Your IP : 216.73.216.52

Current Path : /snap/certbot/5451/lib/python3.12/site-packages/certbot/__pycache__/
Upload File :
Current File : //snap/certbot/5451/lib/python3.12/site-packages/certbot/__pycache__/crypto_util.cpython-312.pyc

�

q[�iU^��j�dZddlZddlZddlZddlZddlZddlmZddlmZddlm	Z	ddl
Z
ddlmZddl
mZddl
mZdd	lmZdd
lmZddlmZddlmZdd
lmZddlmZddlmZddlmZddlmZddlm Z ddl!m"Z"ddl!m#Z#ddl!m$Z$ddl%m&Z&ddl'm(Z)ddl*m+Z+ddl*m,Z,ddl*m-Z-ddl.m/Z/erddl0m1Z1ddl2m3Z3ddl4m5Z5ddl6m7Z7ejpe9�Z:			d[d e;d!ee<d"e<d#e<d$e<d%e=d&e-j|fd'�Z?		d\d(e-j|d)e	e@e<eAe<fd*ee<d+e=d%e=d,e@ej�ej�zdzd&e-j�fd-�ZEd.eFd&e=fd/�ZGd.eFd(eFd&e=fd0�ZHd1e<d2eFd&e-j�fd3�ZId1e<d2eFd&eJd4e-j�e@e<ffd5�ZK		d]d6e;d"e<d#ee<d&eFfd7�ZLd(e	e<eFfd&e=fd8�ZMd9e,j�d&dfd:�ZOd9e,j�d&dfd;�ZPd<e	ed=d>ee d?d@fdAeFdBeFdCej�d&df
dD�ZRdEe<dFe<d&dfdG�ZSd9e,j�d&dfdH�ZT	d^dIeFdJdKd&e@e<fdL�ZU	d^dIeFdJdKd&e@e<fdM�ZV	d^d.eFdJdKd&e@e<fdN�ZWdEe<d&ejfdO�ZXdEe<d&ejfdP�ZYdQe<d&e<fdR�ZZej�dSej��Z]dTe<d&eJe<e<ffdU�Z^dEe<d&e;fdV�Z_	d_dWe@e<dXe<dYe=d&e<fdZ�Z`y)`z�Certbot client crypto utility functions.

.. todo:: Make the transition to use PSS rather than PKCS1_v1_5 when the server
    is capable of handling the signatures.

�N)�Optional)�
TYPE_CHECKING)�Union)�x509)�InvalidSignature)�UnsupportedAlgorithm)�default_backend)�hashes)�
serialization)�ec)�rsa)�DSAPublicKey)�ECDSA)�EllipticCurvePublicKey)�PKCS1v15)�RSAPublicKey)�Encoding)�NoEncryption)�
PrivateFormat)�SSL)�crypto_util)�errors)�
interfaces)�util)�os)�Ed448PublicKey)�Ed25519PublicKey)�
X448PublicKey)�X25519PublicKey�key_size�key_dir�key_type�elliptic_curve�keyname�strict_permissions�returnc�D�	t||xsd|��}d}|r�t
j|d|�t
jtjj||�d	d
�\}	}|	5|	j|�ddd�|dk(rtjd||�ntjd
||�t
j||�S#t$r=}tjdd��tj	dt|��|�d}~wwxYw#1swY��xYw)a$Initializes and saves a privkey.

    Inits key and saves it in PEM format on the filesystem.

    .. note:: keyname is the attempted filename, it may be different if a file
        already exists at the path.

    :param int key_size: key size in bits if key size is rsa.
    :param str key_dir: Optional key save directory.
    :param str key_type: Key Type [rsa, ecdsa]
    :param str elliptic_curve: Name of the elliptic curve if key type is ecdsa.
    :param str keyname: Filename of key
    :param bool strict_permissions: If true and key_dir exists, an exception is raised if
        the directory doesn't have 0700 permissions or isn't owned by the current user.

