3 'YE@sdZddlmZmZmZmZddlmZmZddl m Z m Z m Z m Z mZmZmZmZmZmZmZmZmZddlmZmZddlmZddlmZmZmZm Z Gd d d eZ!Gd d d eZ"Gd ddeZ#GdddeZ$GdddeZ%GdddeZ&GdddeZ'GdddeZ(GdddeZ)GdddeZ*GdddeZ+Gdd d eZ,Gd!d"d"eZ-Gd#d$d$eZ.Gd%d&d&eZ/Gd'd(d(eZ0Gd)d*d*eZ1Gd+d,d,eZ2Gd-d.d.eZ3Gd/d0d0e Z4Gd1d2d2e Z5Gd3d4d4eZ6Gd5d6d6e Z7Gd7d8d8eZ8Gd9d:d:eZ9Gd;d<dd>eZ;Gd?d@d@eZGdEdFdFeZ?GdGdHdHeZ@GdIdJdJeZAGdKdLdLeZBGdMdNdNeZCGdOdPdPeZDdQS)Rz ASN.1 type classes for the online certificate status protocol (OCSP). Exports the following items: - OCSPRequest() - OCSPResponse() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_function)DigestAlgorithmSignedDigestAlgorithm) BooleanChoice EnumeratedGeneralizedTime IA5StringIntegerNullObjectIdentifierOctetBitString OctetStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntax CRLReason)PublicKeyAlgorithm) Certificate GeneralName GeneralNamesNamec@seZdZddiZdS)Versionrv1N)__name__ __module__ __qualname___mapr#r#1/usr/lib/python3/dist-packages/asn1crypto/ocsp.pyr'src@s(eZdZdefdefdefdefgZdS)CertIdZhash_algorithmZissuer_name_hashZissuer_key_hashZ serial_numberN)rr r!rrr_fieldsr#r#r#r$r%-sr%c@seZdZdefdefgZdS)ServiceLocatorZissuerZlocatorN)rr r!rrr&r#r#r#r$r'6sr'c@seZdZddiZdS)RequestExtensionIdz1.3.6.1.5.5.7.48.1.7service_locatorN)rr r!r"r#r#r#r$r(=sr(c@s4eZdZdefdeddifdefgZdZdeiZ dS) RequestExtensionextn_idcriticaldefaultF extn_valuer)N)r+r.) rr r!r(r rr& _oid_pairr' _oid_specsr#r#r#r$r*Cs   r*c@seZdZeZdS)RequestExtensionsN)rr r!r* _child_specr#r#r#r$r1Psr1c@sPeZdZdefdedddfgZdZdZdZdd Z e d d Z e d d Z dS)RequestZreq_certsingle_request_extensionsrT)explicitoptionalFNcCsht|_xT|dD]H}|dj}d|}t||rDt|||dj|djr|jj|qWd|_dS)zv Sets common named extensions to private attributes and creates a list of critical extensions r4r+z _%s_valuer.r,TN)set_critical_extensionsnativehasattrsetattrparsedadd_processed_extensions)self extensionnameattribute_namer#r#r$_set_extensions^s   zRequest._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r>rCr8)r?r#r#r$critical_extensionsps zRequest.critical_extensionscCs|jdkr|j|jS)z This extension is used when communicating with an OCSP responder that acts as a proxy for OCSP requests :return: None or a ServiceLocator object F)r>rC_service_locator_value)r?r#r#r$service_locator_value~s zRequest.service_locator_value) rr r!r%r1r&r>r8rErCpropertyrDrFr#r#r#r$r3Ts r3c@seZdZeZdS)RequestsN)rr r!r3r2r#r#r#r$rHsrHc@seZdZddiZdS) ResponseTypez1.3.6.1.5.5.7.48.1.1basic_ocsp_responseN)rr r!r"r#r#r#r$rIsrIc@seZdZeZdS)AcceptableResponsesN)rr r!rIr2r#r#r#r$rKsrKc@s"eZdZdefdeddifgZdS)PreferredSignatureAlgorithmZsig_identifierZcert_identifierr6TN)rr r!rrr&r#r#r#r$rLsrLc@seZdZeZdS)PreferredSignatureAlgorithmsN)rr r!rLr2r#r#r#r$rMsrMc@seZdZddddZdS)TBSRequestExtensionIdnonceacceptable_responsespreferred_signature_algorithms)z1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.4z1.3.6.1.5.5.7.48.1.8N)rr r!r"r#r#r#r$rNsrNc@s8eZdZdefdeddifdefgZdZee e dZ dS) TBSRequestExtensionr+r,r-Fr.)rOrPrQN)r+r.) rr r!rNr rr&r/rrKrMr0r#r#r#r$rRs  rRc@seZdZeZdS)TBSRequestExtensionsN)rr r!rRr2r#r#r#r$rSsrSc@s@eZdZdedddfdedddfd efd ed ddfgZd S) TBSRequestversionrr)r5r-Zrequestor_namerT)r5r6Z request_listrequest_extensionsN)rr r!rrrHrSr&r#r#r#r$rTsrTc@seZdZeZdS) CertificatesN)rr