PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/snap/certbot/4557/lib/python3.12/site-packages/cryptography/x509/__pycache__/
Upload File :
Current File : //snap/certbot/4557/lib/python3.12/site-packages/cryptography/x509/__pycache__/base.cpython-312.pyc
�


N�gِ�	��ddlmZddlZddlZddlZddlZddlZddlmZddl	m
Zddlm
Z
mZddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZm Z dd	l!m"Z"m#Z#dd
l$m%Z%ejddd�Z&ejNe
jPe
jRe
jTe
jVe
jXe
jZe
j\e
j^fZ0Gd
�de1�Z2						d.d�Z3						d/d�Z4d0d�Z5Gd�d�Z6Gd�d�Z7Gd�dejp�Z9Gd�de1�Z:Gd�dejv��Z<e<j{ejx�Gd�dejv��Z>e>j{ej|�Gd�d e>�Z?Gd!�d"ejv��Z@e@j{ej��Gd#�d$ejv��ZAeAj{ej��ej�ZBej�ZCej�ZDej�ZEej�ZFej�ZGej�ZHGd%�d&�ZIGd'�d(�ZJGd)�d*�ZKGd+�d,�ZLd1d-�ZMy)2�)�annotationsN)�utils)�x509)�hashes�
serialization)�dsa�ec�ed448�ed25519�padding�rsa�x448�x25519)� CertificateIssuerPrivateKeyTypes�CertificateIssuerPublicKeyTypes�CertificatePublicKeyTypes)�	Extension�
Extensions�
ExtensionType�_make_sequence_methods)�Name�	_ASN1Type)�ObjectIdentifieri��c� ��eZdZd�fd�Z�xZS)�AttributeNotFoundc�2��t�|�|�||_y�N)�super�__init__�oid)�self�msgr!�	__class__s   ���/build/snapcraft-certbot-2c33630aaf29c47357e5a1683f659d3d/parts/certbot/install/lib/python3.12/site-packages/cryptography/x509/base.pyr zAttributeNotFound.__init__9s���
��������)r#�strr!r�return�None��__name__�
__module__�__qualname__r �
__classcell__�r$s@r%rr8s
����r&rc�Z�|D]&}|j|jk(s�td��y)Nz$This extension has already been set.)r!�
ValueError)�	extension�
extensions�es   r%�_reject_duplicate_extensionr5>s1��
�E���5�5�I�M�M�!��C�D�D�Er&c�:�|D]\}}}||k(s�
td��y)Nz$This attribute has already been set.)r1)r!�
attributes�attr_oid�_s    r%�_reject_duplicate_attributer:Hs.��
%�E���!�Q��s�?��C�D�D�Er&c��|j�=|j�}|r|ntj�}|j	d��|z
S|S)z�Normalizes a datetime to a naive datetime in UTC.

    time -- datetime to normalize. Assumed to be in UTC if not timezone
            aware.
    N��tzinfo)r=�	utcoffset�datetime�	timedelta�replace)�time�offsets  r%�_convert_to_naive_utc_timerDRsG���{�{�����!��!��x�'9�'9�';���|�|�4�|�(�6�1�1��r&c��eZdZejj
f							dd�Zed	d��Zed
d��Zdd�Z	dd�Z
d
d�Zy)�	Attributec�.�||_||_||_yr)�_oid�_value�_type)r"r!�valuerJs    r%r zAttribute.__init__as����	������
r&c��|jSr)rH�r"s r%r!z
Attribute.oidks���y�y�r&c��|jSr)rIrMs r%rKzAttribute.valueos���{�{�r&c�<�d|j�d|j�d�S)Nz<Attribute(oid=z, value=�)>)r!rKrMs r%�__repr__zAttribute.__repr__ss�� ����
�(�4�:�:�.��C�Cr&c���t|t�stS|j|jk(xr4|j|jk(xr|j
|j
k(Sr)�
isinstancerF�NotImplementedr!rKrJ�r"�others  r%�__eq__zAttribute.__eq__vsS���%��+�!�!�
�H�H��	�	�!�
*��
�
�e�k�k�)�
*��
�
�e�k�k�)�	
r&c�Z�t|j|j|jf�Sr)�hashr!rKrJrMs r%�__hash__zAttribute.__hash__�s ���T�X�X�t�z�z�4�:�:�6�7�7r&N)r!rrK�bytesrJ�intr(r)�r(r�r(r[�r(r'�rV�objectr(�bool�r(r\)r+r,r-r�
UTF8StringrKr �propertyr!rQrWrZ�r&r%rFrF`sv��
�)�)�/�/�	�
�����	�

����������D�
�8r&rFc�D�eZdZ				dd�Zed�\ZZZdd�Zdd�Z	y)	�
