#NSSKJr SSKrSSKrSSKrSSKJrJr SSKJ r SSK J r J r SSK Jr SSKJrJrJr "SS \R&5r"S S \R&5r\ R,\ R.\ R0\ R2\ R44rSS jr"S S\R&5r"SS5r"SS\R>S9r "SS\R>S9r!"SS\R>S9r"\ RG\ R@5 \"RG\ RD5 \!RG\ RB5 "SS5r$"SS5r%\ RLr&\ RNr'g)) annotationsN)utilsx509)ocsp)hashes serialization) CertificateIssuerPrivateKeyTypes)_EARLIEST_UTC_TIME_convert_to_naive_utc_time_reject_duplicate_extensionc\rSrSrSrSrSrg)OCSPResponderEncodingzBy HashzBy NameN)__name__ __module__ __qualname____firstlineno__HASHNAME__static_attributes__rQplatform/bundledpythonunix/lib/python3.13/site-packages/cryptography/x509/ocsp.pyrrs D Drrc,\rSrSrSrSrSrSrSrSr Sr g ) OCSPResponseStatusrrN) rrrr SUCCESSFULMALFORMED_REQUESTINTERNAL_ERROR TRY_LATER SIG_REQUIRED UNAUTHORIZEDrrrrrrs!JNILLrrcD[U[5(d [S5eg)Nz9Algorithm must be SHA1, SHA224, SHA256, SHA384, or SHA512) isinstance_ALLOWED_HASHES ValueError) algorithms r_verify_algorithmr-/s$ i 1 1 G   2rc \rSrSrSrSrSrSrg)OCSPCertStatus6rrrrN)rrrrGOODREVOKEDUNKNOWNrrrrr/r/6s DGGrr/c>\rSrSrSSjrSrg)_SingleResponse<c H[U[R5(a[U[R5(d [S5e[ U5 [U[ R 5(d [S5eUb*[U[ R 5(d [S5eXlX lX0lXPl X`l [U[5(d [S5eU[RLaUb [S5eUb [S5eOw[U[ R 5(d [S5e[U5nU[:a [S5eUb*[U[R 5(d [S 5eX@lXplXlg) N%cert and issuer must be a Certificatez%this_update must be a datetime objectz-next_update must be a datetime object or Nonez8cert_status must be an item from the OCSPCertStatus enumzBrevocation_time can only be provided if the certificate is revokedzDrevocation_reason can only be provided if the certificate is revokedz)revocation_time must be a datetime objectz7The revocation_time must be on or after 1950 January 1.zCrevocation_reason must be an item from the ReasonFlags enum or None)r)r Certificate TypeErrorr-datetime_cert_issuer _algorithm _this_update _next_updater/r2r+r r ReasonFlags _cert_status_revocation_time_revocation_reason) selfcertissuerr, cert_status this_update next_updaterevocation_timerevocation_reasons r__init___SingleResponse.__init__=s$ 0 011 D$$: : CD D)$+x'8'899CD D  ": **, , KL L  #''+~66J  n44 4* !!, "- ox/@/@AA KLL8IO!33 ' !,Z!4#3#366 # ( /"3r)r>r<rBr=r@rDrCr?N)rFx509.CertificaterGrOr,hashes.HashAlgorithmrHr/rIdatetime.datetimerJdatetime.datetime | NonerKrRrLx509.ReasonFlags | None)rrrrrMrrrrr5r5<s^B4B4!B4( B4 $ B4 ' B4.B42B43B4rr5c6\rSrSr\\R S Sj55r\\R S Sj55r\\R S Sj55r \\R S Sj55r \R S Sj5r \\R SSj55r Sr g ) OCSPRequestcgz# The hash of the issuer public key NrrEs rissuer_key_hashOCSPRequest.issuer_key_hashrcgz The hash of the issuer name NrrYs rissuer_name_hashOCSPRequest.issuer_name_hashr\rcgz; The hash algorithm used in the issuer name and key hashes NrrYs rhash_algorithmOCSPRequest.hash_algorithmr\rcgz= The serial number of the cert whose status is being checked NrrYs r serial_numberOCSPRequest.serial_numberr\rcg)z Serializes the request to DER NrrEencodings r public_bytesOCSPRequest.public_bytesr\rcg)z@ The list of request