o &zh @sddlZddlZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZmZmZdd lmZd gZeeZd edefddZ  dd edededeedeedef dd ZdS)N)datetimetimezone)Optional)CertValidationPolicySpecValidationDataHandlers)ValidationError)PastValidatePrecheckFailureTimeSlideFailure) time_slide)ValidationTimingInfo)ValidationPath) NO_REVOCATIONAcceptAllAlgorithmsCertRevTrustPolicy)async_validate_path past_validatepathvalidation_policy_specc st|jdd}tdd|D}tdd|D}||kr#tdt||dd}tj|tt d t d j |dd }z t |||j IdHWdStyY}ztd |d}~ww) NF) include_rootcs|]}|jVqdSN)not_valid_before.0cr^/var/www/html/kangema/venv/lib/python3.10/site-packages/pyhanko_certvalidator/ltv/ades_past.py (z*_past_validate_precheck..csrr)not_valid_afterrrrrr)rz`The intersection of the validity periods of the certificates in the path is empty or degenerate.Tvalidation_timebest_signature_timepoint_in_time_validation)revocation_checking_policy)revinfo_policyalgorithm_usage_policy timing_infohandlersz\Elementary path validation routine failed during pre-check for past point-in-time validation)list iter_certsmaxminrr dataclassesreplacerr rbuild_validation_contextrpkix_validation_paramsr)rrcerts lower_bound upper_boundref_timevalidation_contexterrr_past_validate_prechecksH r8validation_data_handlersinit_control_timer"returnc st||IdHz'|ptjtjd}t|||j|j|j|j dIdH}t d| |Wnt yF}z td| |d}~wwt||pL|dd}|j||d}t|||jd IdH|S) u Execute the ETSI EN 319 102-1 past certificate validation algorithm against the given path (ETSI EN 319 102-1, § 5.6.2.1). Instead of merely evaluating X.509 validation constraints, the algorithm will perform a full point-in-time reevaluation of the path at the control time mandated by the specification. This implies that a caller implementing the past signature validation algorithm no longer needs to explicitly reevaluate CA certificate revocation times and/or algorithm constraints based on POEs. .. warning:: This is incubating internal API. :param path: The prospective validation path against which to execute the algorithm. :param validation_policy_spec: The validation policy specification. :param validation_data_handlers: The handlers used to manage collected certificates,revocation information and proof-of-existence records. :param init_control_time: Initial control time; defaults to the current time. :param best_signature_time: Usage time to use in freshness computations. :return: The control time returned by the time sliding algorithm. Informally, the last time at which the certificate was known to be valid. N)tz)r:rev_trust_policyalgo_usage_policytime_tolerancerevinfo_managerzAAdES time slide yields %s as the control time for path with leaf zKFailed to get control time for point-in-time validation for path with leaf Tr r') parameters)r8rnowrutcr r%r&r?r@loggerinfo describe_leafrr r r0rr1) rrr9r:r" control_timer7r5r6rrrrLsZ&   )NN) r.loggingrrtypingrpyhanko_certvalidator.contextrrpyhanko_certvalidator.errorsr pyhanko_certvalidator.ltv.errorsrr $pyhanko_certvalidator.ltv.time_slider pyhanko_certvalidator.ltv.typesr pyhanko_certvalidator.pathr !pyhanko_certvalidator.policy_declr rrpyhanko_certvalidator.validater__all__ getLogger__name__rDr8rrrrrsD        2