tfِ xddlmZddlZddlZddlZddlZddlZddlmZddl m Z ddl m Z mZddlmZmZmZmZmZmZmZmZddlmZmZmZddlmZmZmZm Z dd l!m"Z"m#Z#dd l$m%Z%ejd d d Z&ej'e j(e j)e j*e j+e j,e j-e j.e j/fZ0Gd de1Z2d;dZ3de>=e j>Gd+d,e>Z?Gd-d.ej;(Z@e@=e j@Gd/d0ej;(ZAeA=e jAe jBZBe jCZCe jDZDe jEZEe jFZFe jGZGe jHZHGd1d2ZIGd3d4ZJGd5d6ZKGd7d8ZLd>d:ZMdS)?) annotationsN)utils)x509)hashes serialization)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificateIssuerPublicKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric eZdZdfd ZxZS) AttributeNotFoundmsgstroidrreturnNonecXt|||_dSN)super__init__r)selfrr __class__s U/var/www/surfInsights/venv3-11/lib/python3.11/site-packages/cryptography/x509/base.pyr%zAttributeNotFound.__init__9s& )rrrrr r!__name__ __module__ __qualname__r% __classcell__r's@r(rr8s=r)r extensionExtension[ExtensionType] extensionslist[Extension[ExtensionType]]r r!cN|D]!}|j|jkrtd"dS)Nz$This extension has already been set.)r ValueError)r0r2es r(_reject_duplicate_extensionr7>sD EE 5IM ! !CDD D "EEr)rr attributes0list[tuple[ObjectIdentifier, bytes, int | None]]cB|D]\}}}||krtddS)Nz$This attribute has already been set.)r5)rr8attr_oid_s r(_reject_duplicate_attributer=HsD %EE!Q s??CDD D EEr)timedatetime.datetimec|jD|}|r|ntj}|d|z S|S)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)rB utcoffsetdatetime timedeltareplace)r>offsets r(_convert_to_naive_utc_timerHRsP  {!!!;x'9';';||4|((611 r)cveZdZejjfdd Zedd Zedd Zdd Z ddZ ddZ dS) Attributerrvaluebytes_typeintr r!c0||_||_||_dSr#)_oid_valuerM)r&rrKrMs r(r%zAttribute.__init__as    r)c|jSr#)rPr&s r(rz Attribute.oidks yr)c|jSr#)rQrSs r(rKzAttribute.valueos {r)rc(d|jd|jdS)Nz)rrKrSs r(__repr__zAttribute.__repr__ssCCC4:CCCCr)otherobjectboolct|tstS|j|jko|j|jko|j|jkSr#) isinstancerJNotImplementedrrKrMr&rXs r(__eq__zAttribute.__eq__vsO%++ "! ! H ! * ek) * ek) r)cDt|j|j|jfSr#)hashrrKrMrSs r(__hash__zAttribute.__hash__sTXtz4:6777r)N)rrrKrLrMrNr r!r rr rLr rrXrYr rZr rN) r+r,r-r UTF8StringrKr%propertyrrWr_rbr)r(rJrJ`s )/ XXDDDD    888888r)rJcDeZdZddZed\ZZZddZdd Z d S) Attributesr8typing.Iterable[Attribute]r r!c.t||_dSr#)list _attributes)r&r8s r(r%zAttributes.__init__s ++r)rprcd|jdS)Nz Not after time (represented as UTC datetime) NrjrSs r(not_valid_afterzCertificate.not_valid_afterrr)cdS)zJ Not after time (represented as a non-naive UTC datetime) NrjrSs r(not_valid_after_utczCertificate.not_valid_after_utcrr)rcdS)z1 Returns the issuer name object. NrjrSs r(issuerzCertificate.issuerrr)cdSz2 Returns the subject name object. NrjrSs r(subjectzCertificate.subjectrr)hashes.HashAlgorithm | NonecdSzt Returns a HashAlgorithm corresponding to the type of the digest signed in the certificate. NrjrSs r(signature_hash_algorithmz$Certificate.signature_hash_algorithmrr)cdSzJ Returns the ObjectIdentifier of the signature algorithm. NrjrSs r(signature_algorithm_oidz#Certificate.signature_algorithm_oidrr)0None | padding.PSS | padding.PKCS1v15 | ec.ECDSAcdSz= Returns the signature algorithm parameters. NrjrSs