Current File : //usr/lib64/python3.9/site-packages/cryptography/x509/__pycache__/base.cpython-39.pyc
a

�a��@s�ddlZddlZddlZddlZddlmZddlmZddl	m
Z
mZddlm
Z
mZmZmZmZmZmZddlmZmZmZddlmZmZmZmZddlmZmZdd	l m!Z!e�d
dd�Z"Gdd
�d
e#�Z$eeej%eedd�dd�Z&e!ej%ej'e!e(fdd�dd�Z)ejejd�dd�Z*Gdd�d�Z+Gdd�d�Z,Gdd�dej-�Z.Gdd�de#�Z/Gdd �d ej0d!�Z1e1�2ej1�Gd"d#�d#ej0d!�Z3e3�2ej3�Gd$d%�d%e3�Z4Gd&d'�d'ej0d!�Z5e5�2ej5�Gd(d)�d)ej0d!�Z6e6�2ej6�dBe(ej7e1d*�d+d,�Z8dCe(ej7e1d*�d-d.�Z9dDe(ej7e6d*�d/d0�Z:dEe(ej7e6d*�d1d2�Z;dFe(ej7e5d*�d3d4�Z<dGe(ej7e5d*�d5d6�Z=Gd7d8�d8e>�Z?Gd9d:�d:e>�Z@Gd;d<�d<e>�ZAGd=d>�d>e>�ZBeCd?�d@dA�ZDdS)H�N)�utils)�x509)�hashes�
serialization)�dsa�ec�ed25519�ed448�rsa�x25519�x448)�CERTIFICATE_PUBLIC_KEY_TYPES�PRIVATE_KEY_TYPES�PUBLIC_KEY_TYPES)�	Extension�
ExtensionType�
Extensions�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��cs&eZdZeedd��fdd�Z�ZS)�AttributeNotFoundN)�msg�oid�returncstt|��|�||_dS�N)�superr�__init__r)�selfrr��	__class__��</usr/lib64/python3.9/site-packages/cryptography/x509/base.pyr*szAttributeNotFound.__init__)�__name__�
__module__�__qualname__�strrr�
__classcell__r"r"r r#r)sr)�	extension�
extensionsrcCs"|D]}|j|jkrtd��qdS)Nz$This extension has already been set.)r�
ValueError)r)r*�er"r"r#�_reject_duplicate_extension/sr-)r�
attributesrcCs"|D]\}}||krtd��qdS)Nz$This attribute has already been set.)r+)rr.Zattr_oid�_r"r"r#�_reject_duplicate_attribute9sr0��timercCs:|jdur2|��}|r|nt��}|jdd�|S|SdS)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)�tzinfo)r3Z	utcoffset�datetimeZ	timedelta�replace)r2�offsetr"r"r#�_convert_to_naive_utc_timeCs

r7c@s�eZdZejjfeeedd�dd�Z	e
ed�dd��Ze
ed�dd	��Zd
d�Ze
jed�d
d�Ze
jed�dd�Zed�dd�ZdS)�	AttributeN)r�value�_typercCs||_||_||_dSr)�_oid�_valuer:)rrr9r:r"r"r#rRszAttribute.__init__�rcCs|jSr)r;�rr"r"r#r\sz
Attribute.oidcCs|jSr)r<r>r"r"r#r9`szAttribute.valuecCsd�|j|j�S)Nz<Attribute(oid={}, value={!r})>)�formatrr9r>r"r"r#�__repr__dszAttribute.__repr__��otherrcCs2t|t�stS|j|jko0|j|jko0|j|jkSr)�
isinstancer8�NotImplementedrr9r:�rrBr"r"r#�__eq__gs

