HEX

File: //usr/local/CyberCP/lib/python3.10/site-packages/asyncssh/crypto/__pycache__/x509.cpython-310.pyc
o

�h<�@srdZddlmZmZddlZddlZddlmZmZmZm	Z	m
Z
mZmZddl
mZddl
mZddlmZddlmZd	d
lmZmZmZd	dlmZdd
lmZmZmZmZedeefZ eee	efZ!edee	efZ"ede
ej#fZ$eej%Z&eeej'eej(fZ)ej*j+ej*j,e�#d�e�#d�d�Z-dZ.e�#d�Z/e�0dej1�j2dd�Z3e�0dej1�Z4ej5dkr�ej6j2dej1d�Z7nej6j2ej1d�Z7de8defdd�Z9de"de$fdd�Z:d e!de&fd!d"�Z;d e!de&fd#d$�Z<Gd%d&�d&ej'�Z=Gd'd(�d(�Z>Gd)d*�d*�Z?d+ed,ed-e)d.ee)d/ee8d0e8d1e8d2e@d3ee8de"d4e!d5e!d6ed7e de?fd8d9�ZAd:ede?fd;d<�ZBdS)=�7A shim around PyCA and PyOpenSSL for X.509 certificates�)�datetime�timezoneN)�Iterable�List�Optional�Sequence�Set�Union�cast)�Encoding)�PublicFormat)�x509)�crypto�)�	IA5String�
der_decode�
der_encode)�
ip_address�)�PyCAKey�PyCAPrivateKey�
PyCAPublicKey�hashesz1.3.6.1.5.5.7.3.21z1.3.6.1.5.5.7.3.22)�
serverAuth�
clientAuth�secureShellClient�secureShellServerz2.5.29.37.0z2.16.840.1.113730.1.13)�microsecondi����win32i�)�year�tzinfo)r!�t�returncCsp|dkrtSzt�|tj�WSttfy7zt�t��dtj�tWYSttfy6t	YYSww)z'Convert a timestamp value to a datetimerr)
�
_datetime_minr�
fromtimestampr�utc�OSError�
OverflowError�
_datetime_max�	timestamp�_datetime_32bit_max)r"�r,�G/usr/local/CyberCP/lib/python3.10/site-packages/asyncssh/crypto/x509.py�_to_generalized_timeEs�
��r.�purposescCsLt|t�rdd�|�d�D�}|rd|vst|vrd}|Sdd�|D�}|S)z*Convert a list of purposes to purpose OIDscS�g|]}|���qSr,��strip��.0�pr,r,r-�
<listcomp>\�z$_to_purpose_oids.<locals>.<listcomp>�,�anyNcSs h|]}t�|�p
t�|��qSr,)�_purpose_to_oid�getr�ObjectIdentifierr3r,r,r-�	<setcomp>as�z#_to_purpose_oids.<locals>.<setcomp>)�
isinstance�str�split�_purpose_any)r/�purpose_oidsr,r,r-�_to_purpose_oidsXs
��rC�
principalscCs,t|t�rdd�|�d�D�}dd�|D�S)z*Encode user principals as e-mail addressescSr0r,r1r3r,r,r-r6kr7z+_encode_user_principals.<locals>.<listcomp>r8cSsg|]}t�|��qSr,)r�
RFC822Name�r4�namer,r,r-r6m�)r>r?r@�rDr,r,r-�_encode_user_principalsgs
rJcsDdtdtjfdd��t|t�rdd�|�d�D�}�fdd�|D�S)	z3Encode host principals as DNS names or IP addressesrGr#cSs.zt�t|��WStyt�|�YSw)z3Encode a host principal as a DNS name or IP address)r�	IPAddressr�
ValueError�DNSName)rGr,r,r-�_encode_hostss
�z-_encode_host_principals.<locals>._encode_hostcSr0r,r1r3r,r,r-r6|r7z+_encode_host_principals.<locals>.<listcomp>r8csg|]}�|��qSr,r,rF�rNr,r-r6~r7)r?r�GeneralNamer>r@rIr,rOr-�_encode_host_principalsps
rQcs$eZdZdZe�d�Ze�d�Ze�d�Ze�d�Z	de
jjfde
jj
fde
jjfd	e
jjfd
e
jjfde
jjfde
jjffZee�Zd
d�eD�Zdef�fdd�Zdefdd�Zde
jdefdd�Zde
jdefdd�Zdedee
jfdd�Z dede
jfdd�Z!dede
jfd d!�Z"�Z#S)"�X509Namez0A shim around PyCA for X.509 distinguished namesz([,+\\])z
\\([,+\\])z(?:[^+\\]+|\\.)+z(?:[^,\\]+|\\.)+�C�ST�L�O�OU�CN�DCcCsi|]\}}||�qSr,r,)r4�k�vr,r,r-�
<dictcomp>�rHzX509Name.<dictcomp>rGcs>t|t�r|�|�}nt|tj�r|j}n|}t��|�dS�N)r>r?�_parse_namer�Name�rdns�super�__init__)�selfrGr`��	__class__r,r-rb�s
zX509Name.__init__r#csd��fdd��jD��S)Nr8c3��|]}��|�VqdSr])�_format_rdn�r4�rdn�rcr,r-�	<genexpr>���z#X509Name.__str__.<locals>.<genexpr>)�joinr`rjr,rjr-�__str__�szX509Name.__str__ricsd�t�fdd�|D���S)z5Format an X.509 RelativeDistinguishedName as a string�+c3rfr])�_format_attr)r4�nameattrrjr,r-rk�rlz'X509Name._format_rdn.<locals>.<genexpr>)rm�sorted�rcrir,rjr-rg�szX509Name._format_rdnrqcCs4|j�|j�p
|jj}|d|j�dtt|j��S)z)Format an X.509 NameAttribute as a string�=z\\\1)	�	_from_oidr;�oid�
dotted_string�_escape�subrr?�value)rcrq�attrr,r,r-rp�szX509Name._format_attrcs�fdd��j�|�D�S)z!Parse an X.509 distinguished namecsg|]}��|��qSr,)�
_parse_rdnrhrjr,r-r6�rHz(X509Name._parse_name.<locals>.<listcomp>)�_split_name�findall�rcrGr,rjr-r^�szX509Name._parse_namecs t��fdd��j�|�D��S)z*Parse an X.509 relative distinguished namec3rfr])�_parse_nameattr)r4�avrjr,r-rk�s�

