U [e} @sddlZddlZddlmZddlmZmZmZmZddl m Z ddl m Z ddl mZmZmZmZddZd d Zd d Zd dZddZddZddZddZGdddeZddZddZddZdd Zd!d"Z d#d$Z!d%d&Z"d'd(Z#d)d*Z$d+d,Z%d-d.Z&d/d0Z'd1d2Z(d3d4Z)d5d6Z*d7d8Z+d9d:Z,dZ-d;Z.dZ9d?d@Z:dAdBZ;dCdDZdIdJZ?dKdLZ@dMdNZAej0jBej0j1ej0j2ej0j3ej0j4ej0j5ej0j6ej0jCej0j7ej0j8dO ZDej0jBdej0j1d;ej0j2dPej0j3dQej0j4dRej0j5dSej0j6dTej0jCdUej0j7dVej0j8dWi ZEdXdYZFdZd[ZGd\d]ZHd^d_ZId`daZJdbdcZKdddeZLdfdgZMeNdhdidjZOdkdlZPdmdnZQdodpZRejSeejTeejUe$ejVe&ejWe,ejXe ejYe"ejZe#ej[eej\eej`e'ejae(ejbe+iZcejde@iZeejfeFejgeGejheHiZiejjeejkeejXe ej`e'ejYe"ejle*ej]e=iZmejneRiZoejneRiZpejqeAiZrdS)qN)x509) DERReaderINTEGERNULLSEQUENCE_TLS_FEATURE_TYPE_TO_ENUM)_ASN1_TYPE_TO_ENUM)CRLEntryExtensionOIDCertificatePoliciesOID ExtensionOIDOCSPExtensionOIDcCsd}|jd|}|j|||d}||dkrX|d}|jd|}|j|||d}||dk|j||ddS)NPzchar[]r)_ffinew_libZ OBJ_obj2txtopenssl_assertbufferdecode)backendobjbuf_lenbufresrr/var/www/html/services/stratfitenv/lib/python3.8/site-packages/cryptography/hazmat/backends/openssl/decode_asn1.py_obj2txts  rcCsn|j|}|||jjk|j|}|||jjkt||}t||}t|j }t t |||SN) rZX509_NAME_ENTRY_get_objectrrrZX509_NAME_ENTRY_get_data_asn1_string_to_utf8rr typerZ NameAttributeObjectIdentifier)rZx509_name_entryrdatavalueoidr rrr_decode_x509_name_entry-s     r%c Cs|j|}g}d}t|D]P}|j||}t||}|j|}||krZ||hn|d||}qt dd|DS)Ncss|]}t|VqdSr)rRelativeDistinguishedName).0Zrdnrrr Hsz$_decode_x509_name..) rZX509_NAME_entry_countrangeZX509_NAME_get_entryr%ZX509_NAME_ENTRY_setappendaddrName) rZ x509_namecount attributesZ prev_set_idxentry attributeZset_idrrr_decode_x509_name9s    r3cCsR|j|}g}t|D]4}|j||}|||jjk|t||q|Sr) rZsk_GENERAL_NAME_numr*Zsk_GENERAL_NAME_valuerrrr+_decode_general_name)rgnsnumnamesignrrr_decode_general_namesKs  r:c Cs|j|jjkr.t||jjd}tj |S|j|jj kr\t||jj d}tj |S|j|jj krt||jj}tt|S|j|jjkrbt||jj}t|}|dks|dkrNt|d|d}t||dd}tt|dd}|d}|dkrt|}d||dkr6tdt|jd |} n t|} t| S|j|jjkrt t!||jj"S|j|jj#krt||jj$d}tj% |S|j|jj&krt||jj'j(} t)||jj'j*} t+t| | St,d tj-.|j|j|jdS) Nutf8 0r&1zInvalid netmaskz/{}z{} is not a supported type)/r rZGEN_DNS_asn1_string_to_bytesdZdNSNamerrZDNSNameZ_init_without_validationZGEN_URIZuniformResourceIdentifierZUniformResourceIdentifierZGEN_RIDrZ registeredIDZ RegisteredIDr!Z GEN_IPADDZ iPAddresslen ipaddress ip_addressbinintfind ValueError ip_networkexplodedformatZ IPAddressZ GEN_DIRNAMEZ DirectoryNamer3Z directoryNameZ GEN_EMAILZ rfc822NameZ RFC822NameZ GEN_OTHERNAMEZ otherNametype_id _asn1_to_derr#Z OtherNameZUnsupportedGeneralNameTypeZ_GENERAL_NAMESget) rr9r"r$data_lenbasenetmaskbitsprefixiprMr#rrrr4Vs\        r4cCstSr)rZ OCSPNoCheckrextrrr_decode_ocsp_no_checksrXcCs0|jd|}|j||jj}tt||SNzASN1_INTEGER *)rcastgcrASN1_INTEGER_freerZ CRLNumber_asn1_integer_to_intrrWasn1_intrrr_decode_crl_numbersr`cCs0|jd|}|j||jj}tt||SrY)rrZr[rr\rZDeltaCRLIndicatorr]r^rrr_decode_delta_crl_indicatorsrac@seZdZddZddZdS)_X509ExtensionParsercCs||_||_||_||_dSr) ext_countget_exthandlers_backend)selfrrcrdrerrr__init__sz_X509ExtensionParser.__init__c Csfg}t}t||D]@}|||}|j||jjjk|jj |}|dk}t t |j|jj |}||krt d|||tjkr|jj|} t|j| } t| t} g} | s| | tqt dd| D} |t ||| ||qn\|tjkrt|jj|} tt|j| }|t |t ||t !||qz|j"|}Wnvt#k r|jj|} |j| |jjjk|jj$| j%| j&dd}t '||}|t |||YnXX|jj(|}||jjjkr0|j)t*d|||j|} |t ||| ||qt +|S)NrzDuplicate {} extension foundcSsg|] }t|qSrr)r(r0rrr sz._X509ExtensionParser.parse..z/The {} extension is invalid and can't be parsed),setr*rcrdrfrrrrZX509_EXTENSION_get_criticalrr!rZX509_EXTENSION_get_objectZDuplicateExtensionrLr Z TLS_FEATUREZX509_EXTENSION_get_datarArZread_single_elementrZis_emptyr+Z read_elementrZ as_integerZ TLSFeature Extensionr,ZPRECERT_POISONZ check_emptyZ PrecertPoisonreKeyErrorrr"lengthZUnrecognizedExtensionZX509V3_EXT_d2iZ_consume_errorsrIZ Extensions)rgZx509_obj extensionsZ seen_oidsr8rWcritcriticalr$r"Z data_bytesfeaturesparsedr#readerhandlerZderZ unrecognizedZext_datarrrparsesx            z_X509ExtensionParser.parseN)__name__ __module__ __qualname__rhrurrrrrbsrbcCs4|jd|}|j||jj}|j|}g}t|D]}d}|j||}t t ||j }|j |jj kr|j|j }g}t|D]} |j|j | } t t || j} | tjkr|j| jjj| jjjddd} || q| tjkstt|| jj} || q|t||q8t|S)Nz"Cryptography_STACK_OF_POLICYINFO *ascii) rrZr[rZCERTIFICATEPOLICIES_freeZsk_POLICYINFO_numr*Zsk_POLICYINFO_valuerr!rZpolicyid qualifiersrZsk_POLICYQUALINFO_numZsk_POLICYQUALINFO_valuepqualidr Z CPS_QUALIFIERrrBcpsurir"rmrr+ZCPS_USER_NOTICEAssertionError_decode_user_noticeZ usernoticeZPolicyInformationZCertificatePolicies)rcpr6Zcertificate_policiesr8rzpir$ZqnumjZpqir{r|Z user_noticerrr_decode_certificate_policiess<       rc Csd}d}|j|jjkr"t||j}|j|jjkrt||jj}|j|jj}g}t |D]*}|j |jj|}t ||} | | qZt ||}t ||Sr)ZexptextrrrZ noticeref organizationrZsk_ASN1_INTEGER_numZ noticenosr*Zsk_ASN1_INTEGER_valuer]r+rZNoticeReferenceZ UserNotice) runZ explicit_textZnotice_referencerr6Znotice_numbersr8r_Z