�
�zAttribute.__eq__cCs
||kSrr"rEr"r"r#�__ne__qszAttribute.__ne__cCst|j|j|jf�Sr)�hashrr9r:r>r"r"r#�__hash__tszAttribute.__hash__)r$r%r&rZ
UTF8Stringr9r�bytes�intr�propertyrr@�typing�Any�boolrFrGrIr"r"r"r#r8Qs��

r8c@sHeZdZejedd�dd�Zed�\ZZ	Z
dd�Zeed�d	d
�Z
dS)�
AttributesN)r.rcCst|�|_dSr)�list�_attributes)rr.r"r"r#ryszAttributes.__init__rRcCsd�|j�S)Nz<Attributes({})>)r?rRr>r"r"r#r@�szAttributes.__repr__�rrcCs0|D]}|j|kr|Sqtd�|�|��dS)NzNo {} attribute was found)rrr?)rr�attrr"r"r#�get_attribute_for_oid�s

z Attributes.get_attribute_for_oid)r$r%r&rM�Iterabler8rr�__len__�__iter__�__getitem__r@rrUr"r"r"r#rPxs�rPc@seZdZdZdZdS)�Versionr�N)r$r%r&Zv1�v3r"r"r"r#rZ�srZcs&eZdZeedd��fdd�Z�ZS)�InvalidVersionN)r�parsed_versionrcstt|��|�||_dSr)rr]rr^)rrr^r r"r#r�szInvalidVersion.__init__)r$r%r&r'rKrr(r"r"r r#r]�sr]c@sxeZdZejejed�dd��Zej	e
d�dd��Zej	ed�dd��Z
ejed�d	d
��Zej	ejd�dd��Zej	ejd�d
d��Zej	ed�dd��Zej	ed�dd��Zej	ejejd�dd��Zej	ed�dd��Zej	ed�dd��Zej	ed�dd��Zej	ed�dd��Zejee d�dd��Z!ejee d�d d!��Z"eje
d�d"d#��Z#eje$j%ed$�d%d&��Z&d'S)(�Certificate��	algorithmrcCsdS�z4
        Returns bytes using digest passed.
        Nr"�rrar"r"r#�fingerprint�szCertificate.fingerprintr=cCsdS)z3
        Returns certificate serial number
        Nr"r>r"r"r#�
serial_number�szCertificate.serial_numbercCsdS)z1
        Returns the certificate version
        Nr"r>r"r"r#�version�szCertificate.versioncCsdS�z(
        Returns the public key
        Nr"r>r"r"r#�
public_key�szCertificate.public_keycCsdS)z?
        Not before time (represented as UTC datetime)
        Nr"r>r"r"r#�not_valid_before�szCertificate.not_valid_beforecCsdS)z>
        Not after time (represented as UTC datetime)
        Nr"r>r"r"r#�not_valid_after�szCertificate.not_valid_aftercCsdS)z1
        Returns the issuer name object.
        Nr"r>r"r"r#�issuer�szCertificate.issuercCsdS�z2
        Returns the subject name object.
        Nr"r>r"r"r#�subject�szCertificate.subjectcCsdS�zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr"r>r"r"r#�signature_hash_algorithm�sz$Certificate.signature_hash_algorithmcCsdS�zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr"r>r"r"r#�signature_algorithm_oid�sz#Certificate.signature_algorithm_oidcCsdS)z/
        Returns an Extensions object.
        Nr"r>r"r"r#r*�szCertificate.extensionscCsdS�z.
        Returns the signature bytes.
        Nr"r>r"r"r#�	signature�szCertificate.signaturecCsdS)zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        Nr"r>r"r"r#�tbs_certificate_bytes�sz!Certificate.tbs_certificate_bytesrAcCsdS�z"
        Checks equality.
        Nr"rEr"r"r#rF�szCertificate.__eq__cCsdS�z#
        Checks not equal.
        Nr"rEr"r"r#rG�szCertificate.__ne__cCsdS�z"
        Computes a hash.
        Nr"r>r"r"r#rI�szCertificate.__hash__��encodingrcCsdS)zB
        Serializes the certificate to PEM or DER format.
        Nr"�rryr"r"r#�public_bytes�szCertificate.public_bytesN)'r$r%r&�abc�abstractmethodr�
