@      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone,create a container around the stream of ASN1 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone a Set of An undecoded extensionOID of this extension if this extension is critical undecoded content     BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone JOnly use to encode a DistinguishedName without including it in a Sequence !Elements commonly available in a  structureCNCountryOOUEmail Address (legacy)A list of OID and strings.#Try to get a specific element in a  structure     BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone:T6Distribution point as either some GeneralNames or a DNReason flag for the CRL&(Identify how CRL information is obtained(iProvide a mean to identify the public key corresponding to the private key used to signed a certificate.*PProvide a way to supply alternate name that can be used for matching host name.,-Different naming scheme use by the extension.mNot all name types are available, missing: otherName x400Address directoryName ediPartyName registeredID37Provide a way to identify a public key by a short hash.5Extended key usage extension75Key usage purposes for the ExtendedKeyUsage extension?Describe key usageABasic ConstraintsCExtension class.\each extension have a unique OID associated, and a way to encode and decode an ASN1 stream.Errata: turns out, the content is not necessarily ASN1, it could be data that is only parsable by the extension e.g. raw ascii string. Add method to parse and encode with ByteStringJ>key usage flag that is found in the key usage extension field.T7Get a specific extension from a lists of raw extensionsU7Get a specific extension from a lists of raw extensionsVTry to decode an ExtensionRaw.If this function return: * Nothing, the OID doesn't match * Just Left, the OID matched, but the extension couldn't be decoded * Just Right, the OID matched, and the extension has been succesfully decodedW#Encode an Extension to extensionRawN !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWA !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJ KLMNOPQRSTUVW BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone XRSignature Algorithm often composed of a public key algorithm and a hash algorithm[Public Key Algorithm\RSA Public Key algorithm] RSA PSS Key algorithm (RFC 3447)^DSA Public Key algorithm_!ECDSA & ECDH Public Key algorithm`#Diffie Hellman Public Key algorithmaUnknown Public Key algorithmbHash Algorithm=PSS salt length. Always assume ``-sigopt rsa_pss_saltlen:-1``XYZ[\]^_`abcdefghiXYZ[\]^_`abcdefghi XYZ[\]^_`abcdefghi  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone:j=Describe a revoked certificate identifiable by serial number.o&Describe a Certificate revocation listjklmnopqrstuvwjklmnopqrstuvwjklmnopqrstuvw  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone x(Public key types known and used in X.509yRSA public keyzDSA public key{+DH format with (p,g,q,j,(seed,pgenCounter))| EC public key}unrecognized format~Elliptic Curve Public Key'TODO: missing support for binary curve.Serialized Elliptic Curve Point5Convert a Public key to the Public Key Algorithm typexyz{|}~x|yz{}~ xyz{|}~   BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone: X.509 Certificate type.UThis type doesn't include the signature, it's describe in the RFC as tbsCertificate.Version Serial numberSignature algorithm Issuer DNValidity period (UTC) Subject DN Public key Extensionsparse header structure of a x509 certificate. the structure is the following: Version Serial Number Algorithm ID Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (Optional) (>= 2) Subject Unique Identifier (Optional) (>= 2) Extensions (Optional) (>= v3)               BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone)Private key types known and used in X.509RSA private keyDSA private keyEC