    :returns: Key
    :rtype: :class:`certbot.util.Key`

    :raises ValueError: If unable to generate the key given key_size.

    �	secp256r1)�bitsr#r"�T��exc_infoz&Encountered error while making key: %sNi�i��wbr
z Generating RSA key (%d bits): %sz"Generating ECDSA key (%d bits): %s)�make_key�
ValueError�logger�debug�error�strr�make_or_verify_dir�unique_filer�path�join�write�Key)
r r!r"r#r$r%�key_pem�err�key_path�key_fs
          ��/build/snapcraft-certbot-8ace4148c346cc61c23dfdbf9a13f72e/parts/certbot/install/lib/python3.12/site-packages/certbot/crypto_util.py�generate_keyr?5s���0���.�*G�K�RZ�
���H�������0B�C��*�*��G�G�L�L��'�*�E�4�9���x�
�	!��K�K�� �	!��u���L�L�;�X�x�P��L�L�=�x��R��8�8�H�g�&�&��%�����R�$��'����=�s�3�x�H��	����	!�	!�s#�C
�)D�
	D�8D�D�D�privkey�namesr6�must_staple�ipaddrsc��tj|j|||��}d}|r�tj|d|�tj
tjj|d�dd�\}}|5|j|�ddd�tjd|�tj||d�S#1swY�6xYw)	aCInitialize a CSR with the given private key.

    :param privkey: Key to include in the CSR
    :type privkey: :class:`certbot.util.Key`
    :param set names: `str` names to include in the CSR
    :param str path: Optional certificate save directory.
    :param bool must_staple: If true, include the TLS Feature extension "OCSP Must-Staple"
    :param bool strict_permissions: If true and path exists, an exception is raised if
        the directory doesn't have 0755 permissions or isn't owned by the current user.

    :returns: CSR
    :rtype: :class:`certbot.util.CSR`

    )rBrCNi�zcsr-certbot.pemi�r-zCreating CSR: %s�pem)
�acme_crypto_util�make_csrrErr4r5rr6r7r8r0r1�CSR)	r@rAr6rBr%rC�csr_pem�csr_filename�csr_fs	         r>�generate_csrrLfs���$�'�'����U��W�F�G��L������e�-?�@�"�.�.��G�G�L�L��0�1�5�$�@���|�
�	!��K�K�� �	!����'��6��8�8�L�'�5�1�1�		!�	!�s�9C�C	�csrc��	tj|�}|jS#ttf$rt
j
dd��YywxYw)z�Validate CSR.

    Check if `csr` is a valid CSR with a correct self-signed signature.

    :param bytes csr: CSR in PEM.

    :returns: Validity of CSR.
    :rtype: bool

    r*Tr+F)r�load_pem_x509_csr�is_signature_validr/�	TypeErrorr0r1)rM�reqs  r>�	valid_csrrS�sJ����$�$�S�)���%�%�%���	�"�����R�$��'���s� #�&A�Ac��tj|�}tj|d��}|jxr!|j�|j�k(S)z�Does private key correspond to the subject public key in the CSR?

    :param bytes csr: CSR in PEM.
    :param bytes privkey: Private key file contents (PEM)

    :returns: Correspondence of private key to CSR subject public key.
    :rtype: bool

    N��password)rrOr�load_pem_private_keyrP�
public_key)rMr@rR�pkeys    r>�csr_matches_pubkeyrZ�sJ���
 �
 ��
%�C��-�-�g��E�D��!�!�K�c�n�n�&6�$�/�/�:K�&K�K��csrfile�datac�^�	tj|�}|jtjj�}tj||d��S#t$rK	tj|�}n1#t$r%t	j
dj
|���wxYwY��wxYw)z�Reads a CSR file, which can be either PEM or DER, and returns a
    `certbot.util.CSR` object.

