h\ddlZddlmZddlmZddlmZddlmZmZm Z ddl m Z ddl m Z ddlmZdd lmZmZmZdd lmZd d lmZd d lmZmZmZddlmZddlmZm Z m!Z!ddl"m#Z#m$Z$m%Z%m&Z&ddl'm(Z(m)Z)ddl*m+Z+ddl,m-Z-m.Z.m/Z/gdZ0ej1e2Z3e de.Z4GddeZ5eej6ej6Z7dZ8eej9ej9Z:dZ;deded!ed"e?fd#Z@d$ed%ee(fd&ZAeGd'd(ZBd)e(fd*ZCd%eBfd+ZD d7d-e(d.e5dee<d/eed0eed1ee+d2eEd%e-fd3ZFd4e jGfd5ZH d8d4e jGd%efd6ZIdS)9N) dataclass)datetime)Enum)IteratorOptionalTypeVar)cms)pdf)ValidationContext)CertRevTrustPolicyRevocationCheckingPolicyRevocationCheckingRule) PdfFileReader) DiffPolicy)MultivaluedAttributeErrorNonexistentAttributeErrorfind_unique_cms_attribute)DocumentSecurityStore)NoDSSFoundErrorSignatureValidationErrorValidationInfoReadingError)async_validate_cms_signaturecms_basic_validationcollect_signer_attr_statusvalidate_tst_signed_data)EmbeddedPdfSignaturereport_seed_value_validation)KeyUsageConstraints)PdfSignatureStatusSignatureStatusTimestampSignatureStatus)RevocationInfoValidationTypeapply_adobe_revocation_inforetrieve_adobe_revocation_infoget_timestamp_chain async_validate_pdf_ltv_signatureestablish_timestamp_trust StatusType)boundc:eZdZdZdZ dZ dZ edZdS)r$zP Indicates a validation profile to use when validating revocation info. adobepadesz pades-ltac4td|DS)Nc3$K|] }|jV dSN)value).0ms W/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko/sign/validation/ltv.py z8RevocationInfoValidationType.as_tuple..Us$**QW******)tuple)clss r5as_tuplez%RevocationInfoValidationType.as_tupleSs**c******r7N) __name__ __module__ __qualname____doc__ ADOBE_STYLEPADES_LT PADES_LTA classmethodr:r7r5r$r$;s]K H I ++[+++r7r$)ee_certificate_ruleintermediate_ca_cert_rulec (tddti|SNrevocation_checking_policyrC)r &DEFAULT_LTV_INTERNAL_REVO_CHECK_POLICYkwargss r5!_default_ltv_internal_revo_policyrL^s)   #I    r7c (tddti|SrG)r %STRICT_LTV_INTERNAL_REVO_CHECK_POLICYrJs r5 _strict_ltv_internal_revo_policyrOks)   #H    r7 timestampvalidation_context_kwargscfd|d<||d<|dd}|dd}|W|dd}|r(|dkr"ttj|}n3|dkrt |}n|jjst|}||d<dS) NFallow_fetchingmomentrevinfo_policyretroactive_revinforevocation_modez soft-failrV) getpopr r from_legacyrLrH essentialrO)rPrQrU retroactive legacy_rms r5_strict_vc_context_kwargsr_rs 38./*3h' *C)F)F$**N,//0EuMMK-112CTJJ  k11/(4Y??NN+ % %>$/N 6 @ 9 +   3A.///r7tst_signed_datavalidation_contextexpected_tst_imprintcKt|||d{V}tdi|}|jr|js  $ $ & &   ' .    r7readerreturncHtdt|jS)a: Get the document timestamp chain of the associated reader, ordered from new to old. :param reader: A :class:`.PdfFileReader`. :return: An iterable of :class:`~pyhanko.sign.validation.pdf_embedded.EmbeddedPdfSignature` objects representing document timestamps. c@|jdddkS)Nz/Typez /DocTimeStamp) sig_objectrY)sigs r5z%get_timestamp_chain..sCN&&w55Hr7)filterreversedembedded_signatures)rks r5r'r's* HH+,,  r7cDeZdZUeed<eeed<eed<eed<dS)_TimestampTrustData latest_dtsearliest_ts_statusts_chain_lengthcurrent_signature_vc_kwargsN) r;r<r=r__annotations__rr#intdictrCr7r5rvrvsH$$$$ !9::::!%%%%%%r7rv emb_timestampc$ |j|j}tj|}||S#t $r;|dd|ddtdi|cYSwxYw)NcrlsrCocsps) rkget_historical_resolversigned_revisionrread_dssas_validation_contextr setdefaultr )r~rQ hist_resolverdsss r5_instantiate_ltv_vcrs >%,DD  )  $,];;(()BCCC >>>!,,VR888!,,Wb999 ==#<=====>sAA ABBclKt|}t|}|}d}d}d}t|D]g\}}|j|krnV|} t |j|| d{V}t|j|t||}ht|||dz|S)Nr)rwrxryrz) r'r} enumeratercompute_digestr) signed_datar_rPrrv) rkbootstrap_validation_contextrQuntil_revision timestamps current_vc ts_statusts_countr~external_digests r5_establish_timestamp_trust_ltars %V,,J $%> ? ?