r!rr2r#r#r#r$rXsrXc@s*eZdZdefdefdedddfgZdS) Signaturesignature_algorithm signaturecertsrT)r5r6N)rr r!rrrXr&r#r#r#r$rYsrYc@speZdZdefdedddfgZdZdZdZdZ dZ dd Z e d d Z e d d Ze ddZe ddZdS) OCSPRequest tbs_requestZoptional_signaturerT)r5r6FNcCslt|_xX|ddD]H}|dj}d|}t||rHt|||dj|djr|jj|qWd|_dS) zv Sets common named extensions to private attributes and creates a list of critical extensions r^rVr+z _%s_valuer.r,TN)r7r8r9r:r;r<r=r>)r?r@rArBr#r#r$rCs   zOCSPRequest._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r>rCr8)r?r#r#r$rDs zOCSPRequest.critical_extensionscCs|jdkr|j|jS)z This extension is used to prevent replay attacks by including a unique, random value with each request/response pair :return: None or an OctetString object F)r>rC _nonce_value)r?r#r#r$ nonce_values zOCSPRequest.nonce_valuecCs|jdkr|j|jS)a( This extension is used to allow the client and server to communicate with alternative response formats other than just basic_ocsp_response, although no other formats are defined in the standard. :return: None or an AcceptableResponses object F)r>rC_acceptable_responses_value)r?r#r#r$acceptable_responses_values z&OCSPRequest.acceptable_responses_valuecCs|jdkr|j|jS)aj This extension is used by the client to define what signature algorithms are preferred, including both the hash algorithm and the public key algorithm, with a level of detail down to even the public key algorithm parameters, such as curve name. :return: None or a PreferredSignatureAlgorithms object F)r>rC%_preferred_signature_algorithms_value)r?r#r#r$$preferred_signature_algorithms_values z0OCSPRequest.preferred_signature_algorithms_value)rr r!rTrYr&r>r8r_rarcrCrGrDr`rbrdr#r#r#r$r]s   r]c@seZdZdddddddZdS) OCSPResponseStatusZ successfulZmalformed_requestZinternal_errorZ try_laterZ sign_requiredZ unauthorized)rrrWN)rr r!r"r#r#r#r$re0s rec@s(eZdZdeddifdeddifgZdS) ResponderIdZby_namer5rZby_keyrWN)rr r!rr _alternativesr#r#r#r$ri;s ric@s$eZdZdefdedddfgZdS) RevokedInfoZrevocation_timeZrevocation_reasonrT)r5r6N)rr r!r rr&r#r#r#r$rkBsrkc@s4eZdZdeddifdeddifdeddifgZdS) CertStatusZgoodZimplicitrZrevokedrunknownrWN)rr r!rrkrjr#r#r#r$rlIs  rlc@s:eZdZdedddfdedddfdedddfgZd S) CrlIdZcrl_urlrT)r5r6Zcrl_numrZcrl_timerWN)rr r!r rr r&r#r#r#r$rnQsrnc@seZdZdddddddZdS) SingleResponseExtensionIdcrlarchive_cutoff crl_reasoninvalidity_datecertificate_issuer!signed_certificate_timestamp_list)z1.3.6.1.5.5.7.48.1.3z1.3.6.1.5.5.7.48.1.6z 2.5.29.21z 2.5.29.24z 2.5.29.29z1.3.6.1.4.1.11129.2.4.5N)rr r!r"r#r#r#r$roYs roc@s>eZdZdefdeddifdefgZdZee e e e e dZ dS) SingleResponseExtensionr+r,r-Fr.)rprqrrrsrtruN)r+r.)rr r!ror rr&r/rnr rrrr0r#r#r#r$rvgs  rvc@seZdZeZdS)SingleResponseExtensionsN)rr r!rvr2r#r#r#r$rwysrwc @seZdZdefdefdefdedddfded ddfgZd Zd Z d Z d Z d Z d Z d Zd d ZeddZeddZeddZeddZeddZeddZd S)SingleResponseZcert_idZ cert_statusZ this_updateZ next_updaterT)r5r6single_extensionsrFNcCsht|_xT|dD]H}|dj}d|}t||rDt|||dj|djr|jj|qWd|_dS)zv Sets common named extensions to private attributes and creates a list of critical extensions ryr+z _%s_valuer.r,TN)r7r8r9r:r;r<r=r>)r?r@rArBr#r#r$rCs   zSingleResponse._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r>rCr8)r?r#r#r$rDs z"SingleResponse.critical_extensionscCs|jdkr|j|jS)z This extension is used to locate the