Attributesc�$�t|�|_yr)�list�_attributes)r"r7s  r%r zAttributes.__init__�s�� �
�+��r&rkc�"�d|j�d�S)Nz<Attributes(rP)rkrMs r%rQzAttributes.__repr__�s���d�.�.�/�r�2�2r&c�V�|D]}|j|k(s�|cStd|�d�|��)NzNo z attribute was found)r!r)r"r!�attrs   r%�get_attribute_for_oidz Attributes.get_attribute_for_oid�s:���	�D��x�x�3����	� �#�c�U�*>� ?��E�Er&N)r7ztyping.Iterable[Attribute]r(r)r_)r!rr(rF)
r+r,r-r r�__len__�__iter__�__getitem__rQrorfr&r%rhrh�s7��,�.�,�
�,�&<�M�%J�"�G�X�{�3�Fr&rhc��eZdZdZdZy)�Versionr�N)r+r,r-�v1�v3rfr&r%rtrt�s��	
�B�	
�Br&rtc� ��eZdZd�fd�Z�xZS)�InvalidVersionc�2��t�|�|�||_yr)rr �parsed_version)r"r#r{r$s   �r%r zInvalidVersion.__init__�s���
�����,��r&)r#r'r{r\r(r)r*r/s@r%ryry�s
���-�-r&ryc��eZdZejdd��Zeejdd���Zeejdd���Zejdd��Z	eejdd���Z
eejdd���Zeejdd���Zeejdd���Z
eejdd	���Zeejdd
���Zeejdd���Zeej		dd���Zeejdd
���Zeej		d d���Zeejd!d���Zeejd"d���Zeejd"d���Zeejd"d���Zejd#d��Zejdd��Zejd$d��Zejd%d��Zy)&�Certificatec��y�z4
        Returns bytes using digest passed.
        Nrf�r"�	algorithms  r%�fingerprintzCertificate.fingerprint���r&c��y)z3
        Returns certificate serial number
        NrfrMs r%�
serial_numberzCertificate.serial_number�r�r&c��y)z1
        Returns the certificate version
        NrfrMs r%�versionzCertificate.version�r�r&c��y�z(
        Returns the public key
        NrfrMs r%�
public_keyzCertificate.public_key�r�r&c��y)zA
        Returns the ObjectIdentifier of the public key.
        NrfrMs r%�public_key_algorithm_oidz$Certificate.public_key_algorithm_oid�r�r&c��y)z?
        Not before time (represented as UTC datetime)
        NrfrMs r%�not_valid_beforezCertificate.not_valid_before�r�r&c��y)zK
        Not before time (represented as a non-naive UTC datetime)
        NrfrMs r%�not_valid_before_utcz Certificate.not_valid_before_utc�r�r&c��y)z>
        Not after time (represented as UTC datetime)
        NrfrMs r%�not_valid_afterzCertificate.not_valid_after�r�r&c��y)zJ
        Not after time (represented as a non-naive UTC datetime)
        NrfrMs r%�not_valid_after_utczCertificate.not_valid_after_utc�r�r&c��y)z1
        Returns the issuer name object.
        NrfrMs r%�issuerzCertificate.issuer�r�r&c��y�z2
        Returns the subject name object.
        NrfrMs r%�subjectzCertificate.subject�r�r&c��y�zt
        Returns a HashAlgorithm corresponding to the type of the digest signed
        in the certificate.
        NrfrMs r%�signature_hash_algorithmz$Certificate.signature_hash_algorithm�r�r&c��y�zJ
        Returns the ObjectIdentifier of the signature algorithm.
        NrfrMs r%�signature_algorithm_oidz#Certificate.signature_algorithm_oid�r�r&c��y�z=
        Returns the signature algorithm parameters.
        NrfrMs r%�signature_algorithm_parametersz*Certificate.signature_algorithm_parametersr�r&c��y)z/
        Returns an Extensions object.
        NrfrMs r%r3zCertificate.extensions	r�r&c��y�z.