extensions. Not single request extensions. NrrYs r extensionsOCSPRequest.extensionsr\rrNreturnbytesrrrPrrintrkzserialization.Encodingrrrsrrzx509.Extensions)rrrrpropertyabcabstractmethodrZr_rcrgrlrorrrrrUrUs              rrU) metaclasscl\rSrSr\\R SSj55r\\R SSj55r\\R SSj55r \\R SSj55r \\R SSj55r \\R SSj55r \\R SSj55r \\R SS j55r\\R SS j55r\\R SS j55r\\R SS j55r\\R SS j55rSrg)OCSPSingleResponsecgzI The status of the certificate (an element from the OCSPCertStatus enum) NrrYs rcertificate_status%OCSPSingleResponse.certificate_statusr\rcgzF The date of when the certificate was revoked or None if not revoked. NrrYs rrK"OCSPSingleResponse.revocation_timer\rcgzo The date of when the certificate was revoked or None if not revoked. Represented as a non-naive UTC datetime. NrrYs rrevocation_time_utc&OCSPSingleResponse.revocation_time_utcr\rcgzQ The reason the certificate was revoked or None if not specified or not revoked. NrrYs rrL$OCSPSingleResponse.revocation_reasonr\rcgzi The most recent time at which the status being indicated is known by the responder to have been correct NrrYs rrIOCSPSingleResponse.this_updater\rcgz The most recent time at which the status being indicated is known by the responder to have been correct. Represented as a non-naive UTC datetime. NrrYs rthis_update_utc"OCSPSingleResponse.this_update_utcr\rcgz3 The time when newer information will be available NrrYs rrJOCSPSingleResponse.next_updater\rcgz] The time when newer information will be available. Represented as a non-naive UTC datetime. NrrYs rnext_update_utc"OCSPSingleResponse.next_update_utcr\rcgrXrrYs rrZ"OCSPSingleResponse.issuer_key_hashr\rcgr^rrYs rr_#OCSPSingleResponse.issuer_name_hashr\rcgrbrrYs rrc!OCSPSingleResponse.hash_algorithmr\rcgrfrrYs rrg OCSPSingleResponse.serial_numberr\rrNrrr/rrrRrrrSrrrQrqrtru)rrrrryrzr{rrKrrLrIrrJrrZr_rcrgrrrrr~r~s                         rr~c"\rSrSr\\R SSj55r\\R SSj55r\\R S Sj55r \\R S!Sj55r \\R S"Sj55r \\R S"Sj55r \\R S#Sj55r \\R S$S j55r\\R S%S j55r\\R S&S j55r\\R S&S j55r\\R S'S j55r\\R S(Sj55r\\R S(Sj55r\\R S)Sj55r\\R S&Sj55r\\R S&Sj55r\\R S(Sj55r\\R S(Sj55r\\R S"Sj55r\\R S"Sj55r\\R S*Sj55r\\R S+Sj55r\\R S,Sj55r\\R S,Sj55r\R S-Sj5r Sr!g). OCSPResponsei cg)zG An iterator over the individual SINGLERESP structures in the response NrrYs r responsesOCSPResponse.responses r\rcg)zU The status of the response. This is a value from the OCSPResponseStatus enumeration NrrYs rresponse_statusOCSPResponse.response_statusr\rcg)z1 The ObjectIdentifier of the signature algorithm NrrYs rsignature_algorithm_oid$OCSPResponse.signature_algorithm_oidr\rcg)zH Returns a HashAlgorithm corresponding to the type of the digest signed NrrYs rsignature_hash_algorithm%OCSPResponse.signature_hash_algorithm"r\rcg)z The signature bytes NrrYs r signatureOCSPResponse.signature+r\rcg)z The tbsResponseData bytes NrrYs