import datetime from abc import ABCMeta, abstractmethod from enum import Enum from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network from typing import Any, ClassVar, Generator, Generic, Iterable, Sequence, Text, Type, TypeVar from cryptography.hazmat.backends.interfaces import X509Backend from cryptography.hazmat.primitives.asymmetric.dsa import DSAPrivateKey, DSAPublicKey from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePrivateKey, EllipticCurvePublicKey from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey, Ed448PublicKey from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey, Ed25519PublicKey from cryptography.hazmat.primitives.asymmetric.rsa import RSAPrivateKey, RSAPublicKey from cryptography.hazmat.primitives.hashes import HashAlgorithm from cryptography.hazmat.primitives.serialization import Encoding class ObjectIdentifier(object): dotted_string: str def __init__(self, dotted_string: str) -> None: ... class CRLEntryExtensionOID(object): CERTIFICATE_ISSUER: ClassVar[ObjectIdentifier] CRL_REASON: ClassVar[ObjectIdentifier] INVALIDITY_DATE: ClassVar[ObjectIdentifier] class ExtensionOID(object): AUTHORITY_INFORMATION_ACCESS: ClassVar[ObjectIdentifier] AUTHORITY_KEY_IDENTIFIER: ClassVar[ObjectIdentifier] BASIC_CONSTRAINTS: ClassVar[ObjectIdentifier] CERTIFICATE_POLICIES: ClassVar[ObjectIdentifier] CRL_DISTRIBUTION_POINTS: ClassVar[ObjectIdentifier] CRL_NUMBER: ClassVar[ObjectIdentifier] DELTA_CRL_INDICATOR: ClassVar[ObjectIdentifier] EXTENDED_KEY_USAGE: ClassVar[ObjectIdentifier] FRESHEST_CRL: ClassVar[ObjectIdentifier] INHIBIT_ANY_POLICY: ClassVar[ObjectIdentifier] ISSUER_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier] ISSUING_DISTRIBUTION_POINT: ClassVar[ObjectIdentifier] KEY_USAGE: ClassVar[ObjectIdentifier] NAME_CONSTRAINTS: ClassVar[ObjectIdentifier] OCSP_NO_CHECK: ClassVar[ObjectIdentifier] POLICY_CONSTRAINTS: ClassVar[ObjectIdentifier] POLICY_MAPPINGS: ClassVar[ObjectIdentifier] PRECERT_POISON: ClassVar[ObjectIdentifier] PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS: ClassVar[ObjectIdentifier] SUBJECT_ALTERNATIVE_NAME: ClassVar[ObjectIdentifier] SUBJECT_DIRECTORY_ATTRIBUTES: ClassVar[ObjectIdentifier] SUBJECT_INFORMATION_ACCESS: ClassVar[ObjectIdentifier] SUBJECT_KEY_IDENTIFIER: ClassVar[ObjectIdentifier] TLS_FEATURE: ClassVar[ObjectIdentifier] class NameOID(object): BUSINESS_CATEGORY: ClassVar[ObjectIdentifier] COMMON_NAME: ClassVar[ObjectIdentifier] COUNTRY_NAME: ClassVar[ObjectIdentifier] DN_QUALIFIER: ClassVar[ObjectIdentifier] DOMAIN_COMPONENT: ClassVar[ObjectIdentifier] EMAIL_ADDRESS: ClassVar[ObjectIdentifier] GENERATION_QUALIFIER: ClassVar[ObjectIdentifier] GIVEN_NAME: ClassVar[ObjectIdentifier] JURISDICTION_COUNTRY_NAME: ClassVar[ObjectIdentifier] JURISDICTION_LOCALITY_NAME: ClassVar[ObjectIdentifier] JURISDICTION_STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier] LOCALITY_NAME: ClassVar[ObjectIdentifier] ORGANIZATIONAL_UNIT_NAME: ClassVar[ObjectIdentifier] ORGANIZATION_NAME: ClassVar[ObjectIdentifier] POSTAL_ADDRESS: ClassVar[ObjectIdentifier] POSTAL_CODE: ClassVar[ObjectIdentifier] PSEUDONYM: ClassVar[ObjectIdentifier] SERIAL_NUMBER: ClassVar[ObjectIdentifier] STATE_OR_PROVINCE_NAME: ClassVar[ObjectIdentifier] STREET_ADDRESS: ClassVar[ObjectIdentifier] SURNAME: ClassVar[ObjectIdentifier] TITLE: ClassVar[ObjectIdentifier] USER_ID: ClassVar[ObjectIdentifier] X500_UNIQUE_IDENTIFIER: ClassVar[ObjectIdentifier] class OCSPExtensionOID(object): NONCE: ClassVar[ObjectIdentifier] class SignatureAlgorithmOID(object): DSA_WITH_SHA1: ClassVar[ObjectIdentifier] DSA_WITH_SHA224: ClassVar[ObjectIdentifier] DSA_WITH_SHA256: ClassVar[ObjectIdentifier] ECDSA_WITH_SHA1: ClassVar[ObjectIdentifier] ECDSA_WITH_SHA224: ClassVar[ObjectIdentifier] ECDSA_WITH_SHA256: ClassVar[ObjectIdentifier] ECDSA_WITH_SHA384: ClassVar[ObjectIdentifier] ECDSA_WITH_SHA512: ClassVar[ObjectIdentifier] ED25519: ClassVar[ObjectIdentifier] ED448: ClassVar[ObjectIdentifier] RSASSA_PSS: ClassVar[ObjectIdentifier] RSA_WITH_MD5: ClassVar[ObjectIdentifier] RSA_WITH_SHA1: ClassVar[ObjectIdentifier] RSA_WITH_SHA224: ClassVar[ObjectIdentifier] RSA_WITH_SHA256: ClassVar[ObjectIdentifier] RSA_WITH_SHA384: ClassVar[ObjectIdentifier] RSA_WITH_SHA512: ClassVar[ObjectIdentifier] class ExtendedKeyUsageOID(object): SERVER_AUTH: ClassVar[ObjectIdentifier] CLIENT_AUTH: ClassVar[ObjectIdentifier] CODE_SIGNING: ClassVar[ObjectIdentifier] EMAIL_PROTECTION: ClassVar[ObjectIdentifier] TIME_STAMPING: ClassVar[ObjectIdentifier] OCSP_SIGNING: ClassVar[ObjectIdentifier] ANY_EXTENDED_KEY_USAGE: ClassVar[ObjectIdentifier] class NameAttribute(object): oid: ObjectIdentifier value: Text def __init__(self, oid: ObjectIdentifier, value: Text) -> None: ... def rfc4514_string(self) -> str: ... class RelativeDistinguishedName(object): def __init__(self, attributes: list[NameAttribute]) -> None: ... def __iter__(self) -> Generator[NameAttribute, None, None]: ... def get_attributes_for_oid(self, oid: ObjectIdentifier) -> list[NameAttribute]: ... def rfc4514_string(self) -> str: ... class Name(object): rdns: list[RelativeDistinguishedName] def __init__(self, attributes: Sequence[NameAttribute | RelativeDistinguishedName]) -> None: ... def __iter__(self) -> Generator[NameAttribute, None, None]: ... def __len__(self) -> int: ... def get_attributes_for_oid(self, oid: ObjectIdentifier) -> list[NameAttribute]: ... def public_bytes(self, backend: X509Backend | None = ...) -> bytes: ... def rfc4514_string(self) -> str: ... class Version(Enum): v1: int v3: int class Certificate(metaclass=ABCMeta): extensions: Extensions issuer: Name not_valid_after: datetime.datetime not_valid_before: datetime.datetime serial_number: int signature: bytes signature_algorithm_oid: ObjectIdentifier signature_hash_algorithm: HashAlgorithm tbs_certificate_bytes: bytes subject: Name version: Version @abstractmethod def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ... @abstractmethod def public_bytes(self, encoding: Encoding) -> bytes: ... @abstractmethod def public_key(self) -> DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey: ... class CertificateBuilder(object): def __init__( self, issuer_name: Name | None = ..., subject_name: Name | None = ..., public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey | None = ..., serial_number: int | None = ..., not_valid_before: datetime.datetime | None = ..., not_valid_after: datetime.datetime | None = ..., extensions: Iterable[ExtensionType] | None = ..., ) -> None: ... def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateBuilder: ... def issuer_name(self, name: Name) -> CertificateBuilder: ... def not_valid_after(self, time: datetime.datetime) -> CertificateBuilder: ... def not_valid_before(self, time: datetime.datetime) -> CertificateBuilder: ... def public_key( self, public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey ) -> CertificateBuilder: ... def serial_number(self, serial_number: int) -> CertificateBuilder: ... def sign( self, private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey, algorithm: HashAlgorithm | None, backend: X509Backend | None = ..., ) -> Certificate: ... def subject_name(self, name: Name) -> CertificateBuilder: ... class CertificateRevocationList(metaclass=ABCMeta): extensions: Extensions issuer: Name last_update: datetime.datetime next_update: datetime.datetime signature: bytes signature_algorithm_oid: ObjectIdentifier signature_hash_algorithm: HashAlgorithm tbs_certlist_bytes: bytes @abstractmethod def fingerprint(self, algorithm: HashAlgorithm) -> bytes: ... @abstractmethod def get_revoked_certificate_by_serial_number(self, serial_number: int) -> RevokedCertificate: ... @abstractmethod def is_signature_valid( self, public_key: DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey ) -> bool: ... @abstractmethod def public_bytes(self, encoding: Encoding) -> bytes: ... class