        Returns the signature bytes.
        NrfrMs r%�	signaturezCertificate.signaturer�r&c��y)zR
        Returns the tbsCertificate payload bytes as defined in RFC 5280.
        NrfrMs r%�tbs_certificate_bytesz!Certificate.tbs_certificate_bytesr�r&c��y)zh
        Returns the tbsCertificate payload bytes with the SCT list extension
        stripped.
        NrfrMs r%�tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytesr�r&c��y�z"
        Checks equality.
        NrfrUs  r%rWzCertificate.__eq__&r�r&c��y�z"
        Computes a hash.
        NrfrMs r%rZzCertificate.__hash__,r�r&c��y)zB
        Serializes the certificate to PEM or DER format.
        Nrf�r"�encodings  r%�public_byteszCertificate.public_bytes2r�r&c��y)z�
        This method verifies that certificate issuer name matches the
        issuer subject name and that the certificate is signed by the
        issuer's private key. No other validation is performed.
        Nrf)r"r�s  r%�verify_directly_issued_byz%Certificate.verify_directly_issued_by8r�r&N�r�zhashes.HashAlgorithmr(r[rc)r(rt�r(rr]�r(�datetime.datetime�r(r�r(zhashes.HashAlgorithm | None�r(z0None | padding.PSS | padding.PKCS1v15 | ec.ECDSA�r(rr^r`�r�zserialization.Encodingr(r[)r�r}r(r))r+r,r-�abc�abstractmethodr�rer�r�r�r�r�r�r�r�r�r�r�r�r�r3r�r�r�rWrZr�r�rfr&r%r}r}�s���������
��������
��������
	������
��������
��������
��������
��������
��������
��������
��������
�����	$�������������
�����	9�������������
��������
��������
��������	������
	������
	������
	�����r&r})�	metaclassc���eZdZeej
dd���Zeej
dd���Zeej
dd���Zeej
dd���Z	y)	�RevokedCertificatec��y)zG
        Returns the serial number of the revoked certificate.
        NrfrMs r%r�z RevokedCertificate.serial_numberFr�r&c��y)zH
        Returns the date of when this certificate was revoked.
        NrfrMs r%�revocation_datez"RevokedCertificate.revocation_dateMr�r&c��y)zl
        Returns the date of when this certificate was revoked as a non-naive
        UTC datetime.
        NrfrMs r%�revocation_date_utcz&RevokedCertificate.revocation_date_utcTr�r&c��y)zW
        Returns an Extensions object containing a list of Revoked extensions.
        NrfrMs r%r3zRevokedCertificate.extensions\r�r&Nrcr�r�)
r+r,r-rer�r�r�r�r�r3rfr&r%r�r�Es���
��������
��������
���������������r&r�c�h�eZdZ						dd�Zedd��Zed	d��Zed	d��Zed
d��Zy)�_RawRevokedCertificatec�.�||_||_||_yr��_serial_number�_revocation_date�_extensions�r"r�r�r3s    r%r z_RawRevokedCertificate.__init__i���,��� /���%��r&c��|jSr)r�rMs r%r�z$_RawRevokedCertificate.serial_numberss���"�"�"r&c�f�tjdtjd��|jS)NukProperties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.ru)�
stacklevel)�warnings�warnr�DeprecatedIn42r�rMs r%r�z&_RawRevokedCertificate.revocation_datews.���
�
�
@�� � ��		
��$�$�$r&c�j�|jjtjj��S)Nr<)r�rAr?�timezone�utcrMs r%r�z*_RawRevokedCertificate.revocation_date_utc�s(���$�$�,�,�H�4E�4E�4I�4I�,�J�Jr&c��|jSr)r�rMs r%r3z!_RawRevokedCertificate.extensions�s�����r&N)r�r\r�r�r3rrcr�r�)	r+r,r-r rer�r�r�r3rfr&r%r�r�hsu��&��&�+�&��	&��#��#��%��%��K��K�� �� r&r�c��eZdZejdd��Zejdd��Zej				dd��Zeej		dd���Z	eejdd���Z
eej		dd���Zeejdd���Zeejdd���Z
eejdd	���Zeejdd
���Zeejdd���Zeejd d���Zeejd!d
���Zeejd!d���Zejd"d��Zejd#d��Zej.d$d��Zej.d%d��Zej				d&d��Zejd'd��Zej				d(d��Zy))�CertificateRevocationListc��y)z:
        Serializes the CRL to PEM or DER format.