rtbs_response_bytesOCSPResponse.tbs_response_bytes2r\rcg)z A list of certificates used to help build a chain to verify the OCSP response. This situation occurs when the OCSP responder uses a delegate certificate. NrrYs r certificatesOCSPResponse.certificates9r\rcg)z" The responder's key hash or None NrrYs rresponder_key_hashOCSPResponse.responder_key_hashBr\rcg)z The responder's Name or None NrrYs rresponder_nameOCSPResponse.responder_nameIr\rcg)z$ The time the response was produced NrrYs r produced_atOCSPResponse.produced_atPr\rcg)zN The time the response was produced. Represented as a non-naive UTC datetime. NrrYs rproduced_at_utcOCSPResponse.produced_at_utcWr\rcgrrrYs rrOCSPResponse.certificate_status_r\rcgrrrYs rrKOCSPResponse.revocation_timefr\rcgrrrYs rr OCSPResponse.revocation_time_utcnr\rcgrrrYs rrLOCSPResponse.revocation_reasonvr\rcgrrrYs rrIOCSPResponse.this_update~r\rcgrrrYs rrOCSPResponse.this_update_utcr\rcgrrrYs rrJOCSPResponse.next_updater\rcgrrrYs rrOCSPResponse.next_update_utcr\rcgrXrrYs rrZOCSPResponse.issuer_key_hashr\rcgr^rrYs rr_OCSPResponse.issuer_name_hashr\rcgrbrrYs rrcOCSPResponse.hash_algorithmr\rcgrfrrYs rrgOCSPResponse.serial_numberr\rcg)zB The list of response extensions. Not single response extensions. NrrYs rroOCSPResponse.extensionsr\rcg)zB The list of single response extensions. Not response extensions. NrrYs rsingle_extensionsOCSPResponse.single_extensionsr\rcg)z Serializes the response to DER Nrrjs rrlOCSPResponse.public_bytesr\rrN)rrz#typing.Iterator[OCSPSingleResponse])rrr)rrzx509.ObjectIdentifier)rrhashes.HashAlgorithm | Nonerq)rrzlist[x509.Certificate])rrz bytes | None)rrzx509.Name | Nonerrrrrtrurxrw)"rrrrryrzr{rrrrrrrrrrrrrKrrLrIrrJrrZr_rcrgrorrlrrrrrr st        $                                               rrc\rSrSrSS/4S SjjrS SjrS SjrS SjrS SjrSr g)OCSPRequestBuilderiNc(XlX lX0lgN)_request _request_hash _extensions)rErequest request_hashros rrMOCSPRequestBuilder.__init__s )%rc:URc URb [S5e[U5 [ U[ R 5(a[ U[ R 5(d [S5e[XU4URUR5$)N.Only one certificate can be added to a requestr8) rrr+r-r)rr9r:rr)rErFrGr,s radd_certificate"OCSPRequestBuilder.add_certificates == $(:(:(FMN N)$$ 0 011 D$$: : CD D! 9 %t'9'94;K;K  rcURc URb [S5e[U[5(d [ S5e[ U5 [R"SU5 [R"SU5 UR[U5:wdUR[U5:wa [S5e[URXX44UR5$)Nrz serial_number must be an integerr_rZz`issuer_name_hash and issuer_key_hash must be the same length as the digest size of the algorithm) rrr+r)rvr:r-r _check_bytes digest_sizelenrr)rEr_rZrgr,s radd_certificate_by_hash*OCSPRequestBuilder.add_certificate_by_hashs == $(:(:(FMN N--->? ?)$ -/?@ ,o>  C %   " "c/&: :6  " MM  I     rc [U[R5(d [S5e[R"UR X!5n[ X0R5 [URUR/URQUP5$Nz"extension must be an ExtensionType) r)r ExtensionTyper: Extensionoidr rrrrrEextvalcritical extensions r add_extension OCSPRequestBuilder.add_extensionst&$"4"455@A ANN6::x@ #I/?/?