r(signature_algorithm_parametersz*Certificate.signature_algorithm_parametersrr)rcdS)z/ Returns an Extensions object. NrjrSs r(r2zCertificate.extensions rr)cdSz. Returns the signature bytes. NrjrSs r( signaturezCertificate.signaturerr)cdS)zR Returns the tbsCertificate payload bytes as defined in RFC 5280. NrjrSs r(tbs_certificate_bytesz!Certificate.tbs_certificate_bytesrr)cdS)zh Returns the tbsCertificate payload bytes with the SCT list extension stripped. NrjrSs r(tbs_precertificate_bytesz$Certificate.tbs_precertificate_bytesrr)rXrYrZcdSz" Checks equality. Nrjr^s r(r_zCertificate.__eq__&rr)cdSz" Computes a hash. NrjrSs r(rbzCertificate.__hash__,rr)encodingserialization.EncodingcdS)zB Serializes the certificate to PEM or DER format. Nrjr&rs r( public_byteszCertificate.public_bytes2rr)rr!cdS)z This method verifies that certificate issuer name matches the issuer subject name and that the certificate is signed by the issuer's private key. No other validation is performed. Nrj)r&rs r(verify_directly_issued_byz%Certificate.verify_directly_issued_by8rr)Nrrr rLrg)r ryr rrcr r?r rr rr rr rrdrfrrr rL)rrr r!)r+r,r-abcabstractmethodrrirrrrrrrrrrrrrr2rrrr_rbrrrjr)r(rrs       X    X         X    X    X    X    X    X    X    X    X    X    X    X    X    X                       r)r) metaclassceZdZeejd dZeejd dZeejd dZeejd dZ d S) RevokedCertificater rNcdS)zG Returns the serial number of the revoked certificate. NrjrSs r(rz RevokedCertificate.serial_numberFrr)r?cdS)zH Returns the date of when this certificate was revoked. NrjrSs r(revocation_datez"RevokedCertificate.revocation_dateMrr)cdS)zl Returns the date of when this certificate was revoked as a non-naive UTC datetime. NrjrSs r(revocation_date_utcz&RevokedCertificate.revocation_date_utcTrr)rcdS)zW Returns an Extensions object containing a list of Revoked extensions. NrjrSs r(r2zRevokedCertificate.extensions\rr)Nrgrr) r+r,r-rirrrrrr2rjr)r(rrEs    X    X    X    X   r)rcveZdZddZedd Zedd Zedd Zedd Zd S)_RawRevokedCertificaterrNrr?r2rc0||_||_||_dSr#_serial_number_revocation_date _extensionsr&rrr2s r(r%z_RawRevokedCertificate.__init__i" , /%r)r c|jSr#)rrSs r(rz$_RawRevokedCertificate.serial_numberss ""r)cRtjdtjd|jS)NukProperties that return a naïve datetime object have been deprecated. Please switch to revocation_date_utc.rz) stacklevel)warningswarnrDeprecatedIn42rrSs r(rz&_RawRevokedCertificate.revocation_datews5  @       $$r)cV|jtjjS)NrA)rrFrDtimezoneutcrSs r(rz*_RawRevokedCertificate.revocation_date_utcs"$,,H4E4I,JJJr)c|jSr#)rrSs r(r2z!