ِ SSKJr SSKrSSKrSSKrSSKrSSKrSSKJr SSK J r SSK J r Jr SSKJrJrJrJrJrJrJrJr SSKJrJrJr SSKJrJrJrJ r SS K!J"r"J#r# SS K$J%r% \R"S S S 5r&\RN\ RP\ RR\ RT\ RV\ RX\ RZ\ R\\ R^4r0"S S\15r2S.Sjr3S/Sjr4S0Sjr5"SS5r6"SS5r7"SS\Rp5r9"SS\15r:"SS\RvS9r<\\>R{\ R|5 "SS \>5r?"S!S"\RvS9r@\@R{\ R5 "S#S$\RvS9rA\AR{\ R5 \ RrB\ RrC\ RrD\ RrE\ RrF\ RrG\ RrH"S%S&5rI"S'S(5rJ"S)S*5rK"S+S,5rLS1S-jrMg)2) annotationsN)utils)x509)hashes serialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric,^\rSrSrSU4SjjrSrU=r$)AttributeNotFound8c0>[TU]U5 X lgN)super__init__oid)selfmsgr" __class__s Qplatform/bundledpythonunix/lib/python3.13/site-packages/cryptography/x509/base.pyr!AttributeNotFound.__init__9s )r")r$strr"rreturnNone__name__ __module__ __qualname____firstlineno__r!__static_attributes__ __classcell__r%s@r&rr8s r(rc`UH(nURUR:XdM[S5e g)Nz$This extension has already been set.)r" ValueError) extension extensionses r&_reject_duplicate_extensionr9>s*  55IMM !CD Dr(c>UHun nX :XdM[S5e g)Nz$This attribute has already been set.)r5)r" attributesattr_oid_s r&_reject_duplicate_attributer>Hs% %!Q ?CD D%r(cURb@UR5nU(aUO[R"5nUR SS9U- $U$)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)rA utcoffsetdatetime timedeltareplace)timeoffsets r&_convert_to_naive_utc_timerHRsG  {{!!x'9'9';||4|(611 r(c\rSrSr\R R 4S Sjjr\S Sj5r \S Sj5rS Sjr SSjr SSjr Sr g ) Attribute`c(XlX lX0lgr)_oid_value_type)r#r"valuerOs r&r!Attribute.__init__as    r(cUR$r)rMr#s r&r" Attribute.oidks yyr(cUR$r)rNrSs r&rPAttribute.valueos {{r(c>SURSUR<S3$)Nz)r"rPrSs r&__repr__Attribute.__repr__ss  (4::.CCr(c[U[5(d[$URUR:H=(a9 URUR:H=(a UR UR :H$r) isinstancerJNotImplementedr"rPrOr#others r&__eq__Attribute.__eq__vsV%++! ! HH ! * ekk) * ekk) r(cZ[URURUR45$r)hashr"rPrOrSs r&__hash__Attribute.__hash__s TXXtzz4::677r()rMrOrNN)r"rrPbytesrOintr*r+r*rr*rfr*r)r_objectr*boolr*rg)r-r.r/r0r UTF8StringrPr!propertyr"rYr`rdr1r(r&rJrJ`sv ))//     D 8r(rJcR\rSrSrSSjr\"S5urrrS Sjr S Sjr Sr g) Attributesc$[U5Ulgr)list _attributes)r#r;s r&r!Attributes.__init__s +r(rwc"SURS3$)Nz ?EEr(rzN)r;ztyping.Iterable[Attribute]r*r+rj)r"rr*rJ) r-r.r/r0r!r__len____iter__ __getitem__rYr~r1rqr(r&rsrss7,., , &[TU]U5 X lgr)r r!parsed_version)r#r$rr%s r&r!InvalidVersion.__init__s ,r()r)r$r)rrgr*r+r,r3s@r&rrs --r(rc,\rSrSr\R SSj5r\\R SSj55r\\R SSj55r \R SSj5r \\R SSj55r \\R SSj55r \\R SSj55r \\R SS j55r\\R SS j55r\\R S S j55r\\R S S j55r\\R S!S j55r\\R SSj55r\\R S"Sj55r\\R S#Sj55r\\R S$Sj55r\\R S$Sj55r\\R S$Sj55r\R S%Sj5r\R SSj5r\R S&Sj5r\R S'Sj5rSrg)( Certificatecgz$ Returns bytes using digest passed. Nrqr# algorithms r& fingerprintCertificate.fingerprintr(cg)z# Returns certificate serial number NrqrSs r& serial_numberCertificate.serial_numberrr(cg)z! Returns the certificate version NrqrSs r&versionCertificate.versionrr(cgz Returns the public key NrqrSs r& public_keyCertificate.public_keyrr(cg)z1 Returns the ObjectIdentifier of the public key. NrqrSs r&public_key_algorithm_oid$Certificate.public_key_algorithm_oidrr(cg)z/ Not before time (represented as UTC datetime) NrqrSs r&not_valid_beforeCertificate.not_valid_beforerr(cg)z; Not before time (represented as a non-naive UTC datetime) NrqrSs r&not_valid_before_utc Certificate.not_valid_before_utcrr(cg)z. Not after time (represented as UTC datetime) NrqrSs r&not_valid_afterCertificate.not_valid_afterrr(cg)z: Not after time (represented as a non-naive UTC datetime) NrqrSs r&not_valid_after_utcCertificate.not_valid_after_utcrr(cg)z! Returns the issuer name object. NrqrSs r&issuerCertificate.issuerrr(cgz" Returns the subject name object. NrqrSs r&subjectCertificate.subjectrr(cgz\ Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. NrqrSs r&signature_hash_algorithm$Certificate.signature_hash_algorithmrr(cgz: Returns the ObjectIdentifier of the signature algorithm. NrqrSs r&signature_algorithm_oid#Certificate.signature_algorithm_oidrr(cgz- Returns the signature algorithm parameters. NrqrSs r&signature_algorithm_parameters*Certificate.signature_algorithm_parametersrr(cg)z Returns an Extensions object. NrqrSs r&r7Certificate.extensions rr(cgz Returns the signature bytes. NrqrSs r& signatureCertificate.signaturerr(cg)zB Returns the tbsCertificate payload bytes as defined in RFC 5280. NrqrSs r&tbs_certificate_bytes!Certificate.tbs_certificate_bytesrr(cg)zP Returns the tbsCertificate payload bytes with the SCT list extension stripped. NrqrSs r&tbs_precertificate_bytes$Certificate.tbs_precertificate_bytesrr(cgz Checks equality. Nrqr^s r&r`Certificate.__eq__&rr(cgz Computes a hash. NrqrSs r&rdCertificate.__hash__,rr(cg)z2 Serializes the certificate to PEM or DER format. Nrqr#encodings r& public_bytesCertificate.public_bytes2rr(cg)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nrq)r#rs r&verify_directly_issued_by%Certificate.verify_directly_issued_by8rr(rqNrzhashes.HashAlgorithmr*rfrn)r*rr*rrhr*datetime.datetimer*rr*zhashes.HashAlgorithm | Noner*z0None | padding.PSS | padding.PKCS1v15 | ec.ECDSAr*rrirkrzserialization.Encodingr*rf)rrr*r+)r-r.r/r0abcabstractmethodrrprrrrrrrrrrrrrr7rrrr`rdrrr1rqr(r&rrs                        $     9                      r(r) metaclassc\rSrSr\\R SSj55r\\R S Sj55r\\R S Sj55r \\R S Sj55r Sr g) RevokedCertificateiEcg)z7 Returns the serial number of the revoked certificate. NrqrSs r&r RevokedCertificate.serial_numberFrr(cg)z8 Returns the date of when this certificate was revoked. NrqrSs r&revocation_date"RevokedCertificate.revocation_dateMrr(cg)zT Returns the date of when this certificate was revoked as a non-naive UTC datetime. NrqrSs r&revocation_date_utc&RevokedCertificate.revocation_date_utcTrr(cg)zG Returns an Extensions object containing a list of Revoked extensions. NrqrSs r&r7RevokedCertificate.extensions\rr(rqNrnrr) r-r.r/r0rprrrrrr7r1rqr(r&rrEs         r(rcz\rSrSrS Sjr\S Sj5r\S Sj5r\S Sj5r\S Sj5r Sr g) _RawRevokedCertificateihc(XlX lX0lgr_serial_number_revocation_date _extensionsr#rrr7s r&r!_RawRevokedCertificate.