HashAlgorithmrJrd�abstractpropertyrKrerZrfr
rhr4rirjrrkrmrM�Optionalrorrqrr*rsrt�objectrOrFrGrIr�Encodingr{r"r"r"r#r_�sF
�r_)�	metaclassc@sJeZdZejed�dd��Zejejd�dd��Zeje	d�dd��Z
dS)	�RevokedCertificater=cCsdS)zG
        Returns the serial number of the revoked certificate.
        Nr"r>r"r"r#resz RevokedCertificate.serial_numbercCsdS)zH
        Returns the date of when this certificate was revoked.
        Nr"r>r"r"r#�revocation_date
sz"RevokedCertificate.revocation_datecCsdS)zW
        Returns an Extensions object containing a list of Revoked extensions.
        Nr"r>r"r"r#r*szRevokedCertificate.extensionsN)r$r%r&r|rrKrer4r�rr*r"r"r"r#r�sr�c@sXeZdZeejed�dd�Zeed�dd��Zeejd�dd��Z	eed�d	d
��Z
dS)�_RawRevokedCertificate�rer�r*cCs||_||_||_dSr��_serial_number�_revocation_date�_extensions�rrer�r*r"r"r#rsz_RawRevokedCertificate.__init__r=cCs|jSr)r�r>r"r"r#re)sz$_RawRevokedCertificate.serial_numbercCs|jSr)r�r>r"r"r#r�-sz&_RawRevokedCertificate.revocation_datecCs|jSr)r�r>r"r"r#r*1sz!_RawRevokedCertificate.extensionsN)r$r%r&rKr4rrrLrer�r*r"r"r"r#r�s�
r�c@s�eZdZejejed�dd��Zeje	j
ed�dd��Zejee
jed�dd	��Zeje
je	j
d
�dd��Zejed
�d
d��Zejed
�dd��Zeje
jejd
�dd��Zejejd
�dd��Zejed
�dd��Zejed
�dd��Zejed
�dd��Zejeed�dd��Z ejeed�dd��Z!ejed
�d d!��Z"e
j#eed"�d#d$��Z$e
j#e%e
j&ed"�d%d$��Z$eje
j'ee%fe
j'ee
j&efd"�d&d$��Z$eje
j(ed
�d'd(��Z)eje*ed)�d*d+��Z+d,S)-�CertificateRevocationListrxcCsdS)z:
        Serializes the CRL to PEM or DER format.
        Nr"rzr"r"r#r{7sz&CertificateRevocationList.public_bytesr`cCsdSrbr"rcr"r"r#rd=sz%CertificateRevocationList.fingerprint)rercCsdS)zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nr")rrer"r"r#�(get_revoked_certificate_by_serial_numberCszBCertificateRevocationList.get_revoked_certificate_by_serial_numberr=cCsdSrnr"r>r"r"r#roLsz2CertificateRevocationList.signature_hash_algorithmcCsdSrpr"r>r"r"r#rqUsz1CertificateRevocationList.signature_algorithm_oidcCsdS)zC
        Returns the X509Name with the issuer of this CRL.
        Nr"r>r"r"r#rk[sz CertificateRevocationList.issuercCsdS)z?
        Returns the date of next update for this CRL.
        Nr"r>r"r"r#�next_updateasz%CertificateRevocationList.next_updatecCsdS)z?
        Returns the date of last update for this CRL.
        Nr"r>r"r"r#�last_updategsz%CertificateRevocationList.last_updatecCsdS)zS
        Returns an Extensions object containing a list of CRL extensions.
        Nr"r>r"r"r#r*msz$CertificateRevocationList.extensionscCsdSrrr"r>r"r"r#rsssz#CertificateRevocationList.signaturecCsdS)zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        Nr"r>r"r"r#�tbs_certlist_bytesysz,CertificateRevocationList.tbs_certlist_bytesrAcCsdSrur"rEr"r"r#rFsz CertificateRevocationList.__eq__cCsdSrvr"rEr"r"r#rG�sz CertificateRevocationList.__ne__cCsdS)z<
        Number of revoked certificates in the CRL.