private keyElliptic Curve Private Key'TODO: missing support for binary curve.6Convert a Private key to the Public Key Algorithm type  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNonedRead an EC point from a serialized format and make sure the point is valid for the specified curve.Return the curve associated to an EC Public Key. This does not check if a curve in explicit format is valid: if the input is not trusted one should consider  instead.BReturn the name of a standard curve associated to an EC Public KeyReturn the EC curve associated to an EC Private Key. This does not check if a curve in explicit format is valid: if the input is not trusted one should consider  instead.CReturn the name of a standard curve associated to an EC Private Key*Return the curve name associated to an OID  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNoneRepresent the signed object plus the raw data that we need to keep around for non compliant case to be able to verify signature.get the decoded Signed data_The raw representation of the object a TODO: in later version, replace with offset in exactRaw4The raw representation of the whole signed structure=Represent a signed object using a traditional X509 structure.TWhen dealing with external certificate, use the SignedExact structure not this one.Object to signSignature Algorithm usedSignature as bytes%Get the signed data for the signaturemake a  copy of a  object{As the signature is already generated, expect the encoded object to have been made on a compliant DER ASN1 implementation.It's better to use  instead of this.Transform an object into a  objectA generalization of  where the signature function runs in an arbitrary functor. This allows for example to sign using an algorithm needing random values.Transform an object into a  object.AIt's recommended to use the SignedExact object instead of Signed.KTry to parse a bytestring that use the typical X509 signed structure formatsignature functionobject to signsignature functionobject to sign BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone;Represent a chain of X.509 certificates in bytestring form.,A chain of X.509 certificates in exact form.Decode a CertificateChainRaw into a CertificateChain if every raw certificate are decoded correctly, otherwise return the index of the failed certificate and the error associated.5Convert a CertificateChain into a CertificateChainRaw BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone A Signed CRLA Signed Certificate5Get the Certificate associated to a SignedCertificate%Get the CRL associated to a SignedCRL1Try to decode a bytestring to a SignedCertificate)Try to decode a bytestring to a SignedCRL0Make an OpenSSL style hash of distinguished nameiOpenSSL algorithm is odd, and has been replicated here somewhat. only lower the case of ascii character.6Create an openssl style old hash of distinguished name   !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx|yz{}~xyz{|}~bcdefghi[\]^_`aXYZCDEFGHIAB?@JKLMNOPQRS56789:;<=>34*+()&',-./012 !"#$%TUVW opqrstuvwjklmn   !!"#$$%&'()*+,-./0122334456789:;<<==>?@ABCDEFFGGHIJKLMNOPQRSTUVWXYZ[\]]^_`abcdefghijklm n n o p q r r s t u v w x y z { | } ~  ~                                           x509-1.7.2-60ddepnAyoJAIMLwIiFHF Data.X509 Data.X509.EC Data.X509.OIDData.X509.InternalData.X509.ExtensionRawData.X509.DistinguishedName Data.X509.ExtData.X509.AlgorithmIdentifier Data.X509.CRLData.X509.PublicKeyData.X509.CertData.X509.PrivateKeyData.X509.SignedData.X509.CertificateChain'asn1-types-0.3.2-EtCpATAmOyZHR6G6lIO4VUData.ASN1.Types.StringgetCharacterStringRawDatacharacterEncodingASN1CharacterString Extensions ExtensionRaw extRawOIDextRawCritical extRawContent tryExtRawASN1 extRawASN1 DnElement DnCommonName DnCountryDnOrganizationDnOrganizationUnitDnEmailAddressDistinguishedNamegetDistinguishedElements