CRL that a certificate's revocation is contained within. :return: None or a CrlId object F)r>rC _crl_value)r?r#r#r$ crl_values zSingleResponse.crl_valuecCs|jdkr|j|jS)z This extension is used to indicate the date at which an archived (historical) certificate status entry will no longer be available. :return: None or a GeneralizedTime object F)r>rC_archive_cutoff_value)r?r#r#r$archive_cutoff_values z#SingleResponse.archive_cutoff_valuecCs|jdkr|j|jS)z This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)r>rC_crl_reason_value)r?r#r#r$crl_reason_values zSingleResponse.crl_reason_valuecCs|jdkr|j|jS)a= This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)r>rC_invalidity_date_value)r?r#r#r$invalidity_date_values z$SingleResponse.invalidity_date_valuecCs|jdkr|j|jS)z This extension indicates the issuer of the certificate in question. :return: None or an x509.GeneralNames object F)r>rC_certificate_issuer_value)r?r#r#r$certificate_issuer_values z'SingleResponse.certificate_issuer_value)rr r!r%rlr rwr&r>r8rzr|r~rrrCrGrDr{r}rrrr#r#r#r$rx}s&    rxc@seZdZeZdS) ResponsesN)rr r!rxr2r#r#r#r$rsrc@seZdZdddZdS)ResponseDataExtensionIdrOextended_revoke)z1.3.6.1.5.5.7.48.1.2z1.3.6.1.5.5.7.48.1.9N)rr r!r"r#r#r#r$rsrc@s6eZdZdefdeddifdefgZdZee dZ dS) ResponseDataExtensionr+r,r-Fr.)rOrN)r+r.) rr r!rr rr&r/rrr0r#r#r#r$rs   rc@seZdZeZdS)ResponseDataExtensionsN)rr r!rr2r#r#r#r$rsrc @s>eZdZdedddfdefdefdefded d d fgZd S) ResponseDatarUrr)r5r-Z responder_idZ produced_atZ responsesresponse_extensionsrT)r5r6N) rr r!rrir rrr&r#r#r#r$rs rc@s0eZdZdefdefdefdedddfgZdS) BasicOCSPResponsetbs_response_datarZr[r\rT)r5r6N)rr r!rrrrXr&r#r#r#r$rsrc@s(eZdZdefdefgZdZdeiZdS) ResponseBytes response_typeresponserJN)rr) rr r!rIrr&r/rr0r#r#r#r$r%s rc@sxeZdZdefdedddfgZdZdZdZdZ dd Z e d d Z e d d Z e ddZe ddZe ddZdS) OCSPResponseZresponse_statusresponse_bytesrT)r5r6FNcCsvt|_xb|ddjddD]H}|dj}d|}t||rRt|||dj|djr |jj|q Wd |_d S) zv Sets common named extensions to private attributes and creates a list of critical extensions rrrrr+z _%s_valuer.r,TN)r7r8r<r9r:r;r=r>)r?r@rArBr#r#r$rC<s   zOCSPResponse._set_extensionscCs|js|j|jS)z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings )r>rCr8)r?r#r#r$rDNs z OCSPResponse.critical_extensionscCs|jdkr|j|jS)z This extension is used to prevent replay attacks on the request/response exchange :return: None or an OctetString object F)r>rCr_)r?r#r#r$r`\s zOCSPResponse.nonce_valuecCs|jdkr|j|jS)z This extension is used to signal that the responder will return a "revoked" status for non-issued certificates. :return: None or a Null object (if present) F)r>rC_extended_revoke_value)r?r#r#r$extended_revoke_valuejs z"OCSPResponse.extended_revoke_valuecCs|ddjS)z A shortcut into the BasicOCSPResponse sequence :return: None or an asn1crypto.ocsp.BasicOCSPResponse object rr)r<)r?r#r#r$rJxs z OCSPResponse.basic_ocsp_responsecCs|ddjdS)z A shortcut into the parsed, ResponseData sequence :return: None or an asn1crypto.ocsp.ResponseData object rrr)r<)r?r#r#r$ response_datas zOCSPResponse.response_data)rr r!rerr&r>r8r_rrCrGrDr`rrJrr#r#r#r$r1s    rN)E__doc__Z __future__rrrrZalgosrrZcorer r r r r rrrrrrrrrprrkeysrZx509rrrrrr%r'r(r*r1r3rHrIrKrLrMrNrRrSrTrXrYr]rerirkrlrnrorvrwrxrrrrrrrrr#r#r#r$ sT<   9 Z x