        Nr"r>r"r"r#rW�sz!CertificateRevocationList.__len__)�idxrcCsdSrr"�rr�r"r"r#rY�sz%CertificateRevocationList.__getitem__cCsdSrr"r�r"r"r#rY�scCsdS)zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nr"r�r"r"r#rY�scCsdS)z8
        Iterator over the revoked certificates
        Nr"r>r"r"r#rX�sz"CertificateRevocationList.__iter__)rhrcCsdS)zQ
        Verifies signature of revocation list against given public key.
        Nr")rrhr"r"r#�is_signature_valid�sz,CertificateRevocationList.is_signature_validN),r$r%r&r|r}rr�rJr{rr~rdrKrMr�r�r�rrorrqrrkr4r�r�rr*rsr�r�rOrFrGrW�overloadrY�slice�List�Union�IteratorrXrr�r"r"r"r#r�6sV�
��r�c@s6eZdZejeed�dd��Zejeed�dd��Zeje	d�dd��Z
ejed�d	d
��Zej
ed�dd��Zej
ejejd�d
d��Zej
ed�dd��Zej
ed�dd��Zej
ed�dd��Zejejed�dd��Zej
ed�dd��Zej
ed�dd��Z ej
ed�dd��Z!ejeed�dd ��Z"d!S)"�CertificateSigningRequestrAcCsdSrur"rEr"r"r#rF�sz CertificateSigningRequest.__eq__cCsdSrvr"rEr"r"r#rG�sz CertificateSigningRequest.__ne__r=cCsdSrwr"r>r"r"r#rI�sz"CertificateSigningRequest.__hash__cCsdSrgr"r>r"r"r#rh�sz$CertificateSigningRequest.public_keycCsdSrlr"r>r"r"r#rm�sz!CertificateSigningRequest.subjectcCsdSrnr"r>r"r"r#ro�sz2CertificateSigningRequest.signature_hash_algorithmcCsdSrpr"r>r"r"r#rq�sz1CertificateSigningRequest.signature_algorithm_oidcCsdS)z@
        Returns the extensions in the signing request.
        Nr"r>r"r"r#r*�sz$CertificateSigningRequest.extensionscCsdS)z/
        Returns an Attributes object.
        Nr"r>r"r"r#r.�sz$CertificateSigningRequest.attributesrxcCsdS)z;
        Encodes the request to PEM or DER format.
        Nr"rzr"r"r#r{�sz&CertificateSigningRequest.public_bytescCsdSrrr"r>r"r"r#rs�sz#CertificateSigningRequest.signaturecCsdS)zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        Nr"r>r"r"r#�tbs_certrequest_bytes�sz/CertificateSigningRequest.tbs_certrequest_bytescCsdS)z8
        Verifies signature of signing request.
        Nr"r>r"r"r#r��sz,CertificateSigningRequest.is_signature_validrScCsdS)z:
        Get the attribute value for a given OID.
        Nr")rrr"r"r#rUsz/CertificateSigningRequest.get_attribute_for_oidN)#r$r%r&r|r}r�rOrFrGrKrIrrhrrrmrMr�rr~rorrqrr*rPr.rr�rJr{rsr�r�rUr"r"r"r#r��s:
�r�)�data�backendrcCs
t�|�Sr)�	rust_x509�load_pem_x509_certificate�r�r�r"r"r#r�sr�cCs
t�|�Sr)r��load_der_x509_certificater�r"r"r#r�sr�cCs
t�|�Sr)r��load_pem_x509_csrr�r"r"r#r�sr�cCs
t�|�Sr)r��load_der_x509_csrr�r"r"r#r�%sr�cCs
t�|�Sr)r��load_pem_x509_crlr�r"r"r#r�,sr�cCs
t�|�Sr)r��load_der_x509_crlr�r"r"r#r�3sr�c@s�eZdZdggfejeejeeejej	e
efd�dd�Zedd�dd�Z
eedd�d	d
�Ze
edd�dd
�Zdeejejejed�dd�ZdS)� CertificateSigningRequestBuilderN)�subject_namer*r.cCs||_||_||_dS)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_namer�rR)rr�r*r.r"r"r#r:s	z)CertificateSigningRequestBuilder.__init__��namercCs4t|t�std��|jdur$td��t||j|j�S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.N�&The subject name may only be set once.)rCr�	TypeErrorr�r+r�r�rR�rr�r"r"r#r�Gs


