>Vc@sddlZddlmZddlmZddlmZmZmZm Z m Z m Z ddl m ZddlmZmZmZddlmZmZmZmZmZ m!Z"m#Z$ej%Z&ej'Z(dd d Z)ej*Z+ej,Z-d e.fd YZ/eee/Z0d Z1e2dZ3dZ4dZ5dZ6de7fdYZ8e8Z9de7fdYZ:dZ;dZ<de7fdYZ=e=Z>de7fdYZ?e?Z@de7fdYZAeAZBde7fdYZCeCZDd e7fd!YZEeEZFd"e.fd#YZGd$e7fd%YZHd&ZId'ZJd(ZKe2e2d)ZLd*e7fd+YZMd,e7fd-YZNeNZOd.e7fd/YZPePZQd0e7fd1YZReRZSd2e7fd3YZTeTZUd4e7fd5YZVd6ZWe2d7ZXd8ZYd9ZZd:Z[d;Z\d<Z]d=Z^d>Z_e2d?Z`ejaejbejcd@dS(AiN(t b16encode(tpartial(t__eq__t__ne__t__lt__t__le__t__gt__t__ge__(twarn(t integer_typest text_typetPY3(tffitlibtexception_from_error_queuet byte_stringtnativet UNSPECIFIEDttext_to_bytes_and_warniiitErrorcBseZdZRS(s7 An error occurred in an `OpenSSL.crypto` API. (t__name__t __module__t__doc__(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR!scCstd|fdS(s An OpenSSL API failed somehow. Additionally, the failure which was encountered isn't one that's exercised by the test suite so future behavior of pyOpenSSL is now somewhat less predictable. sUnknown %s failureN(t RuntimeError(twhere((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_untested_error*scCs|dkr-tjtj}tj}n6tjd|}tj|t|}|d}|tj kr|t ntj ||}|S(s Allocate a new OpenSSL memory BIO. Arrange for the garbage collector to clean it up automatically. :param buffer: None or some bytes to use to put into the BIO so that they can be read out. schar[]cSs tj|S(N(t_libtBIO_free(tbiotref((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytfreeDsN( tNoneRtBIO_newt BIO_s_memRt_ffitnewtBIO_new_mem_buftlentNULLt_raise_current_errortgc(tbufferRRtdata((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt _new_mem_buf3s    cCs6tjd}tj||}tj|d|S(sO Copy the contents of an OpenSSL BIO object into a Python byte string. schar**i(R"R#RtBIO_get_mem_dataR)(Rt result_buffert buffer_length((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_bio_to_stringOscCst|tstdntjtjd||}|dkrtjtjtj }tj ||t |tj tjd|}|st dqtndS(s The the time value of an ASN1 time object. @param boundary: An ASN1_GENERALIZEDTIME pointer (or an object safely castable to that type) which will have its value set. @param when: A string representation of the desired time value. @raise TypeError: If C{when} is not a L{bytes} string. @raise ValueError: If C{when} does not represent a time in the required format. @raise RuntimeError: If the time value cannot be set for some other (unspecified) reason. swhen must be a byte stringsASN1_GENERALIZEDTIME*isInvalid stringN(t isinstancetbytest TypeErrorRtASN1_GENERALIZEDTIME_set_stringR"tcastR(tASN1_STRING_newtASN1_STRING_freetASN1_STRING_setR%tASN1_GENERALIZEDTIME_checkt ValueErrorR(tboundarytwhent set_resulttdummyt check_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_set_asn1_timeXs cCstjd|}tj|dkr+dStj|tjkrYtjtj|Stj d}tj |||dtj krt dnItjd|d}tj|}tj|}tj |d|SdS(s] Retrieve the time value of an ASN1 time object. @param timestamp: An ASN1_GENERALIZEDTIME* (or an object safely castable to that type) from which the time value will be retrieved. @return: The time value from C{timestamp} as a L{bytes} string in a certain format. Or C{None} if the object contains no time value. s ASN1_STRING*isASN1_GENERALIZEDTIME**tASN1_TIME_to_generalizedtimeN(R"R4RtASN1_STRING_lengthRtASN1_STRING_typetV_ASN1_GENERALIZEDTIMEtstringtASN1_STRING_dataR#R@R&RtASN1_GENERALIZEDTIME_free(t timestamptstring_timestamptgeneralized_timestampt string_datat string_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_get_asn1_timevs  tPKeycBsGeZdZeZeZdZdZdZ dZ dZ RS(sD A class representing an DSA or RSA public key or key pair. cCs1tj}tj|tj|_t|_dS(N(Rt EVP_PKEY_newR"R(t EVP_PKEY_freet_pkeytFalset _initialized(tselftpkey((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt__init__s cCst|tstdnt|ts<tdntj}tj|tj}tj|tj |t kr|dkrt dntj }tj |||tj}|dkrtntj|j|}|stqn|tkrtj}|tjkr-tntj|tj}tj||tjdtjtjtj}|dkstntj|stntj|j|stqn tdt|_dS(s; Generate a key pair of the given type, with the given number of bits. This generates a key "into" the this object. :param type: The key type. :type type: :py:data:`TYPE_RSA` or :py:data:`TYPE_DSA` :param bits: The number of bits. :type bits: :py:data:`int` ``>= 0`` :raises TypeError: If :py:data:`type` or :py:data:`bits` isn't of the appropriate type. :raises ValueError: If the number of bits isn't an integer of the appropriate size. :return: :py:const:`None` stype must be an integersbits must be an integerisInvalid number of bitsisNo such key typeN(R0tintR2RtBN_newR"R(tBN_freet