;3h1ddlmZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddlmZGd d ej ZGd d ej Ze j&e j(e j*e j,e j.fZdd ZGddej ZGddZe j8Ze j:Ze j<ZGddZGddZ e jBZ!e jDZ"y)) annotationsN)Iterable)utilsx509)ocsp)hashes) CertificateIssuerPrivateKeyTypes)_reject_duplicate_extensionceZdZdZdZy)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname__HASHNAMEV/var/www/html/audio-gradio/venv/lib/python3.12/site-packages/cryptography/x509/ocsp.pyr r s D Drr c$eZdZdZdZdZdZdZdZy)OCSPResponseStatusrN) r rr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrs!JNILLrrc:t|ts tdy)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError) algorithms r_verify_algorithmr'*s! i 1 G   2rceZdZdZdZdZy)OCSPCertStatusrrrN)r rrGOODREVOKEDUNKNOWNrrrr)r)1s DGGrr)c4eZdZ ddZy)_SingleResponsec Ht|t|tjs td|%t|tjs td||_||_||_||_||_t|ts td|tjur| td|Wtdt|tjs td|%t|tjs td||_||_||_y)Nz%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectzCrevocation_reason must be an item from the ReasonFlags enum or None)r'r#datetime TypeError_resp _resp_hash _algorithm _this_update _next_updater)r+r%r ReasonFlags _cert_status_revocation_time_revocation_reason) selfresp resp_hashr& cert_status this_update next_updaterevocation_timerevocation_reasons r__init__z_SingleResponse.__init__8s3 )$+x'8'89CD D  ": **, KL L ##''+~6J  n44 4* !!, " ox/@/@A KLL ,Z!4#3#36 # ( /"3rN)r<z0tuple[x509.Certificate, x509.Certificate] | Noner=ztuple[bytes, bytes, int] | Noner&hashes.HashAlgorithmr>r)r?datetime.datetimer@datetime.datetime | NonerArFrBx509.ReasonFlags | None)r rrrCrrrr.r.7sU64>64364( 64 $ 64 ' 64.64264364rr.czeZdZddgf ddZ ddZ d dZ d dZd dZy) OCSPRequestBuilderNc.||_||_||_yN)_request _request_hash _extensions)r;request request_hash extensionss rrCzOCSPRequestBuilder.__init__ws  )%rc$|j |j tdt|t |t j rt |t j s tdt|||f|j|jS)N.Only one certificate can be added to a request%cert and issuer must be a Certificate) rLrMr%r'r#r Certificater1rIrN)r;certissuerr&s radd_certificatez"OCSPRequestBuilder.add_certificates == $(:(:(FMN N)$$ 0 01 D$$: CD D! 69 %t'9'94;K;K  rc|j |j tdt|ts t dt |tjd|tjd||jt|k7s|jt|k7r tdt|j||||f|jS)NrS serial_number must be an integerissuer_name_hashissuer_key_hash`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rLrMr%r#intr1r'r _check_bytes digest_sizelenrIrN)r;r[r\ serial_numberr&s radd_certificate_by_hashz*OCSPRequestBuilder.add_certificate_by_hashs == $(:(:(FMN N-->? ?)$ -/?@ ,o>  C %   " "c/&: :6  " MM  y I     rct|tjs tdtj|j ||}t ||jt|j|jg|j|SNz"extension must be an ExtensionType) r#r ExtensionTyper1 Extensionoidr rNrIrLrMr;extvalcritical extensions r add_extensionz OCSPRequestBuilder.add_extensionsu&$"4"45@A ANN6::x@ #It/?/?