B
    `!n                 @   s6  d dl Z d dlZd dlZd dlZd dlmZ d dlmZmZ d dl	m
Z
 d dlmZmZ d dlmZmZmZmZmZ d dlmZmZmZ d dlmZ d d	lmZ ed
ddZG dd deZeeje dddZ eejej!ee"f  dddZ#ejejdddZ$G dd deZ%G dd deZ&G dd de j'dZ(G dd de j'dZ)G d d! d!e j'dZ*G d"d# d#e j'dZ+d<e"e(d$d%d&Z,d=e"e(d$d'd(Z-d>e"e+d$d)d*Z.d?e"e+d$d+d,Z/d@e"e*d$d-d.Z0dAe"e*d$d/d0Z1G d1d2 d2e2Z3G d3d4 d4e2Z4G d5d6 d6e2Z5G d7d8 d8e2Z6e7d9d:d;Z8dS )B    N)Enum)_PRIVATE_KEY_TYPES_PUBLIC_KEY_TYPES)_get_backend)hashesserialization)dsaeced25519ed448rsa)	ExtensionExtensionType
Extensions)Name)ObjectIdentifieri     c                   s   e Zd Z fddZ  ZS )AttributeNotFoundc                s   t t| | || _d S )N)superr   __init__oid)selfmsgr   )	__class__ E/home/dcms/DCMS/lib/python3.7/site-packages/cryptography/x509/base.pyr      s    zAttributeNotFound.__init__)__name__
__module____qualname__r   __classcell__r   r   )r   r   r      s   r   )	extension
extensionsc             C   s&   x |D ]}|j | j krtdqW d S )Nz$This extension has already been set.)r   
ValueError)r    r!   er   r   r   _reject_duplicate_extension$   s    
r$   )r   
attributesc             C   s&   x |D ]\}}|| krt dqW d S )Nz$This attribute has already been set.)r"   )r   r%   Zattr_oid_r   r   r   _reject_duplicate_attribute-   s    r'   )timereturnc             C   s:   | j dk	r2|  }|r|nt }| jdd| S | S dS )zNormalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N)tzinfo)r*   	utcoffsetdatetime	timedeltareplace)r(   offsetr   r   r   _convert_to_naive_utc_time7   s
    
