r g3      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ unknown experimental#Vincent Hanquez <vincent@snarc.org>None-create a container around the stream of ASN1 unknown experimental#Vincent Hanquez <vincent@snarc.org>NoneAOnly use to encode a DistinguishedName without including it in a  Sequence !Elements commonly available in a   structure OU O Country CN A list of OID and strings. #Try to get a specific element in a   structure      unknown experimental#Vincent Hanquez <vincent@snarc.org>None  a Set of  An undecoded extension OID of this extension if this extension is critical the associated ASN1   unknown experimental#Vincent Hanquez <vincent@snarc.org>None 7Distribution point as either some GeneralNames or a DN Reason flag for the CRL !)Identify how CRL information is obtained #KProvide a mean to identify the public key corresponding to the private key  used to signed a certificate. %3Provide a way to supply alternate name that can be  used for matching host name. '.Different naming scheme use by the extension. +Not all name types are available, missing:  otherName  x400Address  directoryName  ediPartyName  registeredID ,8Provide a way to identify a public key by a short hash. .Describe key usage 0Basic Constraints 2Extension class. 7each extension have a unique OID associated, and a way & to encode and decode an ASN1 stream. 6?key usage flag that is found in the key usage extension field. @8Get a specific extension from a lists of raw extensions ATry to decode an ExtensionRaw. If this function return:  * Nothing, the OID doesn't match 7 * Just Left, the OID matched, but the extension couldn' t be decoded O * Just Right, the OID matched, and the extension has been succesfully decoded 8 !"#$%&'()*+,-./0123456789:;<=>?@A. !"#$%&'()*+,-./0123456789:;<=>?@A !"#$%&'+*)(,-./0123456 ?>=<;:987@Aunknown experimental#Vincent Hanquez <vincent@snarc.org>NoneB&Signature Algorithm often composed of - a public key algorithm and a hash algorithm EPublic Key Algorithm FUnknown Public Key algorithm G$Diffie Hellman Public Key algorithm HECDSA Public Key algorithm IDSA Public Key algorithm JRSA Public Key algorithm KHash Algorithm BCDEFGHIJKLMNOPQRBCDEFGHIJKLMNOPQRBDCEJIHGFKRQPONMLunknown experimental#Vincent Hanquez <vincent@snarc.org>NoneS>Describe a revoked certificate identifiable by serial number. X'Describe a Certificate revocation list STUVWXYZ[\]^_`STUVWXYZ[\]^_`STUVWXYZ[\]^_`unknown experimental#Vincent Hanquez <vincent@snarc.org>None a>Represent the signed object plus the raw data that we need to D keep around for non compliant case to be able to verify signature. bget the decoded Signed data 'The raw representation of the object a 9 TODO: in later version, replace with offset in exactRaw c5The raw representation of the whole signed structure d>Represent a signed object using a traditional X509 structure. FWhen dealing with external certificate, use the SignedExact structure  not this one. fObject to sign gSignature Algorithm used hSignature as bytes i&Get the signed data for the signature make a a copy of a d object 2As the signature is already generated, expect the J encoded object to have been made on a compliant DER ASN1 implementation. It's better to use j instead of this. jTransform an object into a a object Transform an object into a d object. It'?s recommended to use the SignedExact object instead of Signed. kLTry to parse a bytestring that use the typical X509 signed structure format abcdefghijsignature function object to sign k abcdefghijkabcdefghijk unknown experimental#Vincent Hanquez <vincent@snarc.org>Nonel)Public key types known and used in X.509 munrecognized format o,DH format with (p,g,q,j,(seed,pgenCounter)) pDSA public key qRSA public key r6Convert a Public key to the Public Key Algorithm type lmnopqrlmnopqrlqponmr unknown experimental#Vincent Hanquez <vincent@snarc.org>None sX.509 Certificate type. This type doesn't include the signature, it's describe in the RFC  as tbsCertificate. uVersion vSerial number wSignature algorithm x Issuer DN yValidity period z Subject DN { Public key | Extensions Nparse header structure of a x509 certificate. the structure is the following:  Version  Serial Number  Algorithm ID  Issuer  Validity  Not Before  Not After  Subject  Subject Public Key Info % Public Key Algorithm # Subject Public Key 4 Issuer Unique Identifier (Optional) (>= 2) 4 Subject Unique Identifier (Optional) (>= 2) ( Extensions (Optional) (>= v3) stuvwxyz{| stuvwxyz{|s tuvwxyz{| unknown experimental#Vincent Hanquez <vincent@snarc.org>None}<Represent a chain of X.509 certificates in bytestring form. -A chain of X.509 certificates in exact form. >Decode a CertificateChainRaw into a CertificateChain if every J raw certificate are decoded correctly, otherwise return the index of the . failed certificate and the error associated. 