_RawRevokedCertificate.extensionss r)N)rrNrr?r2rrgrr) r+r,r-r%rirrrr2rjr)r(rrhs&&&&###X#%%%X%KKKXK   X   r)rceZdZejd3dZejd4dZejd5d Zeejd6dZ eejd7dZ eejd8dZ eejd9dZ eejd:dZ eejd:dZeejd;dZeejd;dZeejdd"Zejd?d#Zejd@d&ZejdAd)ZejdBd,ZejdCd.ZejdDd1Zd2S)ECertificateRevocationListrrr rLcdS)z: Serializes the CRL to PEM or DER format. Nrjrs r(rz&CertificateRevocationList.public_bytesrr)rrcdSrrjrs r(rz%CertificateRevocationList.fingerprintrr)rrNRevokedCertificate | NonecdS)zs Returns an instance of RevokedCertificate or None if the serial_number is not in the CRL. Nrj)r&rs r((get_revoked_certificate_by_serial_numberzBCertificateRevocationList.get_revoked_certificate_by_serial_numberrr)rcdSrrjrSs r(rz2CertificateRevocationList.signature_hash_algorithmrr)rcdSrrjrSs r(rz1CertificateRevocationList.signature_algorithm_oidrr)rcdSrrjrSs r(rz8CertificateRevocationList.signature_algorithm_parametersrr)rcdS)zC Returns the X509Name with the issuer of this CRL. NrjrSs r(rz CertificateRevocationList.issuerrr)datetime.datetime | NonecdS)z? Returns the date of next update for this CRL. NrjrSs r( next_updatez%CertificateRevocationList.next_updaterr)cdS)zc Returns the date of next update for this CRL as a non-naive UTC datetime. NrjrSs r(next_update_utcz)CertificateRevocationList.next_update_utcrr)r?cdS)z? Returns the date of last update for this CRL. NrjrSs r( last_updatez%CertificateRevocationList.last_updaterr)cdS)zc Returns the date of last update for this CRL as a non-naive UTC datetime. NrjrSs r(last_update_utcz)CertificateRevocationList.last_update_utcrr)rcdS)zS Returns an Extensions object containing a list of CRL extensions. NrjrSs r(r2z$CertificateRevocationList.extensionsrr)cdSrrjrSs r(rz#CertificateRevocationList.signaturerr)cdS)zO Returns the tbsCertList payload bytes as defined in RFC 5280. NrjrSs r(tbs_certlist_bytesz,CertificateRevocationList.tbs_certlist_bytesrr)rXrYrZcdSrrjr^s r(r_z CertificateRevocationList.__eq__rr)cdS)z< Number of revoked certificates in the CRL. NrjrSs r(ruz!CertificateRevocationList.__len__rr)idxrcdSr#rjr&rs r(rwz%CertificateRevocationList.__getitem__s;>3r)slicelist[RevokedCertificate]cdSr#rjrs r(rwz%CertificateRevocationList.__getitem__sCF3r) int | slice-RevokedCertificate | list[RevokedCertificate]cdS)zS Returns a revoked certificate (or slice of revoked certificates). Nrjrs r(rwz%CertificateRevocationList.__getitem__rr)#typing.Iterator[RevokedCertificate]cdS)z8 Iterator over the revoked certificates NrjrSs r(rvz"CertificateRevocationList.__iter__rr)rrcdS)zQ Verifies signature of revocation list against given public key. Nrj)r&rs r(is_signature_validz,CertificateRevocationList.is_signature_validrr)Nrr)rrNr rrrcrr)r rrrrdrfrg)rrNr r)rrr r)rrr r)r r)rrr rZ)r+r,r-rrrrrrirrrrrrrrr2rrr_rutypingoverloadrwrvr rjr)r(rrs\                 X    X    X    X    X    X    X    X    X    X    X            _>>>_> _FFF_F                r)rczeZdZejd dZejd!dZejd"d Zeejd#d Z eejd$d Z eejd%dZ eejd&dZ eejd'dZ eejd(dZejd)dZeejd*dZeejd*dZeejd+dZejd,dZdS)-CertificateSigningRequestrXrYr rZcdSrrjr^s r(r_z CertificateSigningRequest.__eq__!rr)rNcdSrrjrSs r(rbz"CertificateSigningRequest.