a

X>h��@
s
dZd
dl
mZ
d
dlZd
dlZd
dlZd
dlmZmZ
d
dl	m
Z

d
dlmZm
Z

d
dlmZ
d
dlmZmZ
d
d	lmZ
d
dlmZ
er�d
dlmZ
d
d
lmZ
d
dlmZ
d
dlmZ
d
dlm Z 
d
dl!m"Z"
d
dl#m$Z$
dZ%Gdd�d�Z&Gdd�d�Z'Gdd�de'�Z(dS)zX.509 certificates.�)
�annotationsN)�
TYPE_CHECKING�Iterator)
�default_backend)�padding�rsa)
�load_pem_x509_certificate)�bytes_to_str�ensure_bytes)
�
SecurityError�
)
�reraise_errors)
�DSAPublicKey)
�EllipticCurvePublicKey)
�Ed448PublicKey)
�Ed25519PublicKey)
�RSAPublicKey)
�	Prehashed)
�
HashAlgorithm)�Certificate�	CertStore�FSCertStorec@
szeZ
dZd
Zddd�dd�Zdd�
d	d
�Zdd�
dd
�Zdd�
dd�Zdd�
dd�Zdd�
dd�Z	ddddd�dd�Z
dS)rzX.509 certificate.�str�None��cert�returncC
s`td
t
f
d��>
tt|
�
t�d�|_t|j��tj	�s>t
d�
�
Wd�
n1sR0


Y
dS)NzInvalid certificate: {0!r})
�errors)
�backendz'Non-RSA certificates are not supported.)
r
�
ValueErrorrr
r�_cert�
isinstance�
public_keyrr)�selfr�r$�E/usr/local/lib/python3.9/site-packages/celery/security/certificate.py�__init__"s

�

�
zCertificate.__init__�bool�
rc

C
stj�
tjj�
|jjkS)
z%Check if the certificate has expired.)�datetime�now�timezone�utcr Znot_valid_after_utc�
r#r$r$r%�has_expired,szCertificate.has_expiredzXDSAPublicKey | EllipticCurvePublicKey | Ed448PublicKey | Ed25519PublicKey | RSAPublicKeyc

C
s
|j�
�S�
N)r r"r-r$r$r%�
get_pubkey0szCertificate.get_pubkey�intc


C
s|jj
S)
z,Return the serial number in the certificate.)r Z
serial_numberr-r$r$r%�get_serial_number5szCertificate.get_serial_numberc

C
sd
�dd�|j
jD�
�
S)zReturn issuer (CA) as a string.�
 c
s
s|]}
|
jV
qdSr/)
�value)�.0�
xr$r$r%�	<genexpr>;�z)Certificate.get_issuer.<locals>.<genexpr>)�joinr Zissuerr-r$r$r%�
get_issuer9szCertificate.get_issuerc

C
s|���d
|�
���S)z<Serial number/issuer pair uniquely identifies a certificate.r3)r:r2r-r$r$r%�get_id=szCertificate.get_id�byteszHashAlgorithm | Prehashed)�data�	signature�digestrcC
s\td
�
�@
t
jt
�|�
t
jjd�}|���|t|
�
||�
Wd�
n1sN0


Y
dS)z,Verify signature for string containing data.zBad signature: {0!r})ZmgfZsalt_lengthN)r
rZPSSZMGF1Z
MAX_LENGTHr0�verifyr
)r#r=r>r?�padr$r$r%r@As


�zCertificate.verifyN)�__name__�
__module__�__qualname__�__doc__r&r.r0r2r:r;r@r$r$r$r%rs

rc@
sLeZ
dZd
Zdd�
dd�Zdd�
dd�Zd	d
d�dd
�Zd
dd�dd�ZdS)rz"Base class for certificate stores.rr(c

C
s
i|_dSr/)
�_certsr-r$r$r%r&Os
zCertStore.__init__zIterator[Certificate]c

c
s|j�
�Ed
H
d
S)zReturn certificate iterator.N)rF�valuesr-r$r$r%�	itercertsRszCertStore.itercertsrr)�idrcC
s6z|jt
|
�
WSty0


td
|
���
�
Yn0dS)zGet certificate by id.zUnknown certificate: N)rFr	�KeyErrorr)r#rIr$r$r%�__getitem__Vs


zCertStore.__getitem__rcC
s2t|
�
��
}||jvr$td
t���
�
|
|j|<dS)NzDuplicate certificate: )r	r;rFrrI)r#rZcert_idr$r$r%�add_cert]s




zCertStore.add_certN)rBrCrDrEr&rHrKrLr$r$r$r%rLs

rc
s(eZ
dZd
Zddd��f
dd�Z�ZS)rzFile system certificate store.rr)�pathrc	
s�t��
�
tj�|
�
r$tj�|
d
�}
t�|
�
D]\}t|�
�@}t|�	��
}|�
�rbtd|�����
�
|�
|�

Wd�
q.1s�0


Y
q.dS)N�
*zExpired certificate: )�superr&�osrM�isdirr9�glob�openr�readr.rr;rL)r#rM�
p�
fr�
�	__class__r$r%r&gs










�zFSCertStore.__init__)rBrCrDrEr&�
__classcell__r$r$rWr%rds
r))rE�
__future__rr)rRrP�typingrrZcryptography.hazmat.backendsrZ)cryptography.hazmat.primitives.asymmetricrrZcryptography.x509rZkombu.utils.encodingr	r
Zcelery.exceptionsr�utilsr
Z-cryptography.hazmat.primitives.asymmetric.dsarZ,cryptography.hazmat.primitives.asymmetric.ecrZ/cryptography.hazmat.primitives.asymmetric.ed448rZ1cryptography.hazmat.primitives.asymmetric.ed25519rZ-cryptography.hazmat.primitives.asymmetric.rsarZ/cryptography.hazmat.primitives.asymmetric.utilsrZ%cryptography.hazmat.primitives.hashesr�__all__rrrr$r$r$r%�<module>
s.













-