o vh- @s dZddlZddlZddlZddlmZmZmZmZm Z m Z m Z ddl m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZgd ZeeZegd Z egd Z!egd Z"egdZ#de$de e%de%de&fddZ'de$de%fddZ(de ej)ej*fdedej+fddZ,dej)dede%de&fd d!Z-de$d"ej.d#e%fd$d%Z/e d&Z0e d'Z1d(ee0e e1e2ffd)ee0ej3fd*e0d+egee1fde e1e2ff d,d-Z4d.d/Z5d0d1Z6d2d3Z7d4d5Z8de ej)ej*ffd6d7Z9d8d9Z:d:efd;d<Z;dS)=zd Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. N) AwaitableCallableDictIterableOptionalTypeVarUnion)algoscmscoreocsppemx509)DistributionPoint)errors) Authority)get_ac_extension_value) unpack_cert_contentformat_ocsp_requestprocess_ocsp_response_dataqueue_fetch_taskcrl_job_results_as_completedocsp_job_get_earliestcomplete_certificate_fetch_jobsgather_aia_issuer_urls$ACCEPTABLE_STRICT_CERT_CONTENT_TYPESACCEPTABLE_CERT_PEM_ALIASESACCEPTABLE_PKCS7_DER_ALIASESACCEPTABLE_CERT_DER_ALIASES)application/pkix-certapplication/pkcs7-mimeapplication/x-x509-ca-cert application/x-pkcs7-certificates)zapplication/x-pem-filez text/plainapplication/octet-streambinary/octet-stream)r r"r$r%)r!r#r% response_data content_typeurl permit_pemc cst|}|dus|tvrB|sB|durtd|dttj|}|dkr3t ||EdHdS|dkr@t j |VdSdS|t vrR|sRt ||EdHdS|ry|rytj |ddD]\}}}|dkrot ||EdHq]t j |Vq]dStd|d |d ) Nz)Response to certificate fetch request to zi did not include a content type, verifying it's sequence length to check if it is a certificate or pkcs7.rT)multiplePKCS7zFailed to extract certs from z payload. Source URL: .)r detectrloggerwarninglenr Sequenceload_unpack_der_pkcs7r Certificaterunarmor ValueError) r&r'r(r)is_pemder_sequence_length type_name_datar=i/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/common_utils.pyrIs8   r pkcs7_data pkcs7_urlccsvtj|}|dj}|dkrtd|d|d|d}t|dtjr7|dD] }|jdkr6|jVq+dSdS) Nr' signed_dataziExpected CMS SignedData when extracting certs from application/pkcs7-mime payload, but content type was 'z'. Source URL: r-content certificates certificate) r ContentInfor3nativer7 isinstanceCertificateSetnamechosen)r?r@ content_infocms_ctrA cert_choicer=r=r>r4ps&    r4cert authorityreturncCsXt|tjr |j}n|ddj}t|j|}tt d|i|t|j ||d}|S)Nac_info serial_number algorithm)hash_algorithmissuer_name_hashissuer_key_hashrR) rGrr5rRrFgetattrrIr CertIdr DigestAlgorithm public_key)rNrOcertid_hash_algorR iss_name_hashcert_idr=r=r> get_certids    r^r[request_noncesc Csrt|||d}td|i}tdt|gi}|r2tddtt dd}t |g|d<t d |iS) N)r[req_cert request_listnonceF)extn_idcritical extn_valuerequest_extensions tbs_request) r^r Request TBSRequestRequestsTBSRequestExtensionr OctetStringosurandomTBSRequestExtensions OCSPRequest)rNrOr[r_r]requestrhnonce_extensionr=r=r>rs( r ocsp_requestocsp_urlcCs|ztj|}Wn tytdw|dj}|dkr'td||f|j}|r<|j}|r<|j|jkrrs(   rTRresults running_jobstag async_func sPz||}tdt|dt|WStyYnwz(||}tdt|d|IdHtdt|dt||WStytdt|dt||<}z|IdH}Wn!ty}ztd t|d ||}WYd}~nd}~ww|||<td t|d ||=| t|YSw) NzResult for fetch job with tag z was available in cache.zWaiting for fetch job with tag z to return...z,Received completion signal for job with tag r-z Starting new fetch job with tag z...zNew fetch job with tag z threw an exception: z returned.) r/debugrepr_return_or_raiseKeyErrorwaitasyncioEvent Exceptionset)rrrrresult wait_eventer=r=r>rsH     rcCst|tr||SN)rGr)rr=r=r>rs rc Cstd}d}tt|D]!}z |IdH}|VWq tjy-}z|}WYd}~q d}~ww|dur6|s8|dSdS)NF)r as_completedlistr CRLFetchError)jobslast_eat_least_one_successcrl_job fetched_crlrr=r=r>rs   rcs<tj|}|z|IdHWdStjyYdSwr)rgathercancelCancelledError) pending_taskspendingr=r=r> cancel_all#s rc sdd|D}d}}|r?tj|tjdIdH\}}|D]}z|IdH}Wntjy<}z|}WYd}~qd}~ww|s|durLt|IdH|S|pRtd)NcSsg|]}t|qSr=)r create_task).0coror=r=r> -sz)ocsp_job_get_earliest..) return_whenzNo OCSP results)rrFIRST_COMPLETEDrryr)rqueue ocsp_resprdoneocsp_jobrr=r=r>r,s(  rccsrt|tjr |j}nt|d}|durdS|D]}|djdkr6|d}|jdkr+q|j}|dr6|VqdS)Nauthority_information_access access_method ca_issuersaccess_locationuniform_resource_identifierhttp)rGrr5"authority_information_access_valuerrFrI startswith)rN aia_valueentrylocationr(r=r=r>r@s     rc Csnt|D].}z|IdH}Wntjy+}ztd|dWYd}~qd}~ww|D]}|Vq.qdS)Nz8Error during certificate fetch job, skipping... (Error: ))rrrCertificateFetchErrorr/r0) fetch_jobs fetch_job certs_fetchedrrNr=r=r>rSs" rdistribution_pointccsL|d}|jdkr dS|jD]}|jdkr#|j}|dr#|VqdS)Nr full_namer)zhttp://zhttps://)rIrJrFlowerr)rrI general_namer(r=r=r>enumerate_delivery_point_urlsas   r)<__doc__rloggingrntypingrrrrrrr asn1cryptor r r r r rasn1crypto.x509rrrOrutilr__all__ getLogger__name__r/ frozensetrrrrbytesstrboolrr4r5AttributeCertificateV2rXr^rrqrrrrrrrrrrrrrr=r=r=r>s$           '  #    1