o vh@sddlZddlZddlmZddlmZddlmZmZmZddl m Z m Z ddl m Z mZddlmZddlmZmZdd lmZmZmZmZmZdd lmZmZmZmZmZm Z dd l!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'dd l(m)Z)ddl*m+Z+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6ddl7m8Z8ddl9m:Z:m;Z;mZ>gdZ?e@eAZBdee jCfddZDdeefddZEde jCdeFfddZGGdddZHedd d!gZI d"edeeIfd#d$ZJd%eHfd&d'ZKd(eHd)e)d*eLfd+d,ZMd-d.ZN      / dde;fd7d8ZO   /d=d(eHd9ee'd3eed5eLde:f d:d;ZPdS)>N) namedtuple)datetime)ListOptionalUnion)cmsx509)genericmisc)pdf_name) PdfFileReaderprocess_data_at_eof)DEFAULT_DIFF_POLICY DiffPolicy DiffResultModificationLevelSuspiciousModification) FieldMDPSpecMDPPermSeedLockDocumentSigSeedSubFilterSigSeedValFlagsSigSeedValueSpec)SignedDataCertsUnacceptableSignerErrorbyte_range_digestextract_signer_info)ValidationContext)ValidationPath)SignatureValidationErrorSigSeedValueValidationErrorValidationInfoReadingError)cms_basic_validationcollect_signer_attr_statuscollect_timing_infocompute_signature_tst_digestextract_certs_for_validationextract_self_reported_tsextract_tst_datavalidate_tst_signed_data)KeyUsageConstraints)DocumentTimestampStatusPdfSignatureStatusSignatureCoverageLevel)CMSAlgorithmUsagePolicy)EmbeddedPdfSignature DocMDPInforead_certification_dataasync_validate_pdf_signatureasync_validate_pdf_timestampreport_seed_value_validationextract_contentsreturncCsLz|d}Wn tyYdSw|D]}|}|d|kr#|SqdS)Nz /Referencez/TransformMethod)KeyError get_object) signature_objmethodsig_refsrefr>b/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/pyhanko/sign/validation/pdf_embedded.py_extract_reference_dictIs   r@c CsVt|d}|dur dSz |dd}t|WSttfy*}ztd|d}~ww)N/DocMDP/TransformParams/Pz#Failed to read document permissions)r@raw_getr ValueErrorr8r )r:r= raw_permser>r>r?_extract_docmdp_for_sigWs  rH sig_objectcCsRz |jdtjjd}Wn tytdwt|tjtj fs&td|j S)z Internal function to extract the (DER-encoded) signature bytes from a PDF signature dictionary. :param sig_object: A signature dictionary. :return: The extracted contents as a byte string. z /Contents)decryptz+Could not read /Contents entry in signaturez/Contents must be string-like) rDr EncryptedObjAccessRAWr8r PdfReadError isinstanceTextStringObjectByteStringObjectoriginal_bytes)rI cms_contentr>r>r?r6ds     r6c@seZdZUdZejed< ejed< ejed< de dejde fddZ d e fd d Z ed eejfd d Zed eejfddZed ejfddZed ejfddZeddZed eefddZed eejfddZd1ddZd efddZed ee fd d!Z!ed ee"fd"d#Z#ed ee$fd$d%Z%d e&fd&d'Z'd ee&fd(d)Z(d e)fd*d+Z*d,d-Z+d.e,d e-e.e/ffd/d0Z0dS)2r0zA Class modelling a signature embedded in a PDF document. sig_fieldrI signed_datareaderfq_namec Csf||_t|tjr |}||_|d}||_}t|tjs$Jz|d|_ Wn t y8t dwt ||_}tj|}|d}||_t||_d|_|jd} | dj|_|d} | dj} | d krt|j|_n| d kr| djd } | d dj|_|jj|j|_d|_d|_ d|_!d|_"d|_#d |_$|_%d|_&d|_'d |_(||_)dS)Nz/Vz /ByteRangez,Could not read /ByteRange entry in signaturecontentdigest_algorithm algorithmencap_content_info content_typedatatst_infomessage_imprinthash_algorithmF)*rUrNr IndirectObjectr9rSrDrIDictionaryObject byte_ranger8r rMr6 pkcs7_contentr ContentInfoloadrTr signer_info _sd_cert_infonativelower md_algorithmexternal_md_algorithmparsedxrefsget_last_change referencesigned_revisioncoverageexternal_digest total_len_docmdp _fieldmdp_docmdp_queried_fieldmdp_queriedtst_signature_digest diff_result_integrity_checkedrV) selfrUrSrVsig_object_refrIrRmessagerT digest_algoecir[mir>r>r?__init__s\          zEmbeddedPdfSignature.__init__r7cCs|jdur t|j|_|jS)N)rgr'rTr{r>r>r?