PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` gi4 ddlmZmZmZmZddlZddlZddlZddlZddl Z ddl m Z m Z ddl mZddlmZej"dk(r ddlmZmZn ej"d k(r ddlmZmZnddlmZmZgd Ze j0Ze j0Zddd Zed ged gedgedgeddgeddgegddZddZddZddZ ddZ!dZ"dZ#dZ$y))unicode_literalsdivisionabsolute_importprint_functionN)armor Certificate)pretty_message) CACertsErrorwin32)extract_from_system system_pathdarwin) clear_cacheget_listget_path) last_updatecertsz1.3.6.1.5.5.7.3.4z1.3.6.1.5.5.7.3.3z1.3.6.1.5.5.7.3.81.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.2z1.3.6.1.5.5.7.3.13z1.3.6.1.5.5.7.3.14)z1.3.6.1.5.5.7.3.5z1.3.6.1.5.5.7.3.6z1.3.6.1.5.5.7.3.7z1.3.6.1.5.5.7.3.17)z1.2.840.113635.100.1.8z1.2.840.113635.100.1.16z1.2.840.113635.100.1.20z1.3.6.1.4.1.311.10.3.21.2.840.113635.100.1.3z1.2.840.113635.100.1.9z1.2.840.113635.100.1.11c \t|\}}|rut||rht}d}d}d}t5t||r 1.3.6.1.5.5.7.3.1 (server_auth) - 1.2.840.113635.100.1.3 (apple_ssl) -> 1.3.6.1.5.5.7.3.2 (client_auth) - 1.2.840.113635.100.1.8 (apple_smime) -> 1.3.6.1.5.5.7.3.4 (email_protection) - 1.2.840.113635.100.1.9 (apple_eap) -> 1.3.6.1.5.5.7.3.13 (eap_over_ppp) - 1.2.840.113635.100.1.9 (apple_eap) -> 1.3.6.1.5.5.7.3.14 (eap_over_lan) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.5 (ipsec_end_system) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.6 (ipsec_tunnel) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.7 (ipsec_user) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.17 (ipsec_ike) - 1.2.840.113635.100.1.16 (apple_code_signing) -> 1.3.6.1.5.5.7.3.3 (code_signing) - 1.2.840.113635.100.1.20 (apple_time_stamping) -> 1.3.6.1.5.5.7.3.8 (time_stamping) - 1.3.6.1.4.1.311.10.3.2 (microsoft_time_stamp_signing) -> 1.3.6.1.5.5.7.3.8 (time_stamping) :param cert_callback: A callback that is called once for each certificate in the trust store. It should accept two parameters: an asn1crypto.x509.Certificate object, and a reason. The reason will be None if the certificate is being exported, otherwise it will be a unicode string of the reason it won't. :raises: oscrypto.errors.CACertsError - when an error occurs exporting/locating certs :return: A (copied) list of 3-element tuples containing CA certs from the OS trust ilst: - 0: an asn1crypto.x509.Certificate object - 1: a set of unicode strings of OIDs of trusted purposes - 2: a set of unicode strings of OIDs of rejected purposes rrN) _in_memory_up_to_date memory_lockr _map_oidsappendr r!_module_valuestimelist)r$map_vendor_oidsr%r cert_bytesr.r/s r0rrsl ! .  <(6;N};]Z7J K&%.z%: &/ &< LL+"2"2:"> K!XY Z +0w'04 }- < w' (( < 1.3.6.1.5.5.7.3.1 (server_auth) - 1.2.840.113635.100.1.3 (apple_ssl) -> 1.3.6.1.5.5.7.3.2 (client_auth) - 1.2.840.113635.100.1.8 (apple_smime) -> 1.3.6.1.5.5.7.3.4 (email_protection) - 1.2.840.113635.100.1.9 (apple_eap) -> 1.3.6.1.5.5.7.3.13 (eap_over_ppp) - 1.2.840.113635.100.1.9 (apple_eap) -> 1.3.6.1.5.5.7.3.14 (eap_over_lan) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.5 (ipsec_end_system) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.6 (ipsec_tunnel) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.7 (ipsec_user) - 1.2.840.113635.100.1.11 (apple_ipsec) -> 1.3.6.1.5.5.7.3.17 (ipsec_ike) - 1.2.840.113635.100.1.16 (apple_code_signing) -> 1.3.6.1.5.5.7.3.3 (code_signing) - 1.2.840.113635.100.1.20 (apple_time_stamping) -> 1.3.6.1.5.5.7.3.8 (time_stamping) - 1.3.6.1.4.1.311.10.3.2 (microsoft_time_stamp_signing) -> 1.3.6.1.5.5.7.3.8 (time_stamping) :param oids: A set of unicode strings :return: The original set of OIDs with any mapped OIDs added )r_oid_map)oidsnew_oidsoids r0r4r4 s;2uH& (?  %H& (?rEctjj|}|sytj|}|jt j |dzdzz kry|j dk(ryy)a_ Checks to see if a cache file needs to be refreshed :param ca_path: A unicode string of the path to the cache file :param cache_length: An integer representing the number of hours the cache is valid for :return: A boolean - True if the cache needs to be updated, False if the file is up-to-date T<rF)r<r=r>statst_mtimer7st_size)r&r$r>statss r0rr-s`WW^^G $F  GGG E ~~ lR&7"&<<< }} rEc|tdxr2tdxr'tdtj|dzdzz kDS)a Checks to see if the in-memory cache of certificates is fresh :param cache_length: An integer representing the number of hours the cache is valid for :return: A boolean - True if the cache is up-to-date, False if it needs to be refreshed rrrL)r6r7)r$s r0r2r2KsG w O}% O}% |b7H27M(NNrE)NN)rRTN)N)% __future__rrrrr<r7rrA threading_asn1rr _errorsr errorsr r _win.trust_listr r_mac.trust_list_linux_bsd.trust_list__all__Lockrr3r6rrGrrrrr4rr2rEr0r^sRR %# <<7AA\\XAAG  INN  inn  "#6"78"$7#89"$7#89!#6"78!# "# #$ ) :IXB)J#.!H@<rE