h)VddlZddlZddlmZddlmZmZmZmZm Z m Z ddl m Z ddl mZddlmZmZddlmZdd lmZdd lmZdd lmZmZGd d ejZGddeejZGddeZee e jefZ GddZ!Gdde!Z"GddeZ#GddZ$GddZ%GddZ&GddeeZ'Gd d!eZ(dS)"N) defaultdict)AsyncGeneratorIterableIteratorListOptionalUnion)x509) trust_list)CertTrustAnchor TrustAnchor)PathBuildingError)CertificateFetcher)ValidationPath)CancelableAsyncIteratorConsListcFeZdZdZdefdZdefdZdejfdZ dZ dS) CertificateCollectionzS Abstract base class for read-only access to a collection of certificates. key_identifiercD||}|sdS|dS)z Retrieves a cert via its key identifier :param key_identifier: A byte string of the key identifier :return: None or an asn1crypto.x509.Certificate object Nr)retrieve_many_by_key_identifier)selfr candidatess Z/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/registry.pyretrieve_by_key_identifierz0CertificateCollection.retrieve_by_key_identifiers.99.II  !4a= ct)z Retrieves possibly multiple certs via the corresponding key identifiers :param key_identifier: A byte string of the key identifier :return: A list of asn1crypto.x509.Certificate objects NotImplementedErrorrrs rrz5CertificateCollection.retrieve_many_by_key_identifier' "!rnamect)z Retrieves a list certs via their subject name :param name: An asn1crypto.x509.Name object :return: A list of asn1crypto.x509.Certificate objects rrr#s rretrieve_by_namez&CertificateCollection.retrieve_by_name3r"rct)a] Retrieve a certificate by its ``issuer_serial`` value. :param issuer_serial: The ``issuer_serial`` value of the certificate. :return: The certificate corresponding to the ``issuer_serial`` key passed in. :return: None or an asn1crypto.x509.Certificate object rr issuer_serials rretrieve_by_issuer_serialz/CertificateCollection.retrieve_by_issuer_serial? "!rN) __name__ __module__ __qualname____doc__bytesrrr Namer&r*rrrrs!!!!! "e " " " " "TY " " " " " " " " "rrcPeZdZdejdefdZdeejfdZdZ dS)CertificateStorecertreturnct) Register a single certificate. :param cert: Certificate to add. :return: ``True`` if the certificate was added, ``False`` if it already existed in this store. rrr5s rregisterzCertificateStore.registerOr"rcertscDd}|D]}|||z}|S)a Register multiple certificates. :param certs: Certificates to register. :return: ``True`` if at least one certificate was added, ``False`` if all certificates already existed in this store. Fr:)rr;addedr5s rregister_multiplez"CertificateStore.register_multiple[s5 ) )D T]]4(( (EE rctNrrs r__iter__zCertificateStore.__iter__ks!!rN) r,r-r.r Certificateboolr:rr?rCr2rrr4r4Nsk "T- "$ " " " "x0@'A """""rr4c|eZdZdZedZdZdejde fdZ dZ dZ d e fd Zd ejfd Zd ZdS)SimpleCertificateStorez- Simple trustless certificate store. cN|}|D]}|||SrAr=)clsr;resultr5s r from_certsz!SimpleCertificateStore.from_certsts6 " "D OOD ! ! ! ! rcxi|_tt|_tt|_dSrA)r;rlist _subject_map_key_identifier_maprBs r__init__zSimpleCertificateStore.