2 from abc import ABCMeta, abstractmethod
4 from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network
5 from typing import Any, ClassVar, Generator, Generic, Iterable, Sequence, Text, Type, TypeVar
7 from cryptography.hazmat.backends.interfaces import X509Backend
8 from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey
9 from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey
10 from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, Ed448PublicKey
11 from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey
12 from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey
13 from cryptography.hazmat.primitives.hashes import HashAlgorithm
14 from cryptography.hazmat.primitives.serialization import Encoding
16 class ObjectIdentifier(object):
18 def __init__(self, dotted_string: str) -> None: ...
20 class CRLEntryExtensionOID(object):
21 CERTIFICATE_ISSUER: ClassVar[ObjectIdentifier]
22 CRL_REASON: ClassVar[ObjectIdentifier]
23 INVALIDITY_DATE: ClassVar[ObjectIdentifier]
25 class ExtensionOID(object):
26 AUTHORITY_INFORMATION_ACCESS: ClassVar[ObjectIdentifier]
27 AUTHORITY_KEY_IDENTIFIER: ClassVar[ObjectIdentifier]
28 BASIC_CONSTRAINTS: ClassVar[ObjectIdentifier]
29 CERTIFICATE_POLICIES: ClassVar[ObjectIdentifier]
30 CRL_DISTRIBUTION_POINTS: ClassVar[ObjectIdentifier]
31 CRL_NUMBER: ClassVar[ObjectIdentifier]
32 DELTA_CRL_INDICATOR: ClassVar[ObjectIdentifier]
33 EXTENDED_KEY_USAGE: ClassVar[ObjectIdentifier]
34 FRESHEST_CRL: ClassVar[ObjectIdentifier]
35 INHIBIT_ANY_POLICY: ClassVar[ObjectIdentifier]
36 ISSUER_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier]
37 ISSUING_DISTRIBUTION_POINT: ClassVar[ObjectIdentifier]
38 KEY_USAGE: ClassVar[ObjectIdentifier]
39 NAME_CONSTRAINTS: ClassVar[ObjectIdentifier]
40 OCSP_NO_CHECK: ClassVar[ObjectIdentifier]
41 POLICY_CONSTRAINTS: ClassVar[ObjectIdentifier]
42 POLICY_MAPPINGS: ClassVar[ObjectIdentifier]
43 PRECERT_POISON: ClassVar[ObjectIdentifier]
44 PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: ClassVar[ObjectIdentifier]
45 SUBJECT_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier]
46 SUBJECT_DIRECTORY_ATTRIBUTES: ClassVar[ObjectIdentifier]
47 SUBJECT_INFORMATION_ACCESS: ClassVar[ObjectIdentifier]
48 SUBJECT_KEY_IDENTIFIER: ClassVar[ObjectIdentifier]
49 TLS_FEATURE: ClassVar[ObjectIdentifier]
51 class NameOID(object):
52 BUSINESS_CATEGORY: ClassVar[ObjectIdentifier]
53 COMMON_NAME: ClassVar[ObjectIdentifier]
54 COUNTRY_NAME: ClassVar[ObjectIdentifier]
55 DN_QUALIFIER: ClassVar[ObjectIdentifier]
56 DOMAIN_COMPONENT: ClassVar[ObjectIdentifier]
57 EMAIL_ADDRESS: ClassVar[ObjectIdentifier]
58 GENERATION_QUALIFIER: ClassVar[ObjectIdentifier]
59 GIVEN_NAME: ClassVar[ObjectIdentifier]
60 JURISDICTION_COUNTRY_NAME: ClassVar[ObjectIdentifier]
61 JURISDICTION_LOCALITY_NAME: ClassVar[ObjectIdentifier]
62 JURISDICTION_STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier]
63 LOCALITY_NAME: ClassVar[ObjectIdentifier]
64 ORGANIZATIONAL_UNIT_NAME: ClassVar[ObjectIdentifier]
65 ORGANIZATION_NAME: ClassVar[ObjectIdentifier]
66 POSTAL_ADDRESS: ClassVar[ObjectIdentifier]
67 POSTAL_CODE: ClassVar[ObjectIdentifier]
68 PSEUDONYM: ClassVar[ObjectIdentifier]
69 SERIAL_NUMBER: ClassVar[ObjectIdentifier]
70 STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier]
71 STREET_ADDRESS: ClassVar[ObjectIdentifier]
72 SURNAME: ClassVar[ObjectIdentifier]
73 TITLE: ClassVar[ObjectIdentifier]
74 USER_ID: ClassVar[ObjectIdentifier]
75 X500_UNIQUE_IDENTIFIER: ClassVar[ObjectIdentifier]
