a aE(@s(UddlZddlZddlmZddlmZddlmZm Z Gdddej Z dde DZ e Zeje jeje jeje jeje jeje jeje jiZeje efZejd ejd ejd ejd ejd ejdej dejdej!di Z"ee#d<eedddZ$Gddde Z%Gddde Z&Gddde Z'dS)N)utils)x509)NameOIDObjectIdentifierc@s4eZdZdZdZdZdZdZdZdZ dZ d Z d Z d S) _ASN1Type N) __name__ __module__ __qualname__ UTF8StringZ NumericStringPrintableStringZ T61String IA5StringZUTCTimeZGeneralizedTimeZ VisibleStringZUniversalStringZ BMPStringrrrZCNLZSTOZOUCZSTREETZDCZUID_NAMEOID_TO_NAME)valreturncCs|sdS|dd}|dd}|dd}|dd }|d d }|d d }|dd}|dd}|ddvr|d|}|ddkr|ddd}|S)z>Escape special characters in RFC4514 Distinguished Name value.\z\\"z\"+z\+,z\,;z\;z\>z\00r)# r/Nz\ )replace)r#rrr_escape_dn_value9s          r2c@seZdZefddeeddddZeeddd Zeedd d Z eedd d Z de j e edddZeedddZeedddZedddZedddZdS) NameAttributeT) _validateN)oidrr$cCst|tstdt|ts$td|tjks8|tjkr|t|d}|dkr`|dur`t dn|dkr|t j d |dd|t krt|tj}t|tstd ||_||_||_dS) Nz2oid argument must be an ObjectIdentifier instance.zvalue argument must be a str.utf8Tz/Country name must be a 2 character country codezUCountry names should be two characters, but the attribute is {} characters in length.) stacklevelz%_type must be from the _ASN1Type enum) isinstancer TypeErrorstrr COUNTRY_NAMEJURISDICTION_COUNTRY_NAMElenencode ValueErrorwarningswarnformat _SENTINEL_NAMEOID_DEFAULT_TYPEgetrr_oid_value_type)selfr5rrIr4Zc_lenrrr__init__Rs:    zNameAttribute.__init__r$cCs|jSN)rGrJrrrr5szNameAttribute.oidcCs|jSrM)rHrNrrrrszNameAttribute.valuecCst|j|jjS)zt The short attribute name (for example "CN") if available, otherwise the OID dotted string. )r"rFr5Z dotted_stringrNrrrrfc4514_attribute_namesz$NameAttribute.rfc4514_attribute_nameattr_name_overridesr$cCs4|r||jnd}|dur"|j}d|t|jfS)z Format as RFC4514 Distinguished Name string. Use short attribute name if available, otherwise fall back to OID dotted string. Nz%s=%s)rFr5rOr2r)rJrQZ attr_namerrrrfc4514_strings zNameAttribute.rfc4514_stringotherr$cCs&t|tstS|j|jko$|j|jkSrM)r9r3NotImplementedr5rrJrTrrr__eq__s zNameAttribute.__eq__cCs ||k SrMrrVrrr__ne__szNameAttribute.__ne__cCst|j|jfSrM)hashr5rrNrrr__hash__szNameAttribute.__hash__cCs d|S)Nz/)rCrNrrr__repr__szNameAttribute.__repr__)N)rrrrDrr;rKpropertyr5rrOtypingOptional _OidNameMaprRobjectboolrWrXintrZr[rrrrr3Qs. 0 r3c@seZdZejedddZeejedddZ dej e e dd d Z eed d d Zeed ddZedddZejedddZedddZe dddZdS)RelativeDistinguishedName) attributescCs\t|}|stdtdd|Ds.td||_t||_t|jt|krXtddS)Nz-a relative distinguished name cannot be emptycss|]}t|tVqdSrMr9r3rxrrr rz5RelativeDistinguishedName.__init__..z/attributes must be an iterable of NameAttributez$duplicate attributes are not allowed)listr@allr: _attributes frozenset_attribute_setr>rJrdrrrrKs z"RelativeDistinguishedName.