__init__{s/ '--#.t#4#4   rr5r6cF|j|jvrdS||j|j<|j|jj||jr&|j|j|n*|j|jj |dS)r8FT) r)r;rNsubjecthashableappendrrO public_keysha1r9s rr:zSimpleCertificateStore.registers   + +5)- 4%& $,/077===   H  $T%8 9 @ @ F F F F  $T_%9 : A A$ G G Gtrc|j|SrA)r;)ritems r __getitem__z"SimpleCertificateStore.__getitem__sz$rcNt|jSrA)iterr;valuesrBs rrCzSimpleCertificateStore.__iter__sDJ%%''(((rrc|j|SrA)rOr!s rrz6SimpleCertificateStore.retrieve_many_by_key_identifiers'77rr#c&|j|jSrA)rNrSr%s rr&z'SimpleCertificateStore.retrieve_by_names //rc6 ||S#t$rYdSwxYwrA)KeyErrorr(s rr*z0SimpleCertificateStore.retrieve_by_issuer_serials4  & &   44 s  N)r,r-r.r/ classmethodrKrPr rDrEr:rYrCr0rr1r&r*r2rrrGrGos[ 555 T-$(   )))8e88880TY0000rrGcReZdZdZdejdefdZdejdee fdZ dS) TrustManagerz% Abstract trust manager API. r5r6ctz Checks if a certificate is in the list of trust roots in this registry :param cert: An asn1crypto.x509.Certificate object :return: A boolean - if the certificate is in the CA list rr9s ris_rootzTrustManager.is_rootr"rct)z Find potential issuers that might have (directly) issued a particular certificate. :param cert: Issued certificate. :return: An iterator with potentially relevant trust anchors. rr9s rfind_potential_issuersz#TrustManager.find_potential_issuersr+rN) r,r-r.r/r rDrErfrrrhr2rrrcrcso "D, " " " " " "$ " +  " " " " " "rrcceZdZdZdZe ddeedeeddfdZde e e j ffd Z d e j fd Zdee j fd Zd e j dee fd ZdS)SimpleTrustManagerzk Trust manager backed by a list of trust roots, possibly in addition to the system trust list. c^t|_tt|_dSrA)set_rootsrrM_root_subject_maprBs rrPzSimpleTrustManager.__init__s#ee !,T!2!2rN trust_rootsextra_trust_rootsr6c|dtjD}nt|}|||t }|D]}|||S)a :param trust_roots: If the operating system's trust list should not be used, instead pass a list of asn1crypto.x509.Certificate objects. These certificates will be used as the trust roots for the path being built. :param extra_trust_roots: If the operating system's trust list should be used, but augmented with one or more extra certificates. This should be a list of asn1crypto.x509.Certificate objects. :return: Ncg|] }|d S)rr2).0es r z,SimpleTrustManager.build..s???A1Q4???r)r get_listrMextendrj_register_root)rIrorpmanager trust_roots rbuildzSimpleTrustManager.builds&  ??)<)>)>???KK{++K  (   0 1 1 1$&&% / /J  " ": . . . .rrzct|tr|}nt|}||jvrM|j}|j||j|jj |dSdSrA) isinstancerr rm authorityaddrnr#rSrT)rrzanchorr~s rrxz!SimpleTrustManager._register_roots j+ . . 1FF$Z00F  $ $(I KOOF # # #  "9>#: ; B B6 J J J J J % $rr5c.t||jvSre)r rmr9s rrfzSimpleTrustManager.is_rootst$$ 33rc$d|jDS)Nc3NK|] }t|t|jV!dSrA)r}r certificate)rsroots r z0SimpleTrustManager.iter_certs.. sI  $00        r)rmrBs r iter_certszSimpleTrustManager.iter_certs s%       rc#~K|jj}|j|D] }|j|r|V!dSrA)issuerrSrnr~is_potential_issuer_of)rr5issuer_hashablers rrhz)SimpleTrustManager.find_potential_issuerssU+.