@! MM4--/M1A1A/M9/M  rcxURcURc [S5e[R"U5$)Nz*You must add a certificate before building)rrr+rcreate_ocsp_requestrYs rbuildOCSPRequestBuilder.build!s4 == T%7%7%?IJ J''--r)rrr)rzFtuple[x509.Certificate, x509.Certificate, hashes.HashAlgorithm] | Nonerz5tuple[bytes, bytes, int, hashes.HashAlgorithm] | Nonero(list[x509.Extension[x509.ExtensionType]]rrNone)rFrOrGrOr,rPrrr) r_rsrZrsrgrvr,rPrrr)rx509.ExtensionTyperboolrrr)rrrU) rrrrrMrrrr rrrrrrs ?A & &  &= &  &  ! (    &     (    <  (  48    .rrc\rSrSrSSS/4S SjjrS SjrS SjrSSjrSSjrSSjr \ SS j5r S r g)OCSPResponseBuilderi(Nc4XlX lX0lX@lgr) _response _responder_id_certsr)rEresponse responder_idcertsros rrMOCSPResponseBuilder.__init__)s") %rc URb [S5e[UUUUUUUU5n [U URUR UR 5$)Nz#Only one response per OCSPResponse.)rr+r5rrrr) rErFrGr,rHrIrJrKrL singleresps r add_response OCSPResponseBuilder.add_response6sg >> %BC C$          #     KK      rc URb [S5e[U[R5(d [ S5e[U[ 5(d [ S5e[URX!4URUR5$)Nz!responder_id can only be set oncez$responder_cert must be a Certificatez6encoding must be an element from OCSPResponderEncoding) rr+r)rr9r:rrrrr)rErkresponder_certs rr OCSPResponseBuilder.responder_idUs    )@A A.$*:*:;;BC C($9::H # NN  & KK      rcURb [S5e[U5n[U5S:Xa [S5e[ SU55(d [ S5e[ URURUUR5$)Nz!certificates may only be set oncerzcerts must not be an empty listc3V# UHn[U[R5v M! g7fr)r)rr9).0xs r 3OCSPResponseBuilder.certificates..ps BEq:a!1!122Es')z$certs must be a list of Certificates) rr+listrallr:rrrr)rErs rr OCSPResponseBuilder.certificateshs ;; "@A AU  u:?>? ?BEBBBBC C" NN          rc6[U[R5(d [S5e[R"UR X!5n[ X0R5 [URURUR/URQUP5$r) r)rrr:rrr rrrrrrs rr!OCSPResponseBuilder.add_extensionys|&$"4"455@A ANN6::x@ #I/?/?@" NN    KK *d * *   rcURc [S5eURc [S5e[R"[ R XU5$)Nz&You must add a response before signingz*You must add a responder_id before signing)rr+rrcreate_ocsp_responserr")rE private_keyr,s rsignOCSPResponseBuilder.signsR >> !EF F    %IJ J((  ) )4i  rc[U[5(d [S5eU[RLa [ S5e[ R "USSS5$)Nz7response_status must be an item from OCSPResponseStatusz$response_status cannot be SUCCESSFUL)r)rr:r"r+rr/)clsrs rbuild_unsuccessful&OCSPResponseBuilder.build_unsuccessfulsV/+=>>I  0;; ;CD D(($dKKr)rrrr)rz_SingleResponse | Nonerz5tuple[x509.Certificate, OCSPResponderEncoding] | Nonerzlist[x509.Certificate] | Noneror)rFrOrGrOr,rPrHr/rIrQrJrRrKrRrLrSrrr)rkrr!rOrrr)rz!typing.Iterable[x509.Certificate]rrr)rrrrrrr)r0r r,rrrr)rrrrr) rrrrrMrrrrr1 classmethodr5rrrrrr(s0,0/3?A &( & & - & = &  ! (  $  '  . 2 3   > - ?O  & 6  " ( 48   5  /      L0 L  L Lrr)r,rPrrr)( __future__rrzr;typing cryptographyrr"cryptography.hazmat.bindings._rustrcryptography.hazmat.primitivesrr/cryptography.hazmat.primitives.asymmetric.typesr cryptography.x509.baser r r EnumrrSHA1SHA224SHA256SHA384SHA512r*r-r/r5ABCMetarUr~rregisterrrload_der_ocsp_requestload_der_ocsp_responserrrrIsD #  $3@EJJ  KK MM MM MM MM  UZZ C4C4L( CKK( VZ 3;;Z zB S[[B J T%%& d''(D334Q.Q.hzLzLz2244r