CertificateRevocationListBuilder(object): def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateRevocationListBuilder: ... def add_revoked_certificate(self, revoked_certificate: RevokedCertificate) -> CertificateRevocationListBuilder: ... def issuer_name(self, name: Name) -> CertificateRevocationListBuilder: ... def last_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ... def next_update(self, time: datetime.datetime) -> CertificateRevocationListBuilder: ... def sign( self, private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey, algorithm: HashAlgorithm | None, backend: X509Backend | None = ..., ) -> CertificateRevocationList: ... class CertificateSigningRequest(metaclass=ABCMeta): extensions: Extensions is_signature_valid: bool signature: bytes signature_algorithm_oid: ObjectIdentifier signature_hash_algorithm: HashAlgorithm subject: Name tbs_certrequest_bytes: bytes @abstractmethod def public_bytes(self, encoding: Encoding) -> bytes: ... @abstractmethod def public_key(self) -> DSAPublicKey | Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey: ... class CertificateSigningRequestBuilder(object): def add_extension(self, extension: ExtensionType, critical: bool) -> CertificateSigningRequestBuilder: ... def subject_name(self, name: Name) -> CertificateSigningRequestBuilder: ... def sign( self, private_key: DSAPrivateKey | Ed25519PrivateKey | Ed448PrivateKey | EllipticCurvePrivateKey | RSAPrivateKey, algorithm: HashAlgorithm | None, backend: X509Backend | None = ..., ) -> CertificateSigningRequest: ... class RevokedCertificate(metaclass=ABCMeta): extensions: Extensions revocation_date: datetime.datetime serial_number: int class RevokedCertificateBuilder(object): def add_extension(self, extension: ExtensionType, critical: bool) -> RevokedCertificateBuilder: ... def build(self, backend: X509Backend | None = ...) -> RevokedCertificate: ... def revocation_date(self, time: datetime.datetime) -> RevokedCertificateBuilder: ... def serial_number(self, serial_number: int) -> RevokedCertificateBuilder: ... # General Name Classes class GeneralName(metaclass=ABCMeta): value: Any class DirectoryName(GeneralName): value: Name def __init__(self, value: Name) -> None: ... class DNSName(GeneralName): value: Text def __init__(self, value: Text) -> None: ... class IPAddress(GeneralName): value: IPv4Address | IPv6Address | IPv4Network | IPv6Network def __init__(self, value: IPv4Address | IPv6Address | IPv4Network | IPv6Network) -> None: ... class OtherName(GeneralName): type_id: ObjectIdentifier value: bytes def __init__(self, type_id: ObjectIdentifier, value: bytes) -> None: ... class RegisteredID(GeneralName): value: ObjectIdentifier def __init__(self, value: ObjectIdentifier) -> None: ... class RFC822Name(GeneralName): value: Text def __init__(self, value: Text) -> None: ... class UniformResourceIdentifier(GeneralName): value: Text def __init__(self, value: Text) -> None: ... # X.509 Extensions class ExtensionType(metaclass=ABCMeta): oid: ObjectIdentifier _T = TypeVar("_T", bound="ExtensionType") class Extension(Generic[_T]): critical: bool oid: ObjectIdentifier value: _T class Extensions(object): def __init__(self, general_names: list[Extension[Any]]) -> None: ... def __iter__(self) -> Generator[Extension[Any], None, None]: ... def get_extension_for_oid(self, oid: ObjectIdentifier) -> Extension[Any]: ... def get_extension_for_class(self, extclass: Type[_T]) -> Extension[_T]: ... class DuplicateExtension(Exception): oid: ObjectIdentifier def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ... class ExtensionNotFound(Exception): oid: ObjectIdentifier def __init__(self, msg: str, oid: ObjectIdentifier) -> None: ... class IssuerAlternativeName(ExtensionType): def __init__(self, general_names: list[GeneralName]) -> None: ... def __iter__(self) -> Generator[GeneralName, None, None]: ... def get_values_for_type(self, type: Type[GeneralName]) -> list[Any]: ... class SubjectAlternativeName(ExtensionType): def __init__(self, general_names: list[GeneralName]) -> None: ... def __iter__(self) -> Generator[GeneralName, None, None]: ... def get_values_for_type(self, type: Type[GeneralName]) -> list[Any]: ... class AuthorityKeyIdentifier(ExtensionType): @property def key_identifier(self) -> bytes: ... @property def authority_cert_issuer(self) -> list[GeneralName] | None: ... @property def authority_cert_serial_number(self) -> int | None: ... def __init__( self, key_identifier: bytes, authority_cert_issuer: Iterable[GeneralName] | None, authority_cert_serial_number: int | None ) -> None: ... @classmethod def from_issuer_public_key( cls, public_key: RSAPublicKey | DSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey | Ed448PublicKey ) -> AuthorityKeyIdentifier: ... @classmethod def from_issuer_subject_key_identifier(cls, ski: SubjectKeyIdentifier) -> AuthorityKeyIdentifier: ... class SubjectKeyIdentifier(ExtensionType): @property def digest(self) -> bytes: ... def __init__(self, digest: bytes) -> None: ... @classmethod def from_public_key( cls, public_key: RSAPublicKey | DSAPublicKey | EllipticCurvePublicKey | Ed25519PublicKey | Ed448PublicKey ) -> SubjectKeyIdentifier: ... class AccessDescription: @property def access_method(self) -> ObjectIdentifier: ... @property def access_location(self) -> GeneralName: ... def __init__(self, access_method: ObjectIdentifier, access_location: GeneralName) -> None: ... class AuthorityInformationAccess(ExtensionType): def __init__(self, descriptions: Iterable[AccessDescription]) -> None: ... def __len__(self) -> int: ... def __iter__(self) -> Generator[AccessDescription, None, None]: ... def __getitem__(self, item: int) -> AccessDescription: ... class SubjectInformationAccess(ExtensionType): def __init__(self, descriptions: Iterable[AccessDescription]) -> None: ... def __len__(self) -> int: ... def __iter__(self) -> Generator[AccessDescription, None, None]: ... def __getitem__(self, item: int) -> AccessDescription: ... class BasicConstraints(ExtensionType): @property def ca(self) -> bool: ... @property def path_length(self) -> int | None: ... def __init__(self, ca: bool, path_length: int | None) -> None: ... class KeyUsage(ExtensionType): @property def digital_signature(self) -> bool: ... @property def content_commitment(self) -> bool: ... @property def key_encipherment(self) -> bool: ... @property def data_encipherment(self) -> bool: ... @property def key_agreement(self) -> bool: ... @property def key_cert_sign(self) -> bool: ... @property def crl_sign(self) -> bool: ... @property def encipher_only(self) -> bool: ... @property def decipher_only(self) -> bool: ... def __init__( self, digital_signature: bool, content_commitment: bool, key_encipherment: bool, data_encipherment: bool, key_agreement: bool, key_cert_sign: bool, crl_sign: bool, encipher_only: bool, decipher_only: bool, ) -> None: ... class ExtendedKeyUsage(ExtensionType): def __init__(self, usages: Iterable[ObjectIdentifier]) -> None: ... def __len__(self) -> int: ... def __iter__(self) -> Generator[ObjectIdentifier, None, None]: ... def __getitem__(self, item: int) -> ObjectIdentifier: ... class UnrecognizedExtension(ExtensionType): @property def value(self) -> bytes: ... def __init__(self, oid: ObjectIdentifier, value: bytes) -> None: ... def load_der_x509_certificate(data: bytes, backend: X509Backend | None = ...) -> Certificate: ... def load_pem_x509_certificate(data: bytes, backend: X509Backend | None = ...) -> Certificate: ... def load_der_x509_crl(data: bytes, backend: X509Backend | None = ...) -> CertificateRevocationList: ... def load_pem_x509_crl(data: bytes, backend: X509Backend | None = ...) -> CertificateRevocationList: ... def load_der_x509_csr(data: bytes, backend: X509Backend | None = ...) -> CertificateSigningRequest: ... def load_pem_x509_csr(data: bytes, backend: X509Backend | None = ...) -> CertificateSigningRequest: ... def __getattr__(name: str) -> Any: ... # incomplete