o &zh/@sddlZddlmZddlmZmZmZmZmZddl m Z m Z ddl m Z ddlmZmZmZmZddlmZmZed d Gd d d Zee je jfZGd ddZdS)N) dataclass) FrozenSetIterableIteratorOptionalUnion)cmsx509) AAControls) AuthorityAuthorityWithCertCertTrustAnchor TrustAnchor)get_ac_extension_value get_issuer_dnT)frozenc@s*eZdZUeed< eed< eed<dS)QualifiedPolicyissuer_domain_policy_iduser_domain_policy_id qualifiersN)__name__ __module__ __qualname__str__annotations__ frozensetrrU/var/www/html/kangema/venv/lib/python3.10/site-packages/pyhanko_certvalidator/path.pyrs rc@seZdZUdZdZeeeed<dZ de de e j deefddZed e fd d Zed d Zed eefddZd eefddZd ee j fddZed e j fddZd e efddZdefddZde j defddZde j fddZdefd d!Zd8d"d#Zd$d%Zd eeefd&d'Z d(e!j"d e#fd)d*Z$ed+d,Z%d-d.Z&d/d0Z'd1e#d e(e j fd2d3Z)d4d5Z*d6d7Z+dS)9ValidationPathza Represents a path going towards an end-entity certificate or attribute certificate. N_qualified_policies trust_anchorintermleafcCs*|r|stdt||_||_||_dS)Nz-Leafless paths cannot have intermediate certs) ValueErrorlist_interm_root_leaf)selfr!r"r#rrr__init__1s   zValidationPath.__init__returncC|jSN)r'r)rrrr!=szValidationPath.trust_anchorcCs@|jj}t|tr |jS|jr|jdSt|jtjr|jSdS)a Returns the current beginning of the path - for a path to be complete, this certificate should be a trust root .. warning:: This is a compatibility property, and will return the first non-root certificate if the trust root is not provisioned as a certificate. If you want the trust root itself (even when it doesn't have a certificate), use :attr:`trust_anchor`. :return: The first asn1crypto.x509.Certificate object in the path rN) r' authority isinstancer certificater&r(r Certificate)r)rootrrrfirstAs  zValidationPath.firstcCs.|jdur|jS|jst|jtr|jjSdS)a< Returns the current leaf certificate (AC or public-key). The trust root's certificate will be returned if there is one and there are no other certificates in the path. If the trust root is certificate-less and there are no certificates, the result will be ``None``. N)r(r&r0r'rr1r.rrrr#Xs zValidationPath.leafcCs.|j}t|tjr |jjSt|tjrdSdS)Nz)r#r0r r2subjecthuman_friendlyrAttributeCertificateV2r)r#rrr describe_leafis   zValidationPath.describe_leafcCs|j}t|tjr |SdS)z Returns the current leaf certificate if it is an X.509 public-key certificate, and ``None`` otherwise. :return: N)r#r0r r2r8rrrget_ee_cert_safers zValidationPath.get_ee_cert_safecCs|}|r|St)z Returns the last certificate in the path if it is an X.509 public-key certificate, and throws an error otherwise. :return: The last asn1crypto.x509.Certificate object in the path )r: LookupErrorr)certrrrlasts zValidationPath.lastccs&|jjV|jD]}t|Vq dS)zU Iterate over all authorities in the path, including the trust root. N)r'r/r&r r<rrriter_authoritiess    zValidationPath.iter_authoritiesr=cCsxt|}t|tjr|j}nt|d}|r|djnd}|D]}|j|kr7|j }|r3|r3||kr3q |Sq t d)aK Return the issuer of the cert specified, as defined by this path :param cert: A certificate to get the issuer of :raises: LookupError - when the issuer of the certificate could not be found :return: An asn1crypto.x509.Certificate object of the issuer authority_key_identifierkey_identifierN6Unable to find the issuer of the