r0   c               @   s   e Zd ZdZdZdS )Versionr      N)r   r   r   Zv1v3r   r   r   r   r1   E   s   r1   c                   s   e Zd Z fddZ  ZS )InvalidVersionc                s   t t| | || _d S )N)r   r4   r   parsed_version)r   r   r5   )r   r   r   r   K   s    zInvalidVersion.__init__)r   r   r   r   r   r   r   )r   r   r4   J   s   r4   c               @   sx  e Zd ZejejedddZej	e
dddZej	edddZejedd	d
Zej	ejdddZej	ejdddZej	edddZej	edddZej	ejej dddZej	edddZej	edddZej	edddZej	edddZejee dddZ!ejee dd d!Z"eje
dd"d#Z#eje$j%ed$d%d&Z&d'S )(Certificate)	algorithmr)   c             C   s   dS )z4
        Returns bytes using digest passed.
        Nr   )r   r7   r   r   r   fingerprintQ   s    zCertificate.fingerprint)r)   c             C   s   dS )z3
        Returns certificate serial number
        Nr   )r   r   r   r   serial_numberW   s    zCertificate.serial_numberc             C   s   dS )z1
        Returns the certificate version
        Nr   )r   r   r   r   version]   s    zCertificate.versionc             C   s   dS )z(
        Returns the public key
        Nr   )r   r   r   r   
public_keyc   s    zCertificate.public_keyc             C   s   dS )z?
        Not before time (represented as UTC datetime)
        Nr   )r   r   r   r   not_valid_beforei   s    zCertificate.not_valid_beforec             C   s   dS )z>
        Not after time (represented as UTC datetime)
        Nr   )r   r   r   r   not_valid_aftero   s    zCertificate.not_valid_afterc             C   s   dS )z1
        Returns the issuer name object.
        Nr   )r   r   r   r   issueru   s    zCertificate.issuerc             C   s   dS )z2
        Returns the subject name object.
        Nr   )r   r   r   r   subject{   s    zCertificate.subjectc             C   s   dS )zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr   )r   r   r   r   signature_hash_algorithm   s    z$Certificate.signature_hash_algorithmc             C   s   dS )zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr   )r   r   r   r   signature_algorithm_oid   s    z#Certificate.signature_algorithm_oidc             C   s   dS )z/
        Returns an Extensions object.
        Nr   )r   r   r   r   r!      s    zCertificate.extensionsc             C   s   dS )z.
        Returns the signature bytes.
        Nr   )r   r   r   r   	signature   s    zCertificate.signaturec             C   s   dS )zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        Nr   )r   r   r   r   tbs_certificate_bytes   s    z!Certificate.tbs_certificate_bytes)otherr)   c             C   s   dS )z"
        Checks equality.
        Nr   )r   rD   r   r   r   __eq__   s    zCertificate.__eq__c             C   s   dS )z#
        Checks not equal.
        Nr   )r   rD   r   r   r   __ne__   s    zCertificate.__ne__c             C   s   dS )z"
        Computes a hash.
        Nr   )r   r   r   r   __hash__   s    zCertificate.__hash__)encodingr)   c             C   s   dS )zB
        Serializes the certificate to PEM or DER format.
        Nr   )r   rH   r   r   r   public_bytes   s    zCertificate.public_bytesN)'r   r   r   abcabstractmethodr   HashAlgorithmbytesr8   abstractpropertyintr9   r1   r:   r   r;   r,   r<   r=   r   r>   r?   typingOptionalr@   r   rA   r   r!   rB   rC   objectboolrE   rF   rG   r   EncodingrI   r   r   r   r   r6   P   sD   r6   )	metaclassc               @   sJ   e Zd ZejedddZejejdddZeje	dddZ
dS )	RevokedCertificate)r)   c             C   s   dS )zG
        Returns the serial number of the revoked certificate.
        Nr   )r   r   r   r   r9      s    z RevokedCertificate.serial_numberc             C   s   dS )zH
        Returns the date of when this certificate was revoked.
        Nr   )r   r   r   r   revocation_date   s    z"RevokedCertificate.revocation_datec             C   s   dS )zW
        Returns an Extensions object containing a list of Revoked extensions.
        Nr   )r   r   r   r   r!      s    zRevokedCertificate.extensionsN)r   r   r   rJ   rN   rO   r9   r,   rW   r   r!   r   r   r   r   rV      s   rV   c               @   sp  e Zd ZejejedddZeje	j
edddZejeeje ddd	Zeje	j
d
ddZejed
ddZejed
ddZejejd
ddZejejd
ddZejed
ddZejed
ddZejed
ddZejeedddZ ejeedddZ!ejed
d d!Z"ejd"d# Z#ejd$d% Z$eje%ed&d'd(Z&d)S )*CertificateRevocationList)rH   r)   c             C   s   dS )z:
        Serializes the CRL to PEM or DER format.
        Nr   )r   rH   r   r   r   rI      s    z&CertificateRevocationList.public_bytes)r7   r)   c             C   s   dS )z4
        Returns bytes using digest passed.
        Nr   )r   r7   r   r   r   r8      s    z%CertificateRevocationList.fingerprint)r9   r)   c             C   s   dS )zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nr   )r   r9   r   r   r   (get_revoked_certificate_by_serial_number   s    zBCertificateRevocationList.get_revoked_certificate_by_serial_number)r)   c             C   s   dS )zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr   )r   r   r   r   r@      s    z2CertificateRevocationList.signature_hash_algorithmc             C   s   dS )zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr   )r   r   r   r   rA      s    z1CertificateRevocationList.signature_algorithm_oidc             C   s   dS )zC
        Returns the X509Name with the issuer of this CRL.
        Nr   )r   r   r   r   r>      s    z CertificateRevocationList.issuerc             C   s   dS )z?
        Returns the date of next update for this CRL.
        Nr   )r   r   r   r   next_update   s    z%CertificateRevocationList.next_updatec             C   s   dS )z?
