3 �F\�� � $ @ s� d dl Z d dlmZ d dlmZ d dlmZmZmZm Z m Z mZ d dlm ZmZmZ d dlmZ d dlmZmZ d dlmZ d d lmZmZmZ m!Z"m#Z$m%Z&m'Z(m)Z* d ddd ddddddddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-g$Z+ej,Z-ej.Z/dnZ0ej1Z2ej3Z4ej5Z6ej7Z8G d1d� de9�Z:ee e:�Z;e*e:�Z<d2d3� Z=d4d5� Z>dod6d7�Z?d8d9� Z@d:d;� ZAd<d=� ZBG d>d?� d?eC�ZDG d@d� deC�ZEeeEeFdAeG�ZHG dBdC� dCeC�ZIdDd� ZJdEd� ZKG dFd� deC�ZLeeLeFdGeG�ZMG dHd� deC�ZNeeNeFdIeG�ZOG dJd� deC�ZPeePeFdKeG�ZQG dLd� deC�ZReeReFdMeG�ZSG dNd� deC�ZTG dOd� deC�ZUeeUeFdPeG�ZVG dQd� de9�ZWG dRd� deC�ZXdSd� ZYdTd� ZZdUd� Z[dpdVd�Z\G dWd� deC�Z]G dXd � d eC�Z^ee^eFdYeG�Z_G dZd!� d!eC�Z`ee`eFd[eG�ZaG d\d"� d"eC�ZbeebeFd]eG�ZcG d^d#� d#eC�ZdeedeFd_eG�ZeG d`da� daeC�Zfdbd$� Zgdqdcd%�Zhddd&� Zided'� Zjdfd(� Zkdgd)� Zldhd*� Zmdid+� Zndjd,� Zodrdkd-�Zpejq� ejr� ejsdl� dS )s� N)� b16encode)�partial)�__eq__�__ne__�__lt__�__le__�__gt__�__ge__)� integer_types� text_type�PY3)�x509)�dsa�rsa)� deprecated)�ffi�lib�exception_from_error_queue�byte_string�native�UNSPECIFIED�text_to_bytes_and_warn�make_assert�FILETYPE_PEM� FILETYPE_ASN1� FILETYPE_TEXT�TYPE_RSA�TYPE_DSA�Error�PKey�get_elliptic_curves�get_elliptic_curve�X509Name� X509Extension�X509Req�X509�X509StoreFlags� X509Store�X509StoreContextError�X509StoreContext�load_certificate�dump_certificate�dump_publickey�dump_privatekey�Revoked�CRL�PKCS7�PKCS12�NetscapeSPKI�load_publickey�load_privatekey�dump_certificate_request�load_certificate_request�sign�verify�dump_crl�load_crl�load_pkcs7_data�load_pkcs12� � � c @ s e Zd ZdZdS )r z7 An error occurred in an `OpenSSL.crypto` API. N)�__name__� __module__�__qualname__�__doc__� rD rD �/usr/lib/python3.6/crypto.pyr N s c C s ddl m} | S )ap Importing the backend from cryptography has the side effect of activating the osrandom engine. This mutates the global state of OpenSSL in the process and causes issues for various programs that use subinterpreters or embed Python. By putting the import in this function we can avoid triggering this side effect unless _get_backend is called. r )�backend)Z,cryptography.hazmat.backends.openssl.backendrF )rF rD rD rE �_get_backendX s rG c C s t d| f ��dS )z� An OpenSSL API failed somehow. Additionally, the failure which was encountered isn't one that's exercised by the test suite so future behavior of pyOpenSSL is now somewhat less predictable. zUnknown %s failureN)�RuntimeError)�whererD rD rE �_untested_errord s rJ c C sd | dkrt jt j� �}t j}n(tjd| �}t j|t| ��}|fdd�}t|tj k� tj ||�}|S )z� Allocate a new OpenSSL memory BIO. Arrange for the garbage collector to clean it up automatically. :param buffer: None or some bytes to use to put into the BIO so that they can be read out. Nzchar[]c S s t j| �S )N)�_lib�BIO_free)�bio�refrD rD rE �free~ s z_new_mem_buf.<locals>.free)rK �BIO_new� BIO_s_memrL �_ffi�newZBIO_new_mem_buf�len�_openssl_assert�NULL�gc)�bufferrM rO �datarD rD rE �_new_mem_bufm s rZ c C s. t jd�}tj| |�}t j|d |�dd� S )zO Copy the contents of an OpenSSL BIO object into a Python byte string. zchar**r N)rR rS rK ZBIO_get_mem_datarX )rM � result_bufferZ buffer_lengthrD rD rE �_bio_to_string� s r\ c C s2 t |t�std��tj| |�}|dkr.td��dS )a� The the time value of an ASN1 time object. @param boundary: An ASN1_TIME pointer (or an object safely castable to that type) which will have its value set. @param when: A string representation of the desired time value. @raise TypeError: If C{when} is not a L{bytes} string. @raise ValueError: If C{when} does not represent a time in the required format. @raise RuntimeError: If the time value cannot be set for some other (unspecified) reason. zwhen must be a byte stringr zInvalid stringN)� isinstance�bytes� TypeErrorrK ZASN1_TIME_set_string� ValueError)�boundary�when� set_resultrD rD rE �_set_asn1_time� s rd c C s� t jd| �}tj|�dkrdS tj|�tjkr>t jtj|��S t jd�}tj | |� |d t j krltd� n6t jd|d �}tj|�}t j|�}tj|d � |S dS )a] Retrieve the time value of an ASN1 time object. @param timestamp: An ASN1_GENERALIZEDTIME* (or an object safely castable to that type) from which the time value will be retrieved. @return: The time value from C{timestamp} as a L{bytes} string in a certain format. Or C{None} if the object contains no time value. zASN1_STRING*r NzASN1_GENERALIZEDTIME**�ASN1_TIME_to_generalizedtime) rR �castrK �ASN1_STRING_lengthZASN1_STRING_typeZV_ASN1_GENERALIZEDTIME�string�ASN1_STRING_datarS re rV rJ ZASN1_GENERALIZEDTIME_free)Z timestampZstring_timestampZgeneralized_timestampZstring_data� string_resultrD rD rE �_get_asn1_time� s rk c @ s$ e Zd Zdd� Zdd� Zdd� ZdS )�_X509NameInvalidatorc C s g | _ d S )N)�_names)�selfrD rD rE �__init__� s z_X509NameInvalidator.__init__c C s | j j|� d S )N)rm �append)rn �namerD rD rE �add� s z_X509NameInvalidator.addc C s x| j D ]}|`qW d S )N)rm �_name)rn rq rD rD rE �clear� s z_X509NameInvalidator.clearN)r@ rA rB ro rr rt rD rD rD rE rl � s rl c @ sT e Zd ZdZdZdZdd� Zdd� Zedd � �Z d d� Z dd � Zdd� Zdd� Z dS )r zD A class representing an DSA or RSA public key or key pair. FTc C s"