ph,SSKrSSKrSSKrSSKJrJr SSKrSSKrSSKJ r J r SSK J r SSK Jr SSKJr SSKJrJr SSKJr SS KJr SS KJrJr SS KJrJr SS KJr SS KJ r J!r! Sr"SSjr#Sr$Sr%SSjr&"SS5r'g)N)urljoinurlparse)hazmatx509)InvalidSignature)backends) DSAPublicKey)ECDSAEllipticCurvePublicKey)PKCS1v15) RSAPublicKey)SHA1Hash)Encoding PublicFormat)ocsp)AuthorizationErrorConnectionErrorcrUR5n[U[5(a;URURUR [ 5UR5 g[U[5(a2URURUR UR5 g[U[5(a;URURUR [UR55 gURURUR 5 g![a [S5ef=f)Nzfailed to valid ocsp response) public_key isinstancer verify signaturetbs_response_bytesr signature_hash_algorithmr r r rr) issuer_cert ocsp_responsepubkeys D/home/james-whalen/.local/lib/python3.13/site-packages/redis/ocsp.py_verify_responser s  # # %F? fl + + MM''00 66    - - MM''0066   6 7 7 MM''00m<<=  MM-11=3S3S T ?=>>?s AD "AD )AD 9&D D6c[R"U5nUR[RR:Xa [ S5eUR[RR :Xa]UR[RR:wa4[S[UR5RS5SS35eO [S5eUR[RR5:a [S5eUR (a7UR [RR5:a [S5eUR"nUR$nUR&nUnUbX@R(:XdXe:XaUnOUR*n[-XXF5n U S n U R0R3[4R65n U b2[4R8R:R<U R>;a [S 5eU nU(a [AXs5 g ![.a [S 5ef=f) z=A wrapper the return the validity of a known ocsp certificatez4you are not authorized to view this ocsp certificatez Received an .z ocsp certificate statusz@failed to retrieve a successful response from the ocsp responderz)ocsp certificate was issued in the futurez1ocsp certificate has invalid update - in the pastrz'no certificates found for the responderz'delegate not autorized for ocsp signingT)!rload_der_ocsp_responseresponse_statusOCSPResponseStatus UNAUTHORIZEDr SUCCESSFULcertificate_statusOCSPCertStatusGOODrstrsplit this_updatedatetimenow next_updateresponder_nameissuer_key_hashresponder_key_hashsubject certificates_get_certificates IndexError extensionsget_extension_for_classrExtendedKeyUsageoidExtendedKeyUsageOID OCSP_SIGNINGvaluer ) r ocsp_bytesvalidaterr2 issuer_hashresponder_hashcert_to_validatecertsresponder_certsresponder_certexts r_check_certificaterI2s// ;M$$(?(?(L(LL !WXX$$(?(?(J(JJ  + +t/B/B/G/G G!s=#C#CDJJ3OPQRST**  H  N    H$5$5$9$9$;;IJJ !!  % %(9(9(=(=(? ?QRR"11N//K"55N"" 11 1  (&**+   M,Q/N''??@U@UV ;$((66CC399T!"KL L))9  M!"KL L Ms 2H55I c"UcAUVs/sH2n[U5U:XdMURUR:XdM0UPM4 nnU$UVs/sH3nURU:XdMURUR:XdM1UPM5 nnU$s snfs snfN)_get_pubkey_hashissuerr5)rErr2rCcr6s rr7r7ms "n4 9:[EXEX9X      yyN* /0xx;;N;N/N     s!BBB B !B =B cUR5n[U[5(a/UR[R [ R5nOr[U[5(a/UR[R[ R5nO.UR[R [ R5n[[5[R"5S9nUR!U5 UR#5$)N)backend)rrr public_bytesrDERrPKCS1r X962UncompressedPointSubjectPublicKeyInforrrdefault_backendupdatefinalize) certificaterhsha1s rrLrL~s  # # %F&,''    l.@.@ A F2 3 3    |/M/M N    l.O.O P  8 8 : ;DKKN ==?crUS;a [S5eSnUR5R5nUR5H1nUR5nURUR :XdM/Un O Uc [S5eUb&[ R"U5nXG:wa [S5e[X15$)zAn implementation of a function for set_ocsp_client_callback in PyOpenSSL. This function validates that the provide ocsp_bytes response is valid, and matches the expected, stapled responses. )r]Nzno ocsp response presentNz2no matching issuer cert found in certificate chainz/received and expected certificates do not match) rget_peer_certificateto_cryptographyget_peer_cert_chainr5rMrload_pem_x509_certificaterI)conr@expectedr peer_certrNcertes rocsp_staple_verifierrhs [ 899K((*::!"ST T k 66r]cL\rSrSrSrS SjrSrSrSrSr S r S r S r S r g) OCSPVerifierzA class to verify ssl sockets for RFC6960/RFC6961. This can be used when using direct validation of OCSP responses and certificate revocations. @see https://datatracker.ietf.org/doc/html/rfc6960 @see https://datatracker.ietf.org/doc/html/rfc6961 Nc4XlX lX0lX@lgrK)SOCKHOSTPORTCA_CERTS)selfsockhostportca_certss r__init__OCSPVerifier.__init__s    r]c[R"U5n[R"UR 5[ R "55nU$)z?Convert SSL certificates in a binary (DER) format to ASCII PEM.)sslDER_cert_to_PEM_certrrbencoderrW)rqderpemrfs r _bin2asciiOCSPVerifier._bin2asciis:&&s+--cjjlHrs`  *,%4(FVFF<O"@?88v"  78JIJIr]