@! MM4--/M1A1A/M9/M  rcr|j|j tdtj|S)Nz*You must add a certificate before building)rLrMr%rcreate_ocsp_request)r;s rbuildzOCSPRequestBuilder.builds4 == T%7%7%?IJ J''--r)rOzFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | NonerPz5tuple[bytes, bytes, int, hashes.HashAlgorithm] | NonerQ(list[x509.Extension[x509.ExtensionType]]returnNone)rVx509.CertificaterWrtr&rDrrrI) r[bytesr\rurbr^r&rDrrrI)rjx509.ExtensionTyperkboolrrrI)rr OCSPRequest)r rrrCrXrcrmrprrrrIrIvs ?A & &  &= &  &  ! (    &     (    <  (  48    .rrIceZdZdddgf d dZ d dZ d dZ d dZ ddZ ddZ ddZ e dd Z y)OCSPResponseBuilderNc<||_||_||_||_yrK) _response _responder_id_certsrN)r;response responder_idcertsrQs rrCzOCSPResponseBuilder.__init__s"") %rc .|j tdt|tjrt|tjs t dt ||fd||||||} t| |j|j|jS)N#Only one response per OCSPResponse.rT) r|r%r#rrUr1r.rzr}r~rN) r;rVrWr&r>r?r@rArB singleresps r add_responsez OCSPResponseBuilder.add_responses >> %BC C$ 0 01 D$$: CD D$ 6N         #     KK      rc |j tdt|ts t dt j d|t j d|t||jt|k7s|jt|k7r tdtd|||f|||||| } t| |j|j|jS)NrrZr[r\r])r|r%r#r^r1rr_r'r`rar.rzr}r~rN) r;r[r\rbr&r>r?r@rArBrs radd_response_by_hashz(OCSPResponseBuilder.add_response_by_hashs >> %BC C-->? ? -/?@ ,o>)$  C %   " "c/&: :6  %   >        #     KK      rc |j tdt|tjs t dt|t s t dt|j||f|j|jS)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) r}r%r#rrUr1r rzr|r~rN)r;encodingresponder_certs rrz OCSPResponseBuilder.responder_id*s    )@A A.$*:*:;BC C($9:H # NN X & KK      rc |j tdt|}t|dk(r tdt d|Ds t dt |j|j||jS)Nz!certificates may only be set oncerzcerts must not be an empty listc3PK|]}t|tj ywrK)r#rrU).0xs r z3OCSPResponseBuilder.certificates..EsBq:a!1!12Bs$&z$certs must be a list of Certificates) r~r%listraallr1rzr|r}rN)r;rs r certificatesz OCSPResponseBuilder.certificates=s} ;; "@A AU  u:?>? ?BEBBBC C" NN          rc.t|tjs tdtj|j ||}t ||jt|j|j|jg|j|Sre) r#rrfr1rgrhr rNrzr|r}r~ris rrmz!OCSPResponseBuilder.add_extensionNs}&$"4"45@A ANN6::x@ #It/?/?@" NN    KK *d * *   rc|j td|j tdtjt j |||S)Nz&You must add a response before signingz*You must add a responder_id before signing)r|r%r}rcreate_ocsp_responserr)r; private_keyr&s rsignzOCSPResponseBuilder.sign^sT >> !EF F    %IJ J((  ) )4i  rct|ts td|tjur t dt j |dddS)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r#rr1rr%rr)clsresponse_statuss rbuild_unsuccessfulz&OCSPResponseBuilder.build_unsuccessfullsS/+=>I  0;; ;CD D(($dKKr)rz_SingleResponse | Nonerz5tuple[x509.Certificate, OCSPResponderEncoding] | Nonerzlist[x509.Certificate] | NonerQrq)rVrtrWrtr&rDr>r)r?rEr@rFrArFrBrGrrrz)r[rur\rurbr^r&rDr>r)r?rEr@rFrArFrBrGrrrz)rr rrtrrrz)rzIterable[x509.Certificate]rrrz)rjrvrkrwrrrz)rr r&zhashes.HashAlgorithm | Nonerr OCSPResponse)rrrrr) r rrrCrrrrrmr classmethodrrrrrzrzs,0/3?A &( & & - & = &" " !" ( " $ " ' " ." 2" 3"  " H, , ,  , ( , $ , ', ., 2, 3,  , \ - ?O  & /  " ( 48   5  /      L0 L  L Lrrz)r&rDrrrs)# __future__rr0collections.abcr cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesr/cryptography.hazmat.primitives.asymmetric.typesr cryptography.x509.baser Enumr rSHA1SHA224SHA256SHA384SHA512r$r'r)r.rxrOCSPSingleResponserIrzload_der_ocsp_requestload_der_ocsp_responserrrrs #$$31?EJJ  KK MM MM MM MM  UZZ 7474t   ,,Q.Q.hmLmL`2244r