        Returns the date of last update for this CRL.
        Nr   )r   r   r   r   last_update   s    z%CertificateRevocationList.last_updatec             C   s   dS )zS
        Returns an Extensions object containing a list of CRL extensions.
        Nr   )r   r   r   r   r!     s    z$CertificateRevocationList.extensionsc             C   s   dS )z.
        Returns the signature bytes.
        Nr   )r   r   r   r   rB   
  s    z#CertificateRevocationList.signaturec             C   s   dS )zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        Nr   )r   r   r   r   tbs_certlist_bytes  s    z,CertificateRevocationList.tbs_certlist_bytes)rD   r)   c             C   s   dS )z"
        Checks equality.
        Nr   )r   rD   r   r   r   rE     s    z CertificateRevocationList.__eq__c             C   s   dS )z#
        Checks not equal.
        Nr   )r   rD   r   r   r   rF     s    z CertificateRevocationList.__ne__c             C   s   dS )z<
        Number of revoked certificates in the CRL.
        Nr   )r   r   r   r   __len__"  s    z!CertificateRevocationList.__len__c             C   s   dS )zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nr   )r   idxr   r   r   __getitem__(  s    z%CertificateRevocationList.__getitem__c             C   s   dS )z8
        Iterator over the revoked certificates
        Nr   )r   r   r   r   __iter__.  s    z"CertificateRevocationList.__iter__)r;   r)   c             C   s   dS )zQ
        Verifies signature of revocation list against given public key.
        Nr   )r   r;   r   r   r   is_signature_valid4  s    z,CertificateRevocationList.is_signature_validN)'r   r   r   rJ   rK   r   rT   rM   rI   r   rL   r8   rO   rP   rQ   rV   rY   rN   r@   r   rA   r   r>   r,   rZ   r[   r   r!   rB   r\   rR   rS   rE   rF   r]   r_   r`   r   ra   r   r   r   r   rX      sB   rX   c               @   s  e Zd ZejeedddZejeedddZeje	dddZ
ejedd	d
ZejedddZejejdddZejedddZejedddZejejedddZejedddZejedddZejedddZejeedddZdS ) CertificateSigningRequest)rD   r)   c             C   s   dS )z"
        Checks equality.
        Nr   )r   rD   r   r   r   rE   <  s    z CertificateSigningRequest.__eq__c             C   s   dS )z#
        Checks not equal.
        Nr   )r   rD   r   r   r   rF   B  s    z CertificateSigningRequest.__ne__)r)   c             C   s   dS )z"
        Computes a hash.
        Nr   )r   r   r   r   rG   H  s    z"CertificateSigningRequest.__hash__c             C   s   dS )z(
        Returns the public key
        Nr   )r   r   r   r   r;   N  s    z$CertificateSigningRequest.public_keyc             C   s   dS )z2
        Returns the subject name object.
        Nr   )r   r   r   r   r?   T  s    z!CertificateSigningRequest.subjectc             C   s   dS )zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        Nr   )r   r   r   r   r@   Z  s    z2CertificateSigningRequest.signature_hash_algorithmc             C   s   dS )zJ
        Returns the ObjectIdentifier of the signature algorithm.
        Nr   )r   r   r   r   rA   a  s    z1CertificateSigningRequest.signature_algorithm_oidc             C   s   dS )z@
        Returns the extensions in the signing request.
        Nr   )r   r   r   r   r!   g  s    z$CertificateSigningRequest.extensions)rH   r)   c             C   s   dS )z;
        Encodes the request to PEM or DER format.
        Nr   )r   rH   r   r   r   rI   m  s    z&CertificateSigningRequest.public_bytesc             C   s   dS )z.
        Returns the signature bytes.
        Nr   )r   r   r   r   rB   s  s    z#CertificateSigningRequest.signaturec             C   s   dS )zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        Nr   )r   r   r   r   tbs_certrequest_bytesy  s    z/CertificateSigningRequest.tbs_certrequest_bytesc             C   s   dS )z8
        Verifies signature of signing request.
        Nr   )r   r   r   r   ra     s    z,CertificateSigningRequest.is_signature_valid)r   r)   c             C   s   dS )z:
        Get the attribute value for a given OID.
        Nr   )r   r   r   r   r   get_attribute_for_oid  s    z/CertificateSigningRequest.get_attribute_for_oidN)r   r   r   rJ   rK   rR   rS   rE   rF   rO   rG   r   r;   rN   r   r?   r   rL   r@   r   rA   r   r!   r   rT   rM   rI   rB   rc   ra   rd   r   r   r   r   rb   ;  s4   rb   )datar)   c             C   s   t |}|| S )N)r   load_pem_x509_certificate)re   backendr   r   r   rf     s    rf   c             C   s   t |}|| S )N)r   load_der_x509_certificate)re   rg   r   r   r   rh     s    rh   c             C   s   t |}|| S )N)r   load_pem_x509_csr)re   rg   r   r   r   ri     s    ri   c             C   s   t |}|| S )N)r   load_der_x509_csr)re   rg   r   r   r   rj     s    rj   c             C   s   t |}|| S )N)r   load_pem_x509_crl)re   rg   r   r   r   rk     s    rk   c             C   s   t |}|| S )N)r   load_der_x509_crl)re   rg   r   r   r   rl     s    rl   c               @   s`   e Zd Zdg g fddZedddZeeddd	Ze	e
d
ddZdeejedddZdS ) CertificateSigningRequestBuilderNc             C   s   || _ || _|| _dS )zB
        Creates an empty X.509 certificate request (v1).
        N)_subject_name_extensions_attributes)r   subject_namer!   r%   r   r   r   r     s    z)CertificateSigningRequestBuilder.__init__)namec             C   s4   t |tstd| jdk	r$tdt|| j| jS )zF
        Sets the certificate requestor's distinguished name.
        zExpecting x509.Name object.Nz&The subject name may only be set once.)
isinstancer   	TypeErrorrn   r"   rm   ro   rp   )r   rr   r   r   r   rq     s    