    :param str csrfile: CSR filename
    :param bytes data: contents of the CSR file

    :returns: object representing the CSR
    :rtype: util.CSR

    �Failed to parse CSR file: {0}rE��filer]�form)
r�load_der_x509_csrr/rOr�Error�format�public_bytesrr�PEMrrH)r\r]rM�data_pems    r>�
read_csr_fileri�s���P��$�$�T�*�����
� 6� 6� :� :�;�H��8�8��x�e�<�<���P�	P��(�(��.�C���	P��,�,�>�E�E�g�N�O�O�	P��
�P�s)�A�	B,�"A8�7B,�8.B&�&B,�+B,zacme_crypto_util.Formatc��tjdt�	tj|�}tj|j|j�}|jtj j"�}tj$�5tj&dd�tj(j"t+j,||d��|fcddd�S#t
$rL	tj|�}n1#t
$r%tjdj|���wxYwY��wxYw#1swYyxYw)a9Import a CSR file, which can be either PEM or DER.

    :param str csrfile: CSR filename
    :param bytes data: contents of the CSR file

    :returns: (`acme_crypto_util.Format.PEM`,
               util.CSR object representing the CSR,
               list of domains requested in the CSR)
    :rtype: tuple

    z�certbot.crypto_util.import_csr_file is deprecated and will be removed in the next major release. Please use certbot.crypto_util.read_csr_file instead.r_�ignore�%acme.crypto_util.Format is deprecatedrEr`N)�warnings�warn�DeprecationWarningrrcr/rOrrdrerF�%get_names_from_subject_and_extensions�subject�
extensionsrfrrrg�catch_warnings�filterwarnings�FormatrrH)r\r]rM�domainsrhs     r>�import_csr_filerw�s"��
�M�M�5�6H�J�P��$�$�T�*���D�D�S�[�[�RU�R`�R`�a�G����
� 6� 6� :� :�;�H�	�	 �	 �	"�
�����*Q�R��#�#�'�'��H�H�'��u�=��
�
�
���P�	P��(�(��.�C���	P��,�,�>�E�E�g�N�O�O�	P��
�P��
�
�s6�C+�A	E�+	E�5D�
E�.D9�9E�?E�Er)c�d�|dk(rA|dkr$tjdj|���tjd|��}n�|dk(r�|stjd��	|j�}|dvr]t
t|j��}|stjd	|����tj|�t��
�}n$tjdj|���n$tjd
j|���|jtjtj t#���S#t$r%tjdj|���t$r$}|tjt|���d}~wwxYw)a�Generate PEM encoded RSA|EC key.

    :param int bits: Number of bits if key_type=rsa. At least 2048 for RSA.
    :param str key_type: The type of key to generate, but be rsa or ecdsa
    :param str elliptic_curve: The elliptic curve to use.

    :returns: new RSA or ECDSA key in PEM form with specified number of bits
              or of type ec_curve when key_type ecdsa is used.
    :rtype: bytes

    r
�zUnsupported RSA key length: {}i)�public_exponentr �ecdsaz3When key_type == ecdsa, elliptic_curve must be set.)�	SECP256R1�	SECP384R1�	SECP521R1zInvalid curve type: )�curve�backendzUnsupported elliptic curve: {}Nz0Invalid key_type specified: {}.  Use [rsa|ecdsa])�encodingre�encryption_algorithm)rrdrer
�generate_private_key�upper�getattrrr	rQrr3�
private_bytesrrgr�PKCS8r)r)r"r#�key�namer�es       r>r.r.�sz���5���$�;��,�,�?�F�F�t�L�M�M��&�&�u�t�L��	�W�	���,�,�T�U�U�	.�!�'�'�)�D��>�>���N�$8�$8�$:�;��� �,�,�)=�n�=M�'N�O�O��-�-��'�+�-���
�l�l�#C�#J�#J�>�#Z�[�[���l�l�M�T�T�U]�^�_�_��������"�"�)�^�����
�	X��,�,�?�F�F�~�V�W�W�#�	.�����c�!�f�-�-��	.�s�$BE�5F/�F*�*F/c��t|t�r|j�}	tj|d��y#t
$rYywxYw)z�Is valid RSA private key?