notice_numrrrr~&s"     r~cCsB|jd|}|j||jj}|jdk}t||j}t ||S)NzBASIC_CONSTRAINTS *) rrZr[rZBASIC_CONSTRAINTS_freeca_asn1_integer_to_int_or_nonepathlenrZBasicConstraints)rZbc_stZbasic_constraintsrZ path_lengthrrr_decode_basic_constraints>s rcCs@|jd|}|j||jj}t|j|j|j ddSNzASN1_OCTET_STRING *) rrZr[rASN1_OCTET_STRING_freerZSubjectKeyIdentifierrr"rmr asn1_stringrrr_decode_subject_key_identifierNsrcCs|jd|}|j||jj}d}d}|j|jjkrT|j|jj|jj dd}|j |jjkrnt ||j }t ||j }t|||S)NzAUTHORITY_KEYID *)rrZr[rZAUTHORITY_KEYID_freeZkeyidrrr"rmZissuerr:rserialrZAuthorityKeyIdentifier)rZakidZkey_identifierZauthority_cert_issuerZauthority_cert_serial_numberrrr _decode_authority_key_identifierXs(  rcsjd|}j|fdd}j|}g}t|D]j}j||}|jjj kt t |j}|j jj kt|j }|t ||q<|S)Nz*Cryptography_STACK_OF_ACCESS_DESCRIPTION *csj|jjjdS)NZACCESS_DESCRIPTION_free)rZsk_ACCESS_DESCRIPTION_pop_freerZ addressofZ _original_lib)r0rrrss z,_decode_information_access..)rrZr[rZsk_ACCESS_DESCRIPTION_numr*Zsk_ACCESS_DESCRIPTION_valuermethodrrr!rlocationr4r+ZAccessDescription)riar6access_descriptionsr8adr$r9rrr_decode_information_accessos    rcCst||}t|Sr)rrZAuthorityInformationAccessrZaiarrrr$_decode_authority_information_accesss rcCst||}t|Sr)rrZSubjectInformationAccessrrrr"_decode_subject_information_accesss rc Cs|jd|}|j||jj}|jj}||ddk}||ddk}||ddk}||ddk}||ddk}||ddk}||ddk} ||d dk} ||d dk} t||||||| | | S) NzASN1_BIT_STRING *rrr>r<)rrZr[rZASN1_BIT_STRING_freeASN1_BIT_STRING_get_bitrZKeyUsage) rZ bit_stringZget_bitZdigital_signatureZcontent_commitmentZkey_enciphermentZdata_enciphermentZ key_agreementZ key_cert_signZcrl_signZ encipher_onlyZ decipher_onlyrrr_decode_key_usages.rcCs.|jd|}|j||jj}t||}|SNzGENERAL_NAMES *)rrZr[rGENERAL_NAMES_freer:rr5Z general_namesrrr_decode_general_names_extensions rcCstt||Sr)rZSubjectAlternativeNamerrVrrr_decode_subject_alt_namesrcCstt||Sr)rZIssuerAlternativeNamerrVrrr_decode_issuer_alt_namesrcCsF|jd|}|j||jj}t||j}t||j}tj ||dS)NzNAME_CONSTRAINTS *)Zpermitted_subtreesZexcluded_subtrees) rrZr[rZNAME_CONSTRAINTS_free_decode_general_subtreesZpermittedSubtreesZexcludedSubtreesrZNameConstraints)rncZ permittedexcludedrrr_decode_name_constraintss  rcCsh||jjkrdS|j|}g}t|D]:}|j||}|||jjkt||j}| |q(|Sr) rrrZsk_GENERAL_SUBTREE_numr*Zsk_GENERAL_SUBTREE_valuerr4rQr+)rZstack_subtreesr6Zsubtreesr8rnamerrrrs     rc Cs|jd|}|j||jj}|j|jjkr@t||j\}}nd}d}|jdk}|j