z-CertificateSigningRequestBuilder.subject_name)extvalcriticalc             C   sD   t |tstdt|j||}t|| j t| j| j|g | j	S )zE
        Adds an X.509 extension to the certificate request.
        z"extension must be an ExtensionType)
rs   r   rt   r   r   r$   ro   rm   rn   rp   )r   ru   rv   r    r   r   r   add_extension  s    

z.CertificateSigningRequestBuilder.add_extension)r   valuec             C   sL   t |tstdt |ts$tdt|| j t| j| j| j||fg S )zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytes)	rs   r   rt   rM   r'   rp   rm   rn   ro   )r   r   rx   r   r   r   add_attribute  s    

z.CertificateSigningRequestBuilder.add_attribute)private_keyr7   r)   c             C   s(   t |}| jdkrtd|| ||S )zF
        Signs the request using the requestor's private key.
        Nz/A CertificateSigningRequest must have a subject)r   rn   r"   Zcreate_x509_csr)r   rz   r7   rg   r   r   r   sign  s    	
z%CertificateSigningRequestBuilder.sign)N)r   r   r   r   r   rq   r   rS   rw   r   rM   ry   r   r   rL   rb   r{   r   r   r   r   rm     s   rm   c               @   s   e Zd Zddddddg fddZedddZedddZed	d
dZe	dddZ
ejdddZejdddZeedddZdeejedddZdS )CertificateBuilderNc             C   s6   t j| _|| _|| _|| _|| _|| _|| _|| _	d S )N)
r1   r3   _version_issuer_namern   _public_key_serial_number_not_valid_before_not_valid_afterro   )r   issuer_namerq   r;   r9   r<   r=   r!   r   r   r   r     s    
zCertificateBuilder.__init__)rr   c             C   sD   t |tstd| jdk	r$tdt|| j| j| j| j	| j
| jS )z3
        Sets the CA's distinguished name.
        zExpecting x509.Name object.Nz%The issuer name may only be set once.)rs   r   rt   r~   r"   r|   rn   r   r   r   r   ro   )r   rr   r   r   r   r     s    

zCertificateBuilder.issuer_namec             C   sD   t |tstd| jdk	r$tdt| j|| j| j| j	| j
| jS )z:
        Sets the requestor's distinguished name.
        zExpecting x509.Name object.Nz&The subject name may only be set once.)rs   r   rt   rn   r"   r|   r~   r   r   r   r   ro   )r   rr   r   r   r   rq     s    

