o vhW@s|ddlmZddlmZmZddlmZddlmZm Z m Z ddl m Z de de defd d Zed d Gd ddeZdS)) dataclass)OptionalSet)x509)ConfigurableMixinprocess_bit_string_flags process_oids)InvalidCertificateErrorrequiredpresentneed_allcCs|r|| St||@SN)bool)r r r r^/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/pyhanko/sign/validation/settings.py _match_usagess  rT)frozencseZdZUdZdZeeeed< dZ eeeed< dZ eeeed< dZ e ed< dZ e ed < d ejfd d Zd dZddZefddZZS)KeyUsageConstraintsa5 Convenience class to pass around key usage requirements and validate them. Intended to be flexible enough to handle both PKIX and ISO 32000 certificate seed value constraint semantics. .. versionchanged:: 0.6.0 Bring extended key usage semantics in line with :rfc:`5280` (PKIX). N key_usagekey_usage_forbiddenextd_key_usageT explicit_extd_key_usage_requiredFmatch_all_key_usagescertcCs||j||jdSr )_validate_key_usagekey_usage_value_validate_extd_key_usageextended_key_usage_value)selfrrrrvalidatefs zKeyUsageConstraints.validatecCs|jsdS|jp t}|jpt}|durt|jnt}||@}|r5tdd|}tdd|d|j}t|||sWtdd|}td|rKdnd d d|d dS) NcS |ddSN_ replacesrrrz z9KeyUsageConstraints._validate_key_usage..zBThe active key usage policy explicitly bans certificates used for , .cSr r!r$r&rrrr(r)z%The active key usage policy requires zat least one of zthe key usage extensions z to be present.) rsetrnativemapr joinrr)rkey_usage_extension_valuerrcert_ku forbidden_ku rephrased need_all_kurrrrjs6     z'KeyUsageConstraints._validate_key_usagecCs|jdurdS|du}|rt|jnt}d|vr|jsdS|jp#t}|s/|jr-tddSt||ddsR|rItdd|}dd|d }nd }td |dS) Nany_extended_key_usagezEThe active key usage policy requires an extended key usage extension.F)r cSr r!r$r&rrrr(r)z>KeyUsageConstraints._validate_extd_key_usage..zRelevant key purposes are r*r+z,There are no acceptable extended key usages.zfThe extended key usages for which this certificate is valid do not match the active key usage policy. )rr-r.rr rr/r0)reku_extension_valuehas_extd_key_usage_extcert_ekurr4ok_listrrrrs6  z,KeyUsageConstraints._validate_extd_key_usagec szt|dD]}||d}|dur#tttj||dd||<q|dd}|dur;tttj |d|d<dSdS)N)rrr"-rzextd-key-usage) superprocess_entriesgetr-rrKeyUsager%r KeyPurposeId)cls config_dictkey_usage_settaffected_flagsr __class__rrr=s(     z#KeyUsageConstraints.process_entries)__name__ __module__ __qualname____doc__rrrstr__annotations__rrrrrr Certificaterrr classmethodr= __classcell__rrrErrs"      #rN) dataclassesrtypingrr asn1cryptorpyhanko.config.apirrrpyhanko_certvalidator.errorsr r-rrrrrrrs