*?;  D~44T::    r)NN)r,r-r.r/rPrar TrustRootListr{r rr rDrxrfrrrhr2rrrjrjs 3330459m,$M2  [>K{D!{D4D'D!E!!!!8'''''rrc |eZdZdddeejdeedeeejfdZdZ dZ d Z d S) rrrrrrc||_||_||_|j}t |t jsJt||||_||_ d|_ dSrA) rrrheadr}r rDr_issuer_fetcherr _next_level)rrrrrr5s rrPz_PathWalker.__init__"sd ($y$ 011111-lD*MM(26rcK|j&|jd{Vd|_|j(|jd{Vd|_dSdSrA)rrrrBs rrz_PathWalker.cancel2s   +&--// / / / / / / /#'D   '"))++ + + + + + + +#D    ( 'rc|SrAr2rBs rrz_PathWalker.__aiter__:rrcK|jtd}|H|j |jd{V}nF#t$r9}|jjs|j|jd|_|d}~wwxYwt|tr3t|j}t||dd|dSt|j |j||j|j|j|_ |jd{V}n#t$r d|_YnwxYw|H|S)N)rrrrrrrTrr}rrMrrrconsrr))r next_path next_issuerrtr;s rrz_PathWalker.__anext__=s   '$ $ '(,(<(F(F(H(H"H"H"H"H"H"HKK)/=<)00;;;+/D(G  k;77  OOE)+uSbSz59MMM(3) {33,,[-FGG) ((D$ ("&"2"<"<">">>>>>>> % ( ( (#'    (58s'? B 4A==B$EEEN) r,r-r.rr rDr0rrPrrrr2rrrr!s7#7t'(7UO 7 8D$456 7777 $$$     rrc\eZdZUdZeeed<dedej fdZ dZ dZ defd Z dS) rN_as_rootrr5c|jj|r#tt |gd|_||_d|_|jj |_ dS)Nr) rrrfrr r_walker emitted_countrRhuman_friendly_name)rrr5s rrPzLazyPathIterator.__init__csY   , 4 4T : : L*?4+@+@"dKKDM.4 \0 rcZK|j!|jd{VdSdSrA)rrrBs rrzLazyPathIterator.cancelksB < #,%%'' ' ' ' ' ' ' ' ' ' $ #rc|SrAr2rBs rrzLazyPathIterator.__aiter__orrr6cK|jt|j|xjdz c_d|_|jS |jd{V}|xjdz c_|S#t$rYnwxYw|jdkra|jjdj}t|tj sJ|j j }d|_td|j d|dt)Nr rz7Unable to build a validation path for the certificate "z" - no issuer matching "z " was found)rrrrrrrr}r rDrrrr)rr path_headmissing_issuer_names rrzLazyPathIterator.__anext__rs1 < $ $ ] &   ! #  DL=  "l4466666666I   ! #   !    D    " " 1!49Ii)9:: : ::"+"2"A DL#7Z77(777  ! s0A(( A54A5)r,r-r.rrr__annotations__rr rDrPrrrr2rrrr`s)-Hh~&---1{1$2B1111(((!!!!!!!rrcReZdZdZdeefdZdefdZde j fdZ dZ d S) LayeredCertificateStorezi Trustless certificate store that looks up certificates in other stores in a specific order. storesc||_dSrA)_stores)rrs rrPz LayeredCertificateStore.__init__s  rrc@fd}t|S)Nc3VKjD]}|Ed{VdSrA)rr)storerrs r_genzELayeredCertificateStore.retrieve_many_by_key_identifier.._gensO Q Q @@PPPPPPPPPP Q QrrM)rrrs`` rrz7LayeredCertificateStore.retrieve_many_by_key_identifiers< Q Q Q Q Q QDDFF||rr#c@fd}t|S)Nc3VKjD]}|Ed{VdSrA)rr&)rr#rs rrz6LayeredCertificateStore.retrieve_by_name.._gensK 8 8 11$7777777777 8 8rr)rr#rs`` rr&z(LayeredCertificateStore.retrieve_by_names6 8 8 8 8 8 8DDFF||rcP|jD]}||}||cSdSrA)rr*)rr)rrJs rr*z1LayeredCertificateStore.retrieve_by_issuer_serials?\  E44]CCF! "trN) r,r-r.r/rrrPr0rr r1r&r*r2rrrrs t$9:eTYrr))abcr collectionsrtypingrrrrrr asn1cryptor oscryptor r~r rerrorsrfetchersrrrutilrrABCrr4rGrDrrcrjrrrrrrr2rrrs ######LLLLLLLLLLLLLLLL33333333%%%%%%(((((( 333333339"9"9"9"9"CG9"9"9"x""""",cg"""B55555-555pt/<=> """"""""@OOOOOOOOdccccc0cccLP9P9P9P9P9P9P9P9fI'I'I'I'I'I'I'I'X<<<<<<<<~+!+!+!+!+!.~>+!+!+!\3r