        Nrfr�s  r%r�z&CertificateRevocationList.public_bytes�r�r&c��yrrfr�s  r%r�z%CertificateRevocationList.fingerprint�r�r&c��y)zs
        Returns an instance of RevokedCertificate or None if the serial_number
        is not in the CRL.
        Nrf)r"r�s  r%�(get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_number�r�r&c��yr�rfrMs r%r�z2CertificateRevocationList.signature_hash_algorithm�r�r&c��yr�rfrMs r%r�z1CertificateRevocationList.signature_algorithm_oid�r�r&c��yr�rfrMs r%r�z8CertificateRevocationList.signature_algorithm_parameters�r�r&c��y)zC
        Returns the X509Name with the issuer of this CRL.
        NrfrMs r%r�z CertificateRevocationList.issuer�r�r&c��y)z?
        Returns the date of next update for this CRL.
        NrfrMs r%�next_updatez%CertificateRevocationList.next_update�r�r&c��y)zc
        Returns the date of next update for this CRL as a non-naive UTC
        datetime.
        NrfrMs r%�next_update_utcz)CertificateRevocationList.next_update_utc�r�r&c��y)z?
        Returns the date of last update for this CRL.
        NrfrMs r%�last_updatez%CertificateRevocationList.last_update�r�r&c��y)zc
        Returns the date of last update for this CRL as a non-naive UTC
        datetime.
        NrfrMs r%�last_update_utcz)CertificateRevocationList.last_update_utc�r�r&c��y)zS
        Returns an Extensions object containing a list of CRL extensions.
        NrfrMs r%r3z$CertificateRevocationList.extensions�r�r&c��yr�rfrMs r%r�z#CertificateRevocationList.signature�r�r&c��y)zO
        Returns the tbsCertList payload bytes as defined in RFC 5280.
        NrfrMs r%�tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytes�r�r&c��yr�rfrUs  r%rWz CertificateRevocationList.__eq__�r�r&c��y)z<
        Number of revoked certificates in the CRL.
        NrfrMs r%rpz!CertificateRevocationList.__len__�r�r&c��yrrf�r"�idxs  r%rrz%CertificateRevocationList.__getitem__s��;>r&c��yrrfr�s  r%rrz%CertificateRevocationList.__getitem__s��CFr&c��y)zS
        Returns a revoked certificate (or slice of revoked certificates).
        Nrfr�s  r%rrz%CertificateRevocationList.__getitem__r�r&c��y)z8
        Iterator over the revoked certificates
        NrfrMs r%rqz"CertificateRevocationList.__iter__r�r&c��y)zQ
        Verifies signature of revocation list against given public key.
        Nrf)r"r�s  r%�is_signature_validz,CertificateRevocationList.is_signature_validr�r&Nr�r�)r�r\r(zRevokedCertificate | Noner�r]r�r�)r(�datetime.datetime | Noner�r�r^r`rc)r�r\r(r�)r��slicer(�list[RevokedCertificate])r�zint | slicer(z-RevokedCertificate | list[RevokedCertificate])r(z#typing.Iterator[RevokedCertificate])r�rr(rb)r+r,r-r�r�r�r�r�rer�r�r�r�r�r�r�r�r3r�r�rWrp�typing�overloadrrrqr�rfr&r%r�r��s���������
	������
	���� ��	"���������	$�������������
�����	9�������������
��������
����������������
����������������
��������
��������
	������
	������
�_�_�>��>��_�_�F��F�������	6����	������
	����9��	
���r&r�c��eZdZejdd��Zejdd��Zejdd��Zeejdd���Z	eej		dd���Z
eejdd���Zeej		dd���Zeejdd���Z
eejdd	���Zejdd
��Zeejdd���Zeejdd���Zeejdd
���Zejdd��Zy)�CertificateSigningRequestc��yr�rfrUs  r%rWz CertificateSigningRequest.__eq__!r�r&c��yr�rfrMs r%rZz"CertificateSigningRequest.__hash__'r�r&c��yr�rfrMs r%r�z$CertificateSigningRequest.public_key-r�r&c��yr�rfrMs r%r�z!CertificateSigningRequest.subject3r�r&c��yr�rfrMs r%r�z2CertificateSigningRequest.signature_hash_algorithm:r�r&c��yr�rfrMs r%r�z1CertificateSigningRequest.signature_algorithm_oidDr�r&c��yr�rfrMs r%r�z8CertificateSigningRequest.signature_algorithm_parametersKr�r&c��y)z@
        Returns the extensions in the signing request.
