{p      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone,create a container around the stream of ASN1 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneJOnly use to encode a DistinguishedName without including it in a Sequence!Elements commonly available in a   structureOUOCountryCN A list of OID and strings. #Try to get a specific element in a   structure      BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone  a Set of An undecoded extensionOID of this extensionif this extension is criticalthe associated ASN1    BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone36Distribution point as either some GeneralNames or a DNReason flag for the CRL!(Identify how CRL information is obtained#iProvide a mean to identify the public key corresponding to the private key used to signed a certificate.%PProvide a way to supply alternate name that can be used for matching host name.'-Different naming scheme use by the extension.mNot all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID.7Provide a way to identify a public key by a short hash.0Extended key usage extension25Key usage purposes for the ExtendedKeyUsage extension:Describe key usage<Basic Constraints>Extension class.\each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.B>key usage flag that is found in the key usage extension field.L7Get a specific extension from a lists of raw extensionsM7Get a specific extension from a lists of raw extensionsNTry to decode an ExtensionRaw.If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decodedO#Encode an Extension to extensionRawH !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO< !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNO !"#$%&'-,+*)(./0129876543:;<=>?@AB KJIHGFEDCLMNO BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknown Safe-InferredPRSignature Algorithm often composed of a public key algorithm and a hash algorithmSPublic Key AlgorithmTUnknown Public Key algorithmU#Diffie Hellman Public Key algorithmVECDSA Public Key algorithmWDSA Public Key algorithmXRSA Public Key algorithmYHash AlgorithmPQRSTUVWXYZ[\]^_`PQRSTUVWXYZ[\]^_`PRQSXWVUTY`_^]\[Z BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone3a=Describe a revoked certificate identifiable by serial number.f&Describe a Certificate revocation listabcdefghijklmnabcdefghijklmnabcdefghijklmn BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone oRepresent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.pget the decoded Signed data_The raw representation of the object a TODO: in later version, replace with offset in exactRawq4The raw representation of the whole signed structurer=Represent a signed object using a traditional X509 structure.TWhen dealing with external certificate, use the SignedExact structure not this one.tObject to signuSignature Algorithm usedvSignature as bytesw%Get the signed data for the signaturemake a o copy of a r object{As the signature is already generated, expect the encoded object to have been made on a compliant DER ASN1 implementation.It's better to use x instead of this.xTransform an object into a o objectTransform an object into a r object.AIt's recommended to use the SignedExact object instead of Signed.yKTry to parse a bytestring that use the typical X509 signed structure formatopqrstuvwxsignature functionobject to signy opqrstuvwxyopqrstuvwxy  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonez(Public key types known and used in X.509{unrecognized format}+DH format with (p,g,q,j,(seed,pgenCounter))~DSA public keyRSA public key5Convert a Public key to the Public Key Algorithm type z{|}~z{|}~z~}|{  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone3 X.509 Certificate type.UThis type doesn't include the signature, it's describe in the RFC as tbsCertificate.Version Serial numberSignature algorithm Issuer DNValidity period Subject DN Public key Extensionsparse header structure of a x509 certificate. the structure is the following: Version Serial Number Algorithm ID Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (Optional) (>= 2) Subject Unique Identifier (Optional) (>= 2) Extensions (Optional) (>= v3)   BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone;Represent a chain of X.509 certificates in bytestring form.,A chain of X.509 certificates in exact form.Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.5Convert a CertificateChain into a CertificateChainRaw  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknown Safe-Inferred)Private key types known and used in X.509DSA private keyRSA private key5Convert a Public key to the Public Key Algorithm type BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone A Signed CRLA Signed Certificate5Get the Certificate associated to a SignedCertificate%Get the CRL associated to a SignedCRL1Try to decode a bytestring to a SignedCertificate)Try to decode a bytestring to a SignedCRL0Make an OpenSSL style hash of distinguished nameiOpenSSL algorithm is odd, and has been replicated here somewhat. only lower the case of ascii character.6Create an openssl style old hash of distinguished name   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~z~}|{Y`_^]\[ZSXWVUTPRQ>?@A<=:;BKJIHGFEDC0129876543./%&#$!"'-,+*)( LMNO fghijklmnabcde  rstuvopqpwxqy     !"#$%&'()*+,,--../012345667789:;<=>?@@AABCDEFGHIJKLMNOPQRSTUTVWXYZ[\]^_`abcddefghhijklmnopqrsstuvwxy z { | } ~            p            x509-1.4.13 Data.X509Data.X509.InternalData.X509.DistinguishedNameData.X509.ExtensionRaw Data.X509.ExtData.X509.AlgorithmIdentifier Data.X509.CRLData.X509.SignedData.X509.PublicKeyData.X509.CertData.X509.CertificateChainData.X509.PrivateKeyasn1-types-0.2.3Data.ASN1.Types.StringgetCharacterStringRawDatacharacterEncodingASN1CharacterString DnElementDnOrganizationUnitDnOrganization DnCountry DnCommonNameDistinguishedNamegetDistinguishedElements getDnElement Extensions ExtensionRaw extRawOIDextRawCritical extRawASN1DistributionPointDistributionNameRelativeDistributionPointFullName ReasonFlagReason_AACompromiseReason_PrivilegeWithdrawnReason_CertificateHoldReason_CessationOfOperationReason_SupersededReason_AffiliationChangedReason_CACompromiseReason_KeyCompromise Reason_UnusedExtCrlDistributionPointsExtAuthorityKeyIdExtSubjectAltNameAltName AltNameDNSSRV AltNameXMPP AltNameIP AltNameURI AltNameDNS AltNameRFC822ExtSubjectKeyIdExtExtendedKeyUsageExtKeyUsagePurposeKeyUsagePurpose_UnknownKeyUsagePurpose_OCSPSigningKeyUsagePurpose_TimeStampingKeyUsagePurpose_EmailProtectionKeyUsagePurpose_CodeSigningKeyUsagePurpose_ClientAuthKeyUsagePurpose_ServerAuth ExtKeyUsageExtBasicConstraints ExtensionextOID extEncode extDecodeExtKeyUsageFlagKeyUsage_decipherOnlyKeyUsage_encipherOnlyKeyUsage_cRLSignKeyUsage_keyCertSignKeyUsage_keyAgreementKeyUsage_dataEnciphermentKeyUsage_keyEnciphermentKeyUsage_nonRepudiationKeyUsage_digitalSignature extensionGet extensionGetEextensionDecodeextensionEncode SignatureALGSignatureALG_Unknown PubKeyALGPubKeyALG_Unknown PubKeyALG_DHPubKeyALG_ECDSA PubKeyALG_DSA PubKeyALG_RSAHashALG HashSHA512 HashSHA384 HashSHA256 HashSHA224HashSHA1HashMD5HashMD2RevokedCertificaterevokedSerialNumber revokedDaterevokedExtensionsCRL crlVersioncrlSignatureAlg crlIssuer crlThisUpdate crlNextUpdatecrlRevokedCertificates crlExtensions SignedExact getSignedencodeSignedObjectSigned signedObject signedAlgsignedSignature getSignedDataobjectToSignedExactdecodeSignedObjectPubKey PubKeyUnknown PubKeyECDSAPubKeyDH PubKeyDSA PubKeyRSA pubkeyToAlg Certificate certVersion certSerialcertSignatureAlg certIssuerDN certValidity certSubjectDN certPubKeycertExtensionsCertificateChainRawCertificateChaindecodeCertificateChainencodeCertificateChainPrivKey PrivKeyDSA PrivKeyRSA privkeyToAlg SignedCRLSignedCertificategetCertificategetCRLdecodeSignedCertificatedecodeSignedCRLhashDN hashDN_old asn1Containerasn1-parse-0.8.1Data.ASN1.ParsehasNextonNextContainerMaybegetNextContainerMaybeonNextContainergetNextContainer getNextMaybegetManygetNext getObject runParseASN1runParseASN1State ParseASN1 Data.ASN1.OIDOIDDistinguishedNameInnerparseDN parseDNInner parseOneDN encodeDNinnerencodeDN"$fASN1ObjectDistinguishedNameInner$fASN1ObjectDistinguishedName$fMonoidDistinguishedName$fOIDableDnElement encodeExt$fASN1ObjectExtensionRaw$fASN1ObjectExtensionsextKeyUsagePurposedOIDparseGeneralNamesencodeGeneralNames bitsToFlags flagsToBits#$fExtensionExtCrlDistributionPoints$fExtensionExtAuthorityKeyId$fExtensionExtSubjectAltName$fExtensionExtSubjectKeyId$fExtensionExtExtendedKeyUsage$fExtensionExtKeyUsage$fExtensionExtBasicConstraints sig_tableoidSigsigOID$fASN1ObjectSignatureALG$fOIDablePubKeyALGparseCRL encodeCRL$fASN1ObjectRevokedCertificate$fASN1ObjectCRLexactObjectRaw signedToExactobjectToSignedencodePK$fASN1ObjectPubKeyparseCertificate CertKeyUsageCertKeyUsageDecipherOnlyCertKeyUsageEncipherOnlyCertKeyUsageCRLSignCertKeyUsageKeyCertSignCertKeyUsageKeyAgreementCertKeyUsageDataEnciphermentCertKeyUsageKeyEnciphermentCertKeyUsageNonRepudiationCertKeyUsageDigitalSignatureparseCertHeaderVersionparseCertHeaderSerialparseCertHeaderValidityencodeCertificateHeader$fASN1ObjectCertificateshorten