    :param privkey: Private key file contents in PEM

    :returns: Validity of private key.
    :rtype: bool

    NrUTF)�
isinstancer3�encoderrWr/)r@s r>�
valid_privkeyr�sH���'�3���.�.�"����*�*�7�T�B�������s�:�	A�A�renewable_certc�p�t|�t|�t|j|j�y)a�For checking that your certs were not corrupted on disk.

    Several things are checked:
        1. Signature verification for the cert.
        2. That fullchain matches cert and chain when concatenated.
        3. Check that the private key matches the certificate.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If verification fails.
    N)�verify_renewable_cert_sig�verify_fullchain�verify_cert_matches_priv_key�	cert_pathr<)r�s r>�verify_renewable_certr�2s*���n�-��^�$� ��!9�!9�>�;R�;R�Sr[c��	t|jd�5}tj|j	�t��}ddd�t|jd�5}tj|j	�t��}ddd�j�}jsJ�t||j|j|j�y#1swY��xYw#1swY�`xYw#tttf$rK}dj|j|�}t j#|�t%j&|��d}~wwxYw)z�Verifies the signature of a RenewableCert object.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If signature verification fails.
    �rbNzbverifying the signature of the certificate located at {0} has failed.                 Details: {1})�open�
chain_pathr�load_pem_x509_certificate�readr	r�rX�signature_hash_algorithm�verify_signed_payload�	signature�tbs_certificate_bytes�OSErrorr/rrer0�	exceptionrrd)r��
chain_file�chain�	cert_file�cert�pkr��	error_strs        r>r�r�Ds%��
&�
�.�+�+�T�
2�	Y�j��2�2�:�?�?�3D�o�FW�X�E�	Y�
�.�*�*�D�
1�	W�Y��1�1�)�.�.�2B�O�DU�V�D�	W�
�
�
�
���,�,�,�,��b�$�.�.�$�2L�2L� $� =� =�	?�
	Y�	Y��	W�	W��
�Z�!1�2�&��$�f�^�%=�%=�q�A�	�����#��l�l�9�%�%��	&�sH�C;�-C#�C;�#-C/�AC;�#C,�(C;�/C8�4C;�;E�AE�ErXrrrrr��payloadr�c���t|t�r|j||t�|�yt|t�r|j||t|��yt
jd��)a�Check the signature of a payload.

    :param RSAPublicKey/EllipticCurvePublicKey public_key: the public_key to check signature
    :param bytes signature: the signature bytes
    :param bytes payload: the payload bytes
    :param hashes.HashAlgorithm signature_hash_algorithm: algorithm used to hash the payload

    :raises InvalidSignature: If signature verification fails.
    :raises errors.Error: If public key type is not supported
    zUnsupported public key type.N)r�r�verifyrrrrrd)rXr�r�r�s    r>r�r�\sb���*�l�+�����w��
�,D�	
�
�J� 6�	7�����w��&>� ?�	
��l�l�9�:�:r[r�r<c�l�	tjtj�}|j|�|j	|�|j�y#ttjf$rB}dj|||�}tj|�tj|��d}~wwxYw)z� Verifies that the private key and cert match.

    :param str cert_path: path to a cert in PEM format
    :param str key_path: path to a private key file

    :raises errors.Error: If they don't match.
    z�verifying the certificate located at {0} matches the                 private key located at {1} has failed.                 Details: {2}N)r�Context�
TLS_METHOD�use_certificate_file�use_privatekey_file�check_privatekeyr�rdrer0r�r)r�r<�contextr�r�s     r>r�r�ws���&��+�+�c�n�n�-���$�$�Y�/��#�#�H�-�� � �"���S�Y�Y��&��$�f�Y� �!�%�	�	����#��l�l�9�%�%��
&�s�AA�B3�1=B.�.B3c��	t|j�5}|j�}ddd�t|j�5}|j�}ddd�t|j�5}|j�}ddd�zk7r2d}|j|j�}tj|��y#1swY��xYw#1swY�~xYw#1swY�\xYw#t$r@}dj|�}tj|�tj|��d}~wtj$r}|�d}~wwxYw)z� Verifies that fullchain is indeed cert concatenated with chain.