        NrfrMs r%r3z$CertificateSigningRequest.extensionsTr�r&c��y)z/
        Returns an Attributes object.
        NrfrMs r%r7z$CertificateSigningRequest.attributes[r�r&c��y)z;
        Encodes the request to PEM or DER format.
        Nrfr�s  r%r�z&CertificateSigningRequest.public_bytesbr�r&c��yr�rfrMs r%r�z#CertificateSigningRequest.signaturehr�r&c��y)zd
        Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC
        2986.
        NrfrMs r%�tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytesor�r&c��y)z8
        Verifies signature of signing request.
        NrfrMs r%r�z,CertificateSigningRequest.is_signature_validwr�r&c��y)z:
        Get the attribute value for a given OID.
        Nrf)r"r!s  r%roz/CertificateSigningRequest.get_attribute_for_oid~r�r&Nr`rcr�r�r�r]r�r�)r(rhr�r^)r(rb)r!rr(r[)r+r,r-r�r�rWrZr�rer�r�r�r�r3r7r�r�rr�rorfr&r%rr s���������
	������
	������
��������
�����	$�������������
�����	9�������������
��������
	������
��������
����������������
	�����r&rc��eZdZdggf					d	d�Zd
d�Z						dd�Zdd�							dd�Z	d
dd�									dd�Zy)� CertificateSigningRequestBuilderNc�.�||_||_||_y)zB
        Creates an empty X.509 certificate request (v1).
        N)�
_subject_namer�rk)r"�subject_namer3r7s    r%r z)CertificateSigningRequestBuilder.__init__�s��*���%���%��r&c��t|t�std��|j�t	d��t||j|j�S)zF
        Sets the certificate requestor's distinguished name.
        �Expecting x509.Name object.�&The subject name may only be set once.)rSr�	TypeErrorrr1rr�rk�r"�names  r%rz-CertificateSigningRequestBuilder.subject_name�sR���$��%��9�:�:����)��E�F�F�/��$�"�"�D�$4�$4�
�	
r&c���t|t�std��t|j||�}t||j�t|jg|j�|�|j�S)zE
        Adds an X.509 extension to the certificate request.
        �"extension must be an ExtensionType)
rSrrrr!r5r�rrrk�r"�extval�criticalr2s    r%�
add_extensionz.CertificateSigningRequestBuilder.add_extension�sn���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/����*�d���*�	�*����
�	
r&)�_tagc�Z�t|t�std��t|t�std��|�t|t�std��t||j�|�
|j}nd}t|j|jg|j�|||f��S)zK
        Adds an X.509 attribute with an OID and associated value.
        zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type)rSrrr[rr:rkrKrrr�)r"r!rKr#�tags     r%�
add_attributez.CertificateSigningRequestBuilder.add_attribute�s����#�/�0��=�>�>��%��'��1�2�2���J�t�Y�$?��3�4�4�#�C��)9�)9�:����*�*�C��C�/�������2�d���2��e�S� 1�2�
�	
r&��rsa_paddingc��|j�td��|�Zt|tjtj
f�st
d��t|tj�st
d��tj||||�S)zF
        Signs the request using the requestor's private key.