BN_set_wordtRSA_F4tTYPE_RSAR9tRSA_newtRSA_generate_key_exR&R'tEVP_PKEY_assign_RSARPtTYPE_DSAtDSA_newtDSA_freetDSA_generate_parameters_extDSA_generate_keytEVP_PKEY_set1_DSARtTrueRR(RSttypetbitstexponenttrsatresulttdsatres((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt generate_keys@          '     cCs|jrtdntj|jtjkrEtdntj|j}tj |tj }tj |}|rt St dS(sc Check the consistency of an RSA private key. This is the Python equivalent of OpenSSL's ``RSA_check_key``. :return: True if key is consistent. :raise Error: if the key is inconsistent. :raise TypeError: if the key is of a type which cannot be checked. Only RSA keys can currently be checked. spublic key onlyskey type unsupportedN(t _only_publicR2Rt EVP_PKEY_typeRft EVP_PKEY_RSAtEVP_PKEY_get1_RSARPR"R(tRSA_freet RSA_check_keyReR'(RSRiRj((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytchecks cCstj|jS(sT Returns the type of the key :return: The type of the key. (RtCryptography_EVP_PKEY_idRP(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRf scCstj|jS(sh Returns the number of bits of the key :return: The number of bits of the key. (Rt EVP_PKEY_bitsRP(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRgs( RRRRQRnReRRRURmRtRfRg(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRMs  I  t_EllipticCurvecBsneZdZdZer$dZnedZedZ edZ dZ dZ dZ RS( sZ A representation of a supported elliptic curve. @cvar _curves: :py:obj:`None` until an attempt is made to load the curves. Thereafter, a :py:type:`set` containing :py:type:`_EllipticCurve` instances each of which represents one curve supported by the system. @type _curves: :py:type:`NoneType` or :py:type:`set` cCs)t|tr%tt|j|StS(s Implement cooperation with the right-hand side argument of ``!=``. Python 3 seems to have dropped this cooperation in this very narrow circumstance. (R0RwtsuperRtNotImplemented(RStother((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR*scsdjr]jtjd}tjd|}j||tfd|DStS(s Get the curves supported by OpenSSL. :param lib: The OpenSSL library binding object. :return: A :py:type:`set` of ``cls`` instances giving the names of the elliptic curves the underlying library supports. isEC_builtin_curve[]c3s$|]}j|jVqdS(N(tfrom_nidtnid(t.0tc(tclsR (s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pys Gs(tCryptography_HAS_ECtEC_get_builtin_curvesR"R&R#tset(RR t num_curvestbuiltin_curves((RR s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_load_elliptic_curves5s  cCs+|jdkr$|j||_n|jS(s Get, cache, and return the curves supported by OpenSSL. :param lib: The OpenSSL library binding object. :return: A :py:type:`set` of ``cls`` instances giving the names of the elliptic curves the underlying library supports. N(t_curvesRR(RR ((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_get_elliptic_curvesKs cCs+|||tj|j|jdS(s Instantiate a new :py:class:`_EllipticCurve` associated with the given OpenSSL NID. :param lib: The OpenSSL library binding object. :param nid: The OpenSSL NID the resulting curve object will represent. This must be a curve NID (and not, for example, a hash NID) or subsequent operations will fail in unpredictable ways. :type nid: :py:class:`int` :return: The curve object. tascii(R"RDt OBJ_nid2sntdecode(RR R|((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR{YscCs||_||_||_dS(s :param _lib: The :py:mod:`cryptography` binding instance used to interface with OpenSSL. :param _nid: The OpenSSL NID identifying the curve this object represents. :type _nid: :py:class:`int` :param name: The OpenSSL short name identifying the curve this object represents. :type name: :py:class:`unicode` N(Rt_nidtname(RSR R|R((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRUjs  cCsd|jfS(Ns (R(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt__repr__{scCs(|jj|j}tj|tjS(s Create a new OpenSSL EC_KEY structure initialized to use this curve. The structure is automatically garbage collected when the Python object is garbage collected. (RtEC_KEY_new_by_curve_nameRR"R(t EC_KEY_free(RStkey((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt _to_EC_KEY~sN(RRRRRt_PY3Rt classmethodRRR{RURR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRws   cCs tjtS(s Return a set of objects representing the elliptic curves supported in the OpenSSL build in use. The curve objects have a :py:class:`unicode` ``name`` attribute by which they identify themselves. The curve objects are useful as values for the argument accepted by :py:meth:`Context.set_tmp_ecdh` to specify which elliptical curve should be used for ECDHE key exchange. (RwRR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_elliptic_curvess