77 class OCSPExtensionOID(object):
78 NONCE: ClassVar[ObjectIdentifier]
80 class SignatureAlgorithmOID(object):
81 DSA_WITH_SHA1: ClassVar[ObjectIdentifier]
82 DSA_WITH_SHA224: ClassVar[ObjectIdentifier]
83 DSA_WITH_SHA256: ClassVar[ObjectIdentifier]
84 ECDSA_WITH_SHA1: ClassVar[ObjectIdentifier]
85 ECDSA_WITH_SHA224: ClassVar[ObjectIdentifier]
86 ECDSA_WITH_SHA256: ClassVar[ObjectIdentifier]
87 ECDSA_WITH_SHA384: ClassVar[ObjectIdentifier]
88 ECDSA_WITH_SHA512: ClassVar[ObjectIdentifier]
89 ED25519: ClassVar[ObjectIdentifier]
90 ED448: ClassVar[ObjectIdentifier]
91 RSASSA_PSS: ClassVar[ObjectIdentifier]
92 RSA_WITH_MD5: ClassVar[ObjectIdentifier]
93 RSA_WITH_SHA1: ClassVar[ObjectIdentifier]
94 RSA_WITH_SHA224: ClassVar[ObjectIdentifier]
95 RSA_WITH_SHA256: ClassVar[ObjectIdentifier]
96 RSA_WITH_SHA384: ClassVar[ObjectIdentifier]
97 RSA_WITH_SHA512: ClassVar[ObjectIdentifier]
99 class ExtendedKeyUsageOID(object):
100 SERVER_AUTH: ClassVar[ObjectIdentifier]
101 CLIENT_AUTH: ClassVar[ObjectIdentifier]
102 CODE_SIGNING: ClassVar[ObjectIdentifier]
103 EMAIL_PROTECTION: ClassVar[ObjectIdentifier]
104 TIME_STAMPING: ClassVar[ObjectIdentifier]
105 OCSP_SIGNING: ClassVar[ObjectIdentifier]
106 ANY_EXTENDED_KEY_USAGE: ClassVar[ObjectIdentifier]
108 class NameAttribute(object):
109 oid: ObjectIdentifier
111 def __init__(self, oid: ObjectIdentifier, value: Text) -> None: ...
112 def rfc4514_string(self) -> str: ...
114 class RelativeDistinguishedName(object):
115 def __init__(self, attributes: list[NameAttribute]) -> None: ...
116 def __iter__(self) -> Generator[NameAttribute, None, None]: ...
117 def get_attributes_for_oid(self, oid: ObjectIdentifier) -> list[NameAttribute]: ...
118 def rfc4514_string(self) -> str: ...
121 rdns: list[RelativeDistinguishedName]
122 def __init__(self, attributes: Sequence[NameAttribute | RelativeDistinguishedName]) -> None: ...
123 def __iter__(self) -> Generator[NameAttribute, None, None]: ...
124 def __len__(self) -> int: ...
125 def get_attributes_for_oid(self, oid: ObjectIdentifier) -> list[NameAttribute]: ...
126 def public_bytes(self, backend: X509Backend | None = ...) -> bytes: ...
127 def rfc4514_string(self) -> str: ...
133 class Certificate(metaclass=ABCMeta):
134 extensions: Extensions
136 not_valid_after: datetime.datetime
137 not_valid_before: datetime.datetime
140 signature_algorithm_oid: ObjectIdentifier
141 signature_hash_algorithm: HashAlgorithm
142 tbs_certificate_bytes: bytes
146 def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ...
148 def public_bytes(self, encoding: Encoding) -> bytes: ...
150 def public_key(self) -> DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey: ...
152 class CertificateBuilder(object):
155 issuer_name: Name | None = ...,
156 subject_name: Name | None = ...,
157 public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey | None = ...,
158 serial_number: int | None = ...,
159 not_valid_before: datetime.datetime | None = ...,
160 not_valid_after: datetime.datetime | None = ...,
161 extensions: Iterable[ExtensionType] | None = ...,
163 def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateBuilder: ...
164 def issuer_name(self, name: Name) -> CertificateBuilder: ...
165 def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder: ...
166 def not_valid_before(self, time: datetime.datetime) -> CertificateBuilder: ...
168 self, public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey
169 ) -> CertificateBuilder: ...
170 def serial_number(self, serial_number: int) -> CertificateBuilder: ...
