o &zhl7 @sddlZddlZddlmZddlmZddlmZmZmZm Z m Z ddl m Z m Z mZddlmZddlmZmZddlmZmZmZgd ZGd d d ejZed d GdddZGdddeejZe dedZdeedeefddZddZ deedeedededef ddZ!deej"fd d!Z#ed d Gd"d#d#eZ$ed d Gd$d%d%eZ%e e&e j'e%fZ(e e&ej)e$fZ*d&ee(dee%fd'd(Z+d)ee*dee$fd*d+Z,dS),N) dataclass)datetime)IterableListOptionalTypeVarUnion)algoscrlocsp) type_name)IssuedItemContainerValidationTimingParams)#FRESHNESS_FALLBACK_VALIDITY_DEFAULTCertRevTrustPolicyFreshnessReqType)RevinfoUsabilityRatingRevinfoUsabilityRevinfoContainer OCSPContainer CRLContainersort_freshest_firstprocess_legacy_crl_inputprocess_legacy_ocsp_inputc@sJeZdZdZeZ eZ eZ eZ e de fddZ dS)rzz Description of whether a piece of revocation information is considered usable in the circumstances provided. returncCs|tjtjfvS)zs Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. )rOKTOO_NEWselfra/var/www/html/kangema/venv/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/archival.py usable_ades=sz"RevinfoUsabilityRating.usable_adesN) __name__ __module__ __qualname____doc__enumautorSTALErUNCLEARpropertyboolr!rrrr rsrT)frozenc@s,eZdZUdZeed< dZeeed<dS)rz` Usability rating and cutoff date for a particular piece of revocation information. ratingNlast_usable_at) r"r#r$r%r__annotations__r.rrrrrr rJs rc@s>eZdZdZdededefddZede e j fddZ d S) rz< A container for a piece of revocation information. policy timing_paramsrcCt)af Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. NotImplementedError)rr0r1rrr usable_atbszRevinfoContainer.usable_atcCr2)z Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. r3rrrr revinfo_sig_mechanism_usedrsz+RevinfoContainer.revinfo_sig_mechanism_usedN) r"r#r$r%rrrr5r*rr SignedDigestAlgorithmr6rrrr r]s r RevInfoType)boundlstrcCsdtfdd}t||ddS)aV Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. containercSs|j}|du|fSN) issuance_date)r;dtrrr _keys z!sort_freshest_first.._keyT)keyreverse)rsorted)r:r?rrr rs  rcCs>|j}|dur|dur||kr||}|durt||}|Sr<) freshnessabs)r0 this_update next_updatetime_tolerancefreshness_deltarrr _freshness_deltas rIrErFr0r1c Cs&|dur ttjS|j}|j}|jtjkr8t||||}|dur%ttjS|j }|||kr7ttj ||dSnV|jtj kr^t||||}|durNttjS|||kr]ttj ||dSn0|jtj kr|durl|t }|j}|s||||kr|ttjS|||krttj ||dSntttjS)N)r.)rrr)validation_timerGfreshness_req_typerTIME_AFTER_SIGNATURErIbest_signature_timer(MAX_DIFF_REVOCATION_VALIDATIONDEFAULTrretroactive_revinforr4r) rErFr0r1rJrGrHsignature_poe_time retroactiverrr _judge_revinfosZ          rScCs:|dj}|dkr dS|d}|djdkrdS|djS)Nresponse_status successfulresponse_bytes response_typebasic_ocsp_responseresponse)nativeparsed) ocsp_responsestatusrVrrr _extract_basic_ocsp_responses  r^c@seZdZUdZejed< dZeed< e dejde dfddZ e de efd d Zd ed edefd dZde ejfddZde ejfddZe de ejfddZdS)rz) Container for an OCSP response. ocsp_response_datarindexr\rcs:t}|dur gS|d}fddtt|dDS)a Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. Ntbs_response_datacsg|]}t|dqS))r_r`)r).0ixr\rr )s z,OCSPContainer.load_multi.. responses)r^rangelen)clsr\rX tbs_responserrdr load_multis zOCSPContainer.load_multicCs|}|dur dS|djS)NrE)extract_single_responserZ)r cert_responserrr r=.s zOCSPContainer.issuance_dater0r1cCs>|}|dur ttjS|dj}|dj}t||||dS)NrErFr0r1)rlrrr)rZrS)rr0r1rmrErFrrr r56s   zOCSPContainer.usable_atcCs t|jS)z Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). )r^r_rrrr extract_basic_ocsp_responseFs z)OCSPContainer.extract_basic_ocsp_responsecCs@|}|dur dS|d}t|d|jkrdS|d|jS)z^ Extract the unique ``SingleResponse`` value identified by the index. Nrarf)rorhr`)rrXrjrrr rlNsz%OCSPContainer.extract_single_responsecCs|}|dur dS|dSNsignature_algorithm)ro)r basic_resprrr r6]sz(OCSPContainer.revinfo_sig_mechanism_usedN)r"r#r$r%r OCSPResponser/r`int classmethodrrkr*rrr=rrrr5BasicOCSPResponseroSingleResponserlr r7r6rrrr rs6     rc@s^eZdZUdZejed< dedede fddZ e de e fdd Ze dejfd d Zd S) rz< Container for a certificate revocation list (CRL). crl_datar0r1rcCs.|jd}|dj}|dj}t||||dS)N tbs_cert_listrErFrn)rxrZrS)rr0r1ryrErFrrr r5ps   zCRLContainer.usable_atcCs|jd}|djS)NryrE)rxrZ)rryrrr r=zs  zCRLContainer.issuance_datecCs |jdSrp)rxrrrr r6s z'CRLContainer.revinfo_sig_mechanism_usedN)r"r#r$r%r CertificateListr/rrrr5r*rrr=r r7r6rrrr res    rcrlscCsbg}|D]*}t|trtj|}t|tjrt|}t|tr&||qtdt||S)z Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. zScrls must be a list of byte strings or asn1crypto.crl.CertificateList objects, not ) isinstancebytesr rzloadrappend TypeErrorr )r{new_crlscrl_rrr rs      rocspscCspg}|D]1}t|trtj|}t|tjr"t|}||qt|tr-||qt dt ||S)z Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. zRocsps must be a list of byte strings or asn1crypto.ocsp.OCSPResponse objects, not ) r|r}r rsr~rrkextendrrr )r new_ocspsocsp_extrrrr rs        r)-abcr& dataclassesrrtypingrrrrr asn1cryptor r r pyhanko_certvalidator._typesr pyhanko_certvalidator.ltv.typesr r!pyhanko_certvalidator.policy_declrrr__all__EnumrrABCrr8rrIrSrvr^rrr}rzLegacyCompatCRLrsLegacyCompatOCSPrrrrrr s^    +   O b