Ii>SrSSKJrJrJrJr SSKrSSKJr SSK J r J r J r J r JrJrJrJrJr SSKJrJrJrJrJrJrJrJr "SS \ 5r"S S \5r"S S \5r"SS\5r"SS\5r "SS\ 5r!"SS\5r""SS\5r#"SS\5r$"SS\5r%"SS\5r&"SS\5r'"S S!\5r(g)"z ASN.1 type classes for certificate revocation lists (CRL). Exports the following items: - CertificateList() Other type classes are defined that help compose the types listed above. )unicode_literalsdivisionabsolute_importprint_functionN)SignedDigestAlgorithm) Boolean EnumeratedGeneralizedTimeIntegerObjectIdentifierOctetBitStringParsableOctetStringSequence SequenceOf)AuthorityInfoAccessSyntaxAuthorityKeyIdentifierCRLDistributionPointsDistributionPointName GeneralNamesName ReasonFlagsTimec \rSrSrSSSS.rSrg)Version+v1v2v3)rrN__name__ __module__ __qualname____firstlineno___map__static_attributes__r!4/venv/lib/python3.13/site-packages/asn1crypto/crl.pyrr+s    Dr)rc l\rSrSrS\SSS.4S\SSS .4S \S SS .4S \S SS.4S\SSS .4S\SSS .4/rSrg)IssuingDistributionPoint3distribution_pointrTexplicitoptionalonly_contains_user_certsrF)implicitdefaultonly_contains_ca_certsr only_some_reasons)r3r1 indirect_crlonly_contains_attribute_certsr!N) r#r$r%r&rr r_fieldsr(r!r)r*r,r,3se 41RV6WX #W1.OP !7u,MN kt+LM qU"CD ('e3TU Gr)r,c(\rSrSrSSSSSSSS .rS rg ) TBSCertListExtensionId>issuer_alt_name crl_numberdelta_crl_indicatorissuing_distribution_pointauthority_key_identifier freshest_crlauthority_information_access)z 2.5.29.18z 2.5.29.20z 2.5.29.27z 2.5.29.28z 2.5.29.35z 2.5.29.46z1.3.6.1.5.5.7.1.1r!Nr"r!r)r*r>r>>s&!*1/#; Dr)r>cH\rSrSrS\4S\SS04S\4/rSr\ \ \ \ \ \ \S.rS rg ) TBSCertListExtensionJextn_idcriticalr4F extn_valuerJrL)r@rArBrCrDrErFr!N)r#r$r%r&r>r rr< _oid_pairrr r,rrr _oid_specsr(r!r)r*rHrHJsM *+ Wy%01 *+G *I'&&>$:-(AJr)rHc\rSrSr\rSrg)TBSCertListExtensions]r!N)r#r$r%r&rH _child_specr(r!r)r*rQrQ]s&Kr)rQc >\rSrSrSSSSSSSS S S S . r\S 5rSrg) CRLReasona unspecifiedkey_compromise ca_compromiseaffiliation_changed supersededcessation_of_operationcertificate_holdremove_from_crlprivilege_withdrawn aa_compromise) rrr r7r9r; c 6SSSSSSSSS S S . UR$) z :return: A unicode string with revocation description that is suitable to show to end-users. Starts with a lower case letter and phrased in such a way that it makes sense after the phrase "because of" or "due to". zan unspecified reasonza compromised keyzthe CA being compromisedzan affiliation changezcertificate supersessionza cessation of operationza certificate holdzremoval from the CRLzprivilege withdrawlzthe AA being compromised) rWrXrYrZr[r\r]r^r_r`nativeselfs r*human_friendlyCRLReason.human_friendlyos:317#:4&@ 45#87   ++  r)r!N)r#r$r%r&r'propertyrjr(r!r)r*rUrUas;     #    Dr)rUc"\rSrSrSSSSS.rSrg) CRLEntryExtensionId crl_reasonhold_instruction_codeinvalidity_datecertificate_issuer)z 2.5.29.21z 2.5.29.23z 2.5.29.24z 2.5.29.29r!Nr"r!r)r*rnrns!,&)  Dr)rncB\rSrSrS\4S\SS04S\4/rSr\ \ \ \ S.r S rg ) CRLEntryExtensionrJrKr4FrLrM)rprqrrrsr!N)r#r$r%r&rnr rr<rNrUr r rrOr(r!r)r*rurusD '( Wy%01 *+G *I!1** Jr)ruc\rSrSr\rSrg)CRLEntryExtensionsr!N)r#r$r%r&rurSr(r!r)r*rxrxs#Kr)rxc\rSrSrS\4S\4S\SS04/rSrSr Sr Sr Sr Sr S r\S 5r\S 5r\S 5r\S 5r\S5rSrg)RevokedCertificateuser_certificaterevocation_datecrl_entry_extensionsr1TFNc$[5UlUSHqnUSRnSU-n[X5(a[ XUSR 5 USR(dMVURR U5 Ms SUlg)^ Sets common named extensions to