        z/A CertificateSigningRequest must have a subject�Padding must be PSS or PKCS1v15�&Padding is only supported for RSA keys)rr1rSr�PSS�PKCS1v15rr
�
RSAPrivateKey�	rust_x509�create_x509_csr�r"�private_keyr��backendr(s     r%�signz%CertificateSigningRequestBuilder.sign�s�����%��N�O�O��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��(�(��+�y�+�
�	
r&)r�Name | Noner3�list[Extension[ExtensionType]]r7�0list[tuple[ObjectIdentifier, bytes, int | None]])rrr(r)r rr!rbr(r)r!rrKr[r#z_ASN1Type | Noner(rr)
r2rr��_AllowedHashTypes | Noner3�
typing.Anyr(�%padding.PSS | padding.PKCS1v15 | Noner(r)r+r,r-r rr"r&r4rfr&r%rr�s���%)�57�GI�	&�!�&�3�&�E�	&�

�
�#�
�/3�
�	)�
�."&�
�
�
��
�
�
�
*�

�H#�	
�>B�

�5�
�,�
��	
�;�

�
#�
r&rc��eZdZUded<ddddddgf															dd�Zdd�Zdd�Z				dd�Zdd�Zdd	�Z	dd
�Z
						dd�Z	ddd�									dd
�Zy)�CertificateBuilderr6r�Nc��tj|_||_||_||_||_||_||_||_	yr)
rtrw�_version�_issuer_namer�_public_keyr��_not_valid_before�_not_valid_afterr�)r"�issuer_namerr�r�r�r�r3s        r%r zCertificateBuilder.__init__�sG�� �
�
��
�'���)���%���+���!1��� /���%��r&c	��t|t�std��|j�t	d��t||j|j|j|j|j|j�S)z3
        Sets the CA's distinguished name.
        r�%The issuer name may only be set once.)rSrrr?r1r<rr@r�rArBr�rs  r%rCzCertificateBuilder.issuer_namesx���$��%��9�:�:����(��D�E�E�!������������"�"��!�!����
�	
r&c	��t|t�std��|j�t	d��t|j||j|j|j|j|j�S)z:
        Sets the requestor's distinguished name.
        rr)rSrrrr1r<r?r@r�rArBr�rs  r%rzCertificateBuilder.subject_name"sx���$��%��9�:�:����)��E�F�F�!������������"�"��!�!����
�	
r&c
���t|tjtjt
jtjtjtjtjf�std��|j �t#d��t%|j&|j(||j*|j,|j.|j0�S)zT
        Sets the requestor's public key (as found in the signing request).
        z�Expecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)rSr�DSAPublicKeyr
�RSAPublicKeyr	�EllipticCurvePublicKeyr�Ed25519PublicKeyr
�Ed448PublicKeyr�X25519PublicKeyr�
X448PublicKeyrr@r1r<r?rr�rArBr�)r"�keys  r%r�zCertificateBuilder.public_key4s������ � �� � ��)�)��(�(��$�$��&�&��"�"�
�
��!��
����'��C�D�D�!������������"�"��!�!����
�	
r&c	�\�t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
|j|j|j||j|j|j�S)z5
        Sets the certificate serial number.
        �'Serial number must be of integral type.�'The serial number may only be set once.rz%The serial number should be positive.��3The serial number should not be more than 159 bits.)
rSr\rr�r1�
bit_lengthr<r?rr@rArBr��r"�numbers  r%r�z CertificateBuilder.serial_numberYs����&�#�&��E�F�F����*��F�G�G��Q�;��D�E�E�����#�%��E��
�"������������"�"��!�!����
�	
r&c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j|j|j|j||j|j�S)z7
        Sets the certificate activation time.
        �Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rSr?rrAr1rD�_EARLIEST_UTC_TIMErBr<r?rr@r�r��r"rBs  r%r�z#CertificateBuilder.not_valid_beforets����$�� 1� 1�2��8�9�9��!�!�-��I�J�J�)�$�/���$�$��$��
�� � �,���8M�8M�1M����
�"���������������!�!����
�	
r&c	��t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j|j|j|j||j�S)z7
        Sets the certificate expiration time.
        rYz)The not valid after may only be set once.z<The not valid after date must be on or after 1950 January 1.zAThe not valid after date must be after the not valid before date.)rSr?rrBr1rDrZrAr<r?rr@r�r�r[s  r%r�z"CertificateBuilder.not_valid_after�s����$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��#��
�

�"�"�.��t�-�-�-����
�"��������������"�"�����
�	
r&c
�H�t|t�std��t|j||�}t||j�t|j|j|j|j|j|jg|j�|��S)z=
        Adds an X.509 extension to the certificate.
        r)rSrrrr!r5r�r<r?rr@r�rArBrs    r%r"z CertificateBuilder.add_extension�s����&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�!��������������"�"��!�!�*�d���*�	�*�
�	
r&r'c��|j�td��|j�td��|j�td��|j�td��|j
�td��|j�td��|�Zt|tjtjf�std��t|tj�std��tj||||�S)	zC
        Signs the certificate using the CA's private key.