cCs:x$tD]}|j|kr |Sq Wtd|dS(sT Return a single curve object selected by name. See :py:func:`get_elliptic_curves` for information about curve objects. :param name: The OpenSSL short name identifying the curve object to retrieve. :type name: :py:class:`unicode` If the named curve is not supported then :py:class:`ValueError` is raised. sunknown curve nameN(RRR9(Rtcurve((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_elliptic_curves tX509NamecBseZdZdZdZdZdZeeZeeZee Z ee Z ee Z ee Z dZ dZdZdZRS( s An X.509 Distinguished Name. :ivar countryName: The country of the entity. :ivar C: Alias for :py:attr:`countryName`. :ivar stateOrProvinceName: The state or province of the entity. :ivar ST: Alias for :py:attr:`stateOrProvinceName`. :ivar localityName: The locality of the entity. :ivar L: Alias for :py:attr:`localityName`. :ivar organizationName: The organization name of the entity. :ivar O: Alias for :py:attr:`organizationName`. :ivar organizationalUnitName: The organizational unit of the entity. :ivar OU: Alias for :py:attr:`organizationalUnitName` :ivar commonName: The common name of the entity. :ivar CN: Alias for :py:attr:`commonName`. :ivar emailAddress: The e-mail address of the entity. cCs.tj|j}tj|tj|_dS(s Create a new X509Name, copying the given X509Name instance. :param name: The name to copy. :type name: :py:class:`X509Name` N(Rt X509_NAME_dupt_nameR"R(tX509_NAME_free(RSR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRUsc Cs|jdr(tt|j||St|tk rYtdt|jfntj t |}|tj kry t Wnt k rnXtdnxttj|jD]k}tj|j|}tj|}tj|}||krtj|j|}tj|PqqWt|trT|jd}ntj|j|tj|ddd}|st ndS(Nt_s+attribute name must be string, not '%.200s'sNo such attributesutf-8ii(t startswithRxRt __setattr__RftstrR2RRt OBJ_txt2nidt _byte_stringt NID_undefR'RtAttributeErrortrangetX509_NAME_entry_countRtX509_NAME_get_entrytX509_NAME_ENTRY_get_objectt OBJ_obj2nidtX509_NAME_delete_entrytX509_NAME_ENTRY_freeR0t _text_typetencodetX509_NAME_add_entry_by_NIDt MBSTRING_UTF8( RSRtvalueR|titenttent_objtent_nidt add_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs4    !c Cstjt|}|tjkrYy tWntk rBnXtt|j|Stj |j |d}|dkrdStj |j |}tj |}tjd}tj||}|dkrtnz$tj|d|jd}Wdtj|dX|S(s  Find attribute. An X509Name object has the following attributes: countryName (alias C), stateOrProvince (alias ST), locality (alias L), organization (alias O), organizationalUnit (alias OU), commonName (alias CN) and more... isunsigned char**isutf-8N(RRRRR'RRxRt __getattr__tX509_NAME_get_index_by_NIDRRRtX509_NAME_ENTRY_get_dataR"R#tASN1_STRING_to_UTF8R)Rt OPENSSL_free( RSRR|t entry_indextentryR*R-t data_lengthRj((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs,      csfd}|S(Ncs8t|tstStj|j|j}|dS(Ni(R0RRyRt X509_NAME_cmpR(RSRzRj(top(s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytfs((RR((Rs2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_cmpscCsctjdd}tj|j|t|}|tjkrItndttj |fS(s6 String representation of an X509Name schar[]is( R"R#RtX509_NAME_onelineRR%R&R't_nativeRD(RSR-t format_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR,s cCstj|jS(s& Return an integer representation of the first four bytes of the MD5 digest of the DER representation of the name. This is the Python equivalent of OpenSSL's ``X509_NAME_hash``. :return: The (integer) hash of this name. :rtype: :py:class:`int` (RtX509_NAME_hashR(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pythash;s cCsftjd}tj|j|}|dkr:tntj|d|}tj|d|S(s Return the DER encoding of this name. :return: The DER encoded form of this name. :rtype: :py:class:`bytes` sunsigned char**i(R"R#Rt i2d_X509_NAMERR'R)R(RSR-t encode_resultRK((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytderGs  cCsg}xttj|jD]}tj|j|}tj|}tj|}tj|}tj|}|j t j |t j tj |tj |fqW|S(s Returns the components of this name, as a sequence of 2-tuples. :return: The components of this name. :rtype: :py:class:`list` of ``name, value`` tuples. (RRRRRRRRRtappendR"RDRERA(RSRjRRtfnametfvalR|R((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_componentsXs  (RRRRURRRRRRRRRRRRR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs $ *         t X509ExtensioncBs}eZdZd d dZedZidej6dej 6dej 6Z dZ dZ dZd Zd ZRS( s, An X.509 v3 certificate extension. cCstjd}tj|tjtjtjtjdtj||dk r}t|tsnt dn|j |_ n|dk rt|tst dn|j |_ n|rd|}ntj tj|||}|tjkrtntj|tj|_dS(s Initializes an X509 extension. :param type_name: The name of the type of extension_ to create. :type type_name: :py:data:`bytes` :param bool critical: A flag indicating whether this is a critical