTRIBUTION_POINTStINHIBIT_ANY_POLICYt OCSP_NO_CHECKtNAME_CONSTRAINTStPOLICY_CONSTRAINTSt_EXTENSION_ENCODE_HANDLERSt CRL_NUMBERt_CRL_EXTENSION_ENCODE_HANDLERStCERTIFICATE_ISSUERt CRL_REASONtINVALIDITY_DATEt$_CRL_ENTRY_EXTENSION_ENCODE_HANDLERS(((sV/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/encode_asn1.pyts              2         ]         *