__init__i , /%r(cUR$r)rrSs r&r$_RawRevokedCertificate.serial_numberss"""r(cb[R"S[RSS9 UR$)NukProperties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.r) stacklevel)warningswarnrDeprecatedIn42rrSs r&r&_RawRevokedCertificate.revocation_datews.  @    $$$r(cdURR[RRS9$)Nr@)rrErCtimezoneutcrSs r&r*_RawRevokedCertificate.revocation_date_utcs($$,,H4E4E4I4I,JJr(cUR$r)rrSs r&r7!_RawRevokedCertificate.extensionssr(rrrN)rrgrrr7rrnrr) r-r.r/r0r!rprrrr7r1rqr(r&rrhsu&&+& &##%%KK  r(rc\rSrSr\R SSj5r\R SSj5r\R SSj5r\ \R SSj55r \ \R SSj55r \ \R SSj55r \ \R SSj55r \ \R S S j55r\ \R S S j55r\ \R S!S j55r\ \R S!S j55r\ \R S"S j55r\ \R S#Sj55r\ \R S#Sj55r\R S$Sj5r\R S%Sj5r\R0S&Sj5r\R0S'Sj5r\R S(Sj5r\R S)Sj5r\R S*Sj5rSrg)+CertificateRevocationListicg)z* Serializes the CRL to PEM or DER format. Nrqrs r&r&CertificateRevocationList.public_bytesrr(cgrrqrs r&r%CertificateRevocationList.fingerprintrr(cg)z[ Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nrq)r#rs r&(get_revoked_certificate_by_serial_numberBCertificateRevocationList.get_revoked_certificate_by_serial_numberrr(cgrrqrSs r&r2CertificateRevocationList.signature_hash_algorithmrr(cgrrqrSs r&r1CertificateRevocationList.signature_algorithm_oidrr(cgrrqrSs r&r8CertificateRevocationList.signature_algorithm_parametersrr(cg)z3 Returns the X509Name with the issuer of this CRL. NrqrSs r&r CertificateRevocationList.issuerrr(cg)z/ Returns the date of next update for this CRL. NrqrSs r& next_update%CertificateRevocationList.next_updaterr(cg)zK Returns the date of next update for this CRL as a non-naive UTC datetime. NrqrSs r&next_update_utc)CertificateRevocationList.next_update_utcrr(cg)z/ Returns the date of last update for this CRL. NrqrSs r& last_update%CertificateRevocationList.last_updaterr(cg)zK Returns the date of last update for this CRL as a non-naive UTC datetime. NrqrSs r&last_update_utc)CertificateRevocationList.last_update_utcrr(cg)zC Returns an Extensions object containing a list of CRL extensions. NrqrSs r&r7$CertificateRevocationList.extensionsrr(cgrrqrSs r&r#CertificateRevocationList.signaturerr(cg)z? Returns the tbsCertList payload bytes as defined in RFC 5280. NrqrSs r&tbs_certlist_bytes,CertificateRevocationList.tbs_certlist_bytesrr(cgrrqr^s r&r` CertificateRevocationList.__eq__rr(cg)z, Number of revoked certificates in the CRL. NrqrSs r&r!CertificateRevocationList.__len__rr(cgrrqr#idxs r&r%CertificateRevocationList.__getitem__s;>r(cgrrqr9s r&rr;sCFr(cg)zC Returns a revoked certificate (or slice of revoked certificates). Nrqr9s r&rr;rr(cg)z( Iterator over the revoked certificates NrqrSs r&r"CertificateRevocationList.