        z&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public keyr*r+)rr1r?r�rArBr@rSrr,r-rr
r.r/�create_x509_certificater1s     r%r4zCertificateBuilder.sign�s������%��E�F�F����$��E�F�F����&��F�G�G��!�!�)��N�O�O�� � �(��M�N�N����#��C�D�D��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��0�0��+�y�+�
�	
r&)rCr5rr5r�z CertificatePublicKeyTypes | Noner��
int | Noner�r�r�r�r3r6r(r))rrr(r<)rOrr(r<)rWr\r(r<)rBr�r(r<)r rr!rbr(r<r)
r2rr�r8r3r9r(r:r(r})
r+r,r-�__annotations__r rCrr�r�r�r�r"r4rfr&r%r<r<�s��/�/�$(�$(�7;�$(�59�48�57�&� �&�"�&�5�	&�
"�&�3�
&�2�&�3�&�
�&�&
�$
�$#
�
&�#
�
�#
�J
�6
�:
�@
�#�
�/3�
�	�
�4#�	%
�>B�
%
�5�%
�,�%
��	%
�;�
%
�
�%
r&r<c��eZdZUded<ded<dddggf									dd�Z				dd�Z				dd�Z				dd	�Z						dd
�Z				dd�Z		ddd�									dd
�Z
y)� CertificateRevocationListBuilderr6r�r��_revoked_certificatesNc�J�||_||_||_||_||_yr)r?�_last_update�_next_updater�rd)r"rCr�r�r3�revoked_certificatess      r%r z)CertificateRevocationListBuilder.__init__�s,��(���'���'���%���%9��"r&c���t|t�std��|j�t	d��t||j|j|j|j�S)NrrE)
rSrrr?r1rcrfrgr�rd)r"rCs  r%rCz,CertificateRevocationListBuilder.issuer_namesf���+�t�,��9�:�:����(��D�E�E�/������������&�&�
�	
r&c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkDrt	d��t|j||j|j|j�S)NrY�!Last update may only be set once.�8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.)rSr?rrfr1rDrZrgrcr?r�rd)r"r�s  r%r�z,CertificateRevocationListBuilder.last_updates����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��J��
����(�[�4�;L�;L�-L��K��
�0������������&�&�
�	
r&c�r�t|tj�std��|j�t	d��t|�}|tkrt	d��|j�||jkrt	d��t|j|j||j|j�S)NrYrkrlz8The next update date must be after the last update date.)rSr?rrgr1rDrZrfrcr?r�rd)r"r�s  r%r�z,CertificateRevocationListBuilder.next_update(s����+�x�'8�'8�9��8�9�9����(��@�A�A�0��=���+�+��J��
����(�[�4�;L�;L�-L��J��
�0������������&�&�
�	
r&c��t|t�std��t|j||�}t||j�t|j|j|jg|j�|�|j�S)zM
        Adds an X.509 extension to the certificate revocation list.
        r)rSrrrr!r5r�rcr?rfrgrdrs    r%r"z.CertificateRevocationListBuilder.add_extension@s����&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�/����������*�d���*�	�*��&�&�
�	
r&c���t|t�std��t|j|j
|j|jg|j�|��S)z8
        Adds a revoked certificate to the CRL.
        z)Must be an instance of RevokedCertificate)	rSr�rrcr?rfrgr�rd)r"�revoked_certificates  r%�add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificateSsa���-�/A�B��G�H�H�/�������������>�d�(�(�>�*=�>�
�	
r&r'c�t�|j�td��|j�td��|j�td��|�Zt	|t
jt
jf�std��t	|tj�std��tj||||�S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timer*r+)
r?r1rfrgrSrr,r-rr
r.r/�create_x509_crlr1s     r%r4z%CertificateRevocationListBuilder.signds������$��=�>�>����$��A�B�B����$��A�B�B��"��k�G�K�K��9I�9I�+J�K�� A�B�B��k�3�+<�+<�=�� H�I�I��(�(��+�y�+�
�	
r&)
rCr5r�r�r�r�r3r6rhr�)rCrr(rc)r�r�r(rc)r�r�r(rc)r rr!rbr(rc)rpr�r(rcr)
r2rr�r8r3r9r(r:r(r�)r+r,r-rar rCr�r�r"rqr4rfr&r%rcrc�s
��/�/�3�3�$(�04�04�57�9;�
:� �:�.�:�.�	:�
3�:�7�
:�

��

�	)�

�
�,�
�	)�
�0
�,�
�	)�
�0
�#�
�/3�
�	)�
�&
�#5�
�	)�
�*#�	
�>B�

�5�
�,�
��	
�;�

�
#�
r&rcc�\�eZdZddgf					dd�Zdd�Z				d	d�Z						d
d�Zddd�Zy)
�RevokedCertificateBuilderNc�.�||_||_||_yrr�r�s    r%r z"RevokedCertificateBuilder.__init__�r�r&c��t|t�std��|j�t	d��|dkrt	d��|j�dk\rt	d��t
||j|j�S)NrQrRrz$The serial number should be positiverSrT)	rSr\rr�r1rUrur�r�rVs  r%r�z'RevokedCertificateBuilder.serial_number�s����&�#�&��E�F�F����*��F�G�G��Q�;��C�D�D�����#�%��E��
�)��D�)�)�4�+;�+;�
�	
r&c��t|tj�std��|j�t	d��t|�}|tkrt	d��t|j||j�S)NrYz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.)