zCertificateBuilder.subject_name)keyc             C   sX   t |tjtjtjtjt	j
fs&td| jdk	r8tdt| j| j|| j| j| j| jS )zT
        Sets the requestor's public key (as found in the signing request).
        zhExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey or Ed448PublicKey.Nz$The public key may only be set once.)rs   r   ZDSAPublicKeyr   ZRSAPublicKeyr	   ZEllipticCurvePublicKeyr
   ZEd25519PublicKeyr   ZEd448PublicKeyrt   r   r"   r|   r~   rn   r   r   r   ro   )r   r   r   r   r   r;   )  s&    

zCertificateBuilder.public_key)numberc             C   sh   t |tstd| jdk	r$td|dkr4td| dkrHtdt| j| j| j	|| j
| j| jS )z5
        Sets the certificate serial number.
        z'Serial number must be of integral type.Nz'The serial number may only be set once.r   z%The serial number should be positive.   z3The serial number should not be more than 159 bits.)rs   rO   rt   r   r"   
bit_lengthr|   r~   rn   r   r   r   ro   )r   r   r   r   r   r9   K  s"    

z CertificateBuilder.serial_number)r(   c             C   sz   t |tjstd| jdk	r&tdt|}|tk r>td| jdk	rZ|| jkrZtdt| j	| j
| j| j|| j| jS )z7
        Sets the certificate activation time.
        zExpecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rs   r,   rt   r   r"   r0   _EARLIEST_UTC_TIMEr   r|   r~   rn   r   r   ro   )r   r(   r   r   r   r<   f  s&    
z#CertificateBuilder.not_valid_beforec             C   sz   t |tjstd| jdk	r&tdt|}|tk r>td| jdk	rZ|| jk rZtdt| j	| j
| j| j| j|| jS )z7
        Sets the certificate expiration time.
        zExpecting datetime object.Nz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rs   r,   rt   r   r"   r0   r   r   r|   r~   rn   r   r   ro   )r   r(   r   r   r   r=     s(    


z"CertificateBuilder.not_valid_after)ru   rv   c          	   C   sT   t |tstdt|j||}t|| j t| j| j	| j
| j| j| j| j|g S )z=
        Adds an X.509 extension to the certificate.
        z"extension must be an ExtensionType)rs   r   rt   r   r   r$   ro   r|   r~   rn   r   r   r   r   )r   ru   rv   r    r   r   r   rw     s    
z CertificateBuilder.add_extension)rz   r7   r)   c             C   s   t |}| jdkrtd| jdkr,td| jdkr>td| jdkrPtd| jdkrbtd| jdkrttd|| ||S )zC
        Signs the certificate using the CA's private key.
        Nz&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public key)	r   rn   r"   r~   r   r   r   r   Zcreate_x509_certificate)r   rz   r7   rg   r   r   r   r{     s    	





zCertificateBuilder.sign)N)r   r   r   r   r   r   rq   r   r;   rO   r9   r,   r<   r=   r   rS   rw   r   r   rL   r6   r{   r   r   r   r   r|     s      r|   c               @   s   e Zd Zdddg g fddZedddZejddd	Zejd
ddZe	e
dddZedddZdeejedddZdS ) CertificateRevocationListBuilderNc             C   s"   || _ || _|| _|| _|| _d S )N)r~   _last_update_next_updatero   _revoked_certificates)r   r   r[   rZ   r!   Zrevoked_certificatesr   r   r   r     s
    z)CertificateRevocationListBuilder.__init__)r   c             C   s<   t |tstd| jd k	r$tdt|| j| j| j| j	S )NzExpecting x509.Name object.z%The issuer name may only be set once.)
rs   r   rt   r~   r"   r   r   r   ro   r   )r   r   r   r   r   r     s    

