+ i]m :^RIHt^RIt^RIt^RIt^RIt^RIt^RIHt^RI H t ^RI H t ^RIHt^RIHtHtHtHtHtHtHtHt^RIHtHt^R IHtHtHtH t ^R I!H"t"H#t#^R I$H%t%]P!R ^^4t&]PN]PP]PR]PT]PV]PX]PZ]P\]P^3,t0!R R]14t2RRlt3RRlt4RRlt5!RR4t6!RR4t7!RR] Pp4t9!RR]14t:] Pvt;!RR]PxR7t=]=P}] Pz4!R R!]=4t?] Pt@] PtA] PtB] PtC] PtD] PtE] PtF] PtG] PtH!R"R#4tI!R$R%4tJ!R&R'4tK!R(R)4tLR*R+ltMR#),) annotationsN)Iterable)utils)x509)hashes)dsaeced448ed25519paddingrsax448x25519) CertificateIssuerPrivateKeyTypesCertificatePublicKeyTypes) Extension Extensions ExtensionType_make_sequence_methods)Name _ASN1Type)ObjectIdentifieric.a]tRt^8tRV3RlltRtV;t#)AttributeNotFoundc$V^8dQhRRRRRR/#)msgstroidrreturnNone)formats"]/home/wkmabra/.openclaw/workspace/venv/lib/python3.14/site-packages/cryptography/x509/base.py __annotate__AttributeNotFound.__annotate__9s"C&64c 2<\SV`V4W nR#N)super__init__r)selfrr __class__s&&&r$r+AttributeNotFound.__init__9s r')r__name__ __module__ __qualname____firstlineno__r+__static_attributes__ __classcell__r-s@r$rr8s r'rc$V^8dQhRRRRRR/#)r extensionzExtension[ExtensionType] extensionslist[Extension[ExtensionType]]r r!r")r#s"r$r%r%>s+EE'E.E Er'cdVF)pVPVP8XgK \R4h R#)z$This extension has already been set.N)r ValueError)r8r9es&& r$_reject_duplicate_extensionr>>s*  55IMM !CD Dr'c$V^8dQhRRRRRR/#)rrr attributes0list[tuple[ObjectIdentifier, bytes, int | None]]r r!r")r#s"r$r%r%Hs+EE E@E Er'cBVFwppW 8XgK\R4h R#)z$This attribute has already been set.N)r<)rr@attr_oid_s&& r$_reject_duplicate_attributerEHs% %!Q ?CD D%r'c V^8dQhRRRR/#)rtimedatetime.datetimer r")r#s"r$r%r%Rs  %6 ;L r'cVPeIVP4pV'dTM\P!4pVP RR7V, #V#)zNormalizes a datetime to a naive datetime in UTC. time -- datetime to normalize. Assumed to be in UTC if not timezone aware. Ntzinfo)rK utcoffsetdatetime timedeltareplace)rGoffsets& r$_convert_to_naive_utc_timerQRsG  {{!!x'9'9';||4|(611 r'c]tRt^`t]P P 3RRllt]RRl4t ]RRl4tRRlt R R lt R R lt R t R#) Attributec(V^8dQhRRRRRRRR/#) rrrvaluebytes_typeintr r!r")r#s"r$r%Attribute.__annotate__as2    r'c *WnW nW0nR#r))_oid_valuerW)r,rrUrWs&&&&r$r+Attribute.__init__as    r'cV^8dQhRR/#)rr rr")r#s"r$r%rYls%r'c VP#r))r[r,s&r$r Attribute.oidks yyr'cV^8dQhRR/#)rr rVr")r#s"r$r%rYpsur'c VP#r))r\r`s&r$rUAttribute.valueos {{r'cV^8dQhRR/#rr rr")r#s"r$r%rYssDD#Dr'c >RVP RVP: R2#)z)rrUr`s&r$__repr__Attribute.__repr__ss  (4::.CCr'c V^8dQhRRRR/#)rotherobjectr boolr")r#s"r$r%rYvs  F t r'c \V\4'g\#VPVP8H;'d;VPVP8H;'dVP VP 8H#r)) isinstancerSNotImplementedrrUrW)r,rls&&r$__eq__Attribute.__eq__vs`%++! ! HH ! * * ekk) * * ekk) r'cV^8dQhRR/#rr rXr")r#s"r$r%rYs88#8r'c Z\VPVPVP34#r))hashrrUrWr`s&r$__hash__Attribute.