�z-CertificateSigningRequestBuilder.subject_name��extval�criticalrcCsDt|t�std��t|j||�}t||j�t|j|j|g|j	�S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rCrr�rrr-r�r�r�rR�rr�r�r)r"r"r#�
add_extensionSs

�z.CertificateSigningRequestBuilder.add_extension)rr9rcCsLt|t�std��t|t�s$td��t||j�t|j|j|j||fg�S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytes)	rCrr�rJr0rRr�r�r�)rrr9r"r"r#�
add_attributees

�z.CertificateSigningRequestBuilder.add_attribute��private_keyrar�rcCs |jdurtd��t�|||�S)zF
        Signs the request using the requestor's private key.
        Nz/A CertificateSigningRequest must have a subject)r�r+r�Zcreate_x509_csr�rr�rar�r"r"r#�signys	
z%CertificateSigningRequestBuilder.sign)N)r$r%r&rMr�rr�rr�TuplerrJrr�rOr�r�rrr~rNr�r�r"r"r"r#r�9s,��

���
�r�c
@seZdZUejeeed<ddddddgfeje	eje	eje
ejeejejejejejeedd�dd�Z
e	dd�dd�Ze	dd�d	d
�Ze
dd�dd
�Zedd�dd�Zejdd�dd�Zejdd�dd�Zeedd�dd�Zdeejejejed�dd�ZdS)�CertificateBuilderr�N)�issuer_namer�rhrerirjr*rcCs6tj|_||_||_||_||_||_||_||_	dSr)
rZr\Z_version�_issuer_namer��_public_keyr��_not_valid_before�_not_valid_afterr�)rr�r�rhrerirjr*r"r"r#r�s
zCertificateBuilder.__init__r�cCsDt|t�std��|jdur$td��t||j|j|j|j	|j
|j�S)z3
        Sets the CA's distinguished name.
        r�N�%The issuer name may only be set once.)rCrr�r�r+r�r�r�r�r�r�r�r�r"r"r#r��s

�zCertificateBuilder.issuer_namecCsDt|t�std��|jdur$td��t|j||j|j|j	|j
|j�S)z:
        Sets the requestor's distinguished name.
        r�Nr�)rCrr�r�r+r�r�r�r�r�r�r�r�r"r"r#r��s

�zCertificateBuilder.subject_name)�keyrc	Cs`t|tjtjtjtjt	j
tjt
jf�s.td��|jdur@td��t|j|j||j|j|j|j�S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)rCrZDSAPublicKeyr
ZRSAPublicKeyrZEllipticCurvePublicKeyrZEd25519PublicKeyr	ZEd448PublicKeyrZX25519PublicKeyrZ
X448PublicKeyr�r�r+r�r�r�r�r�r�r�)rr�r"r"r#rh�s2���
�zCertificateBuilder.public_key��numberrcCsht|t�std��|jdur$td��|dkr4td��|��dkrHtd��t|j|j|j	||j
|j|j�S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.N�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rCrKr�r�r+�
bit_lengthr�r�r�r�r�r�r��rr�r"r"r#re�s&

��z CertificateBuilder.serial_numberr1cCszt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j
|j|j||j|j
�S)z7
        Sets the certificate activation time.
        �Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rCr4r�r�r+r7�_EARLIEST_UTC_TIMEr�r�r�r�r�r�r��rr2r"r"r#ris,
���z#CertificateBuilder.not_valid_beforecCszt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j
|j|j|j||j
�S)z7
        Sets the certificate expiration time.
        r�Nz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rCr4r�r�r+r7r�r�r�r�r�r�r�r�r�r"r"r#rj s2
�����z"CertificateBuilder.not_valid_afterr�c	CsTt|t�std��t|j||�}t||j�t|j|j	|j
|j|j|j
|j|g�S)z=
        Adds an X.509 extension to the certificate.
        r�)rCrr�rrr-r�r�r�r�r�r�r�r�r�r"r"r#r�@s

�z CertificateBuilder.add_extensionr�cCsz|jdurtd��|jdur$td��|jdur6td��|jdurHtd��|jdurZtd��|jdurltd��t�|||�S)zC
        Signs the certificate using the CA's private key.
        Nz&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public key)	r�r+r�r�r�r�r�r�Zcreate_x509_certificater�r"r"r#r�Vs	





zCertificateBuilder.sign)N)r$r%r&rMr�rr�__annotations__r�rr
rKr4rr�r�rhrerirjrOr�rrr~rNr_r�r"r"r"r#r��sL
�

