g- dZddlZddlZddlZddlmZmZmZmZm Z m Z m Z ddl m Z mZmZmZmZmZddlmZddlmZddlmZdd lmZgd Zej8eZegd Z egd Z!egd Z"egdZ#de$de e%de%de&fdZ'de$de%fdZ(de ejRejTfdedejVfdZ,dejRdede%de&fdZ-de$dej\de%fd Z/e d!Z0e d"Z1d#ee0e e1e2ffd$ee0ejffd%e0d&egee1fde e1e2ff d'Z4d(Z5d)Z6d*Z7d+Z8de ejRejTffd,Z9d-Z:d.efd/Z;y)0zd Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. N) AwaitableCallableDictIterableOptionalTypeVarUnion)algoscmscoreocsppemx509)DistributionPoint)errors) Authority)get_ac_extension_value) unpack_cert_contentformat_ocsp_requestprocess_ocsp_response_dataqueue_fetch_taskcrl_job_results_as_completedocsp_job_get_earliestcomplete_certificate_fetch_jobsgather_aia_issuer_urls$ACCEPTABLE_STRICT_CERT_CONTENT_TYPESACCEPTABLE_CERT_PEM_ALIASESACCEPTABLE_PKCS7_DER_ALIASESACCEPTABLE_CERT_DER_ALIASES)application/pkix-certapplication/pkcs7-mimeapplication/x-x509-ca-cert application/x-pkcs7-certificates)zapplication/x-pem-filez text/plainapplication/octet-streambinary/octet-stream)r!r#r%r&)r"r$r& response_data content_typeurl permit_pemc#Ktj|}||tvr|s|tj d|dt t jj|}|dk(rt||Ed{y|dk(r"tjj|yy|tvr|st||Ed{y|r^|r\tj|dD]A\}}}|dk(rt||Ed{!tjj|Cytd|d |d 77y7?w) Nz)Response to certificate fetch request to zi did not include a content type, verifying it's sequence length to check if it is a certificate or pkcs7.rT)multiplePKCS7zFailed to extract certs from z payload. Source URL: .)rdetectr loggerwarninglenr Sequenceload_unpack_der_pkcs7r Certificaterunarmor ValueError) r'r(r)r*is_pemder_sequence_length type_name_datas c/var/www/html/Beni/venv/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/common_utils.pyrrIsI ZZ &F 0K K   NN;C5A9:  "$--"4"4]"CD ! #(< < < A %""'' 6 6& 6 6$]C888 #&++md"K Iq$G#,T3777&&++D11 #L +L>:%q "   = 9 8s7A9E;D:D>?E pkcs7_data pkcs7_urlc#,Ktjj|}|dj}|dk7rt d|d|d|d}t |dtj r)|dD] }|jdk(s|j"yyw) Nr( signed_dataziExpected CMS SignedData when extracting certs from application/pkcs7-mime payload, but content type was 'z'. Source URL: r/content certificates certificate) r ContentInfor5nativer9 isinstanceCertificateSetnamechosen)r@rA content_infocms_ctrC cert_choices r?r6r6ps$'OO$8$8$DL . ) 0 0F  xyk 4  y)K+n-s/A/AB&~6K=0!(((7Cs A?BBcert authorityreturnc*t|tjr |j}n|ddj}t |j |}tjtjd|i|t |j||d}|S)Nac_info serial_number algorithm)hash_algorithmissuer_name_hashissuer_key_hashrU) rIrr7rUrHgetattrrKr CertIdr DigestAlgorithm public_key)rPrQcertid_hash_algorU iss_name_hashcert_ids r? get_certidras $(()** Y8?? INN,<=Mkk#33./!.&y';';=MN*   G Nr^request_noncesc t|||}tjd|i}tjdtj|gi}|rXtj ddt jtjdd}tj|g|d<tjd |iS) N)r^req_cert request_listnonceF)extn_idcritical extn_valuerequest_extensions tbs_request) rar Request TBSRequestRequestsTBSRequestExtensionr OctetStringosurandomTBSRequestExtensions OCSPRequest)rPrQr^rcr`requestrmnonce_extensions r?rrsy;KLGll  G // DMM7)4 K 22"!"..rzz"~>  -1,E,E  - ()   ]K8 99rb ocsp_requestocsp_urlc~ tjj|}|dj }|dk7rt jd|d|d|j}|r<|j}|r.|j |j k7rt jd|S#t$rt j dwxYw)Nz)Failed to parse response from OCSP serverresponse_status successfulzOCSP server at z returned an error. Status was 'z'.zQUnable to verify OCSP response since the request and response nonces do not match) r OCSPResponser5r9rOCSPFetchErrorrHOCSPValidationError nonce_value)r'ryrz ocsp_responsestatus request_nonceresponse_nonces r?rrsQ))..}= , - 4 4F (( !  !,,M&22 }33~7L7LL,,/  - Q##$OPPQs BB<TRresults running_jobstag async_func*K ||}tjdt|dt|S#t$rYnwxYw ||}tjdt|d|j d{7tjdt|dt||S#t$rtjdt|dt jx||<} |d{7}n<#t$r0}tjd t|d ||}Yd}~nd}~wwxYw|||<tjd t|d ||=|jt|cYSwxYww) NzResult for fetch job with tag z was available in cache.zWaiting for fetch job with tag z to return...z,Received completion signal for job with tag r/z Starting new fetch job with tag z...zNew fetch job with tag z threw an exception: z returned.) r1debugrepr_return_or_raiseKeyErrorwaitasyncioEvent Exceptionset)rrrrresult wait_eventes r?rrs  ,T#YK7O P  ''    ($0$5  6tCykOPoo :49+Q G   -- ( 7S {#FG)08 SJ $;&&F  LL)$s)4I!M F     .tCykDE  ''!(sF16F AFAF:B6B4B65F6AF; D DD  F E&E;FEAF FFFc*t|tr||SN)rIr)rs r?rrs&)$ MrbcKd}d}tjt|D]} |d{}|||s|yy7#tj$r }|}Yd}~9d}~wwxYww)NF)r as_completedlistr CRLFetchError)jobslast_eat_least_one_successcrl_job fetched_crlrs r?rrss F ''T 3  '-K 4"6 #7 (## F s=&A&AA A A&AA#AA&A##A&cKtj|}|j |d{y7#tj$rYywxYwwr)rgathercancelCancelledError) pending_taskspendings r? cancel_allr#sAnnm,G NN   ! !   s1#A 313A 3A A A  A cK|Dcgc]}tj|}}dx}}|rFtj|tjd{\}}|D]} |d{}n|rF|t |d{|S|xst j dcc}w7R7A#tj $r }|}Yd}~gd}~wwxYw7Jw)N) return_whenzNo OCSP results)r create_taskrFIRST_COMPLETEDrrr)rcoroqueue ocsp_resprdoneocsp_jobrs r?rr,s37 844W  &4E 8I #LL w66  eH "*N     $s4A*+A*#A*)<__doc__rloggingrstypingrrrrrrr asn1cryptor r r r rrasn1crypto.x509rrrQrutilr__all__ getLogger__name__r1 frozensetrrr rbytesstrboolrr6r7AttributeCertificateV2r[rarrvrrrrrrrrrrrrrrbr?rs)  PPP88-!)    8 $(1($(( ) $ $ 3-$  $  $ N )% )C )    #"<"<< =  [[ 2 :    : : :  :F+/+;+;GJ< CL CL.( !U1i<(( ).(q'--'(.( .(IaL() .(  1i< .(b  =(   #"<"<< =& 6Grb