__hash__s TXXtzz4::677r')r[rWr\N)r0r1r2r3r UTF8StringrUr+propertyrrirrrxr4r"r'r$rSrS`sU ))// D 88r'rScR]tRt^tRRlt]!R4wtttRRlt RRlt Rt R #) Attributesc V^8dQhRRRR/#)rr@zIterable[Attribute]r r!r")r#s"r$r%Attributes.__annotate__s,,', ,r'c &\V4VnR#r))list _attributes)r,r@s&&r$r+Attributes.__init__s +r'rcV^8dQhRR/#rfr")r#s"r$r%rs33#3r'c "RVP R2#)z ?EEr'rN) r0r1r2r3r+r__len____iter__ __getitem__rirr4r"r'r$r}r}s+, &rrrrr,rrr8s&&& r$ add_extension.CertificateSigningRequestBuilder.add_extensionsm &-00@A Afjj(; #I/?/?@/    *d * *     r'_tagc(V^8dQhRRRRRRRR/#) rrrrUrVrz_ASN1Type | Noner rr")r#s"r$r%r's2      *  r'c \V\4'g \R4h\V\4'g \R4hVe"\V\4'g \R4h\ WP 4VeVPpMRp\VPVP.VP OWV3N4#)z; Adds an X.509 attribute with an OID and associated value. zoid must be an ObjectIdentifierzvalue must be bytesNztag must be _ASN1Type) rprrrVrrErrUrrr)r,rrUrtags&&&$ r$ add_attribute.CertificateSigningRequestBuilder.add_attribute's#/00=> >%''12 2  JtY$?$?34 4#C)9)9:  **CC/       2d 2S 1 2  r' rsa_paddingecdsa_deterministicc 0V^8dQhRRRRRRRRR R R R /#) r private_keyr algorithm_AllowedHashTypes | Nonebackend typing.Anyr%padding.PSS | padding.PKCS1v15 | Noner bool | Noner CertificateSigningRequestr")r#s"r$r%rGsF! ! 5! ,!  ! ; ! )!  #! r'c VPf \R4hVeg\V\P\P 34'g \ R4h\V\P4'g \ R4hVe,\V\P4'g \ R4h\P!VVVVV4#)z6 Signs the request using the requestor's private key. z/A CertificateSigningRequest must have a subjectPadding must be PSS or PKCS1v15&Padding is only supported for RSA keys1Deterministic ECDSA is only supported for EC keys) rr<rpr PSSPKCS1v15rr RSAPrivateKeyr EllipticCurvePrivateKey rust_x509create_x509_csrr,rrrrrs&&&&$$r$sign%CertificateSigningRequestBuilder.signGs    %NO O  "kGKK9I9I+JKK ABBk3+<+<== HII  *k2+E+EFFG((        r')rrrr)) r0r1r2r3r+rrrrr4r"r'r$rrsK%)57GI &   $ "&  @! >B ! ,0! ! r'rc]tRtRt$R]R&RRRRRR.3RRlltRRltR R ltR R ltR Rlt RRlt RRlt RRlt RRRRR/RRlllt RtR#)CertificateBuilderikr:rNc8V^8dQhRRRRRRRRRR R R R R R R/#)r issuer_namerr public_keyz CertificatePublicKeyTypes | Noner int | Nonenot_valid_beforedatetime.datetime | Nonenot_valid_afterr9r:r r!r")r#s"r$r%CertificateBuilder.__annotate__nsZ&& &"&5 & " & 3 &2&3& &r'c \PVnWnW nW0nW@nWPnW`nWpn R#r)) rr_version _issuer_namer _public_keyr_not_valid_before_not_valid_afterr)r,r rr rrrr9s&&&&&&&&r$r+CertificateBuilder.__init__ns9  ')%+!1 /%r'c V^8dQhRRRR/#rrrr r r")r#s"r$r%rs   ); r'c  \V\4'g \R4hVPe \ R4h\ VVP VPVPVPVPVP4#)z# Sets the CA's distinguished name. r%The issuer name may only be set once.) rprrrr<r rrrrrrrs&&r$r CertificateBuilder.issuer_names{$%%9: :    (DE E!            " "  ! !     r'c V^8dQhRRRR/#rr")r#s"r$r%rs   *< r'c  \V\4'g \R4hVPe \ R4h\ VP VVPVPVPVPVP4#)z* Sets the requestor's distinguished name. rr) rprrrr<r rrrrrrrs&&r$rCertificateBuilder.subject_names{$%%9: :    )EF F!            " "  ! !     r'c V^8dQhRRRR/#)rkeyrr r r")r#s"r$r%rs# # &#  # r'c  \V\P\P\ P \P\P\P\P34'g \R4hVP e \#R4h\%VP&VP(VVP*VP,VP.VP04#)zD Sets the requestor's public key (as found in the signing request). zExpecting one of DSAPublicKey, RSAPublicKey, EllipticCurvePublicKey, Ed25519PublicKey, Ed448PublicKey, X25519PublicKey, or X448PublicKey.z$The public key may only be set once.)rpr DSAPublicKeyr RSAPublicKeyr EllipticCurvePublicKeyr Ed25519PublicKeyr Ed448PublicKeyrX25519PublicKeyr X448PublicKeyrrr<r rrrrrr)r,r#s&&r$r CertificateBuilder.public_keys     ))(($$&&""    !     'CD D!            " "  ! !     r'c V^8dQhRRRR/#)rnumberrXr r r")r#s"r$r%rs  C ,> r'c  t\V\4'g \R4hVPe \ R4hV^8:d \ R4hVP 4^8d \ R4h\ VPVPVPVVPVPVP4#)z% Sets the certificate serial number. 'Serial number must be of integral type.'The serial number may only be set once.z%The serial number should be positive.3The serial number should not be more than 159 bits.) rprXrrr< bit_lengthr rrrrrrr,r.s&&r$r CertificateBuilder.serial_numbers&#&&EF F    *FG G Q;DE E    # %E "            " "  ! !     r'c V^8dQhRRRR/#rrGrHr r r")r#s"r$r%rs  %6 ;M r'c  \V\P4'g \R4hVPe \ R4h\ V4pV\ 8d \ R4hVPeWP8d \ R4h\VPVPVPVPVVPVP4#)z' Sets the certificate activation time. Expecting datetime object.z*The not valid before may only be set once.z>The not valid before date must be on or after 1950 January 1).zBThe not valid before date must be before the not valid after date.)rprMrrr<rQ_EARLIEST_UTC_TIMErr rrrrrr,rGs&&r$r#CertificateBuilder.not_valid_befores$ 1 12289 9  ! ! -IJ J)$/ $ $$   ,8M8M1M "               ! !     r'c V^8dQhRRRR/#r7r")r#s"r$r%rs  $5 :L r'c  \V\P4'g \R4hVPe \ R4h\ V4pV\ 8d \ R4hVPeWP8d \ R4h\VPVPVPVPVPVVP4#)z' Sets the certificate expiration time. r9z)The not valid after may only be set once.zrr rrrrrrrs&&& r$r CertificateBuilder.add_extension!s &-00@A Afjj(; #I/?/?@!              " "  ! ! *d * *  r'rrc 0V^8dQhRRRRRRRRR R R R /#) rrrrrrrrrrrr Certificater")r#s"r$r%r7sF0 0 50 ,0  0 ; 0 )0  0 r'c VPf \R4hVPf \R4hVPf \R4hVPf \R4hVP f \R4hVP f \R4hVeg\V\P\P34'g \R4h\V\P4'g \R4hVe,\V\P4'g \R 4h\ P"!VVVVV4#) z3 Signs the certificate using the CA's private key. z&A certificate must have a subject namez&A certificate must have an issuer namez'A certificate must have a serial numberz/A certificate must have a not valid before timez.A certificate must have a not valid after timez$A certificate must have a public keyrrr)rr<rrrrrrpr rrrr rr rrcreate_x509_certificaters&&&&$$r$rCertificateBuilder.sign7s.    %EF F    $EF F    &FG G  ! ! )NO O  (MN N    #CD D  "kGKK9I9I+JKK ABBk3+<+<== HII  *k2+E+EFFG00        r')rrrrrrrrr))r0r1r2r3__annotations__r+r rr rrrrrr4r"r'r$r r ksg//$($(7;$(594857&& $ $# J 6 : > ,0 >B 0 ,00 0 r'r c]tRtRt$R]R&R]R&RRR..3RRlltR R ltR R ltR RltRRlt RRlt RRRRR/RRlllt Rt R#) CertificateRevocationListBuilderijr:rlist[RevokedCertificate]_revoked_certificatesNc ,V^8dQhRRRRRRRRRR /#) rr r last_updater next_updater9r:revoked_certificatesrKr")r#s"r$r%-CertificateRevocationListBuilder.__annotate__ns< : :  :. :. : 3 : 7 :r'c BWnW nW0nW@nWPnR#r))r _last_update _next_updaterrL)r,r rNrOr9rPs&&&&&&r$r+)CertificateRevocationListBuilder.__init__ns"(''%%9"r'c V^8dQhRRRR/#)rr rr rJr")r#s"r$r%rQ|s     )  r'c \V\4'g \R4hVPe \ R4h\ VVP VPVPVP4#)rr) rprrrr<rJrSrTrrL)r,r s&&r$r ,CertificateRevocationListBuilder.issuer_name|si+t,,9: :    (DE E/            & &   r'c V^8dQhRRRR/#)rrNrHr rJr")r#s"r$r%rQ  , ) r'c \V\P4'g \R4hVPe \ R4h\ V4pV\ 8d \ R4hVPeWP8d \ R4h\VPVVPVPVP4#)r9!Last update may only be set once.8The last update date must be on or after 1950 January 1.z9The last update date must be before the next update date.) rprMrrSr<rQr:rTrJrrrL)r,rNs&&r$rN,CertificateRevocationListBuilder.last_updates+x'8'89989 9    (@A A0= + +J     ([;L;L-LK 0            & &   r'c V^8dQhRRRR/#)rrOrHr rJr")r#s"r$r%rQrZr'c \V\P4'g \R4hVPe \ R4h\ V4pV\ 8d \ R4hVPeWP8d \ R4h\VPVPVVPVP4#)r9r\r]z8The next update date must be after the last update date.) rprMrrTr<rQr:rSrJrrrL)r,rOs&&r$rO,CertificateRevocationListBuilder.next_updates+x'8'89989 9    (@A A0= + +J     ([;L;L-LJ 0            & &   r'c$V^8dQhRRRRRR/#)rrrrrnr rJr")r#s"r$r%rQs$  # /3 ) r'c $\V\4'g \R4h\VPW!4p\ W0P 4\VPVPVP.VP OVNVP4#)z= Adds an X.509 extension to the certificate revocation list. r) rprrrrr>rrJrrSrTrLrs&&& r$r.CertificateRevocationListBuilder.add_extensions &-00@A Afjj(; #I/?/?@/          *d * *  & &   r'c V^8dQhRRRR/#)rrevoked_certificaterr rJr")r#s"r$r%rQs  #5 ) r'c \V\4'g \R4h\VPVP VP VP.VPOVN4#)z( Adds a revoked certificate to the CRL. z)Must be an instance of RevokedCertificate) rprrrJrrSrTrrL)r,rfs&&r$add_revoked_certificate8CertificateRevocationListBuilder.add_revoked_certificatesd -/ABBGH H/             >d(( >*= >   r'rrc 0V^8dQhRRRRRRRRR R R R /#) rrrrrrrrrrrr CertificateRevocationListr")r#s"r$r%rQsF$ $ 5$ ,$  $ ; $ )$  #$ r'c VPf \R4hVPf \R4hVPf \R4hVeg\ V\ P \ P34'g \R4h\ V\P4'g \R4hVe,\ V\P4'g \R4h\P!VVVVV4#)NzA CRL must have an issuer namez"A CRL must have a last update timez"A CRL must have a next update timerrr)rr<rSrTrpr rrrr rr rrcreate_x509_crlrs&&&&$$r$r%CertificateRevocationListBuilder.signs    $=> >    $AB B    $AB B  "kGKK9I9I+JKK ABBk3+<+<== HII  *k2+E+EFFG((        r')rrrSrTrLr)) r0r1r2r3rHr+r rNrOrrhrr4r"r'r$rJrJjs\//33$(0404579; :   0 0 & "$ >B $ ,0$ $ r'rJc`]tRtRtRR.3RRlltRRltRRltR R ltRR R lltR t R#)RevokedCertificateBuilderiNc$V^8dQhRRRRRR/#)rrrrrr9r:r")r#s"r$r%&RevokedCertificateBuilder.__annotate__s(&&!&2&3 &r'c *WnW nW0nR#r)rrs&&&&r$r+"RevokedCertificateBuilder.__init__rr'c V^8dQhRRRR/#)rr.rXr rpr")r#s"r$r%rrs  C ,E r'c \V\4'g \R4hVPe \ R4hV^8:d \ R4hVP 4^8d \ R4h\ WPVP4#)r0r1z$The serial number should be positiver2) rprXrrr<r3rprrr4s&&r$r'RevokedCertificateBuilder.serial_numbers&#&&EF F    *FG G Q;CD D    # %E ) ))4+;+;  r'c V^8dQhRRRR/#)rrGrHr rpr")r#s"r$r%rr#s  % " r'c \V\P4'g \R4hVPe \ R4h\ V4pV\ 8d \ R4h\VPWP4#)r9z)The revocation date may only be set once.z7The revocation date must be on or after 1950 January 1.) rprMrrr<rQr:rprrr;s&&r$r)RevokedCertificateBuilder.revocation_date#s~$ 1 12289 9  ,HI I)$/ $ $I )   '7'7  r'c$V^8dQhRRRRRR/#)rrrrrnr rpr")r#s"r$r%rr3s$   #  /3  "  r'c \V\4'g \R4h\VPW!4p\ W0P 4\VPVP.VP OVN4#)r) rprrrrr>rrprrrs&&& r$r'RevokedCertificateBuilder.add_extension3sm&-00@A Afjj(; #I/?/?@(     ! ! *d * *  r'c V^8dQhRRRR/#)rrrr rr")r#s"r$r%rrAs   Z  3E  r'c VPf \R4hVPf \R4h\VPVP\ VP 44#)Nz/A revoked certificate must have a serial numberz1A revoked certificate must have a revocation date)rr<rrrr)r,rs&&r$buildRevokedCertificateBuilder.buildAse    &NO O  (C &     ! ! t'' (  r'rr)) r0r1r2r3r+rrrrr4r"r'r$rprps+%)4857 & $     r'rpcV^8dQhRR/#rur")r#s"r$r%r%Os66c6r'cd\P\P!^4R4^, #)big)rX from_bytesosurandomr"r'r$random_serial_numberrOs >>"**R.% 0A 55r')N __future__rrrMrtypingrcollections.abcr cryptographyr"cryptography.hazmat.bindings._rustrrcryptography.hazmat.primitivesr)cryptography.hazmat.primitives.asymmetricrr r r r r rr/cryptography.hazmat.primitives.asymmetric.typesrrcryptography.x509.extensionsrrrrcryptography.x509.namerrcryptography.x509.oidrr:UnionSHA224SHA256SHA384SHA512SHA3_224SHA3_256SHA3_384SHA3_512_AllowedHashTypes Exceptionrr>rErQrSr}EnumrrrDABCMetarregisterrrkrload_pem_x509_certificateload_der_x509_certificateload_pem_x509_certificatesload_pem_x509_csrload_der_x509_csrload_pem_x509_crlload_der_x509_crlrr rJrprr"r'r$rs #  $@1    32&&tQ2LL MM MM MM MM OO OO OO OO   EE !8!8HFF( ejj -Y- ##  3;; @I889 / D&??%??&??%??&AA////////m m `| | ~Y Y xF F R6r'