certificate specified) rr0r r2r@rnativer?namekey_idr;)r)r= issuer_nameakiaki_extr/keyidrrrfind_issuing_authoritys    z%ValidationPath.find_issuing_authoritynew_leafcCst|jtr|jjj|jkrt|jg|dS|j}d}t|D]\}}|j|jkr-|}nq|dur6tdt|j|d|d|dS)a Remove all certificates in the path after the cert specified and return them in a new path. Internal API. :param cert: An asn1crypto.x509.Certificate object to find :param new_leaf: A new leaf certificate to append. :raises: LookupError - when the certificate could not be found :return: The current ValidationPath object, for chaining r"r#Nz(Unable to find the certificate specifiedr ) r0r'rr1 issuer_serialrr& enumerater;)r)r=rKcerts cert_indexindexentryrrrtruncate_to_and_appends  z%ValidationPath.truncate_to_and_appendcCsd}|jj|r|jdkrt|jgddSt|jg|dS|j}t|D]\}}|j|j krD|j r@|j r@|j |j kr?|}nq%|}nq%|durMt dt|j|d|d|dS)a Remove all certificates in the path after the issuer of the cert specified, as defined by this path, and append a new one. Internal API. :param cert: A new leaf certificate to append. :raises: LookupError - when the issuer of the certificate could not be found :return: The current ValidationPath object, for chaining NmayberLrBr )r#) r!r/is_potential_issuer_of self_signedrr'r&rNr5issuerrAr@r;)r)r= issuer_indexrOrQrRrrrtruncate_to_issuer_and_appends*     z,ValidationPath.truncate_to_issuer_and_appendcCs0|jdd}|jr||jt|j||dS)Nr!r"r#)r&r(appendrr')r)r= new_certsrrrcopy_and_append s  zValidationPath.copy_and_appendcCs<t|jdkr t|jdd|jd}}t|j||dS)z Drop the leaf cert from this path and return a new path with the last intermediate certificate set as the leaf. rNrZ)lenr& IndexErrorrr')r) new_intermrKrrrcopy_and_drop_leafs z!ValidationPath.copy_and_drop_leafcCs ||_dSr-r )r)policiesrrr_set_qualified_policies!s z&ValidationPath._set_qualified_policiescCr,r-rcr.rrrqualified_policies$sz!ValidationPath.qualified_policiesattr_idcs>dd|D}tdd|D}|sdStfdd|DS)NcSsg|]}t|qSr)r read_extension_value).0r=rrr (s z3ValidationPath.aa_attr_in_scope..css|]}|duVqdSr-r)rixrrr +sz2ValidationPath.aa_attr_in_scope..Tc3s"|] }|dur|VqdSr-)accept)rictrlrgrrrl5s)anyall)r)rgaa_controls_extensionsaa_controls_usedrroraa_attr_in_scope's zValidationPath.aa_attr_in_scopecCst|j|jr dSdS)Nr r)r_r&r(r.rrrpkix_len=szValidationPath.pkix_lencCs d|jS)Nr )rur.rrr__len__As zValidationPath.__len__cCsX|dkrt|jd}||kr|jdur|jS|j|dSt|jtr(|jjStd)Nrr zRoot has no certificate)r_r&r(r0r'rr1r;)r)keyleaf_ixrrr __getitem__Es zValidationPath.__getitem__ include_rootcCsN|jj}|rt|tr|jfnd}|j}t|tjr|fnd}t ||j |S)z Iterate over the certificates in the path. :param include_root: Include the root (if it is supplied as a certificate) :return: An iterator. r) r'r/r0r r1r(r r2 itertoolschainr&)r)rzr3 from_rootr# from_leafrrr iter_certsTs  zValidationPath.iter_certscCs |jddS)NT)rz)rr.rrr__iter__gs zValidationPath.__iter__cCs2t|tsdS|j|jko|j|jko|j|jkS)NF)r0rr!r&r()r)otherrrr__eq__ls    zValidationPath.__eq__)r+r),rrr__doc__r rrrr_path_aa_controlsrrr r2Leafr*propertyr!r4r#rr9r:r>r r?rJrSrYr]rbrerfrAttCertAttributeTypeboolrtrurvryrrrrrrrrr'sJ       &0    r)r{ dataclassesrtypingrrrrr asn1cryptorr asn1_typesr r/r r rrutilrrrr2r7rrrrrrs