6Convert a CertificateChain into a CertificateChainRaw }~}~}~unknown experimental#Vincent Hanquez <vincent@snarc.org>None A Signed CRL A Signed Certificate 6Get the Certificate associated to a SignedCertificate &Get the CRL associated to a SignedCRL 2Try to decode a bytestring to a SignedCertificate *Try to decode a bytestring to a SignedCRL 1Make an OpenSSL style hash of distinguished name AOpenSSL algorithm is odd, and has been replicated here somewhat. ) only lower the case of ascii character. 7Create an openssl style old hash of distinguished name   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~stuvwxyz{|lqponmrKRQPONMLEJIHGFBDC234501./6?>=<;:987,-%&#$!"'+*)( @A XYZ[\]^_`STUVW  }~defghabcbijck     !"#$%&'()*++,,--./0123344556789:;<=>?@ABCDEFGFHIJKLMNOPQRSTUVVWXYZZ[\]^_`abcdeefghijk l m n o p q r s s t u v w x y z { | | } } ~  b              x509-1.4.2 Data.X509Data.X509.InternalData.X509.DistinguishedNameData.X509.ExtensionRaw Data.X509.ExtData.X509.AlgorithmIdentifier Data.X509.CRLData.X509.SignedData.X509.PublicKeyData.X509.CertData.X509.CertificateChainasn1-types-0.2.0Data.ASN1.Types.StringgetCharacterStringRawDatacharacterEncodingASN1CharacterString DnElementDnOrganizationUnitDnOrganization DnCountry DnCommonNameDistinguishedNamegetDistinguishedElements getDnElement Extensions ExtensionRaw extRawOIDextRawCritical extRawASN1DistributionPointDistributionNameRelativeDistributionPointFullName ReasonFlagReason_AACompromiseReason_PrivilegeWithdrawnReason_CertificateHoldReason_CessationOfOperationReason_SupersededReason_AffiliationChangedReason_CACompromiseReason_KeyCompromise Reason_UnusedExtCrlDistributionPointsExtAuthorityKeyIdExtSubjectAltNameAltName AltNameIP AltNameURI AltNameDNS AltNameRFC822ExtSubjectKeyId ExtKeyUsageExtBasicConstraints ExtensionextOID extEncode extDecodeExtKeyUsageFlagKeyUsage_decipherOnlyKeyUsage_encipherOnlyKeyUsage_cRLSignKeyUsage_keyCertSignKeyUsage_keyAgreementKeyUsage_dataEnciphermentKeyUsage_keyEnciphermentKeyUsage_nonRepudiationKeyUsage_digitalSignature extensionGetextensionDecode SignatureALGSignatureALG_Unknown PubKeyALGPubKeyALG_Unknown PubKeyALG_DHPubKeyALG_ECDSA PubKeyALG_DSA PubKeyALG_RSAHashALG HashSHA512 HashSHA384 HashSHA256 HashSHA224HashSHA1HashMD5HashMD2RevokedCertificaterevokedSerialNumber revokedDaterevokedExtensionsCRL crlVersioncrlSignatureAlg crlIssuer crlThisUpdate crlNextUpdatecrlRevokedCertificates crlExtensions SignedExact getSignedencodeSignedObjectSigned signedObject signedAlgsignedSignature getSignedDataobjectToSignedExactdecodeSignedObjectPubKey PubKeyUnknown PubKeyECDSAPubKeyDH PubKeyDSA PubKeyRSA pubkeyToAlg Certificate certVersion certSerialcertSignatureAlg certIssuerDN certValidity certSubjectDN certPubKeycertExtensionsCertificateChainRawCertificateChaindecodeCertificateChainencodeCertificateChain SignedCRLSignedCertificategetCertificategetCRLdecodeSignedCertificatedecodeSignedCRLhashDN hashDN_old asn1Containerasn1-parse-0.8.0Data.ASN1.ParsehasNextonNextContainerMaybegetNextContainerMaybeonNextContainergetNextContainer getNextMaybegetManygetNext getObject runParseASN1runParseASN1State ParseASN1 Data.ASN1.OIDOIDDistinguishedNameInnerparseDN parseDNInner parseOneDN encodeDNinnerencodeDN"$fASN1ObjectDistinguishedNameInner$fASN1ObjectDistinguishedName$fMonoidDistinguishedName$fOIDableDnElementparseExtensions encodeExts encodeExt$fASN1ObjectExtensionRaw$fASN1ObjectExtensionsparseGeneralNamesencodeGeneralNames bitsToFlags flagsToBits#$fExtensionExtCrlDistributionPoints$fExtensionExtAuthorityKeyId$fExtensionExtSubjectAltName$fExtensionExtSubjectKeyId$fExtensionExtKeyUsage$fExtensionExtBasicConstraints sig_tableoidSigsigOID$fASN1ObjectSignatureALG$fOIDablePubKeyALGparseCRL encodeCRL$fASN1ObjectRevokedCertificate$fASN1ObjectCRLexactObjectRaw signedToExactobjectToSigned ECDSA_HashECDSA_Hash_SHA384encodePK$fASN1ObjectPubKeyparseCertificate CertKeyUsageCertKeyUsageDecipherOnlyCertKeyUsageEncipherOnlyCertKeyUsageCRLSignCertKeyUsageKeyCertSignCertKeyUsageKeyAgreementCertKeyUsageDataEnciphermentCertKeyUsageKeyEnciphermentCertKeyUsageNonRepudiationCertKeyUsageDigitalSignatureparseCertHeaderVersionparseCertHeaderSerialparseCertHeaderValidityencodeCertificateHeader$fASN1ObjectCertificateshorten