__hash__'rr)rcdSrrjrSs r(rz$CertificateSigningRequest.public_key-rr)rcdSrrjrSs r(rz!CertificateSigningRequest.subject3rr)rcdSrrjrSs r(rz2CertificateSigningRequest.signature_hash_algorithm:rr)rcdSrrjrSs r(rz1CertificateSigningRequest.signature_algorithm_oidDrr)rcdSrrjrSs r(rz8CertificateSigningRequest.signature_algorithm_parametersKrr)rcdS)z@ Returns the extensions in the signing request. NrjrSs r(r2z$CertificateSigningRequest.extensionsTrr)rlcdS)z/ Returns an Attributes object. NrjrSs r(r8z$CertificateSigningRequest.attributes[rr)rrrLcdS)z; Encodes the request to PEM or DER format. Nrjrs r(rz&CertificateSigningRequest.public_bytesbrr)cdSrrjrSs r(rz#CertificateSigningRequest.signaturehrr)cdS)zd Returns the PKCS#10 CertificationRequestInfo bytes as defined in RFC 2986. NrjrSs r(tbs_certrequest_bytesz/CertificateSigningRequest.tbs_certrequest_bytesorr)cdS)z8 Verifies signature of signing request. NrjrSs r(r z,CertificateSigningRequest.is_signature_validwrr)rcdS)z: Get the attribute value for a given OID. Nrj)r&rs r(rtz/CertificateSigningRequest.get_attribute_for_oid~rr)Nrfrgrrrrcrr)r rlrrd)r rZ)rrr rL)r+r,r-rrr_rbrrirrrrr2r8rrrr rtrjr)r(rr sd                 X    X    X    X    X    X         X    X    X        r)rcNeZdZdggfd%dZd&d Zd'dZddd(dZ d)ddd*d$ZdS)+ CertificateSigningRequestBuilderN subject_name Name | Noner2r3r8r9c0||_||_||_dS)zB Creates an empty X.509 certificate request (v1). N) _subject_namerrp)r&r r2r8s r(r%z)CertificateSigningRequestBuilder.__init__s"*%%r)namerr ct|tstd|jt dt ||j|jS)zF Sets the certificate requestor's distinguished name. Expecting x509.Name object.N&The subject name may only be set once.)r\r TypeErrorr#r5rrrpr&r$s r(r z-CertificateSigningRequestBuilder.subject_names\$%% ;9:: :   )EFF F/ $"D$4   r)extvalrcriticalrZct|tstdt|j||}t ||jt|jg|j||j S)zE Adds an X.509 extension to the certificate request. "extension must be an ExtensionType) r\rr(rrr7rrr#rpr&r*r+r0s r( add_extensionz.CertificateSigningRequestBuilder.add_extensionsz &-00 B@AA Afj(F;; #It/?@@@/   *d * *     r))_tagrrrKrLr0_ASN1Type | Nonecnt|tstdt|tstd|$t|tstdt ||j||j}nd}t|j |j g|j|||fS)zK Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) r\rr(rLrr=rprKrr#r)r&rrKr0tags r( add_attributez.CertificateSigningRequestBuilder.add_attributes#/00 ?=>> >%'' 3122 2  JtY$?$? 344 4#C)9:::  *CCC/     2d 2eS 1 2   r) rsa_padding private_keyrr_AllowedHashTypes | Nonebackend typing.Anyr6%padding.PSS | padding.PKCS1v15 | Nonerc|jtd|^t|tjtjfst dt|tjst dtj ||||S)zF Signs the request using the requestor's private key. Nz/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys) r#r5r\r PSSPKCS1v15r(r RSAPrivateKey rust_x509create_x509_csrr&r7rr9r6s r(signz%CertificateSigningRequestBuilder.signs   %NOO O  "kGK9I+JKK C ABBBk3+<== J HIII( +y+   r))r r!r2r3r8r9)r$rr r)r*rr+rZr r)rrrKrLr0r1r rr#) r7rrr8r9r:r6r;r r)r+r,r-r%r r/r4rErjr)r(rrs%)57GI & & & & &         ."&       H#  >B         r)rc|eZdZUded<ddddddgfd0dZd1dZd1dZd2dZd3dZd4dZ d4dZ d5d$Z d6dd%d7d/Z dS)8CertificateBuilderr3rN issuer_namer!r r CertificatePublicKeyTypes | Noner int | Nonerrrr2r r!ctj|_||_||_||_||_||_||_||_ dSr#) ryr|_version _issuer_namer# _public_keyr_not_valid_before_not_valid_afterr)r&rHr rrrrr2s r(r%zCertificateBuilder.