extension. :param value: The value of the extension. :type value: :py:data:`bytes` :param subject: Optional X509 certificate to use as subject. :type subject: :py:class:`X509` :param issuer: Optional X509 certificate to use as issuer. :type issuer: :py:class:`X509` .. _extension: https://openssl.org/docs/manmaster/apps/ x509v3_config.html#STANDARD-EXTENSIONS s X509V3_CTX*isissuer must be an X509 instances subject must be an X509 instances critical,N(R"R#RtX509V3_set_ctxR&tX509V3_set_ctx_nodbRR0tX509R2t_x509t issuer_certt subject_certtX509V3_EXT_nconfR'R(tX509_EXTENSION_freet _extension(RSt type_nametcriticalRtsubjecttissuertctxt extension((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRUzs"(     cCstjtj|jS(N(RRtX509_EXTENSION_get_objectR(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRstemailtDNStURIcCstj|j}|tjkr+tntj|j}|j}|j}tj d}||d<|j tjkrtj |j }tj tj|||}tj d|}n$tj d|jtj||}tj|tj}g} xttj|D]} tj|| } y|j| j} WnCtk rt} tj| | | jtt| qXttj| jjj| jjj}| j| d|qWdj| S(Nsunsigned char**isGENERAL_NAMES*t:s, ( RtX509V3_EXT_getRR"R&R'tX509_EXTENSION_get_dataR*tlengthR#titt ASN1_ITEM_ptrt ASN1_item_d2iR4td2iR(tGENERAL_NAMES_freeRtsk_GENERAL_NAME_numtsk_GENERAL_NAME_valuet _prefixesRftKeyErrorR+tGENERAL_NAME_printRRR/R)tdtia5tjoin(RStmethodtext_datatpayloadRt payloadptrtptrR*tnamestpartsRRtlabelRR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt_subjectAltNameStrings:      (cCs`tj|jkr|jSt}tj||jdd}|sPtntt |S(sF :return: a nice text representation of the extension i( RtNID_subject_alt_nameRRR+tX509V3_EXT_printRR'RR/(RSRt print_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt__str__s   cCstj|jS(sk Returns the critical field of this X.509 extension. :return: The critical field. (RtX509_EXTENSION_get_criticalR(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt get_criticalscCs7tj|j}tj|}tjtj|S(s Returns the short type name of this X.509 extension. The result is a byte string such as :py:const:`b"basicConstraints"`. :return: The short type name. :rtype: :py:data:`bytes` .. versionadded:: 0.12 (RRRRR"RDR(RStobjR|((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_short_names cCsStj|j}tjd|}tj|}tj|}tj||S(s Returns the data of the X509 extension, encoded as ASN.1. :return: The ASN.1 encoded data of this X509 extension. :rtype: :py:data:`bytes` .. versionadded:: 0.12 s ASN1_STRING*(RRRR"R4RERAR)(RSt octet_resultRKt char_resultt result_length((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_datas N(RRRRRUtpropertyRRt GEN_EMAILtGEN_DNStGEN_URIRRRRRR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRus=    %   tX509ReqcBsheZdZdZdZdZdZdZdZdZ dZ d Z d Z RS( s0 An X.509 certificate signing requests. cCs(tj}tj|tj|_dS(N(Rt X509_REQ_newR"R(t X509_REQ_freet_req(RStreq((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRU&s cCs,tj|j|j}|s(tndS(s Set the public key of the certificate signing request. :param pkey: The public key to use. :type pkey: :py:class:`PKey` :return: :py:const:`None` N(RtX509_REQ_set_pubkeyR RPR'(RSRTR<((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt set_pubkey*s cCshtjt}tj|j|_|jtjkr@tntj |jtj |_t |_ |S(s Get the public key of the certificate signing request. :return: The public key. :rtype: :py:class:`PKey` ( RMt__new__RtX509_REQ_get_pubkeyR RPR"R&R'R(ROReRn(RSRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt get_pubkey8s  cCs)tj|j|}|s%tndS(s Set the version subfield (RFC 2459, section 4.1.2.1) of the certificate request. :param int version: The version number. :return: :py:const:`None` N(RtX509_REQ_set_versionR R'(RStversionR<((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt set_versionHscCstj|jS(s Get the version subfield (RFC 2459, section 4.1.2.1) of the certificate request. :return: The value of the version subfield. :rtype: :py:class:`int` (RtX509_REQ_get_versionR (RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt get_versionTscCsMtjt}tj|j|_|jtjkr@tn||_ |S(s Return the subject of this certificate signing request. This creates a new :class:`X509Name` that wraps the underlying subject name field on the certificate signing request. Modifying it will modify the underlying signing request, and will have the effect of modifying any other :class:`X509Name` that refers to this subject. :return: The subject of this certificate signing request. :rtype: :class:`X509Name` ( RRRtX509_REQ_get_subject_nameR RR"R&R't_owner(RSR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt get_subject^s   cCstj}|tjkr%tntj|tj}x?