_init_cert_infos  z$EmbeddedPdfSignature._init_cert_infocCt|jS)z2 Embedded attribute certificates. )listrattribute_certsrr>r>r?embedded_attr_certsz(EmbeddedPdfSignature.embedded_attr_certscCr)zQ Embedded X.509 certificates, excluding than that of the signer. )rr other_certsrr>r>r?other_embedded_certsrz)EmbeddedPdfSignature.other_embedded_certscCs |jS)z, Certificate of the signer. )r signer_certrr>r>r?rs z EmbeddedPdfSignature.signer_certcCs|jdtdS)a Returns the type of the embedded signature object. For ordinary signatures, this will be ``/Sig``. In the case of a document timestamp, ``/DocTimeStamp`` is returned. :return: A PDF name object describing the type of signature. z/Type/Sig)rIgetr rr>r>r?sig_object_types z$EmbeddedPdfSignature.sig_object_typecCs|jS)zC :return: Name of the signature field. )rVrr>r>r? field_nameszEmbeddedPdfSignature.field_namecCsJt|j}|dur |Sz|jd}tj||jjdWSty$YdSw)z :return: The signing time as reported by the signer, if embedded in the signature's signed attributes or provided as part of the signature object in the PDF document. Nz/M)strict)r(rfrIr parse_pdf_daterUrr8)r{tsst_as_pdf_dater>r>r?self_reported_timestamps   z,EmbeddedPdfSignature.self_reported_timestampcCs t|jS)z :return: The signed data component of the timestamp token embedded in this signature, if present. )r)rfrr>r>r?attached_timestamp_data"s z,EmbeddedPdfSignature.attached_timestamp_dataNFcCsD|||||_|pt}|s|||_d|_dS)a Compute the various integrity indicators of this signature. :param diff_policy: Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`. :param skip_diff: If ``True``, skip the difference analysis step entirely. TN) _enforce_hybrid_xref_policycompute_digestcompute_tst_digestevaluate_signature_coveragerqrevaluate_modificationsryrz)r{ diff_policy skip_diffr>r>r?compute_integrity_info+s    z+EmbeddedPdfSignature.compute_integrity_infocCs|jstd|j}|j}|j}d}|dur2t|tr|jntj }|tj kp/|duo/|j |j k }n |t j kr<|t j k}|||d}|S)a Compile the integrity information for this signature into a dictionary that can later be passed to :class:`.PdfSignatureStatus` as kwargs. This method is only available after calling :meth:`.EmbeddedPdfSignature.compute_integrity_info`. zGCall compute_integrity_info() before invokingsummarise_integrity_info()N)rq docmdp_okry)rzr docmdp_levelryrqrNrmodification_levelrOTHERvaluer.ENTIRE_REVISION ENTIRE_FILE)r{docmdpryrqr mod_level status_kwargsr>r>r?summarise_integrity_infoDs.    z-EmbeddedPdfSignature.summarise_integrity_infocCs.z|jd}Wn tyYdSwt|S)Nz/SV)rSr8rfrom_pdf_object)r{ sig_sv_dictr>r>r?seed_value_specqs   z$EmbeddedPdfSignature.seed_value_speccCs^|jr|jSt|jd}|dur'z |jd}t|d}Wn ty&Ynw||_d|_|S)av :return: The document modification policy required by this signature or its Lock dictionary. .. warning:: This does not take into account the DocMDP requirements of earlier signatures (if present). The specification forbids signing with a more lenient DocMDP than the one currently in force, so this should not happen in a compliant document. That being said, any potential violations will still invalidate the earlier signature with the stricter DocMDP policy. )r:Nz/LockrCT)rvrtrHrIrSrr8)r{r lock_dictr>r>r?rys   z!EmbeddedPdfSignature.docmdp_levelc Csn|jr|jSt|jd}d|_|durdSz t|d}Wnttfy1}ztd|d}~ww||_|S)z :return: Read the field locking policy of this signature, if applicable. See also :class:`~.pyhanko.sign.fields.FieldMDPSpec`. z /FieldMDPTNrBz!Failed to read /FieldMDP settings) rwrur@rIrrrEr8r )r{ref_dictsprGr>r>r?fieldmdps$ zEmbeddedPdfSignature.fieldmdpcCs6|jdur|jSt|jj|j|jd\|_}||_|S)z Compute the ``/ByteRange`` digest of this signature. The result will be cached. :return: The digest value. N)rbrj)rrrrUstreamrbrkrsr{digestr>r>r?rs  z#EmbeddedPdfSignature.compute_digestcCs$|jdur|jSt|j|_}|S)a Compute the digest of the signature needed to validate its timestamp token (if present). .. warning:: This computation is only relevant for timestamp tokens embedded inside a regular signature. If the signature in question is a document timestamp (where the entire signature object is a timestamp token), this method does not apply. :return: The digest value, or ``None`` if there is no timestamp token. N)rxr&rfrr>r>r?rs  z'EmbeddedPdfSignature.compute_tst_digestcCs |jj}|jj}t|jdks|jddkrtjS|j\}}}}|dtj t|j dd}|||}| |k} | rAtj S|||k} | sLtjS|||j } zt|} || } | | krftjWSWn tjyttjYSwt| dD]}||}|j|krtjSq{tjS)z Internal method used to evaluate the coverage level of a signature. :return: The coverage level of the signature. rr)rUrmrlenrbr.UNCLEARseekosSEEK_ENDrctellrrpr get_startxref_for_revisionCONTIGUOUS_BLOCK_FROM_STARTr rMrangeget_xref_container_info end_locationr)r{ xref_cacher_len1start2len2embedded_sig_contentsigned_zone_len file_covered contiguous signed_rev startxrefexpectedrevision xref_metar>r>r?rs>         z0EmbeddedPdfSignature.evaluate_signature_coveragecCs$|j}|jr|jjrtddSdS)NzJSettings do not permit validation of signatures in hybrid-reference files.)rUrrmhybrid_xrefs_presentr )r{rUr>r>r?r"s z0EmbeddedPdfSignature._enforce_hybrid_xref_policyrcCsH|jtjkr tdS|jtjkrttjtS|j |j |j |j |j dS)zY Internal method used to evaluate the modification level of a signature. z$Nonstandard signature coverage level)field_mdp_specdoc_mdp)rqr.rrrrrNONEset review_filerUrprr)r{rr>r>r?r*s  z+EmbeddedPdfSignature.evaluate_modifications)NF)1__name__ __module__ __qualname____doc__r ra__annotations__r SignedDatar strrrrpropertyrAttributeCertificateV2rr Certificaterr NameObjectrrrrrrrdictrrrrrrrbytesrrr.rrrrrrrr>r>r>r?r0s^     L  -H r0r1 permission author_sigrUcCs:z |jdd}Wn tyYdSwt|}t||S)z Read the certification information for a PDF document, if present. :param reader: Reader representing the input document. :return: A :class:`.DocMDPInfo` object containing the relevant data, or ``None``. /PermsrAN)rootr8rHr1)rUcertification_sigpermr>r>r?r2Gs   r2emb_sigc Cs|j}|dur dS|j}|jdur,z |j||Wnty+}zt||d}~ww|s5|jr5td|j}|jdur|j }z|j j d}| d} | |j k} Wnttjtfycd} Ynw|| kr{dd} td| |d| | d |r|jj} |j} | | krtd | d | d |j}|sdS|d }t|}|tj@r|jdur|jstd|jd}|dur||krtd|j|jf|tj@r|jdurtd|tj@r|j durtd|tj!@r|j"dur|j} |j"t#j$kr| t%j&krtd|j"t#j'kr| t%j&krtd|j(}|tj)@rp|j*durpddl+m,}z||d}Wn t-yAd}Ynw|j*|kr^td|j*rPdnd|rYdfdf|j*rp|tj.krptdtj.j|tj/@r|j0dur|j12}||j0vrtd||tj3@r|j4pg}| p|dgk}|5d}|r|durtd|s||vrtd|fdSdSdS) NznThe seed value dictionary requires a trusted timestamp, but none was found, or the timestamp did not validate.rrAFcSs |rdSdS)Nza certificationz an approvalr>)certifyr>r>r?_typexs z'_validate_sv_constraints.._typezPThe seed value dictionary's /MDP entry specifies that this field should contain z signature, but z appears to have been used.zaThe seed value dictionary specified that this certification signature should use the MDP policy 'z', but 'z' was used in the signature. /SubFilterzPThe signature encodings mandated by the seed value dictionary are not supported.rzVThe seed value dictionary mandates subfilter '%s', but '%s' was used in the signature.zThe signature's seed value dictionary specifies the /AppearanceFilter entry as mandatory, but this constraint is impossible to validate.zpyHanko does not support legal attestations, but the seed value dictionary mandates that they be restricted to a specific subset.zr>r?