rSr?rr�r1rDrZrur�r�r[s  r%r�z)RevokedCertificateBuilder.revocation_date�s}���$�� 1� 1�2��8�9�9�� � �,��H�I�I�)�$�/���$�$��I��
�)�����t�'7�'7�
�	
r&c���t|t�std��t|j||�}t||j�t|j|jg|j�|��S)Nr)
rSrrrr!r5r�rur�r�rs    r%r"z'RevokedCertificateBuilder.add_extension�sn���&�-�0��@�A�A��f�j�j�(�F�;�	�#�I�t�/?�/?�@�(�����!�!�*�d���*�	�*�
�	
r&c���|j�td��|j�td��t|j|jt	|j
��S)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)r�r1r�r�rr�)r"r3s  r%�buildzRevokedCertificateBuilder.build�se�����&��N�O�O�� � �(��C��
�&�����!�!��t�'�'�(�
�	
r&)r�r`r�r�r3r6)rWr\r(ru)rBr�r(ru)r rr!rbr(rur)r3r9r(r�)r+r,r-r r�r�r"r{rfr&r%ruru�sj��%)�48�57�	&�!�&�2�&�3�	&�
�$
�%�
�	"�
� 
�#�
�/3�
�	"�
�
r&ruc�Z�tjtjd�d�dz	S)N��bigr)r\�
from_bytes�os�urandomrfr&r%�random_serial_numberr��s ���>�>�"�*�*�R�.�%�0�A�5�5r&)r2zExtension[ExtensionType]r3r6r(r))r!rr7r7r(r))rBr�r(r�rc)N�
__future__rr�r?r�r�r��cryptographyr�"cryptography.hazmat.bindings._rustrr/�cryptography.hazmat.primitivesrr�)cryptography.hazmat.primitives.asymmetricrr	r
rrr
rr�/cryptography.hazmat.primitives.asymmetric.typesrrr�cryptography.x509.extensionsrrrr�cryptography.x509.namerr�cryptography.x509.oidrrZ�Union�SHA224�SHA256�SHA384�SHA512�SHA3_224�SHA3_256�SHA3_384�SHA3_512�_AllowedHashTypes�	Exceptionrr5r:rDrFrh�Enumrtry�ABCMetar}�registerr�r�r�r�load_pem_x509_certificate�load_der_x509_certificate�load_pem_x509_certificates�load_pem_x509_csr�load_der_x509_csr�load_pem_x509_crl�load_der_x509_crlrr<rcrur�rfr&r%�<module>r�s{��
#�
��	�
���@�@�	�	�	���
��3�2�&�X�&�&�t�Q��2���L�L�
�M�M�
�M�M�
�M�M�
�M�M�
�O�O�
�O�O�
�O�O�
�O�O��	���	��E�'�E�.�E�
�E�E�	�E�@�E�
�E��!8�!8�HF�F�(�e�j�j��
-�Y�-�[�C�K�K�[�~���Y�*�*�+��3�;�;��@���I�8�8�9� �/� �DP�#�+�+�P�f�"�"�9�#F�#F�G�b�#�+�+�b�L�"�"�9�#F�#F�G�&�?�?��%�?�?��&�A�A���/�/���/�/���/�/���/�/��b
�b
�Jr
�r
�jN
�N
�bF
�F
�R6r&