|D]7}t|tset dntj ||j qAWtj |j |}|stndS(s Add extensions to the certificate signing request. :param extensions: The X.509 extensions to add. :type extensions: iterable of :py:class:`X509Extension` :return: :py:const:`None` s+One of the elements is not an X509ExtensionN(Rtsk_X509_EXTENSION_new_nullR"R&R'R(tsk_X509_EXTENSION_freeR0RR9tsk_X509_EXTENSION_pushRtX509_REQ_add_extensionsR (RSt extensionststacktextR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytadd_extensionsvs   cCsmg}tj|j}xNttj|D]7}tjt}tj|||_|j |q.W|S(s Get X.509 extensions in the certificate signing request. :return: The X.509 extensions in this request. :rtype: :py:class:`list` of :py:class:`X509Extension` objects. .. versionadded:: 0.15 ( RtX509_REQ_get_extensionsR Rtsk_X509_EXTENSION_numRRtsk_X509_EXTENSION_valueRR(RStextstnative_exts_objRR"((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_extensionss cCs|jrtdn|js0tdntjt|}|tjkrctdntj|j |j |}|st ndS(sj Sign the certificate signing request with this key and digest type. :param pkey: The key pair to sign with. :type pkey: :py:class:`PKey` :param digest: The name of the message digest to use for the signature, e.g. :py:data:`b"sha1"`. :type digest: :py:class:`bytes` :return: :py:const:`None` sKey has only public partsKey is uninitializedsNo such digest methodN( RnR9RRRtEVP_get_digestbynameRR"R&t X509_REQ_signR RPR'(RSRTtdigestt digest_objt sign_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytsigns  cCsPt|tstdntj|j|j}|dkrLtn|S(sa Verifies the signature on this certificate signing request. :param key: A public key. :type key: :py:class:`PKey` :return: :py:data:`True` if the signature is correct. :rtype: :py:class:`bool` :raises Error: If the signature is invalid or there is a problem verifying the signature. spkey must be a PKey instancei(R0RMR2RtX509_REQ_verifyR RPR'(RSRTRj((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytverifys   ( RRRRURRRRRR#R)R/R1(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR !s       RcBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZRS(s An X.509 certificate. cCs(tj}tj|tj|_dS(N(RtX509_newR"R(t X509_freeR(RStx509((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRUs cCs5t|tstdntj|j|dS(s Set the version number of the certificate. :param version: The version number of the certificate. :type version: :py:class:`int` :return: :py:const:`None` sversion must be an integerN(R0RVR2RtX509_set_versionR(RSR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs cCstj|jS(s Return the version number of the certificate. :return: The version number of the certificate. :rtype: :py:class:`int` (RtX509_get_versionR(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRscCshtjt}tj|j|_|jtjkr@tntj |jtj |_t |_ |S(s{ Get the public key of the certificate. :return: The public key. :rtype: :py:class:`PKey` ( RMRRtX509_get_pubkeyRRPR"R&R'R(ROReRn(RSRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs  cCsJt|tstdntj|j|j}|sFtndS(s Set the public key of the certificate. :param pkey: The public key. :type pkey: :py:class:`PKey` :return: :py:data:`None` spkey must be a PKey instanceN(R0RMR2RtX509_set_pubkeyRRPR'(RSRTR<((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRs cCst|tstdn|jr6tdn|jsNtdntjt|}|t j krtdntj |j |j |}|stndS(s Sign the certificate with this key and digest type. :param pkey: The key to sign with. :type pkey: :py:class:`PKey` :param digest: The name of the message digest to use. :type digest: :py:class:`bytes` :return: :py:data:`None` spkey must be a PKey instancesKey only has public partsKey is uninitializedsNo such digest methodN(R0RMR2RnR9RRRR*RR"R&t X509_signRRPR'(RSRTR,tevp_mdR.((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR/s   cCsU|jjjj}tj|}|tjkr?tdntj tj |S(s Return the signature algorithm used in the certificate. :return: The name of the algorithm. :rtype: :py:class:`bytes` :raises ValueError: If the signature algorithm is undefined. .. versionadded:: 0.13 sUndefined signature algorithm( Rt cert_infot signaturet algorithmRRRR9R"RDt OBJ_nid2ln(RStalgR|((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_signature_algorithm1s cCstjt|}|tjkr3tdntjdtj}tjdd}t||d      ( RRRRURRRRR (((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRjs    tPKCS7cBs5eZdZdZdZdZdZRS(cCstj|jrtStS(sm Check if this NID_pkcs7_signed object :return: True if the PKCS7 is of type signed (RtPKCS7_type_is_signedt_pkcs7ReRQ(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyttype_is_signedscCstj|jrtStS(st Check if this NID_pkcs7_enveloped object :returns: True