_validate_sv_constraintsYs"                          r  embedded_sigrrc Cs^z t|||dd}Wnty&}ztjd|d|}WYd}~nd}~ww|jdu|dS)a Internal API function to enforce seed value constraints (if present) and report on the result(s). :param embedded_sig: The embedded signature. :param validation_path: The validation path for the signer's certificate. :param timestamp_found: Flag indicating whether a valid timestamp was found or not. :return: A ``status_kwargs`` dict. )rNzError in seed value validation.)exc_info)has_seed_valuesseed_value_constraint_error)r r!rrr)r!rrsv_errrGr>r>r?r5sr5cCsHzddlm}|||v}Wn tyd}Ynw|s"t||dS)Nr)rF)pyhanko.sign.fieldsrrEr ) subfilter_strpermitted_subfilterserr_msgr subfilter_okr>r>r?_validate_subfilter$s   r+Fsigner_validation_contextts_validation_contextac_validation_contextrkey_usage_settingsralgorithm_policycsJ|j}|jdkr td|dd} t| tjtjfd|dur#|}|j||d| } t |j || dIdH} | | d| vrO|j} | durO| | d<t|}t|j|j|| ||d IdH} | d d} | duor| jor| j}t|| d |}| ||dur|j|j| t|j|j||j d d IdHtdi| S)a  .. versionadded:: 0.9.0 .. versionchanged: 0.11.0 Added ``ac_validation_context`` param. Validate a PDF signature. :param embedded_sig: Embedded signature to evaluate. :param signer_validation_context: Validation context to use to validate the signature's chain of trust. :param ts_validation_context: Validation context to use to validate the timestamp's chain of trust (defaults to ``signer_validation_context``). :param ac_validation_context: Validation context to use to validate attribute certificates. If not supplied, no AC validation will be performed. .. note:: :rfc:`5755` requires attribute authority trust roots to be specified explicitly; hence why there's no default. :param diff_policy: Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`. :param key_usage_settings: A :class:`.KeyUsageConstraints` object specifying which key usages must or must not be present in the signer's certificate. :param skip_diff: If ``True``, skip the difference analysis step entirely. :param algorithm_policy: The algorithm usage policy for the signature validation. .. warning:: This is distinct from the algorithm usage policy used for certificate validation, but the latter will be used as a fallback if this parameter is not specified. It is nonetheless recommended to align both policies unless there is a clear reason to do otherwise. :return: The status of the PDF signature in question. rz"Signature object type must be /SigrNz4%s is not a recognized SubFilter type in signatures.rr) raw_digestsigner_reported_dt)r2validation_contextrr/r0timestamp_validityr signed_attrs)sd_attr_certificatesrr4sd_signed_attrsr>)rIrr rr+rr PADESrrr%rfrupdaterr-default_usage_constraintsr#rTrrvalidtrustedr5certificate_registryregister_multiplerr$rr)r!r,r-r.rr/rr0rIr'rts_status_kwargsr3 tst_validityr sv_updater>r>r?r30sr9        r3r4csz|jdkr td|jdd}t|tjfd|j||dt|j || IdH}|j |d<|j |d<t d i|S) a{ .. versionadded:: 0.9.0 Validate a PDF document timestamp. :param embedded_sig: Embedded signature to evaluate. :param validation_context: Validation context to use to validate the timestamp's chain of trust. :param diff_policy: Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`. :param skip_diff: If ``True``, skip the difference analysis step entirely. :return: The status of the PDF timestamp in question. z /DocTimeStampz+Signature object type must be /DocTimeStamprNz5%s is not a recognized SubFilter type for timestamps.r1rqryr>)rr rIrr+r ETSI_RFC3161rr*rTrrqryr,)r!r4rrr'rr>r>r?r4s,   r4)NNNNNFN)NNF)Qloggingr collectionsrrtypingrrr asn1cryptorrpyhanko.pdf_utilsr r pyhanko.pdf_utils.genericr pyhanko.pdf_utils.readerr r pyhanko.sign.diff_analysisrrrrrr&rrrrrrpyhanko.sign.generalrrrrpyhanko_certvalidatorrpyhanko_certvalidator.pathrerrorsr r!r" generic_cmsr#r$r%r&r'r(r)r*settingsr+statusr,r-r.utilsr/__all__ getLoggerrrrar@rHrr6r0r1r2r boolr5r+r3r4r>r>r>r?s      (     C + ! }