dk}|j dk}|j dk}|j |jjkrt ||j }nd}t|||||||S)NzISSUING_DIST_POINT *r)rrZr[rZISSUING_DIST_POINT_free distpointr_decode_distpointZonlyuserZonlyCAZ indirectCRLZonlyattrZonlysomereasons_decode_reasonsrZIssuingDistributionPoint) rZidp full_name relative_nameZ only_userZonly_caZ indirect_crlZ only_attrZonly_some_reasonsrrr_decode_issuing_dist_points,    rcCsD|jd|}|j||jj}t||j}t||j}t ||S)NzPOLICY_CONSTRAINTS *) rrZr[rZPOLICY_CONSTRAINTS_freerZrequireExplicitPolicyZinhibitPolicyMappingrZPolicyConstraints)rZpcZrequire_explicit_policyZinhibit_policy_mappingrrr_decode_policy_constraintssrcCs|jd|}|j||jj}|j|}g}t|D]>}|j||}|||jj kt t ||}| |q8t |S)Nz#Cryptography_STACK_OF_ASN1_OBJECT *)rrZr[rZsk_ASN1_OBJECT_freeZsk_ASN1_OBJECT_numr*Zsk_ASN1_OBJECT_valuerrrr!rr+ZExtendedKeyUsage)rskr6Zekusr8rr$rrr_decode_extended_key_usages   rrc Cs|jd|}|j||jj}|j|}g}t|D]}d}d}d}d}|j||} | j|jj krtt || j}| j |jj krt || j }| j |jj krt|| j \}}|t||||q8|S)Nz"Cryptography_STACK_OF_DIST_POINT *)rrZr[rZCRL_DIST_POINTS_freeZsk_DIST_POINT_numr*Zsk_DIST_POINT_valuereasonsrrZ CRLissuerr:rrr+rZDistributionPoint) rcdpsr6 dist_pointsr8rrZ crl_issuerrZcdprrr_decode_dist_pointss8    r)rr>rrrrrr<cCs6g}tD] \}}|j||r ||q t|Sr)_REASON_BIT_MAPPINGitemsrrr+ frozenset)rrZ enum_reasonsZ bit_positionreasonrrrrPs  rc Cs|jtkr t||jj}|dfS|jj}|j|}t}t |D]4}|j ||}| ||j j k|t||qBt|}d|fSr)r _DISTPOINT_TYPE_FULLNAMEr:rfullnameZ relativenamerZsk_X509_NAME_ENTRY_numrjr*Zsk_X509_NAME_ENTRY_valuerrrr,r%rr') rrrZrnsZrnumr/r8ZrnrrrrrZs     rcCst||}t|Sr)rrZCRLDistributionPointsrrrrrr_decode_crl_distribution_pointsss rcCst||}t|Sr)rrZ FreshestCRLrrrr_decode_freshest_crlxs rcCs4|jd|}|j||jj}t||}t|SrY)rrZr[rr\r]rZInhibitAnyPolicy)rr_Z skip_certsrrr_decode_inhibit_any_policy}s rcCsjddlm}|jd|}|j||jj}g}t|j|D]$}|j ||}| ||||q@|S)Nr)_SignedCertificateTimestampzCryptography_STACK_OF_SCT *) Z)cryptography.hazmat.backends.openssl.x509rrrZr[rZ SCT_LIST_freer*Z sk_SCT_numZ sk_SCT_valuer+)r asn1_sctsrZsctsr8Zsctrrr _decode_sctss rcCstt||Sr)rZ)PrecertificateSignedCertificateTimestampsrrrrrr-_decode_precert_signed_certificate_timestampssrcCstt||Sr)rZSignedCertificateTimestampsrrrrr%_decode_signed_certificate_timestampssr) rrr>rrrrr< r>rrrrr<rrcCsd|jd|}|j||jj}|j|}ztt|WSt k r^t d |YnXdS)NzASN1_ENUMERATED *zUnsupported reason code: {}) rrZr[rZASN1_ENUMERATED_freeZASN1_ENUMERATED_getrZ CRLReason_CRL_ENTRY_REASON_CODE_TO_ENUMrlrIrL)renumcoderrr_decode_crl_reasons rcCs0|jd|}|j||jj}tt||S)NzASN1_GENERALIZEDTIME *)rrZr[rASN1_GENERALIZEDTIME_freerZInvalidityDate_parse_asn1_generalized_time)rZinv_dategeneralized_timerrr_decode_invalidity_datesrcCs4|jd|}|j||jj}t||}t|Sr)rrZr[rrr:rZCertificateIssuerrrrr_decode_cert_issuers rcsnjd}j||}|dk|djjkj|fdd}j|d|ddS)Nunsigned char **rcsj|dSNrrZ OPENSSL_freerrrrrz_asn1_to_der..)rrrZ i2d_ASN1_TYPErrr[r)rZ asn1_typerrrrrrNs  rNcCs@|j||jj}|||jjk|j||jj}||Sr)rZASN1_INTEGER_to_BNrrrr[ZBN_freeZ _bn_to_int)rr_Zbnrrrr]sr]cCs||jjkrdSt||SdSr)rrr])rr_rrrrs rcCs|j|j|jddSr)rrr"rmrrrrrAsrAcCst||dS)Nry)rArrrrr_asn1_string_to_asciisr)returncs~jd}j||}|dkr2td|j|djjkj |fdd}j |d|dd dS)Nrr&z&Unsupported ASN1 string type. Type: {}rcsj|dSrrrrrrr rz&_asn1_string_to_utf8..r;) rrrZASN1_STRING_to_UTF8rIrLr rrr[rr)rrrrrrrrs   rcCs`|||jjk|j||jj}||jjkrDtdt|||j||jj }t ||S)Nz1Couldn't parse ASN.1 time as generalizedtime {!r}) rrrrZASN1_TIME_to_generalizedtimerIrLrAr[rr)rZ asn1_timerrrr_parse_asn1_times  rcCs"t||jd|}tj|dS)Nz ASN1_STRING *z %Y%m%d%H%M%SZ)rrrZdatetimestrptime)rrtimerrrr$s  rcCs0|jd|}|j||jj}tt||Sr)rrZr[rrrZ OCSPNoncerA)rnoncerrr _decode_nonce+sr)srrDZ cryptographyrZcryptography.hazmat._derrrrrZcryptography.x509.extensionsrZcryptography.x509.namer Zcryptography.x509.oidr r r r rr%r3r:r4rXr`raobjectrbrr~rrrrrrrrrrrrrrrrZ_DISTPOINT_TYPE_RELATIVENAMErZ ReasonFlagsZkey_compromiseZ ca_compromiseZaffiliation_changedZ supersededZcessation_of_operationZcertificate_holdZprivilege_withdrawnZ aa_compromiserrrrrrrrr unspecifiedZremove_from_crlrZ_CRL_ENTRY_REASON_ENUM_TO_CODErrrrNr]rrArstrrrrrZBASIC_CONSTRAINTSZSUBJECT_KEY_IDENTIFIERZ KEY_USAGEZSUBJECT_ALTERNATIVE_NAMEZEXTENDED_KEY_USAGEZAUTHORITY_KEY_IDENTIFIERZAUTHORITY_INFORMATION_ACCESSZSUBJECT_INFORMATION_ACCESSZCERTIFICATE_POLICIESZCRL_DISTRIBUTION_POINTSZ FRESHEST_CRLZ OCSP_NO_CHECKZINHIBIT_ANY_POLICYZISSUER_ALTERNATIVE_NAMEZNAME_CONSTRAINTSZPOLICY_CONSTRAINTSZ_EXTENSION_HANDLERS_BASEZ%PRECERT_SIGNED_CERTIFICATE_TIMESTAMPSZ_EXTENSION_HANDLERS_SCTZ CRL_REASONZINVALIDITY_DATEZCERTIFICATE_ISSUERZ_REVOKED_EXTENSION_HANDLERSZ CRL_NUMBERZDELTA_CRL_INDICATORZISSUING_DISTRIBUTION_POINTZ_CRL_EXTENSION_HANDLERSZNONCEZ_OCSP_REQ_EXTENSION_HANDLERSZ"_OCSP_BASICRESP_EXTENSION_HANDLERSZSIGNED_CERTIFICATE_TIMESTAMPSZ'_OCSP_SINGLERESP_EXTENSION_HANDLERS_SCTrrrrsF     NQ!  -