private attributes and creates a list of critical extensions rrJ _%s_valuerLrKTNset_critical_extensionsrghasattrsetattrparsedadd_processed_extensionsri extensionnameattribute_names r*_set_extensions"RevokedCertificate._set_extensionss %(E!45IY'..D(4/Nt,,i .E.L.LM$+++))--d3 6&*"r)c\UR(dUR5 UR$z Returns a set of the names (or OID if not a known extension) of the extensions marked as critical :return: A set of unicode strings rrrrhs r*critical_extensions&RevokedCertificate.critical_extensions%))  "(((r)cXURSLaUR5 UR$)zn This extension indicates the reason that a certificate was revoked. :return: None or a CRLReason object F)rr_crl_reason_valuerhs r*crl_reason_value#RevokedCertificate.crl_reason_values*  % % .  "%%%r)cXURSLaUR5 UR$)a This extension indicates the suspected date/time the private key was compromised or the certificate became invalid. This would usually be before the revocation date, which is when the CA processed the revocation. :return: None or a GeneralizedTime object F)rr_invalidity_date_valuerhs r*invalidity_date_value(RevokedCertificate.invalidity_date_values*  % % .  "***r)cXURSLaUR5 UR$)z This extension indicates the issuer of the certificate in question, and is used in indirect CRLs. CRL entries without this extension are for certificates issued from the last seen issuer. :return: None or an x509.GeneralNames object F)rr_certificate_issuer_valuerhs r*certificate_issuer_value+RevokedCertificate.certificate_issuer_values*  % % .  "---r)cURSLaYSUlUR(aAURH1nURS:XdMURUl UR$ UR$)zQ :return: None, or an asn1crypto.x509.Name object for the issuer of the cert FNdirectory_name) _issuer_namerrchosen)ri general_names r* issuer_nameRevokedCertificate.issuer_namesn    % $D ,,$($A$AL#((,<<,8,?,?)   %B   r))rrr)r#r$r%r&r rrxr<rrrrrrrrlrrrrrr(r!r)r*r{r{s W% D! !3j$5GHG "! $L*$ ) ) & & + + . . ! !r)r{c\rSrSr\rSrg)RevokedCertificatesir!N)r#r$r%r&r{rSr(r!r)r*rrs$Kr)rc \\rSrSrS\SS04S\4S\4S\4S\SS04S \SS04S \ S SS .4/r S r g) TbsCertListiversionr1T signatureissuer this_update next_updaterevoked_certificatescrl_extensionsrr/r!N) r#r$r%r&rrrrrrQr<r(r!r)r*rrs` Gj$/0 +, 4  z401 !4z46HI 0qd2STGr)rcT\rSrSrS\4S\4S\4/rSrSr Sr Sr Sr Sr SrSrSrSrSrSrSrSr\S5r\S 5r\S 5r\S 5r\S 5r\S 5r\S5r\S5r\S5r\S5r \S5r!\S5r"\S5r#\S5r$\S5r%Sr&g)CertificateListi tbs_cert_listsignature_algorithmrFNc*[5UlUSSHqnUSRnSU-n[X5(a[ XUSR 5 USR(dMVURR U5 Ms SUlg) rrrrJrrLrKTNrrs r*rCertificateList._set_extensions4s %(E!o./?@IY'..D(4/Nt,,i .E.L.LM$+++))--d3 A&*"r)c\UR(dUR5 UR$rrrhs r*r#CertificateList.critical_extensionsFrr)cXURSLaUR5 UR$)z This extension allows associating one or more alternative names with the issuer of the CRL. :return: None or an x509.GeneralNames object F)rr_issuer_alt_name_valuerhs r*issuer_alt_name_value%CertificateList.issuer_alt_name_valueTs*  % % .  "***r)cXURSLaUR5 UR$)z This extension adds a monotonically increasing number to the CRL and is used to distinguish different versions of the CRL. :return: None or an Integer object F)rr_crl_number_valuerhs r*crl_number_value CertificateList.crl_number_valuebs*  % % .  "%%%r)cXURSLaUR5 UR$)z This extension indicates a CRL is a delta CRL, and contains the CRL number of the base CRL that it is a delta from. :return: None or an Integer object F)rr_delta_crl_indicator_valuerhs r*delta_crl_indicator_value)CertificateList.delta_crl_indicator_valueps*  % % .  "...r)cXURSLaUR5 UR$)z This extension includes information about what types of revocations and certificates are part of the CRL. :return: None or an IssuingDistributionPoint object F)rr!_issuing_distribution_point_valuerhs r* issuing_distribution_point_value0CertificateList.issuing_distribution_point_value~s*  % % .  "555r)cXURSLaUR5 UR$)z This extension helps in identifying the public key with which to validate the authenticity of the CRL. :return: None or an AuthorityKeyIdentifier object F)rr_authority_key_identifier_valuerhs r*authority_key_identifier_value.CertificateList.authority_key_identifier_values*  % % .  "333r)cXURSLaUR5 UR$)z This extension is used in complete CRLs to indicate where a delta CRL may be located. :return: None or a CRLDistributionPoints object F)rr_freshest_crl_valuerhs r*freshest_crl_value"CertificateList.freshest_crl_values*  % % .  "'''r)cXURSLaUR5 UR$)z This extension is used to provide a URL with which to download the certificate used to sign this CRL. :return: None or an AuthorityInfoAccessSyntax object F)rr#_authority_information_access_valuerhs r*"authority_information_access_value2CertificateList.authority_information_access_values*  % % .  "777r)cUSS$)zG :return: An asn1crypto.x509.Name object for the issuer of the CRL rrr!rhs r*rCertificateList.issuersO$X..r)cXUR(dgURSR$)zj :return: None or a byte string of the key_identifier from the authority key identifier extension Nkey_identifier)rrgrhs r*rD(CertificateList.authority_key_identifiers(22223CDKKKr)cbURc/UlUR(aURHonUSRS:XdMUSnURS:waM/URnUR 5SSS:XdMTURR U5 Mq UR$)z :return: A list of unicode strings that are URLs that should contain either an individual DER-encoded X.509 certificate, or a DER-encoded CMS message containing multiple certificates access_method ca_issuersaccess_locationuniform_resource_identifierrzhttp://)_issuer_cert_urlsrrgrlowerappend)rientrylocationurls r*issuer_cert_urls CertificateList.issuer_cert_urlss  ! ! )%'D "66!DDE_-44 D#():#;#==,II$&oo99;q+y8 2299#>E%%%r)c0URc~/UlURbjURHZnUSnURS:XaMURH0nURS:XdMURR U5 M2 M\ UR$)zw Returns delta CRL URLs - only applies to complete CRLs :return: A list of zero or more DistributionPoint objects r.name_relative_to_crl_issuerr)_delta_crl_distribution_pointsrrrr)rir.distribution_point_namers r*delta_crl_distribution_points-CertificateList.delta_crl_distribution_pointss  . . 624D /&&2*.*A*A&.@AU.V+.337TT (?(F(F ',,0MM ??FFGYZ)G +B222r)c USR$)z- :return: A byte string of the signature rrfrhs r*rCertificateList.signaturesK '''r)cURc7[R"UR55R 5UlUR$)zN :return: The SHA1 hash of the DER-encoded bytes of this certificate list )_sha1hashlibsha1dumpdigestrhs r*rCertificateList.sha1s7 ::  diik299;DJzzr)cURc7[R"UR55R 5UlUR$)zQ :return: The SHA-256 hash of the DER-encoded bytes of this certificate list )_sha256rsha256rrrhs r*rCertificateList.sha256s7 << ">>$))+6==?DL||r))rrrrrr)'r#r$r%r&rrrr<rrrrrrrrrrrrrrrlrrrrrrrrrrDrrrrrr(r!r)r*rrs +&  56 n%G "!!%(,%&*#*.'%)" EG*$ ) ) + + & & / / 6 6 4 4 ( ( 8 8// L L&&*330((r)r))__doc__ __future__rrrrralgosrcorer r r r r rrrrx509rrrrrrrrrr,r>rHrQrUrnrurxr{rrrr!r)r*rsSR(      gx - 8&'J'# #L*   $$h!h!V%*% ( yhyr)