if the PKCS7 is of type enveloped (RtPKCS7_type_is_envelopedR ReRQ(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyttype_is_envelopedscCstj|jrtStS(s Check if this NID_pkcs7_signedAndEnveloped object :returns: True if the PKCS7 is of type signedAndEnveloped (Rt PKCS7_type_is_signedAndEnvelopedR ReRQ(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyttype_is_signedAndEnvelopedscCstj|jrtStS(si Check if this NID_pkcs7_data object :return: True if the PKCS7 is of type data (RtPKCS7_type_is_dataR ReRQ(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt type_is_data scCs1tj|jj}tj|}tj|S(sk Returns the type name of the PKCS7 structure :return: A string with the typename (RRR RfRR"RD(RSR|t string_type((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt get_type_names(RRR RRRR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR s  tPKCS12cBsqeZdZdZdZdZdZdZdZdZ dZ d Z d d d d Z RS(s A PKCS #12 archive. cCs(d|_d|_d|_d|_dS(N(RRPRt_cacertst _friendlyname(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRU&s   cCs|jS(s Get the certificate in the PKCS #12 structure. :return: The certificate, or :py:const:`None` if there is none. :rtype: :py:class:`X509` or :py:const:`None` (R(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_certificate,scCs+t|tstdn||_dS(s Set the certificate in the PKCS #12 structure. :param cert: The new certificate, or :py:const:`None` to unset it. :type cert: :py:class:`X509` or :py:const:`None` :return: :py:const:`None` scert must be an X509 instanceN(R0RR2R(RSR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytset_certificate5s cCs|jS(s Get the private key in the PKCS #12 structure. :return: The private key, or :py:const:`None` if there is none. :rtype: :py:class:`PKey` (RP(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_privatekeyBscCs+t|tstdn||_dS(s Set the certificate portion of the PKCS #12 structure. :param pkey: The new private key, or :py:const:`None` to unset it. :type pkey: :py:class:`PKey` or :py:const:`None` :return: :py:const:`None` spkey must be a PKey instanceN(R0RMR2RP(RSRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytset_privatekeyKs cCs |jdk rt|jSdS(s Get the CA certificates in the PKCS #12 structure. :return: A tuple with the CA certificates in the chain, or :py:const:`None` if there are none. :rtype: :py:class:`tuple` of :py:class:`X509` or :py:const:`None` N(RRR(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_ca_certificatesXscCs`|dkrd|_nDt|}x,|D]$}t|ts+tdq+q+W||_dS(s Replace or set the CA certificates within the PKCS12 object. :param cacerts: The new CA certificates, or :py:const:`None` to unset them. :type cacerts: An iterable of :py:class:`X509` or :py:const:`None` :return: :py:const:`None` s)iterable must only contain X509 instancesN(RRtlistR0RR2(RStcacertsR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytset_ca_certificatescs    cCsJ|dkrd|_n%t|ts=td|fn||_dS(s Set the friendly name in the PKCS #12 structure. :param name: The new friendly name, or :py:const:`None` to unset. :type name: :py:class:`bytes` or :py:const:`None` :return: :py:const:`None` s+name must be a byte string or None (not %r)N(RRR0R1R2(RSR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytset_friendlynamexs  cCs|jS(s Get the friendly name in the PKCS# 12 structure. :returns: The friendly name, or :py:const:`None` if there is none. :rtype: :py:class:`bytes` or :py:const:`None` (R(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytget_friendlynamesiic Csztd|}|jdkr*tj}nHtj}tj|tj}x$|jD]}tj ||j qUW|dkrtj}n|j }|dkrtj}n|j dkrtj}n |j j }|j dkrtj}n |j j }tj|||||tjtj||d }|tjkrBtntj|tj}t} tj| |t| S(s Dump a PKCS12 object as a string. For more information, see the :c:func:`PKCS12_create` man page. :param passphrase: The passphrase used to encrypt the structure. Unlike some other passphrase arguments, this *must* be a string, not a callback. :type passphrase: :py:data:`bytes` :param iter: Number of times to repeat the encryption step. :type iter: :py:data:`int` :param maciter: Number of times to repeat the MAC step. :type maciter: :py:data:`int` :return: The string representation of the PKCS #12 structure. :rtype: RiN(t_text_to_bytes_and_warnRRR"R&Rtsk_X509_new_nullR(t sk_X509_freet sk_X509_pushRRRPRt PKCS12_createt&NID_pbe_WithSHA1And3_Key_TripleDES_CBCR't PKCS12_freeR+ti2d_PKCS12_bioR/( RSRtitertmaciterRRt friendlynameRTtpkcs12R((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR s:             N(RRRRURRRRRR R!R"RR (((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR!s    t NetscapeSPKIcBsDeZdZdZdZdZdZdZdZRS(s! A Netscape SPKI object. cCs(tj}tj|tj|_dS(N(RtNETSCAPE_SPKI_newR"R(tNETSCAPE_SPKI_freet_spki(RStspki((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRUs cCs|jrtdn|js0tdntjt|}|tjkrctdntj|j |j |}|st ndS(s$ Sign the certificate request with this key and digest type. :param pkey: The private key to sign with. :type pkey: :py:class:`PKey` :param digest: The message digest to use. :type digest: :py:class:`bytes` :return: :py:const:`None` sKey has only public partsKey is uninitializedsNo such digest methodN( RnR9RRRR*RR"R&tNETSCAPE_SPKI_signR2RPR'(RSRTR,R-R.