getDnElementExtNetscapeCommentDistributionPointDistributionPointFullNameDistributionNameRelative ReasonFlag Reason_UnusedReason_KeyCompromiseReason_CACompromiseReason_AffiliationChangedReason_SupersededReason_CessationOfOperationReason_CertificateHoldReason_PrivilegeWithdrawnReason_AACompromiseExtCrlDistributionPointsExtAuthorityKeyIdExtSubjectAltNameAltName AltNameRFC822 AltNameDNS AltNameURI AltNameIP AltNameXMPP AltNameDNSSRVExtSubjectKeyIdExtExtendedKeyUsageExtKeyUsagePurposeKeyUsagePurpose_ServerAuthKeyUsagePurpose_ClientAuthKeyUsagePurpose_CodeSigningKeyUsagePurpose_EmailProtectionKeyUsagePurpose_TimeStampingKeyUsagePurpose_OCSPSigningKeyUsagePurpose_Unknown ExtKeyUsageExtBasicConstraints ExtensionextOIDextHasNestedASN1 extEncode extDecode extDecodeBs extEncodeBsExtKeyUsageFlagKeyUsage_digitalSignatureKeyUsage_nonRepudiationKeyUsage_keyEnciphermentKeyUsage_dataEnciphermentKeyUsage_keyAgreementKeyUsage_keyCertSignKeyUsage_cRLSignKeyUsage_encipherOnlyKeyUsage_decipherOnly extensionGet extensionGetEextensionDecodeextensionEncode SignatureALGSignatureALG_Unknown PubKeyALG PubKeyALG_RSAPubKeyALG_RSAPSS PubKeyALG_DSA PubKeyALG_EC PubKeyALG_DHPubKeyALG_UnknownHashALGHashMD2HashMD5HashSHA1 HashSHA224 HashSHA256 HashSHA384 HashSHA512RevokedCertificaterevokedSerialNumber revokedDaterevokedExtensionsCRL crlVersioncrlSignatureAlg crlIssuer crlThisUpdate crlNextUpdatecrlRevokedCertificates crlExtensionsPubKey PubKeyRSA PubKeyDSAPubKeyDHPubKeyEC PubKeyUnknownPubKeyEC_PrimePubKeyEC_Named pubkeyEC_pub pubkeyEC_a pubkeyEC_bpubkeyEC_primepubkeyEC_generatorpubkeyEC_orderpubkeyEC_cofactor pubkeyEC_seed pubkeyEC_nameSerializedPoint pubkeyToAlg Certificate certVersion certSerialcertSignatureAlg certIssuerDN certValidity certSubjectDN certPubKeycertExtensionsPrivKey PrivKeyRSA PrivKeyDSA PrivKeyECPrivKeyEC_PrimePrivKeyEC_NamedprivkeyEC_priv privkeyEC_a privkeyEC_bprivkeyEC_primeprivkeyEC_generatorprivkeyEC_orderprivkeyEC_cofactorprivkeyEC_seedprivkeyEC_name privkeyToAlgunserializePoint ecPubKeyCurveecPubKeyCurveNameecPrivKeyCurveecPrivKeyCurveNamelookupCurveNameByOID SignedExact getSignedencodeSignedObjectSigned signedObject signedAlgsignedSignature getSignedDataobjectToSignedExactobjectToSignedExactFdecodeSignedObjectCertificateChainRawCertificateChaindecodeCertificateChainencodeCertificateChain SignedCRLSignedCertificategetCertificategetCRLdecodeSignedCertificatedecodeSignedCRLhashDN hashDN_oldOIDTable lookupByOID lookupOIDcurvesOIDTable asn1ContainerErrTrunErrT'asn1-parse-0.9.4-LeZn9nIFpzmAZRxsGaeNnUData.ASN1.ParsehasNextonNextContainerMaybegetNextContainerMaybeonNextContainergetNextContainer getNextMaybegetManygetNext getObject runParseASN1runParseASN1StatethrowParseError ParseASN1 Data.ASN1.OIDOID encodeExt$fASN1ObjectExtensionRaw$fASN1ObjectExtensionsDistinguishedNameInnerparseDN parseDNInner parseOneDN encodeDNinnerencodeDN"$fASN1ObjectDistinguishedNameInner$fASN1ObjectDistinguishedName$fMonoidDistinguishedName$fOIDableDnElementextKeyUsagePurposedOIDparseGeneralNamesencodeGeneralNames bitsToFlags flagsToBits$fExtensionExtNetscapeComment#$fExtensionExtCrlDistributionPoints$fExtensionExtAuthorityKeyId$fExtensionExtSubjectAltName$fExtensionExtSubjectKeyId$fExtensionExtExtendedKeyUsage$fExtensionExtKeyUsage$fExtensionExtBasicConstraintssaltLen sig_tableoidSigsigOID$fASN1ObjectSignatureALG$fOIDablePubKeyALGparseCRL encodeCRL$fASN1ObjectRevokedCertificate$fASN1ObjectCRLencodePK rsaPubToASN1rsaPubFromASN1 toPositive$fASN1ObjectPubKeyparseCertificate CertKeyUsageCertKeyUsageDigitalSignatureCertKeyUsageNonRepudiationCertKeyUsageKeyEnciphermentCertKeyUsageDataEnciphermentCertKeyUsageKeyAgreementCertKeyUsageKeyCertSignCertKeyUsageCRLSignCertKeyUsageEncipherOnlyCertKeyUsageDecipherOnlyparseCertHeaderVersionparseCertHeaderSerialparseCertHeaderValidityencodeCertificateHeader$fASN1ObjectCertificateexactObjectRaw signedToExactobjectToSignedshorten