173 private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey,
174 algorithm: HashAlgorithm | None,
175 backend: X509Backend | None = ...,
176 ) -> Certificate: ...
177 def subject_name(self, name: Name) -> CertificateBuilder: ...
179 class CertificateRevocationList(metaclass=ABCMeta):
180 extensions: Extensions
182 last_update: datetime.datetime
183 next_update: datetime.datetime
185 signature_algorithm_oid: ObjectIdentifier
186 signature_hash_algorithm: HashAlgorithm
187 tbs_certlist_bytes: bytes
189 def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ...
191 def get_revoked_certificate_by_serial_number(self, serial_number: int) -> RevokedCertificate: ...
193 def is_signature_valid(
194 self, public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey
197 def public_bytes(self, encoding: Encoding) -> bytes: ...
199 class CertificateRevocationListBuilder(object):
200 def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateRevocationListBuilder: ...
201 def add_revoked_certificate(self, revoked_certificate: RevokedCertificate) -> CertificateRevocationListBuilder: ...
202 def issuer_name(self, name: Name) -> CertificateRevocationListBuilder: ...
203 def last_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ...
204 def next_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ...
207 private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey,
208 algorithm: HashAlgorithm | None,
209 backend: X509Backend | None = ...,
210 ) -> CertificateRevocationList: ...
212 class CertificateSigningRequest(metaclass=ABCMeta):
213 extensions: Extensions
214 is_signature_valid: bool
216 signature_algorithm_oid: ObjectIdentifier
217 signature_hash_algorithm: HashAlgorithm
219 tbs_certrequest_bytes: bytes
221 def public_bytes(self, encoding: Encoding) -> bytes: ...
223 def public_key(self) -> DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey: ...
225 class CertificateSigningRequestBuilder(object):
226 def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateSigningRequestBuilder: ...
227 def subject_name(self, name: Name) -> CertificateSigningRequestBuilder: ...
230 private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey,
231 algorithm: HashAlgorithm | None,
232 backend: X509Backend | None = ...,
233 ) -> CertificateSigningRequest: ...
235 class RevokedCertificate(metaclass=ABCMeta):
236 extensions: Extensions
237 revocation_date: datetime.datetime
240 class RevokedCertificateBuilder(object):
241 def add_extension(self, extension: ExtensionType, critical: bool) -> RevokedCertificateBuilder: ...
242 def build(self, backend: X509Backend | None = ...) -> RevokedCertificate: ...
243 def revocation_date(self, time: datetime.datetime) -> RevokedCertificateBuilder: ...
244 def serial_number(self, serial_number: int) -> RevokedCertificateBuilder: ...
246 # General Name Classes
248 class GeneralName(metaclass=ABCMeta):
251 class DirectoryName(GeneralName):
253 def __init__(self, value: Name) -> None: ...
255 class DNSName(GeneralName):
257 def __init__(self, value: Text) -> None: ...
259 class IPAddress(GeneralName):
260 value: IPv4Address | IPv6Address | IPv4Network | IPv6Network
261 def __init__(self, value: IPv4Address | IPv6Address | IPv4Network | IPv6Network) -> None: ...
263 class OtherName(GeneralName):
264 type_id: ObjectIdentifier
266 def __init__(self, type_id: ObjectIdentifier, value: bytes) -> None: ...
268 class RegisteredID(GeneralName):
269 value: ObjectIdentifier
270 def __init__(self, value: ObjectIdentifier) -> None: ...
272 class RFC822Name(GeneralName):
274 def __init__(self, value: Text) -> None: ...
276 class UniformResourceIdentifier(GeneralName):
278 def __init__(self, value: Text) -> None: ...
282 class ExtensionType(metaclass=ABCMeta):
283 oid: ObjectIdentifier
285 _T = TypeVar("_T", bound="ExtensionType")
287 class Extension(Generic[_T]):
289 oid: ObjectIdentifier
292 class Extensions(object):
293 def __init__(self, general_names: list[Extension[Any]]) -> None: ...
294 def __iter__(self) -> Generator[Extension[Any], None, None]: ...
295 def get_extension_for_oid(self, oid: ObjectIdentifier) -> Extension[Any]: ...
296 def get_extension_for_class(self, extclass: Type[_T]) -> Extension[_T]: ...
298 class DuplicateExtension(Exception):
299 oid: ObjectIdentifier
300 def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ...
302 class ExtensionNotFound(Exception):
303 oid: ObjectIdentifier
304 def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ...
306 class IssuerAlternativeName(ExtensionType):
307 def __init__(self, general_names: list[GeneralName]) -> None: ...