__init__r5r$csfdd|DS)Ncsg|]}|jkr|qSrr5rrprr rzDRelativeDistinguishedName.get_attributes_for_oid..rrJr5rrprget_attributes_for_oidsz0RelativeDistinguishedName.get_attributes_for_oidNrPcsdfdd|jDS)z Format as RFC4514 Distinguished Name string. Within each RDN, attributes are joined by '+', although that is rarely used in certificates. r(c3s|]}|VqdSrMrRrattrrQrrrhsz;RelativeDistinguishedName.rfc4514_string..)joinrkrJrQrrwrrRs z(RelativeDistinguishedName.rfc4514_stringrScCst|tstS|j|jkSrM)r9rcrUrmrVrrrrWs z RelativeDistinguishedName.__eq__cCs ||k SrMrrVrrrrXsz RelativeDistinguishedName.__ne__rLcCs t|jSrM)rYrmrNrrrrZsz"RelativeDistinguishedName.__hash__cCs t|jSrM)iterrkrNrrr__iter__sz"RelativeDistinguishedName.__iter__cCs t|jSrM)r>rkrNrrr__len__sz!RelativeDistinguishedName.__len__cCsd|S)Nz)rCrRrNrrrr[sz"RelativeDistinguishedName.__repr__)N)rrrr]Iterabler3rKrListrsr^r_r;rRr`rarWrXrbrZIteratorr{r|r[rrrrrcs  rcc@seZdZejejeddddZejejeddddZejej eefddddZd ej e e ddd Z eejed d d Zeejed ddZd!ejedddZeedddZeedddZed ddZejed ddZed ddZe d ddZdS)"NameN)rdr$cCsdSrMrrnrrrrKsz Name.__init__cCsdSrMrrnrrrrKscCs`t|}tdd|Dr,dd|D|_n0tdd|DrTttjt||_ntddS)Ncss|]}t|tVqdSrMrerfrrrrhrz Name.__init__..cSsg|]}ttt|gqSr)rcr]castr3rfrrrrqsz!Name.__init__..css|]}t|tVqdSrM)r9rcrfrrrrhrzNattributes must be a list of NameAttribute or a list RelativeDistinguishedName)rirjrkr]rr~rcr:rnrrrrKs  rPcsdfddt|jDS)a Format as RFC4514 Distinguished Name string. For example 'CN=foobar.com,O=Foo Corp,C=US' An X.509 name is a two-level structure: a list of sets of attributes. Each list element is separated by ',' and within each list element, set elements are separated by '+'. The latter is almost never used in real world certificates. According to RFC4514 section 2.1 the RDNSequence must be reversed when converting to string representation. r)c3s|]}|VqdSrMrtrurwrrrhsz&Name.rfc4514_string..)rxreversedrkryrrwrrR s zName.rfc4514_stringrocsfdd|DS)Ncsg|]}|jkr|qSrrprrprrrq!rz/Name.get_attributes_for_oid..rrrrrprrsszName.get_attributes_for_oidrLcCs|jSrMrkrNrrrrdns#sz Name.rdns)backendr$cCs t|SrM) rust_x509Zencode_name_bytes)rJrrrr public_bytes'szName.public_bytesrScCst|tstS|j|jkSrM)r9rrUrkrVrrrrW*s z Name.__eq__cCs ||k SrMrrVrrrrX0sz Name.__ne__cCstt|jSrM)rYtuplerkrNrrrrZ3sz Name.__hash__ccs |jD]}|D] }|VqqdSrMr)rJrdnZavarrrr{8s z Name.__iter__cCstdd|jDS)Ncss|]}t|VqdSrM)r>)rrrrrrh>rzName.__len__..)sumrkrNrrrr|=sz Name.__len__cCs ddd|jD}d|S)Nr)css|]}|VqdSrMrtrurrrrhArz Name.__repr__..z )rxrkrC)rJrrrrr[@sz Name.__repr__)N)N) rrrr]overloadr}r3rKrcUnionr^r_r;rRrr~rsr\rAnybytesrr`rarWrXrbrZrr{r|r[rrrrrs8    r)(r]rAZ cryptographyrZ"cryptography.hazmat.bindings._rustrrZcryptography.x509.oidrrEnumrZ_ASN1_TYPE_TO_ENUMr`rDr<rr=Z SERIAL_NUMBERZ DN_QUALIFIERZ EMAIL_ADDRESSrZDOMAIN_COMPONENTrEMappingr;r_Z COMMON_NAMEZ LOCALITY_NAMEZSTATE_OR_PROVINCE_NAMEZORGANIZATION_NAMEZORGANIZATIONAL_UNIT_NAMEZSTREET_ADDRESSZUSER_IDr"__annotations__r2r3rcrrrrrs:      b8