__iter__rr(cg)zA Verifies signature of revocation list against given public key. Nrq)r#rs r&is_signature_valid,CertificateRevocationList.is_signature_validrr(rqNrr)rrgr*zRevokedCertificate | Nonerrhrr)r*datetime.datetime | Nonerrrirkrn)r:rgr*r)r:slicer*list[RevokedCertificate])r:z int | slicer*z-RevokedCertificate | list[RevokedCertificate])r*z#typing.Iterator[RevokedCertificate])rrr*rm)r-r.r/r0rrrrrrprrrrr"r%r(r+r7rr2r`rtypingoverloadrrrAr1rqr(r&rrs         "   $     9                         __>> __FF  6       9   r(rc\rSrSr\R SSj5r\R SSj5r\R SSj5r\ \R SSj55r \ \R SSj55r \ \R SSj55r \ \R SSj55r \ \R SS j55r\ \R SS j55r\R SS j5r\ \R SS j55r\ \R SS j55r\ \R SSj55r\R SSj5rSrg)CertificateSigningRequesti cgrrqr^s r&r` CertificateSigningRequest.__eq__!rr(cgrrqrSs r&rd"CertificateSigningRequest.__hash__'rr(cgrrqrSs r&r$CertificateSigningRequest.public_key-rr(cgrrqrSs r&r!CertificateSigningRequest.subject3rr(cgrrqrSs r&r2CertificateSigningRequest.signature_hash_algorithm:rr(cgrrqrSs r&r1CertificateSigningRequest.signature_algorithm_oidDrr(cgrrqrSs r&r8CertificateSigningRequest.signature_algorithm_parametersKrr(cg)z0 Returns the extensions in the signing request. NrqrSs r&r7$CertificateSigningRequest.extensionsTrr(cg)z Returns an Attributes object. NrqrSs r&r;$CertificateSigningRequest.attributes[rr(cg)z+ Encodes the request to PEM or DER format. Nrqrs r&r&CertificateSigningRequest.public_bytesbrr(cgrrqrSs r&r#CertificateSigningRequest.signaturehrr(cg)zL Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. NrqrSs r&tbs_certrequest_bytes/CertificateSigningRequest.tbs_certrequest_bytesorr(cg)z( Verifies signature of signing request. NrqrSs r&rA,CertificateSigningRequest.is_signature_validwrr(cg)z* Get the attribute value for a given OID. Nrq)r#r"s r&r~/CertificateSigningRequest.get_attribute_for_oid~rr(rqNrkrnrrrrhrr)r*rsrri)r*rm)r"rr*rf)r-r.r/r0rrr`rdrrprrrrr7r;rrrarAr~r1rqr(r&rIrI s           $     9                  r(rIc\rSrSrS//4S SjjrS SjrS SjrSS.SSjjrSSS.SS jjjrS r g) CertificateSigningRequestBuilderiNc(XlX lX0lg)z2 Creates an empty X.509 certificate request (v1). N) _subject_namerrw)r# subject_namer7r;s r&r!)CertificateSigningRequestBuilder.__init__s*%%r(c[U[5(d [S5eURb [ S5e[ XR UR5$)z6 Sets the certificate requestor's distinguished name. Expecting x509.Name object.&The subject name may only be set once.)r\r TypeErrorrjr5rhrrwr#names r&rk-CertificateSigningRequestBuilder.subject_namesS$%%9: :    )EF F/ ""D$4$4  r(c[U[5(d [S5e[URX!5n[ X0R 5 [UR/UR QUPUR5$)z5 Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) r\rrprr"r9rrhrjrwr#extvalcriticalr6s r& add_extension.CertificateSigningRequestBuilder.add_extensionsm &-00@A Afjj(; #I/?/?@/    *d * *     r()_tagcx[U[5(d [S5e[U[5(d [S5eUb [U[5(d [S5e[ XR 5 Ub URnOSn[URUR/UR QXU4P5$)z; Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) r\rrprfrr>rwrPrhrjr)r#r"rPr{tags r& add_attribute.CertificateSigningRequestBuilder.add_attributes#/00=> >%''12 2  JtY$?