h* ddlmZddlmZmZmZddlmZddlm Z ddl m Z ddd e d e d edfd Zd Zdeejde fdZd e de fdZd edfdZGddZGddeZdS)) defaultdict)IterableOptionalSet)x509) ValProcState)PathValidationErrorvalid_policy_treePolicyTreeRootdepthany_policy_uninhibitedreturnc*d}t}|D]}|dj}|dkr|}|||d}d} d} ||dz D]3} | jdkr| } || jvrd} | |||h4| s| r| |||h|rI|rG||dz D].} | jD]$} | |vr| | |d| h%/t||dz }|S)zO Internal method to update the policy tree during RFC 5280 validation. Npolicy_identifier any_policypolicy_qualifiersFrT)setnativeaddat_depth valid_policyexpected_policy_set add_child_prune_policy_tree) certificate_policiesr r rcert_any_policycert_policy_identifierspolicyrrpolicy_id_matchparent_any_policynodeexpected_policy_identifiers ]/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/policy_tree.pyupdate_policy_treer% sO!ee'"#67>  , ,$O ##$5666"#67 &..uqy99  D L00$(! (@@@"O NN!#47H6I      #4   ' '!#47H6I    1%..uqy99  D.2.F  *-5LLLNN2'(;<34 ++E '(? @ G'(,,-BCCC !L 0 0$ 44%0;++--;;;  5 r&policy_mapping_uninhibitedc|D]\}}|rcd}d}||D]#}|jdkr|}|j|kr d}||_$|s#|r!|j||j|j||D]'}|j|kr|j|(t||dz }|S)z Internal function to apply the policy mapping to the current policy tree in accordance with the algorithm in RFC 5280. FNrTr) itemsrrrr+r qualifier_setr,r) r4r r r7r0subject_domain_policiesissuer_domain_policy_matchrr"s r$apply_policy_mappingr=ns':D9I9I9K9KQQ55 % Q). &"O)22599 G G$ 44&*O$(<<<15./FD,- / &00(#1+*22599 3 3$(<<<K,,T222 23Deai P P   r&c t|  fd}t|} td||D}|j}|J|j}|z D]}||||h||n#t$rYnwxYwt||dz S)Nc3vKD]2}|j}|dks|vr|V|j|3dS)Nr)rr+r,) policy_node policy_idacceptable_policiesvalid_policy_node_sets r$_filter_acceptablez7prune_unacceptable_policies.._filter_acceptablesc0 = =K#0IL((I9L,L,L"// <<<<  = =r&c30K|]}|jdk |VdS)rN)r).0r@s r$ z.prune_unacceptable_policies..s<0 0 '<77 77770 0 r&r) rnodes_in_current_domainnextrr+r:rr, StopIterationr) path_lengthr rBrDvalid_and_acceptablefinal_any_policywildcard_parentwildcard_qualsacceptable_policyrCs ` @r$prune_unacceptable_policiesrQsE 1 I I K KLL======113344  +/0 0 099+FF0 0 0 , ,  +1***)7!47K!K     % %!>4E3F     $$%56666       /q A AAsA3B66 CCcpeZdZdZedZdZdZdZde dfdZ d Z de dfd Z d S) r zH A generic policy tree node, used for the root node in the tree cPt}|||||S)aq Accepts values for a PolicyTreeNode that will be created at depth 0 :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs )r r)clsrr:rroots r$init_policy_treezPolicyTreeRoot.init_policy_trees+ |]4GHHH r&c"d|_g|_dSr()r+r*)selfs r$__init__zPolicyTreeRoot.__init__s  r&cjt|||}||_|j|dS)ab Creates a new PolicyTreeNode as a child of this node :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)PolicyTreeNoder+r*append)rXrr:rchilds r$rzPolicyTreeRoot.add_childs9|]= 0 of the depth of nodes to yield :return: A generator yielding PolicyTreeNode objects rrN)listr*rrXr r] grandchilds r$rzPolicyTreeRoot.at_depthsr$-(( % %Ezz "'..";";%%J$$$$$%  % %r&c#Kt|jD]+}|dkr||dz D]}|V|V,dS)aW Returns a generator yielding all nodes in the tree at a specific depth, or above. Yields nodes starting with leaves and traversing up to the root. :param depth: An integer >= 0 of the depth of nodes to walk up from :return: A generator yielding PolicyTreeNode objects rrN)rbr*r)rcs r$r)zPolicyTreeRoot.walk_upsm$-((  Ezz"'-- ":":%%J$$$$$KKKK   r&c#pK|jD]+}|V|jdkr|Ed{V,dS)zy Returns a generator yielding all nodes in the tree that are children of an ``any_policy`` node. rN)r*rrHr`s r$rHz&PolicyTreeRoot.nodes_in_current_domain!s_ ] ; ;EKKK!\11 88::::::::: ; ;r&N) __name__ __module__ __qualname____doc__ classmethodrVrYrr,rrr)rHr&r$r r s["$$$$$$$%*:!;%%%%$& ;2B)C ; ; ; ; ; ;r&cLeZdZdZdedejdeeffd ZdZ xZ S)r[zD A policy tree node that is used for all nodes but the root rr:rcrt||_||_||_dS)a$ :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)superrYrr:r)rXrr:r __class__s r$rYzPolicyTreeNode.__init__2s9 (*#6   r&c#0K|}||V|j}| dSdSr()r+)rXr"s r$ path_to_rootzPolicyTreeNode.path_to_rootHs5JJJ;Dr&) rgrhrirjstrrPolicyQualifierInfosrrYrr __classcell__)rps@r$r[r[-sy7707!X 777777,r&r[N) collectionsrtypingrrr asn1cryptor_stater errorsr intboolr%r PolicyMappingr6r=rQr r[rlr&r$r~s######********** '''''':': :! :  ::::zt)*8D<"*-"KO""""J/B /B/B/B/Bde;e;e;e;e;e;e;e;P^r&