    :param renewable_cert: cert to verify
    :type renewable_cert: certbot.interfaces.RenewableCert

    :raises errors.Error: If cert and chain do not combine to fullchain.
    Nz.fullchain does not match cert + chain for {0}!z8reading one of cert, chain, or fullchain has failed: {0})r�r�r�r��fullchain_pathre�lineagenamerrdr�r0r�)	r�r�r�r�r��fullchain_file�	fullchainr�r�s	         r>r�r��s(���
�.�+�+�
,�	&�
��O�O�%�E�	&�
�.�*�*�
+�	$�y��>�>�#�D�	$�
�.�/�/�
0�	.�N�&�+�+�-�I�	.��5�L�Y�&�H�I�!�(�(��)C�)C�D�I��,�,�y�)�)�'�
	&�	&��	$�	$��	.�	.���&�N�U�U�VW�X�	�����#��l�l�9�%�%���<�<������sj�C+�C�C+�C�C+�3C�AC+�C�C+�C�C+�C(�$C+�+	E�4;D/�/E�E�Er��typz$acme_crypto_util.Format | int | Nonec��tjdt�tj�5tjdd�|�t
jj}tj|�}|t
jjk(rtj|�}n4|t
jjk(sJ�tj|�}ddd�	jjtj�}|j j#tj$�S#1swY�\xYw#tj$rgcYSwxYw)z�Get a list of Subject Alternative Names from a certificate.

    :param str cert: Certificate (encoded).
    :param Format typ: Which format the `cert` bytes are in.

    :returns: A list of Subject Alternative Names.
    :rtype: list

    zOget_sans_from_cert is deprecated and will be removed in the next major release.rkrlN)rmrnrorsrtrFrurgrr��DER�load_der_x509_certificaterr�get_extension_for_class�SubjectAlternativeName�ExtensionNotFound�value�get_values_for_type�DNSName)r�r��	x509_cert�san_exts    r>�get_sans_from_certr��s��
�M�M��,�.�	�	 �	 �	"�	=�����*Q�R��;�"�)�)�-�-�C��%�%�c�*���"�)�)�-�-�-��6�6�t�<�I��*�1�1�5�5�5�5�5��6�6�t�<�I�	=���&�&�>�>��'�'�
���=�=�,�,�T�\�\�:�:�%	=�	=���!�!���	��s�B/D9�')E�9E�E�Ec�8�tjdt�tj�5tjdd�|�t
jj}tj|�}|t
jjk(rtj|�}n4|t
jjk(sJ�tj|�}ddd�tjj|j�S#1swY�3xYw)z�Get a list of domains from a cert, including the CN if it is set.

    :param str cert: Certificate (encoded).
    :param Format typ: Which format the `cert` bytes are in.

    :returns: A list of domain names.
    :rtype: list

    zPget_names_from_cert is deprecated and will be removed in the next major release.rkrlN)rmrnrorsrtrFrurgrr�r�r�rprqrr)r�r�r�s   r>�get_names_from_certr��s���
�M�M��,�.�	�	 �	 �	"�	=�����*Q�R��;�"�)�)�-�-�C��%�%�c�*���"�)�)�-�-�-��6�6�t�<�I��*�1�1�5�5�5�5�5��6�6�t�<�I�	=��A�A����9�/�/���	=�	=���B/D�Dc�8�tjdt�tj�5tjdd�|�t
jj}tj|�}|t
jjk(rtj|�}n4|t
jjk(sJ�tj|�}ddd�tjj|j�S#1swY�3xYw)z�Get a list of domains from a CSR, including the CN if it is set.