$?34 4#C)9)9:  **CC/       2d 2S 1 2  r( rsa_paddingc.URc [S5eUbd[U[R[R 45(d [ S5e[U[R5(d [ S5e[R"XX$5$)z6 Signs the request using the requestor's private key. z/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys) rjr5r\r PSSPKCS1v15rpr RSAPrivateKey rust_x509create_x509_csrr# private_keyrbackendrs r&sign%CertificateSigningRequestBuilder.signs    %NO O  "kGKK9I9I+JKK ABBk3+<+<== HII(( y  r()rwrrj)rk Name | Noner7list[Extension[ExtensionType]]r;0list[tuple[ObjectIdentifier, bytes, int | None]])rrrr*rh)rwrrxrmr*rh)r"rrPrfr{z_ASN1Type | Noner*rhr) rrr_AllowedHashTypes | Noner typing.Anyr%padding.PSS | padding.PKCS1v15 | Noner*rI) r-r.r/r0r!rkryr~rr1rqr(r&rhrhs%)57GI &! &3 &E &   # /3 ) ."&      *  H#  >B  5 ,   ;   #  r(rhc\rSrSr%S\S'SSSSSS/4SSjjrSSjrSSjrSSjrSS jr SS jr SS jr SS jr SSS .SSjjjr Srg)CertificateBuilderirrNc[RUlXlX lX0lX@lXPlX`lXpl gr) rr_version _issuer_namerj _public_keyr_not_valid_before_not_valid_afterr)r# issuer_namerkrrrrr7s r&r!CertificateBuilder.__init__s9  ')%+!1 /%r(c  [U[5(d [S5eURb [ S5e[ UUR URURURURUR5$)z# Sets the CA's distinguished name. rn%The issuer name may only be set once.) r\rrprr5rrjrrrrrrqs r&rCertificateBuilder.issuer_names{$%%9: :    (DE E!            " "  ! !     r(c  [U[5(d [S5eURb [ S5e[ UR UURURURURUR5$)z* Sets the requestor's distinguished name. rnro) r\rrprjr5rrrrrrrrqs r&rkCertificateBuilder.subject_name"s{$%%9: :    )EF F!            " "  ! !     r(c [U[R[R[ R [R[R[R[R45(d [S5eUR b [#S5e[%UR&UR(UUR*UR,UR.UR05$)zD Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)r\r DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyrX25519PublicKeyr X448PublicKeyrprr5rrrjrrrr)r#keys r&rCertificateBuilder.public_key4s     ))(($$&&""    !     'CD D!            " "  ! !     r(c l[U[5(d [S5eURb [ S5eUS::a [ S5eUR 5S:a [ S5e[ URURURUURURUR5$)z% Sets the certificate serial number. 'Serial number must be of integral type.'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) r\rgrprr5 bit_lengthrrrjrrrrr#numbers r&r CertificateBuilder.serial_numberYs&#&&EF F    *FG G Q;DE E    # %E "            " "  ! !     r(c [U[R5(d [S5eURb [ S5e[ U5nU[ :a [ S5eURbXR:a [ S5e[URURURURUURUR5$)z' Sets the certificate activation time. Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)r\rCrprr5rH_EARLIEST_UTC_TIMErrrrjrrrr#rFs r&r#CertificateBuilder.not_valid_beforets$ 1 12289 9  ! ! -IJ J)$/ $ $$   ,8M8M1M "               ! !     r(c [U[R5(d [S5eURb [ S5e[ U5nU[ :a [ S5eURbXR:a [ S5e[URURURURURUUR5$)z' Sets the certificate expiration time. rz)The not valid after may only be set once.zB % 5% ,%  % ; %  % % r(rc\rSrSr%S\S'S\S'SSS//4SSjjrSSjrSS jrSS jrSS jr SS jr SSS .SSjjjr Sr g) CertificateRevocationListBuilderirrrE_revoked_certificatesNc@XlX lX0lX@lXPlgr)r _last_update _next_updaterr)r#rr(r"r7revoked_certificatess r&r!)CertificateRevocationListBuilder.__init__s"(''%%9"r(c[U[5(d [S5eURb [ S5e[ UUR URURUR5$)Nrnr) r\rrprr5rrrrr)r#rs r&r,CertificateRevocationListBuilder.issuer_namesi+t,,9: :    (DE E/            & &   r(c[U[R5(d [S5eURb [ S5e[ U5nU[ :a [ S5eURbXR:a [ S5e[URUURURUR5$)Nr!