z,CertificateRevocationListBuilder.issuer_name)r[   c             C   sr   t |tjstd| jd k	r&tdt|}|tk r>td| jd k	rZ|| jkrZtdt| j	|| j| j
| jS )NzExpecting datetime object.z!Last update may only be set once.z8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rs   r,   rt   r   r"   r0   r   r   r   r~   ro   r   )r   r[   r   r   r   r[     s"    
z,CertificateRevocationListBuilder.last_update)rZ   c             C   sr   t |tjstd| jd k	r&tdt|}|tk r>td| jd k	rZ|| jk rZtdt| j	| j|| j
| jS )NzExpecting datetime object.z!Last update may only be set once.z8The last update date must be on or after 1950 January 1.z8The next update date must be after the last update date.)rs   r,   rt   r   r"   r0   r   r   r   r~   ro   r   )r   rZ   r   r   r   rZ     s"    
z,CertificateRevocationListBuilder.next_update)ru   rv   c             C   sL   t |tstdt|j||}t|| j t| j| j	| j
| j|g | jS )zM
        Adds an X.509 extension to the certificate revocation list.
        z"extension must be an ExtensionType)rs   r   rt   r   r   r$   ro   r   r~   r   r   r   )r   ru   rv   r    r   r   r   rw     s    

z.CertificateRevocationListBuilder.add_extension)revoked_certificatec             C   s2   t |tstdt| j| j| j| j| j|g S )z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rs   rV   rt   r   r~   r   r   ro   r   )r   r   r   r   r   add_revoked_certificate/  s    
z8CertificateRevocationListBuilder.add_revoked_certificate)rz   r7   r)   c             C   sL   t |}| jd krtd| jd kr,td| jd kr>td|| ||S )NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update time)r   r~   r"   r   r   Zcreate_x509_crl)r   rz   r7   rg   r   r   r   r{   >  s    


z%CertificateRevocationListBuilder.sign)N)r   r   r   r   r   r   r,   r[   rZ   r   rS   rw   rV   r   r   r   rL   rX   r{   r   r   r   r   r     s   r   c               @   sZ   e Zd Zddg fddZedddZejddd	Zee	d
ddZ
dedddZdS )RevokedCertificateBuilderNc             C   s   || _ || _|| _d S )N)r   _revocation_datero   )r   r9   rW   r!   r   r   r   r   R  s    z"RevokedCertificateBuilder.__init__)r   c             C   sX   t |tstd| jd k	r$td|dkr4td| dkrHtdt|| j| jS )Nz'Serial number must be of integral type.z'The serial number may only be set once.r   z$The serial number should be positiver   z3The serial number should not be more than 159 bits.)	rs   rO   rt   r   r"   r   r   r   ro   )r   r   r   r   r   r9   Y  s    

z'RevokedCertificateBuilder.serial_number)r(   c             C   sN   t |tjstd| jd k	r&tdt|}|tk r>tdt| j|| j	S )NzExpecting datetime object.z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rs   r,   rt   r   r"   r0   r   r   r   ro   )r   r(   r   r   r   rW   k  s    
z)RevokedCertificateBuilder.revocation_date)ru   rv   c             C   sD   t |tstdt|j||}t|| j t| j| j	| j|g S )Nz"extension must be an ExtensionType)
rs   r   rt   r   r   r$   ro   r   r   r   )r   ru   rv   r    r   r   r   rw   y  s    
z'RevokedCertificateBuilder.add_extension)r)   c             C   s6   t |}| jd krtd| jd kr,td|| S )Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r   r   r"   r   Zcreate_x509_revoked_certificate)r   rg   r   r   r   build  s    

zRevokedCertificateBuilder.build)N)r   r   r   r   rO   r9   r,   rW   r   rS   rw   rV   r   r   r   r   r   r   Q  s
   r   )r)   c               C   s   t tddd? S )N   bigr   )rO   
from_bytesosurandomr   r   r   r   random_serial_number  s    r   )N)N)N)N)N)N)9rJ   r,   r   rP   enumr   Zcryptography.hazmat._typesr   r   Zcryptography.hazmat.backendsr   Zcryptography.hazmat.primitivesr   r   Z)cryptography.hazmat.primitives.asymmetricr   r	   r
   r   r   Zcryptography.x509.extensionsr   r   r   Zcryptography.x509.namer   Zcryptography.x509.oidr   r   	Exceptionr   Listr$   TuplerM   r'   r0   r1   r4   ABCMetar6   rV   rX   rb   rf   rh   ri   rj   rk   rl   rR   rm   r|   r   r   rO   r   r   r   r   r   <module>   sF   	klRF f{@