    :param str csr: CSR (encoded).
    :param acme_crypto_util.Format typ: Which format the `csr` bytes are in.
    :returns: A list of domain names.
    :rtype: list

    zOget_names_from_req is deprecated and will be removed in the next major release.rkrlN)rmrnrorsrtrFrurgrrOr�rcrprqrr)rMr��x509_reqs   r>�get_names_from_reqr��s���
�M�M��,�.�	�	 �	 �	"�	3�����*Q�R��;�"�)�)�-�-�C��%�%�c�*���"�)�)�-�-�-��-�-�c�2�H��*�1�1�5�5�5�5�5��-�-�c�2�H�	3��A�A����(�-�-���	3�	3�r�c��t|d�5}tj|j��}ddd�|jS#1swYjSxYw)z�When does the cert at cert_path start being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notBefore value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    r�N)r�rr�r��not_valid_before_utc�r��fr�s   r>�	notBeforer�sN��
�i��	�8�!��-�-�a�f�f�h�7��8��$�$�$�8��$�$�$���$A�Ac��t|d�5}tj|j��}ddd�|jS#1swYjSxYw)z�When does the cert at cert_path stop being valid?

    :param str cert_path: path to a cert in PEM format

    :returns: the notAfter value from the cert at cert_path
    :rtype: :class:`datetime.datetime`

    r�N)r�rr�r��not_valid_after_utcr�s   r>�notAfterr�sN��
�i��	�8�!��-�-�a�f�f�h�7��8��#�#�#�8��#�#�#�r��filenamec��tj�}t|d�5}|j|j	�jd��ddd�|j
�S#1swY|j
�SxYw)aNCompute a sha256sum of a file.

    NB: In given file, platform specific newlines characters will be converted
    into their equivalent unicode counterparts before calculating the hash.

    :param str filename: path to the file whose hash will be computed

    :returns: sha256 digest of the file in hexadecimal
    :rtype: str
    �rzUTF-8N)�hashlib�sha256r��updater�r��	hexdigest)r�r��file_ds   r>�	sha256sumr� sg���^�^�
�F�	
�h��	�5���
�
�f�k�k�m�*�*�7�3�4�5������5������s�/A(�(Bs@-----BEGIN CERTIFICATE-----
?
.+?
?
-----END CERTIFICATE-----
?
�
fullchain_pemc�x�tj|j��}t|�dkrt	j
d��g}|D]U}t
j|�}|jtj�}|j|j���W|ddj|dd�fS)aSplit fullchain_pem into cert_pem and chain_pem

    :param str fullchain_pem: concatenated cert + chain

    :returns: tuple of string cert_pem and chain_pem
    :rtype: tuple

    :raises errors.Error: If there are less than 2 certificates in the chain.

    �zPfailed to parse fullchain into cert and chain: less than 2 certificates in chainrr*�N)�CERT_PEM_REGEX�findallr��lenrrdrr�rfrrg�append�decoder7)r��certs�certs_normalized�cert_pemr�s     r>�cert_and_chain_from_fullchainr�;s���
�"�"�=�#7�#7�#9�:�E�
�5�z�A�~��l�l�?�@�	@�
#%���3���-�-�h�7���$�$�X�\�\�2�������� 1�2�3�
�Q�����)9�!�"�)=�!>�?�?r[c��t|d�5}tj|j��}ddd�|jS#1swYjSxYw)z�Retrieve the serial number of a certificate from certificate path

    :param str cert_path: path to a cert in PEM format

    :returns: serial number of the certificate
    :rtype: int
    r�N)r�rr�r��
serial_numberr�s   r>�get_serial_from_certr�ZsN��
�i��	�8�!��-�-�a�f�f�h�7��8�����8�����r��
fullchains�	issuer_cn�warn_on_no_matchc�j�|D]�}tj|j��}tj|dt��}|jjtjj�}|s�}|dj|k(s��|cS|rtjd|�|dS)a'Chooses the first certificate chain from fullchains whose topmost
    intermediate has an Issuer Common Name matching issuer_cn (in other words
    the first chain which chains to a root whose name matches issuer_cn).