((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR/s  cCs2tj|j|j}|dkr.tntS(s~ Verifies a signature on a certificate request. :param key: The public key that signature is supposedly from. :type pkey: :py:class:`PKey` :return: :py:const:`True` if the signature is correct. :rtype: :py:class:`bool` :raises Error: If the signature is invalid, or there was a problem verifying the signature. i(RtNETSCAPE_SPKI_verifyR2RPR'Re(RSRtanswer((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR1s   cCs2tj|j}tj|}tj||S(s Generate a base64 encoded representation of this SPKI object. :return: The base64 encoded string. :rtype: :py:class:`bytes` (RtNETSCAPE_SPKI_b64_encodeR2R"RDR(RStencodedRj((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt b64_encode s cCshtjt}tj|j|_|jtjkr@tntj |jtj |_t |_ |S(s| Get the public key of this certificate. :return: The public key. :rtype: :py:class:`PKey` ( RMRRtNETSCAPE_SPKI_get_pubkeyR2RPR"R&R'R(ROReRn(RSRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR s  cCs,tj|j|j}|s(tndS(s~ Set the public key of the certificate :param pkey: The public key :return: :py:const:`None` N(RtNETSCAPE_SPKI_set_pubkeyR2RPR'(RSRTR<((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR& s( RRRRUR/R1R9RR(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR/s    RcBsJeZeedZedZedZedZdZ RS(cCsO|tkr'|dk r'tdn||_||_||_g|_dS(Ns0only FILETYPE_PEM key format supports encryption(RRR9t _passphraset _more_argst _truncatet _problems(RSRfRt more_argsttruncate((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRU7 s    cCsa|jdkrtjSt|jtr/tjSt|jrQtjd|jSt ddS(Ntpem_password_cbs(Last argument must be string or callable( R<RR"R&R0R1tcallableRt_read_passphraseR2(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRA scCsU|jdkrtjSt|jtr/|jSt|jrEtjStddS(Ns(Last argument must be string or callable(R<RR"R&R0R1RCR2(RS((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRL scCsGyt|Wn|k r)}|}nX|jrC|jdn|S(Ni(t_exception_from_error_queueR?(RSt exceptionTypetet from_queue((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRW s  cCsy|jr$|j|||}n|j|}t|tsQtdnt||kr|jry|| }qtdnx/tt|D]}|||d!||Rt ExceptionR?R(RStbuftsizetrwflagtuserdataRjRRG((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyRD` s"    ( RRRQRURRRRRRD(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR6 s    cCst|tr!|jd}nt|}|tkr]tj|tjtjtj}n0|t krtj |tj}n t d|tjkrt nt jt }tj|tj|_|S(s< Load a public key from a buffer. :param type: The file type (one of :data:`FILETYPE_PEM`, :data:`FILETYPE_ASN1`). :param buffer: The buffer the key is stored in. :type buffer: A Python string object, either unicode or bytestring. :return: The PKey object. :rtype: :class:`PKey` Rs3type argument must be FILETYPE_PEM or FILETYPE_ASN1(R0RRR+RRtPEM_read_bio_PUBKEYR"R&Rtd2i_PUBKEY_bioR9R'RMRR(RORP(RfR)Rtevp_pkeyRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytload_publickeyw s      cCst|tr!|jd}nt|}t||}|tkrvtj|tj |j |j }|j n0|t krtj|tj }n td|tj krtntjt}tj|tj|_|S(s Load a private key from a buffer :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param buffer: The buffer the key is stored in :param passphrase: (optional) if encrypted PEM format, this can be either the passphrase to use, or a callback for providing the passphrase. :return: The PKey object Rs3type argument must be FILETYPE_PEM or FILETYPE_ASN1(R0RRR+RRRtPEM_read_bio_PrivateKeyR"R&RRRRtd2i_PrivateKey_bioR9R'RMRR(RORP(RfR)RRRRPRT((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytload_privatekey s       cCst}|tkr-tj||j}nZ|tkrQtj||j}n6|tkr{tj||jdd}n t d|dkrt nt |S(s Dump a certificate request to a buffer :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param req: The certificate request to dump :return: The buffer with the dumped certificate request in isCtype argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXT( R+RRtPEM_write_bio_X509_REQR Rti2d_X509_REQ_bioRtX509_REQ_print_exR9R'R/(RfRRR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytdump_certificate_request s       cCst|tr!