__init__sK  ')%+!1 /%r)r$rc t|tstd|jt dt ||j|j|j|j |j |j S)z3 Sets the CA's distinguished name. r&N%The issuer name may only be set once.) r\rr(rMr5rGr#rNrrOrPrr)s r(rHzCertificateBuilder.issuer_namesv$%% ;9:: :   (DEE E!         "  !     r)c t|tstd|jt dt |j||j|j|j |j |j S)z: Sets the requestor's distinguished name. r&Nr') r\rr(r#r5rGrMrNrrOrPrr)s r(r zCertificateBuilder.subject_name"sv$%% ;9:: :   )EFF F!         "  !     r)keyrc lt|tjtjt jtjtj tj tjfstd|jt#dt%|j|j||j|j|j|jS)zT Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.Nz$The public key may only be set once.)r\r DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyrX25519PublicKeyr X448PublicKeyr(rNr5rGrMr#rrOrPr)r&rTs r(rzCertificateBuilder.public_key4s   )($&"     !    'CDD D!         "  !     r)numberrNc Tt|tstd|jt d|dkrt d|dkrt dt |j|j|j ||j |j |j S)z5 Sets the certificate serial number. 'Serial number must be of integral type.N'The serial number may only be set once.rz%The serial number should be positive.3The serial number should not be more than 159 bits.) r\rNr(rr5 bit_lengthrGrMr#rNrOrPrr&r]s r(rz CertificateBuilder.serial_numberYs&#&& GEFF F   *FGG G Q;;DEE E     # % %E "         "  !     r)r>r?c zt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j |j |j ||j|j S)z7 Sets the certificate activation time. Expecting datetime object.Nz*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)r\rDr(rOr5rH_EARLIEST_UTC_TIMErPrGrMr#rNrrr&r>s r(rz#CertificateBuilder.not_valid_beforets$ 122 :899 9  ! -IJJ J)$// $ $ $$   ,8M1M1M "           !     r)c zt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j |j |j |j||j S)z7 Sets the certificate expiration time. rfNz)The not valid after may only be set once.z)r#r5rMrrOrPrNr\r r?r@r(r rArBcreate_x509_certificaterDs r(rEzCertificateBuilder.signs    %EFF F   $EFF F   &FGG G  ! )NOO O  (MNN N   #CDD D  "kGK9I+JKK C ABBBk3+<== J HIII0 +y+   r))rHr!r r!rrIrrJrrrrr2r3r r!)r$rr rG)rTrr rG)r]rNr rG)r>r?r rG)r*rr+rZr rGr#) r7rrr8r9r:r6r;r r) r+r,r-__annotations__r%rHr rrrrr/rErjr)r(rGrGs////$($(7;$(594857&&&&&&    $    $# # # # J    6    :    @    4# % >B % % % % % % % % r)rGcreZdZUded<ded<dddggfd'd Zd(dZd)dZd*dZd+dZd,dZ d-ddd.d&Z dS)/ CertificateRevocationListBuilderr3rr_revoked_certificatesNrHr!rrrr2revoked_certificatescL||_||_||_||_||_dSr#)rM _last_update _next_updaterrp)r&rHrrr2rqs r(r%z)CertificateRevocationListBuilder.__init__s2(''%%9"""r)rr ct|tstd|jt dt ||j|j|j|j S)Nr&rR) r\rr(rMr5rorsrtrrp)r&rHs r(rHz,CertificateRevocationListBuilder.issuer_namesj+t,, ;9:: :   (DEE E/         &    r)r?cbt|tjstd|jt dt |}|t krt d|j||jkrt dt|j ||j|j |j S)Nrf!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) r\rDr(rsr5rHrgrtrorMrrp)r&rs r(rz,CertificateRevocationListBuilder.last_updates+x'899 :899 9   (@AA A0== + + +J    ([4;L-L-LK 0         &    r)cbt|tjstd|jt dt |}|t krt d|j||jkrt dt|j |j||j |j S)Nrfrwrxz8The next update date must be after the last update date.) r\rDr(rtr5rHrgrsrorMrrp)r&rs r(rz,CertificateRevocationListBuilder.next_update(s+x'899 :899 9   (@AA A0== + + +J    ([4;L-L-LJ 0         &    r)r*rr+rZct|tstdt|j||}t ||jt|j|j |j g|j||j S)zM Adds an X.509 extension to the certificate revocation list. r-) r\rr(rrr7rrorMrsrtrpr.s r(r/z.CertificateRevocationListBuilder.add_extension@s &-00 B@AA Afj(F;; #It/?