U bh@sdZddlmZddlZddlZddlZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZmZdd lmZd d lmZerdd lmZdd lmZddlmZddlmZddlm Z ddl!m"Z"ddl#m$Z$dZ%GdddZ&GdddZ'Gddde'Z(dS)zX.509 certificates.) annotationsN) TYPE_CHECKINGIterator)default_backend)paddingrsa)load_pem_x509_certificate) bytes_to_str ensure_bytes) SecurityError)reraise_errors) DSAPublicKey)EllipticCurvePublicKey)Ed448PublicKey)Ed25519PublicKey) RSAPublicKey) Prehashed) HashAlgorithm) Certificate CertStore FSCertStorec@szeZdZdZdddddZddd d Zd dd d ZddddZddddZddddZ dddddddZ dS)rzX.509 certificate.strNonecertreturnc CsLtdtfd4tt|td|_t|jtj s>tdW5QRXdS)NzInvalid certificate: {0!r})errors)backendz'Non-RSA certificates are not supported.) r ValueErrorrr r_cert isinstance public_keyrr)selfrr$?/tmp/pip-unpacked-wheel-kcem4wq5/celery/security/certificate.py__init__"szCertificate.__init__boolrcCstjtjj|jjkS)z%Check if the certificate has expired.)datetimenowtimezoneutcr Znot_valid_after_utcr#r$r$r% has_expired,szCertificate.has_expiredzXDSAPublicKey | EllipticCurvePublicKey | Ed448PublicKey | Ed25519PublicKey | RSAPublicKeycCs |jSN)r r"r-r$r$r% get_pubkey0szCertificate.get_pubkeyintcCs|jjS)z,Return the serial number in the certificate.)r Z serial_numberr-r$r$r%get_serial_number5szCertificate.get_serial_numbercCsddd|jjDS)zReturn issuer (CA) as a string. css|] }|jVqdSr/)value).0xr$r$r% ;sz)Certificate.get_issuer..)joinr Zissuerr-r$r$r% get_issuer9szCertificate.get_issuercCs|d|S)zpadr$r$r%r?As  zCertificate.verifyN) __name__ __module__ __qualname____doc__r&r.r0r2r9r:r?r$r$r$r%rs rc@sLeZdZdZddddZddddZd d d d d Zd ddddZdS)rz"Base class for certificate stores.rr(cCs i|_dSr/)_certsr-r$r$r%r&OszCertStore.__init__zIterator[Certificate]ccs|jEdHdS)zReturn certificate iterator.N)rEvaluesr-r$r$r% itercertsRszCertStore.itercertsrr)idrcCs8z|jt|WStk r2td|YnXdS)zGet certificate by id.zUnknown certificate: N)rEr KeyErrorr )r#rHr$r$r% __getitem__VszCertStore.__getitem__rcCs2t|}||jkr$tdt||j|<dS)NzDuplicate certificate: )r r:rEr rH)r#rZcert_idr$r$r%add_cert]s  zCertStore.add_certN)rArBrCrDr&rGrJrKr$r$r$r%rLs rcs(eZdZdZdddfdd ZZS)rzFile system certificate store.rr)pathrc s|ttj|r$tj|d}t|D]H}t|6}t| }| rbt d| | |W5QRXq.dS)N*zExpired certificate: )superr&osrLisdirr8globopenrreadr.r r:rK)r#rLpfr __class__r$r%r&gs     zFSCertStore.__init__)rArBrCrDr& __classcell__r$r$rVr%rdsr))rD __future__rr)rQrOtypingrrZcryptography.hazmat.backendsrZ)cryptography.hazmat.primitives.asymmetricrrZcryptography.x509rZkombu.utils.encodingr r Zcelery.exceptionsr utilsr Z-cryptography.hazmat.primitives.asymmetric.dsarZ,cryptography.hazmat.primitives.asymmetric.ecrZ/cryptography.hazmat.primitives.asymmetric.ed448rZ1cryptography.hazmat.primitives.asymmetric.ed25519rZ-cryptography.hazmat.primitives.asymmetric.rsarZ/cryptography.hazmat.primitives.asymmetric.utilsrZ%cryptography.hazmat.primitives.hashesr__all__rrrr$r$r$r%s.            -