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) r\rCrprr5rHrrrrrr)r#r(s r&r(,CertificateRevocationListBuilder.last_updates+x'8'89989 9    (@A A0= + +J     ([;L;L-LK 0            & &   r(c[U[R5(d [S5eURb [ S5e[ U5nU[ :a [ S5eURbXR:a [ S5e[URURUURUR5$)Nrrrz8The next update date must be after the last update date.) r\rCrprr5rHrrrrrr)r#r"s r&r",CertificateRevocationListBuilder.next_update(s+x'8'89989 9    (@A A0= + +J     ([;L;L-LJ 0            & &   r(c"[U[5(d [S5e[URX!5n[ X0R 5 [URURUR/UR QUPUR5$)z= Adds an X.509 extension to the certificate revocation list. ru) r\rrprr"r9rrrrrrrvs r&ry.CertificateRevocationListBuilder.add_extension@s &-00@A Afjj(; #I/?/?@/          *d * *  & &   r(c[U[5(d [S5e[URUR UR UR/URQUP5$)z( Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) r\rrprrrrrr)r#revoked_certificates r&add_revoked_certificate8CertificateRevocationListBuilder.add_revoked_certificateSsd -/ABBGH H/             >d(( >*= >   r(rcURc [S5eURc [S5eURc [S5eUbd[ U[ R [ R45(d [S5e[ U[R5(d [S5e[R"XX$5$)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timerr) rr5rrr\r rrrpr rrcreate_x509_crlrs r&r%CertificateRevocationListBuilder.signds    $=> >    $AB B    $AB B  "kGKK9I9I+JKK ABBk3+<+<== HII(( y  r()rrrrr) rrr(rCr"rCr7rrrE)rrr*r)r(rr*r)r"rr*r)rwrrxrmr*r)rrr*rr) rrrrrrrrr*r) r-r.r/r0rr!rr(r"ryrrr1rqr(r&rrs//33$(0404579; :  :. :. : 3 : 7 :    )   , ) 0 , ) 0 # /3 ) & #5 ) *#  >B  5 ,   ;   #  r(rcr\rSrSrSS/4S SjjrS SjrS SjrS SjrS SSjjrSr g)RevokedCertificateBuilderiNc(XlX lX0lgrrrs r&r!"RevokedCertificateBuilder.__init__rr(c[U[5(d [S5eURb [ S5eUS::a [ S5eUR 5S:a [ S5e[ XRUR5$)Nrrrz$The serial number should be positiverr) r\rgrprr5rrrrrs r&r'RevokedCertificateBuilder.serial_numbers&#&&EF F    *FG G Q;CD D    # %E ) ))4+;+;  r(c[U[R5(d [S5eURb [ S5e[ U5nU[ :a [ S5e[URXR5$)Nrz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) r\rCrprr5rHrrrrrs r&r)RevokedCertificateBuilder.revocation_dates~$ 1 12289 9  ,HI I)$/ $ $I )   '7'7  r(c[U[5(d [S5e[URX!5n[ X0R 5 [URUR/UR QUP5$)Nru) r\rrprr"r9rrrrrvs r&ry'RevokedCertificateBuilder.add_extensionsm&-00@A Afjj(; #I/?/?@(     ! ! *d * *  r(cURc [S5eURc [S5e[URUR[ UR 55$)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr5rrrr)r#rs r&buildRevokedCertificateBuilder.buildse    &NO O  (C &     ! ! t'' (  r(r)rrrrCr7r)rrgr*r)rFrr*r)rwrrxrmr*rr)rrr*r) r-r.r/r0r!rrryrr1rqr(r&rrso%)4857 &!&2&3 & $ % "  #  /3  "     r(rc\[R[R"S5S5S- $)Nbigr)rg from_bytesosurandomrqr(r&random_serial_numberrs >>"**R.% 0A 55r()r6zExtension[ExtensionType]r7rr*r+)r"rr;rr*r+)rFrr*rrn)N __future__rrrCrrFr cryptographyr"cryptography.hazmat.bindings._rustrrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrr r r r r rr/cryptography.hazmat.primitives.asymmetric.typesrrrcryptography.x509.extensionsrrrrcryptography.x509.namerrcryptography.x509.oidrrUnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr9r>rHrJrsEnumrrABCMetarregisterrrrrIload_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrhrrrrrqr(r&rsy #  @@     32&&tQ2LL MM MM MM MM OO OO OO OO   E'E.E EE E@E E !8!8HFF( ejj -Y- [ CKK[ ~ Y**+ 3;; @I889 / DP #++P f""9#F#FGb #++b L""9#F#FG&??%??&AA////////b b Jr r jN N bF F R6r(