    :param fullchains: The list of fullchains in PEM chain format.
    :type fullchains: `list` of `str`
    :param `str` issuer_cn: The exact Subject Common Name to match against any
        issuer in the certificate chain.

    :returns: The best-matching fullchain, PEM-encoded, or the first if none match.
    :rtype: `str`
    ���rz�Certbot has been configured to prefer certificate chains with issuer '%s', but no chain from the CA matched this issuer. Using the default certificate chain instead.)
r�r�r�rr�r	�issuer�get_attributes_for_oid�NameOID�COMMON_NAMEr�r0�warning)r�r�r�r�r��top_cert�
top_issuer_cns       r>�find_chain_with_issuerr�gs�������&�&�u�|�|�~�6���1�1�%��)�_�=N�O�� ���>�>�t�|�|�?W�?W�X�
��]�1�-�3�3�y�@��L������=�>G�	I��a�=�r[)r
r(zkey-certbot.pemT)FTN)ryr
N)N)F)a�__doc__�datetimer��	ipaddress�logging�re�typingrrrrm�cryptographyr�cryptography.exceptionsrr�cryptography.hazmat.backendsr	�cryptography.hazmat.primitivesr
r�)cryptography.hazmat.primitives.asymmetricrr
�-cryptography.hazmat.primitives.asymmetric.dsar�,cryptography.hazmat.primitives.asymmetric.ecrr�1cryptography.hazmat.primitives.asymmetric.paddingr�-cryptography.hazmat.primitives.asymmetric.rsar�,cryptography.hazmat.primitives.serializationrrr�OpenSSLr�acmerrF�certbotrrr�certbot.compatr�/cryptography.hazmat.primitives.asymmetric.ed448r�1cryptography.hazmat.primitives.asymmetric.ed25519r�.cryptography.hazmat.primitives.asymmetric.x448r�0cryptography.hazmat.primitives.asymmetric.x25519r�	getLogger�__name__r0�intr3�boolr9r?�list�set�IPv4Address�IPv6AddressrHrL�bytesrSrZri�tuplerwr.r��
RenewableCertr�r��
HashAlgorithmr�r�r�r�r�r�r�r�r��compile�DOTALLr�r�r�r��r[r>�<module>r s+�������	�� ����4�8�8�1�8�8�9�F�>�O�F�F�A�E�F��0������N�R�L�P�	��	�	�8�	$��
IN�CT�,0�.'�3�.'��#��.'�#�.'�!$�.'�=@�.'�%)�.'�59�X�X�.'�dHL�W[�2�$�(�(�2�5��c��C��H�1D�+E�2�X�VY�]�2�"�2�@D�2��y�4�4�y�7L�7L�L�M�PT�T�2��h�h�2�N�5��T��&L�E�L�E�L�d�L�=�
�=��=�	�X�X�=�6#
�
�#
��#
�
�$�d�h�h��S�	�9�:�#
�L05�-1�,�3�,��,�%�c�]�,�6;�,�^�5��e��,����&T�*�*B�*B�T�t�T�$&�j�.F�.F�&�4�&�0;�e�L�:L�N^�,B�L�,=��-O�'P�;�&+�;�6;�;�5;�4H�4H�	;�NR�	;�6&�C�&�3�&�4�&�,�Z�%=�%=��$��8@D� ;�
� ;�<� ;�	�#�Y� ;�H@D��
��<��	�#�Y��<?C��	��;��	�#�Y��8%��%��!2�!2�%�$��$�� 1� 1�$������$������I�I���@��@��s�C�x��@�>
�C�
�C�
�5:��t�C�y��S��-1��>A�r[