�z&X509Name._parse_rdn.<locals>.<genexpr>)r�RelativeDistinguishedName�
_split_rdnr~rsr,rjr-r|�s
�zX509Name._parse_rdnr�cCs�z
|�dd�\}}Wntytd|�d�wz|��}|j�|�p(t�|�}Wnty8td|�d�wt�||j�	d|��S)z(Parse an X.509 name attribute/value pairrtrzInvalid X.509 name attribute: NzUnknown X.509 attribute: z\1)
r@rLr2�_to_oidr;rr<�
NameAttribute�	_unescapery)rcr�r{rzrvr,r,r-r��s��zX509Name._parse_nameattr)$�__name__�
__module__�__qualname__�__doc__�re�compilerxr�r�r}r�NameOID�COUNTRY_NAME�STATE_OR_PROVINCE_NAME�
LOCALITY_NAME�ORGANIZATION_NAME�ORGANIZATIONAL_UNIT_NAME�COMMON_NAME�DOMAIN_COMPONENT�_attrs�dictr�ru�	_NameInitrbr?rnr�rgr�rprr^r|r��
__classcell__r,r,rdr-rR�s2










�	

�rRc@sPeZdZdZdefdd�Zdedefdd�Zde	fd	d
�Z
dedefdd
�ZdS)�X509NamePatternzMatch X.509 distinguished names�patterncCsB|�d�rt|dd��|_t|jj�|_dSt|�|_d|_dS)Nz,*���)�endswithrR�_pattern�lenr`�_prefix_len)rcr�r,r,r-rb�s



zX509NamePattern.__init__�otherr#cCs&t|t�stS|j|jko|j|jkSr])r>r��NotImplementedr�r��rcr�r,r,r-�__eq__�s


�zX509NamePattern.__eq__cCst|j|jf�Sr])�hashr�r�rjr,r,r-�__hash__�szX509NamePattern.__hash__rGcCs|jj|jd|j�kS)z1Return whether an X.509 name matches this patternN)r�r`r�rr,r,r-�matches�szX509NamePattern.matchesN)
r�r�r�r�r?rb�object�boolr��intr�rRr�r,r,r,r-r��s
r�c
@sfeZdZdZdejdefdd�Zdede	fdd	�Z
defd
d�Zde
dd
edededdf
dd�ZdS)�X509Certificater�cert�datacCs�||_t|j�|_t|j�|_|���tjtj	�|_
tj�
|�|_t|j�����dd�|_t|j�����dd�|_z
t|j�tj�j�|_Wn
tjyWd|_Ynwz#|j�tj�j}|�tj�|_ |�tj!�dd�|�tj"�D�|_#Wntjy�|j�$tj%j&�}dd�|D�}||_ ||_#Ynwz|j�'t(�}t)tj*|j�j}t)t+t,|��j|_-WdStjy�d|_-YdSw)NrcSsg|]}t|��qSr,)r?)r4�ipr,r,r-r6r7z,X509Certificate.__init__.<locals>.<listcomp>cSsg|]}tt|j��qSr,)rr?rz)r4r{r,r,r-r6s).r�rR�subject�issuer�
public_key�public_bytesr�DERr
�SubjectPublicKeyInfo�key_datar�X509�from_cryptography�openssl_cert�hex�get_subjectr��subject_hash�
get_issuer�issuer_hash�set�
extensions�get_extension_for_classr�ExtendedKeyUsagerzr/�ExtensionNotFound�SubjectAlternativeName�get_values_for_typerE�user_principalsrMrK�host_principals�get_attributes_for_oidr�r��get_extension_for_oid�_nscomment_oidr�UnrecognizedExtensionrr�comment)rcr�r��sans�cnrDr��comment_derr,r,r-rb�sV����
���

�
�
��zX509Certificate.__init__r�r#cCst|t�stS|j|jkSr])r>r�r�r�r�r,r,r-r�s
zX509Certificate.__eq__cCs
t|j�Sr])r�r�rjr,r,r-r�s
zX509Certificate.__hash__�trust_storer/�user_principal�host_principalNc

Cs�t|�}|r|jr||j@std��|r||jvrtd��|r(||jvr(td��t��}|D]}|�|j�q.zt�	||jd�}|�
�WdStjy[}	ztd|	���d�d}	~	ww)zValidate an X.509 certificatezCertificate purpose mismatchz#Certificate user principal mismatchz#Certificate host principal mismatchNzX.509 chain validation error: )rCr/rLr�r�r�	X509Store�add_certr��X509StoreContext�verify_certificate�X509StoreContextError)
rcr�r/r�r�rB�
x509_store�c�x509_ctx�excr,r,r-�validates&
���zX509Certificate.validate)r�r�r�r�r�Certificate�bytesrbr�r�r�r�r�r�	_Purposesr?r�r,r,r,r-r��s)
����r��signing_key�keyr�r��serial�valid_after�valid_before�ca�ca_path_lenr�r��	hash_namer�cCs.t��}t|�}|rt|�n|}||k}|�|�}|�|�}|dur&t��}|�|�}|�t|��}|�	t|��}|�
tt|��}|rYtj
d|d�}tjdddddddddd�	}ntj
ddd�}tjdddddddddd�	}|j|dd�}|sy|s�|j|dd�}t|	�}|r�|jt�|�dd�}tj�tt|��}|j|dd�}|s�tt|��
�}tj�|�}|j|dd�}t|
�t|�}|r�|jt�|�dd�}|
r�t|
t�r�|
�d�}n|
}tt|��}|jt�t |�dd�}z|r�t!|�nd}Wn
t"�yt#d�d�w|�$tt|�|�}|�%t&j'�}t(||�S)	z Generate a new X.509 certificateNT)r��path_lengthF)	�digital_signature�content_commitment�key_encipherment�data_encipherment�
key_agreement�
key_cert_sign�crl_sign�
encipher_only�
decipher_only)�criticalzutf-8zUnknown hash algorithm))r�CertificateBuilderrR�subject_name�issuer_name�random_serial_number�
serial_number�not_valid_beforer.�not_valid_afterr�rr�BasicConstraints�KeyUsage�
add_extensionrCr��SubjectKeyIdentifier�from_public_keyr�AuthorityKeyIdentifier�from_issuer_public_keyrJrQr�r>r?�encoderrr�r�r�KeyErrorrL�signr�rr�r�)r�r�r�r�r�r�r�r�r�r/r�r�r�r��builder�self_signed�basic_constraints�	key_usagerB�skid�	issuer_pk�akidr��
comment_bytes�hash_algr�r�r,r,r-�generate_x509_certificate:s�


������

�
��
rr�cCst�|�}t||�S)z,Construct an X.509 certificate from DER data)r�load_der_x509_certificater�)r�r�r,r,r-�import_x509_certificate�s

r
)Cr�rrr��sys�typingrrrrr	r
r�,cryptography.hazmat.primitives.serializationrr
�cryptographyr�OpenSSLr�asn1rrr�miscrrrrrr�r?�_Comment�_Principalsr�r<�_PurposeOIDsrP�_GeneralNameListr_r�r��ExtendedKeyUsageOID�SERVER_AUTH�CLIENT_AUTHr:rAr�r%r&�replacer$r+�platform�maxr)r�r.rCrJrQrRr�r�r�rr
r,r,r,r-�<module>s�$
�

	I
R������������
�d