@@@/       *d * *  &    r)revoked_certificaterct|tstdt|j|j|j|jg|j|S)z8 Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) r\rr(rorMrsrtrrp)r&r{s r(add_revoked_certificatez8CertificateRevocationListBuilder.add_revoked_certificateSsc -/ABB IGHH H/         >d( >*= >    r)r5r7rrr8r9r:r6r;rct|jtd|jtd|jtd|^t |t jt jfstdt |tj stdtj ||||S)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timer=r>) rMr5rsrtr\r r?r@r(r rArBcreate_x509_crlrDs r(rEz%CertificateRevocationListBuilder.signds   $=>> >   $ABB B   $ABB B  "kGK9I+JKK C ABBBk3+<== J HIII( +y+   r)) rHr!rrrrr2r3rqr)rHrr ro)rr?r ro)rr?r ro)r*rr+rZr ro)r{rr ror#) r7rrr8r9r:r6r;r r) r+r,r-rmr%rHrrr/r}rErjr)r(roros////3333$(0404579; : : : : :         0    0    &    *#  >B         r)roc@eZdZddgfddZdd ZddZddZdddZdS)RevokedCertificateBuilderNrrJrrr2r3c0||_||_||_dSr#rrs r(r%z"RevokedCertificateBuilder.__init__rr)r]rNr c$t|tstd|jt d|dkrt d|dkrt dt ||j|jS)Nr_r`rz$The serial number should be positiverarb) r\rNr(rr5rcrrrrds r(rz'RevokedCertificateBuilder.serial_numbers&#&& GEFF F   *FGG G Q;;CDD D     # % %E ) D)4+;   r)r>r?ct|tjstd|jt dt |}|t krt dt|j||j S)Nrfz)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) r\rDr(rr5rHrgrrrrhs r(rz)RevokedCertificateBuilder.revocation_dates$ 122 :899 9  ,HII I)$// $ $ $I )  t'7   r)r*rr+rZct|tstdt|j||}t ||jt|j|j g|j|S)Nr-) r\rr(rrr7rrrrr.s r(r/z'RevokedCertificateBuilder.add_extensionsz&-00 B@AA Afj(F;; #It/?@@@(    ! *d * *   r)r9r:rc|jtd|jtdt|j|jt |jS)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr5rrrr)r&r9s r(buildzRevokedCertificateBuilder.buildsf   &NOO O  (C &    ! t' ( (   r))rrJrrr2r3)r]rNr r)r>r?r r)r*rr+rZr rr#)r9r:r r)r+r,r-r%rrr/rrjr)r(rrs%)4857 &&&&&    $                r)rrNcbttjdddz S)Nbigr)rN from_bytesosurandomrjr)r(random_serial_numberrs# >>"*R..% 0 0A 55r))r0r1r2r3r r!)rrr8r9r r!)r>r?r r?rg)N __future__rrrDrr r cryptographyr"cryptography.hazmat.bindings._rustrrBcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricrr r r r r rr/cryptography.hazmat.primitives.asymmetric.typesrrrcryptography.x509.extensionsrrrrcryptography.x509.namerrcryptography.x509.oidrrgUnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr7r=rHrJrlEnumryr~ABCMetarregisterrrrrload_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrrGrorrrjr)r(rs #"""""  @@@@@@@@@@@@@@                      32222222222222&X&tQ22L M M M M O O O O   EEEEEEEE    !8!8!8!8!8!8!8!8HFFFFFFFF(     ej   -----Y--- [ [ [ [ [ CK[ [ [ [ ~ Y*+++     3;    @I8999     /   DP P P P P #+P P P P f""9#FGGGb b b b b #+b b b b L""9#FGGG&?%?&A////b b b b b b b b Jr r r r r r r r jN N N N N N N N bF F F F F F F F R666666r)