308 def __iter__(self) -> Generator[GeneralName, None, None]: ...
309 def get_values_for_type(self, type: Type[GeneralName]) -> list[Any]: ...
311 class SubjectAlternativeName(ExtensionType):
312 def __init__(self, general_names: list[GeneralName]) -> None: ...
313 def __iter__(self) -> Generator[GeneralName, None, None]: ...
314 def get_values_for_type(self, type: Type[GeneralName]) -> list[Any]: ...
316 class AuthorityKeyIdentifier(ExtensionType):
318 def key_identifier(self) -> bytes: ...
320 def authority_cert_issuer(self) -> list[GeneralName] | None: ...
322 def authority_cert_serial_number(self) -> int | None: ...
324 self, key_identifier: bytes, authority_cert_issuer: Iterable[GeneralName] | None, authority_cert_serial_number: int | None
327 def from_issuer_public_key(
328 cls, public_key: RSAPublicKey | DSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey | Ed448PublicKey
329 ) -> AuthorityKeyIdentifier: ...
331 def from_issuer_subject_key_identifier(cls, ski: SubjectKeyIdentifier) -> AuthorityKeyIdentifier: ...
333 class SubjectKeyIdentifier(ExtensionType):
335 def digest(self) -> bytes: ...
336 def __init__(self, digest: bytes) -> None: ...
339 cls, public_key: RSAPublicKey | DSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey | Ed448PublicKey
340 ) -> SubjectKeyIdentifier: ...
342 class AccessDescription:
344 def access_method(self) -> ObjectIdentifier: ...
346 def access_location(self) -> GeneralName: ...
347 def __init__(self, access_method: ObjectIdentifier, access_location: GeneralName) -> None: ...
349 class AuthorityInformationAccess(ExtensionType):
350 def __init__(self, descriptions: Iterable[AccessDescription]) -> None: ...
351 def __len__(self) -> int: ...
352 def __iter__(self) -> Generator[AccessDescription, None, None]: ...
353 def __getitem__(self, item: int) -> AccessDescription: ...
355 class SubjectInformationAccess(ExtensionType):
356 def __init__(self, descriptions: Iterable[AccessDescription]) -> None: ...
357 def __len__(self) -> int: ...
358 def __iter__(self) -> Generator[AccessDescription, None, None]: ...
359 def __getitem__(self, item: int) -> AccessDescription: ...
361 class BasicConstraints(ExtensionType):
363 def ca(self) -> bool: ...
365 def path_length(self) -> int | None: ...
366 def __init__(self, ca: bool, path_length: int | None) -> None: ...
368 class KeyUsage(ExtensionType):
370 def digital_signature(self) -> bool: ...
372 def content_commitment(self) -> bool: ...
374 def key_encipherment(self) -> bool: ...
376 def data_encipherment(self) -> bool: ...
378 def key_agreement(self) -> bool: ...
380 def key_cert_sign(self) -> bool: ...
382 def crl_sign(self) -> bool: ...
384 def encipher_only(self) -> bool: ...
386 def decipher_only(self) -> bool: ...
389 digital_signature: bool,
390 content_commitment: bool,
391 key_encipherment: bool,
392 data_encipherment: bool,
400 class ExtendedKeyUsage(ExtensionType):
401 def __init__(self, usages: Iterable[ObjectIdentifier]) -> None: ...
402 def __len__(self) -> int: ...
403 def __iter__(self) -> Generator[ObjectIdentifier, None, None]: ...
404 def __getitem__(self, item: int) -> ObjectIdentifier: ...
406 class UnrecognizedExtension(ExtensionType):
408 def value(self) -> bytes: ...
409 def __init__(self, oid: ObjectIdentifier, value: bytes) -> None: ...
411 def load_der_x509_certificate(data: bytes, backend: X509Backend | None = ...) -> Certificate: ...
412 def load_pem_x509_certificate(data: bytes, backend: X509Backend | None = ...) -> Certificate: ...
413 def load_der_x509_crl(data: bytes, backend: X509Backend | None = ...) -> CertificateRevocationList: ...
414 def load_pem_x509_crl(data: bytes, backend: X509Backend | None = ...) -> CertificateRevocationList: ...
415 def load_der_x509_csr(data: bytes, backend: X509Backend | None = ...) -> CertificateSigningRequest: ...
416 def load_pem_x509_csr(data: bytes, backend: X509Backend | None = ...) -> CertificateSigningRequest: ...
417 def __getattr__(name: str) -> Any: ... # incomplete