-JIHM#,Z#8#8  -  (> 9 9 E'66883  %z?         "  !:   ) 4    $ 1 $=    r7F embedded_sigvalidation_typer diff_policykey_usage_settings skip_diffc v Kt|pi} | dd| dd| d} |r)t| | d<|t| |d<nNd| vrJ| dt| |$|dt| |j} |t jkrd} |p tdi| } n\tj | } || | d } n.|} | j | ||d}d}d }|t jkrt!| | | |j d{V}|j}|j} |jrt+|j| } |j|t jkrt1d |t jks |jd ksJ|j}|j}|j}|:|j}|Jt9|| |d{V}|J|j}|| d<|||d<n%|t jkr|d krt1d|t1dt=|j| d}|t jkrFt?|j \}}|| d<|| d<tdi| }|||d<||d<tdi|}ng|t jkr1| J| | }|| |}n&|Jt+|| }|t+||}||t jkr8||}n |J|j!}tE|tF|d|ji}|d{V}n|}|$|||%}|&|j|dtOj(|}tS|j!|j*|||d{V}tW||dd||j |j,|&t[|j.|j/||j dd{VtOdi|S)a  .. versionadded:: 0.9.0 Validate a PDF LTV signature according to a particular profile. :param embedded_sig: Embedded signature to evaluate. :param validation_type: Validation profile to use. :param validation_context_kwargs: Keyword args to instantiate :class:`.pyhanko_certvalidator.ValidationContext` objects needed over the course of the validation. :param ac_validation_context_kwargs: Keyword arguments for the validation context to use to validate attribute certificates. If not supplied, no AC validation will be performed. .. note:: :rfc:`5755` requires attribute authority trust roots to be specified explicitly; hence why there's no default. :param bootstrap_validation_context: Validation context used to validate the current timestamp. :param force_revinfo: Require all certificates encountered to have some form of live revocation checking provisions. :param diff_policy: Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`. :param key_usage_settings: A :class:`.KeyUsageConstraints` object specifying which key usages must or must not be present in the signer's certificate. :param skip_diff: If ``True``, skip the difference analysis step entirely. :return: The status of the signature. rSTrVFrXrUNrW)include_revinfor)rQrz>Purported PAdES-LTA signature does not have a timestamp chain.rrTzlPAdES-LTA signature requires separate timestamps protecting the signature & the rest of the revocation info.z+LTV signatures require a trusted timestamp.rrrP) status_clsra status_kwargs)rr)signer_reported_dttimestamp_validity) raw_digestrarrvalidation_path)timestamp_found signed_attrs)sd_attr_certificates signer_certrasd_signed_attrsrC)0r}rrLrOrkr$r?r rrrcertificate_registryregister_multiple load_certsrcompute_tst_digestrrryrzrwrrxrArr@attached_timestamp_datatst_signature_digestr)rPr_r& signer_inforrr#compute_integrity_infosummarise_integrity_infoupdater!default_usage_constraintsrrrother_embedded_certsrembedded_attr_certsr)rrrQrac_validation_context_kwargs force_revinforrr vc_kwargsr]rkrrearliest_good_timestamp_strwry ts_trust_datar`r signature_poe stored_ac_vcrr stored_vcts_to_validatets_status_cororjrs r5r(r(sh4:;;I)4000 .66612K&G +' ' ' "# ( 31$/ )   ) + +  -+ N N N    ( 3 ( 3 3 1(3    F6BBB1 5F6 6 6 6 $,V44 ' /2253JJ6J  + = =cnn>N>N O O O!!!##%%%FJ15JO6BBB<  &/'7          (7!=  # ,()J  , 4#?#III*P  ;D D D,111 2&3%E""- #:O"+@#///+D Z)=, , & & & & & & "*5552< + ( ' 35B ( 27AAA q ' ?   ")& 9   8BINNNL6BBB4\5MNN t" ' &%22 22 ' 349 ( 137 ( 0,LL/KLLL 8A A A--i88 ' 344,L%%%' I>> ' 3.8L # :C C C  &,NN )))'3N5 /(&(B(LM     rs!!!!!!..........&&&&&&333333 322222&&&&&& '&&&&&  MLLLLLLL))))))      8 $ $ W\ 9 9 9 +++++4+++:*B)A.@4F***& )A(@.C4I)))% "A"A48"A"A"A"AJ'^')' ''''T  "#( &&&&&&& & >' > > > >#  ####`15@D!%(,8<h/h/&h/1h/ (~h/#++<"= h/*%h/!!45h/h/h/h/h/h/V 8<@r7