o vh* @sddlmZddlmZmZmZddlmZddlm Z ddl m Z ddd e d e d edfd d ZddZdeejde fddZd e de fddZd edfddZGdddZGdddeZdS)) defaultdict)IterableOptionalSet)x509) ValProcState)PathValidationErrorvalid_policy_treePolicyTreeRootdepthany_policy_uninhibitedreturnc Csd}t}|D]H}|dj}|dkr|}q|||d}d} d} ||dD]} | jdkr2| } || jvr8q)d} | |||hq)| sO| rO| |||hq|rr|rr||dD]} | jD]} | |vrp| | |d| hq`q[t||d}|S)zO Internal method to update the policy tree during RFC 5280 validation. Npolicy_identifier any_policypolicy_qualifiersFrT)setnativeaddat_depth valid_policyexpected_policy_set add_child_prune_policy_tree) certificate_policiesr r r cert_any_policycert_policy_identifierspolicyrrpolicy_id_matchparent_any_policynodeexpected_policy_identifierr"_/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/pyhanko_certvalidator/policy_tree.pyupdate_policy_tree sL       r$cCs0||D] }|js|j|q|jsd}|SN)walk_upchildrenparent remove_child)r r r r"r"r#rGs rmappings proc_statecCs`tt}|D]'}|dj}|dj}||||dks!|dkr-td|d|q|S)z Internal function to process policy mapping extension values into a Python dictionary mapping issuer domain policies to the corresponding policies in the subject policy domain. issuer_domain_policysubject_domain_policyrz(The path could not be validated because z/ contains a policy mapping for the "any policy")rrrrr from_state describe_cert)r*r+ policy_mapmappingr,r-r"r"r#enumerate_policy_mappingsPs   r2policy_mapping_uninhibitedc Cs|D]K\}}|r5d}d}||D]}|jdkr|}|j|kr&d}||_q|s4|r4|j||j|q||D] }|j|krG|j|q:t||d}q|S)z Internal function to apply the policy mapping to the current policy tree in accordance with the algorithm in RFC 5280. FNrTr) itemsrrrr(r qualifier_setr)r) r0r r r3r,subject_domain_policiesissuer_domain_policy_matchrr r"r"r#apply_policy_mappingns0    r8c st|fdd}t|}z.tdd||D}|j}|dus(J|j}|D] }||||hq/||Wn tyIYnwt ||dS)Nc3s:D]}|j}|dks|vr|Vq|j|qdS)Nr)rr(r)) policy_node policy_idacceptable_policiesvalid_policy_node_setr"r#_filter_acceptablesz7prune_unacceptable_policies.._filter_acceptablecss|] }|jdkr|VqdS)rN)r).0r9r"r"r# s z.prune_unacceptable_policies..r) rnodes_in_current_domainnextrr(r5rr) StopIterationr) path_lengthr r<r>valid_and_acceptablefinal_any_policywildcard_parentwildcard_qualsacceptable_policyr"r;r#prune_unacceptable_policiess&     rJc@s`eZdZdZeddZddZddZdd Zd e d fd d Z ddZ d e d fddZ dS)r zH A generic policy tree node, used for the root node in the tree cCst}|||||S)aq Accepts values for a PolicyTreeNode that will be created at depth 0 :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs )r r)clsrr5rrootr"r"r#init_policy_treeszPolicyTreeRoot.init_policy_treecCsd|_g|_dSr%)r(r')selfr"r"r#__init__s zPolicyTreeRoot.__init__cCs"t|||}||_|j|dS)ab Creates a new PolicyTreeNode as a child of this node :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)PolicyTreeNoder(r'append)rNrr5rchildr"r"r#rs zPolicyTreeRoot.add_childcCs|j|dS)zq Removes a child from this node :param child: An instance of PolicyTreeNode N)r'removerNrRr"r"r#r)szPolicyTreeRoot.remove_childrrPccs@t|jD]}|dkr|Vq||dD]}|VqqdS)z Returns a generator yielding all nodes in the tree at a specific depth :param depth: An integer >= 0 of the depth of nodes to yield :return: A generator yielding PolicyTreeNode objects rrN)listr'rrNr rR grandchildr"r"r#rs zPolicyTreeRoot.at_depthccs>t|jD]}|dkr||dD]}|Vq|VqdS)aW Returns a generator yielding all nodes in the tree at a specific depth, or above. Yields nodes starting with leaves and traversing up to the root. :param depth: An integer >= 0 of the depth of nodes to walk up from :return: A generator yielding PolicyTreeNode objects rrN)rUr'r&rVr"r"r#r&s zPolicyTreeRoot.walk_upccs0|jD]}|V|jdkr|EdHqdS)zy Returns a generator yielding all nodes in the tree that are children of an ``any_policy`` node. rN)r'rrArTr"r"r#rA!s  z&PolicyTreeRoot.nodes_in_current_domainN) __name__ __module__ __qualname____doc__ classmethodrMrOrr)rrr&rAr"r"r"r#r s  cs<eZdZdZdedejdeeffdd ZddZ Z S) rPzD A policy tree node that is used for all nodes but the root rr5rcs t||_||_||_dS)a$ :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)superrOrr5r)rNrr5r __class__r"r#rO2s  zPolicyTreeNode.__init__ccs*|}|dur|V|j}|dusdSdSr%)r()rNr r"r"r# path_to_rootHs zPolicyTreeNode.path_to_root) rXrYrZr[strrPolicyQualifierInfosrrOr` __classcell__r"r"r^r#rP-srPN) collectionsrtypingrrr asn1cryptor_statererrorsr intboolr$r PolicyMappingr2r8rJr rPr"r"r"r#s<     =   % 2h