o vh^"@sddlZddlmZddlmZddlmZmZddlm Z ddl m Z edd Gd d d Z Gd d d ej ZGdddZdejde fddZGdddeZGdddeZGdddeZdS)N) dataclass)Optional)keysx509)process_general_subtrees)PKIXValidationParamsT)frozenc@sFeZdZUdZdZeded< dZeeed< dZ eeed<dS)TrustQualifierszY .. versionadded 0.20.0 Parameters that allow a trust root to be qualified. Nrstandard_parametersmax_path_lengthmax_aa_path_length) __name__ __module__ __qualname____doc__r r__annotations__r intr rr]/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/pyhanko_certvalidator/authority.pyr s r c@s~eZdZdZedejfddZedej fddZ eddZ d d Z d d Z edeefd dZdejdefddZdS) AuthorityzM .. versionadded:: 0.20.0 Abstract authority, i.e. a named key. returncCt)z' The authority's name. NotImplementedErrorselfrrrname/zAuthority.namecCr)z- The authority's public key. rrrrr public_key6rzAuthority.public_keycCr)zm A hashable unique identifier of the authority, used in ``__eq__`` and ``__hash__``. rrrrrhashable=szAuthority.hashablecC t|jSN)hashr rrrr__hash__E zAuthority.__hash__cCst|tsdS|j|jkSNF) isinstancerr rotherrrr__eq__Hs  zAuthority.__eq__cCr)z Key ID as (potentially) referenced in an authorityKeyIdentifier extension. Only used to eliminate non-matching trust anchors, never to retrieve keys or to definitively identify trust anchors. rrrrrkey_idNszAuthority.key_idcertcCs0|j|jkrdS|jr|jr|j|jkrdSdS)z Function to determine whether this trust root could potentially be an issuer of a given certificate. This function is used during path building. :param cert: The certificate to evaluate. FT)issuerrauthority_key_identifierr+rr,rrris_potential_issuer_ofWs   z Authority.is_potential_issuer_ofN)rrrrpropertyrNamerr PublicKeyInforr r$r*rbytesr+ Certificateboolr0rrrrr(s rc@s^eZdZdZ ddedeefddZedefdd Z edefd d Z d d Z ddZ dS) TrustAnchorz Abstract trust root. A trust root is an authority with trust qualifiers. Equality of trust roots reduces to equality of authorities. N authorityqualscC||_||_dSr") _authority_quals)rr8r9rrr__init__ns zTrustAnchor.__init__rcC|jSr")r;rrrrr8tzTrustAnchor.authoritycCs |jptS)z0 Qualifiers for the trust root. )r<r rrrrtrust_qualifiersxs zTrustAnchor.trust_qualifierscCst|to |j|jkSr")r'r7r;r(rrrr*s  zTrustAnchor.__eq__cCr!r")r#r;rrrrr$r%zTrustAnchor.__hash__r") rrrrrrr r=r1r8r@r*r$rrrrr7hs  r7r,rc Csd}d}}|jdur,d}|j}|d}t|tjrt|}|d}t|tjr,t|}d}|jdurAd}|j}tdd|D}d} |rTt|pLtdg|du||d } t|j | d S) a Extract trust qualifiers from data and extensions of a certificate. .. note:: Recall that any property of a trust root other than its name and public key are in principle irrelevant to the PKIX validation algorithm itself. This function is merely a helper function that allows the certificate's other data to be conveniently gathered to populate the default validation parameters for paths deriving from that trust root. :param cert: The certificate from which to extract qualifiers (usually a self-signed one) :return: A :class:`TrustQualifiers` object with the extracted qualifiers. FNTpermitted_subtreesexcluded_subtreescSsg|]}|djqS)policy_identifier)dotted).0pol_inforrr sz*derive_quals_from_cert.. any_policy)user_initial_policy_setinitial_explicit_policyinitial_permitted_subtreesinitial_excluded_subtrees)r r ) name_constraints_valuer'rGeneralSubtreesrcertificate_policies_value frozensetrr r ) r, ext_foundrArBnc_ext permitted_val excluded_valacceptable_policies policies_valparamsrrrderive_quals_from_certs:       rXcseZdZdZdejfddZedejfddZ edd Z ed d Z ede e fd d ZedejfddZdejffdd ZZS)AuthorityWithCertzz .. versionadded:: 0.20.0 Authority provisioned as a certificate. :param cert: The certificate. r,cCs ||_dSr"_certr/rrrr=r%zAuthorityWithCert.__init__rcC|jjSr")r[subjectrrrrrzAuthorityWithCert.namecCr\r")r[rrrrrrr^zAuthorityWithCert.public_keycCs|j}|jj|jfSr")r[r]r rdumpr/rrrr szAuthorityWithCert.hashablecCr\r")r[key_identifierrrrrr+r^zAuthorityWithCert.key_idcCr>r"rZrrrr certificater?zAuthorityWithCert.certificatecs,t|sdS|jr|j|jjkrdSdS)NFT)superr0authority_issuer_serialr[ issuer_serialr/ __class__rrr0s z(AuthorityWithCert.is_potential_issuer_of)rrrrrr5r=r1r2rrr rr4r+rar0 __classcell__rrrerrYs   rYcs`eZdZdZ  ddejdeedeffdd Z e d ejfd d Z e d efd d Z Z S)CertTrustAnchora .. versionadded:: 0.20.0 Trust anchor provisioned as a certificate. :param cert: The certificate, usually self-signed. :param quals: Explicit trust qualifiers. :param derive_default_quals_from_cert: Flag indicating to derive default trust qualifiers from the certificate content if explicit ones are not provided. Defaults to ``False``. NFr,r9derive_default_quals_from_certcs&t|}||_t||||_dSr")rYr[rbr=_derive)rr,r9rir8rerrr=s zCertTrustAnchor.__init__rcCr>r"rZrrrrrar?zCertTrustAnchor.certificatecCs0|jdur|jS|jrt|j|_}|StSr")r<rjrXr[r )rr9rrrr@ s z CertTrustAnchor.trust_qualifiersr&)rrrrrr5rr r6r=r1rar@rgrrrerrhs rhc@sheZdZdZdejdejfddZe dejfddZ e d d Z e de e fd d Ze d dZdS)NamedKeyAuthorityz Authority provisioned as a named key. :param entity_name: The name of the entity that controls the private key of the trust root. :param public_key: The trust root's public key. entity_namercCr:r")_name _public_key)rrlrrrrr= s zNamedKeyAuthority.__init__rcCr>r")rmrrrrr$r?zNamedKeyAuthority.namecCr>r")rnrrrrr(r?zNamedKeyAuthority.public_keycCsdSr"rrrrrr+,szNamedKeyAuthority.key_idcCs|jj|jfSr")rmr rnr_rrrrr 0szNamedKeyAuthority.hashableN)rrrrrr2rr3r=r1rrrr4r+r rrrrrks  rk)abc dataclassesrtypingr asn1cryptorr name_treesr policy_declrr ABCrr7r5rXrYrhrkrrrrs    @!9+)