|jd}nt|}|tkr]tj|tjtjtj}n0|t krtj |tj}n t d|tjkrt nt jt }tj|tj|_|S(s Load a certificate request from a buffer :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param buffer: The buffer the certificate request is stored in :return: The X509Req object Rs3type argument must be FILETYPE_PEM or FILETYPE_ASN1(R0RRR+RRtPEM_read_bio_X509_REQR"R&Rtd2i_X509_REQ_bioR9R'R RR(R R (RfR)RRtx509req((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytload_certificate_request s  $   c Cs td|}tjt|}|tjkrBtdntjd}tj|tj }tj ||tj ||t |t j|dd}tjd|}tjd}tj||||j}|dkrtntj||d S( s Sign data with a digest :param pkey: Pkey to sign with :param data: data to be signed :param digest: message digest to use :return: signature R*sNo such digest methods EVP_MD_CTX*iisunsigned char[]s unsigned int*ii(R#RR*RR"R&R9R#R(tEVP_MD_CTX_cleanupt EVP_SignInittEVP_SignUpdateR%RMRgt EVP_SignFinalRPR'R)( RTR*R,R-tmd_ctxt pkey_lengthtsignature_buffertsignature_lengtht final_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR/ s   cCstd|}tjt|}|tjkrBtdntj|j}|tjkrmt ntj |tj }tj d}tj |tj }tj||tj||t|tj||t||}|dkrt ndS(s6 Verify a signature. :param cert: signing certificate (X509 object) :param signature: signature returned by sign function :param data: data to be verified :param digest: message digest to use :return: :py:const:`None` if the signature is correct, raise exception otherwise R*sNo such digest methods EVP_MD_CTX*iN(R#RR*RR"R&R9R7RR'R(ROR#R]tEVP_VerifyInittEVP_VerifyUpdateR%tEVP_VerifyFinal(RR<R*R,R-RTRat verify_result((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR1 s   cCst}|tkr-tj||j}nT|tkrQtj||j}n0|tkrutj||j}n t d|dkst t |S(s  Dump a certificate revocation list to a buffer. :param type: The file type (one of ``FILETYPE_PEM``, ``FILETYPE_ASN1``, or ``FILETYPE_TEXT``). :param CRL crl: The CRL to dump. :return: The buffer with the CRL. :rtype: :data:`bytes` sCtype argument must be FILETYPE_PEM, FILETYPE_ASN1, or FILETYPE_TEXTi( R+RRtPEM_write_bio_X509_CRLRRti2d_X509_CRL_bioRtX509_CRL_printR9RR/(RfRRR((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyR: s     cCst|tr!|jd}nt|}|tkr]tj|tjtjtj}n0|t krtj |tj}n t d|tjkrt nt jt }||_|S(s Load a certificate revocation list from a buffer :param type: The file type (one of FILETYPE_PEM, FILETYPE_ASN1) :param buffer: The buffer the CRL is stored in :return: The PKey object Rs3type argument must be FILETYPE_PEM or FILETYPE_ASN1(R0RRR+RRtPEM_read_bio_X509_CRLR"R&Rtd2i_X509_CRL_bioR9R'RRR(RfR)RRRj((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytload_crlV s   $    cCst|tr!|jd}nt|}|tkr]tj|tjtjtj}n7|t krtj |tj}nt t d|tjkrt nt jt }tj|tj|_|S(s Load pkcs7 data from a buffer :param type: The file type (one of FILETYPE_PEM or FILETYPE_ASN1) :param buffer: The buffer with the pkcs7 data. :return: The PKCS7 object Rs3type argument must be FILETYPE_PEM or FILETYPE_ASN1(R0RRR+RRtPEM_read_bio_PKCS7R"R&Rt d2i_PKCS7_bioR'R9R RR(t PKCS7_freeR (RfR)Rtpkcs7tpypkcs7((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pytload_pkcs7_datas s  $   cCstd|}t|tr0|jd}nt|}|sNtj}ntj|tj}|tjkr|t ntj |tj }tj d}tj d}tj d}tj |||||}|st ntj |dtj}y t Wntk r nX|dtjkr=d}n+tjt}tj |dtj|_|dtjkrd} d} ntjt} tj |dtj| _tj d} tj|d| } tj| | d} | tjkr d} ng} xNttj|D]7}tjt}tj|||_| j|q%W| sod} ntjt}||_| |_| |_ | |_!|S( s Load a PKCS12 object from a buffer :param buffer: The buffer the certificate is stored in :param passphrase: (Optional) The password to decrypt the PKCS12 lump :returns: The PKCS12 object RRs EVP_PKEY**sX509**sCryptography_STACK_OF_X509**isint*N("R#R0RRR+R"R&Rtd2i_PKCS12_bioR'R(R)R#t PKCS12_parseR%RRRMRRORPRR3RtX509_alias_get0R)Rt sk_X509_numt sk_X509_valueRRRRR(R)RRtp12RTRRt parse_resulttpykeyRR-tfriendlyname_lengthtfriendlyname_buffert pycacertsRtpycacertR.((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyt load_pkcs12 sd              tutf8only(dRdtbase64Rt functoolsRtoperatorRRRRRRtwarningsRRtsixR RIR RR Rt OpenSSL._utilR R"R RRRERRRRRRRR#tSSL_FILETYPE_PEMRtSSL_FILETYPE_ASN1RRRpR[t EVP_PKEY_DSAR_RIRR'RRR+R/R?RLtobjectRMtPKeyTypeRwRRRt X509NameTypeRtX509ExtensionTypeR t X509ReqTypeRtX509TypeRt X509StoreTypeRRRRRRRRtCRLTypeR t PKCS7TypeRt PKCS12TypeR/tNetscapeSPKITypeRRQRTRXR\R/R1RRoRuRtOpenSSL_add_all_algorithmstSSL_load_error_stringst ASN1_STRING_set_default_mask_asc(((s2/usr/lib/python2.7/dist-packages/OpenSSL/crypto.pyts~ .4       (|l  p  3~3aA #   " $    ]