��%�!��
�r�c@s�eZdZUejeeed<ejeed<dddggfej	e
ej	ejej	ejejeeejed�dd�Ze
dd�dd	�Z
ejdd
�dd�Zejdd
�dd�Zeedd�dd�Zedd�dd�Zdeej	ejejed�dd�ZdS)� CertificateRevocationListBuilderr��_revoked_certificatesN)r�r�r�r*�revoked_certificatescCs"||_||_||_||_||_dSr)r��_last_update�_next_updater�r�)rr�r�r�r*r�r"r"r#rxs
z)CertificateRevocationListBuilder.__init__)r�rcCs<t|t�std��|jdur$td��t||j|j|j|j	�S)Nr�r�)
rCrr�r�r+r�r�r�r�r�)rr�r"r"r#r��s

�z,CertificateRevocationListBuilder.issuer_name)r�rcCsrt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	||j|j
|j�S)Nr��!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rCr4r�r�r+r7r�r�r�r�r�r�)rr�r"r"r#r��s(
���z,CertificateRevocationListBuilder.last_update)r�rcCsrt|tj�std��|jdur&td��t|�}|tkr>td��|jdurZ||jkrZtd��t|j	|j||j
|j�S)Nr�r�r�z8The next update date must be after the last update date.)rCr4r�r�r+r7r�r�r�r�r�r�)rr�r"r"r#r��s(
���z,CertificateRevocationListBuilder.next_updater�cCsLt|t�std��t|j||�}t||j�t|j|j	|j
|j|g|j�S)zM
        Adds an X.509 extension to the certificate revocation list.
        r�)rCrr�rrr-r�r�r�r�r�r�r�r"r"r#r��s

�z.CertificateRevocationListBuilder.add_extension)�revoked_certificatercCs2t|t�std��t|j|j|j|j|j|g�S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rCr�r�r�r�r�r�r�r�)rr�r"r"r#�add_revoked_certificate�s

�z8CertificateRevocationListBuilder.add_revoked_certificater�cCsD|jdurtd��|jdur$td��|jdur6td��t�|||�S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)r�r+r�r�r�Zcreate_x509_crlr�r"r"r#r��s


z%CertificateRevocationListBuilder.sign)N)r$r%r&rMr�rrr�r�r�rr4rr�r�r�rOr�r�rrr~rNr�r�r"r"r"r#r�tsH
�

�������
�r�c@s�eZdZddgfejeejejejee	d�dd�Z
edd�dd�Zejdd�d	d
�Ze	e
dd�dd
�Zdejed�dd�ZdS)�RevokedCertificateBuilderNr�cCs||_||_||_dSrr�r�r"r"r#r�sz"RevokedCertificateBuilder.__init__r�cCsXt|t�std��|jdur$td��|dkr4td��|��dkrHtd��t||j|j�S)Nr�r�rz$The serial number should be positiver�r�)	rCrKr�r�r+r�r�r�r�r�r"r"r#res

�
�z'RevokedCertificateBuilder.serial_numberr1cCsNt|tj�std��|jdur&td��t|�}|tkr>td��t|j||j	�S)Nr�z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rCr4r�r�r+r7r�r�r�r�r�r"r"r#r�s
�
�z)RevokedCertificateBuilder.revocation_dater�cCsDt|t�std��t|j||�}t||j�t|j|j	|j|g�S)Nr�)
rCrr�rrr-r�r�r�r�r�r"r"r#r�(s

�z'RevokedCertificateBuilder.add_extension)r�rcCs:|jdurtd��|jdur$td��t|j|jt|j��S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r+r�r�rr�)rr�r"r"r#�build6s

��zRevokedCertificateBuilder.build)N)r$r%r&rMr�rKr4r�rrrrer�rOr�rNr�r�r"r"r"r#r��s �
�
��r�r=cCst�t�d�d�d?S)N�Zbigr)rK�
from_bytes�os�urandomr"r"r"r#�random_serial_numberDsr�)N)N)N)N)N)N)Er|r4r�rMZcryptographyrZ"cryptography.hazmat.bindings._rustrr�Zcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrr	r
rrZ/cryptography.hazmat.primitives.asymmetric.typesr
rrZcryptography.x509.extensionsrrrrZcryptography.x509.namerrZcryptography.x509.oidrr��	Exceptionrr�r-r�rJr0r7r8rP�EnumrZr]�ABCMetar_�registerr�r�r�r�rNr�r�r�r�r�r�r�r�r�r�r�rKr�r"r"r"r#�<module>s�$	��
'lx[������������NnI