hddlmZmZmZmZmZddlmZmZm Z ddl m Z ddl m Z ddlmZddlmZmZddlmZddlmZmZmZGd d Zd S) )DictIterableListOptionalSet)crlocspx509) Authority)OCSPFetchError)Fetchers) POEManagerdigest_for_poe)CertificateRegistry) CRLContainer OCSPContainersort_freshest_firstc eZdZdZ ddededeedeede e f dZ e d efd Z e d efd Ze d efd Ze d eejfd Ze d eejfdZe d eejfdZdefdZdZd e ejfdZd eefdZded eefdZ de!e"fdZ#de!e"fdZ$dS)RevinfoManagera .. versionadded:: 0.20.0 Class to manage and potentially fetch revocation information. :param certificate_registry: The associated certificate registry. :param poe_manager: The proof-of-existence (POE) data manager. :param crls: CRL data. :param ocsps: OCSP response data. :param fetchers: Fetchers for collecting revocation information. If ``None``, no fetching will be performed. Ncertificate_registry poe_managercrlsocspsfetchersc||_||_i|_i|_g|_|rt ||_g|_|r0t |x|_}|D]}||||_dSN) _certificate_registry _poe_manager_revocation_certs_crl_issuer_map_crlsr_ocsps_extract_ocsp_certs _fetchers)selfrrrrr ocsp_responses a/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/manager.py__init__zRevinfoManager.__init__$s&:"'@B>@)+  3,T22DJ+-  8"5e"<"< s   r)c|jS)z6 The associated certificate registry. )rr,s r'rz#RevinfoManager.certificate_registryEs ))r)c|jduS)zA Boolean indicating whether fetching is allowed. N)r$r,s r'fetching_allowedzRevinfoManager.fetching_allowedLs ~T))r)cd|jD}|js|St|jj|zS)zK A list of all cached :class:`crl.CertificateList` objects cg|] }|j S)crl_data.0conts r' z'RevinfoManager.crls..Ys999dDM999r))r!r$list crl_fetcher fetched_crls)r%raw_crlss r'rzRevinfoManager.crlsSsL :9dj999~ ODN.;;==>>IIr)cd|jD}|js|St|jj|zS)zI A list of all cached :class:`ocsp.OCSPResponse` objects cg|] }|j Sr2)ocsp_response_datar4s r'r7z(RevinfoManager.ocsps..dsEEET,EEEr))r"r$r8 ocsp_fetcherfetched_responses)r% raw_ocspss r'rzRevinfoManager.ocsps^sN FEEEE ~  DN/AACCDDyPPr)cNt|jS)z A list of newly-fetched :class:`x509.Certificate` objects that were obtained from OCSP responses and CRLs )r8rvaluesr,s r'new_revocation_certsz#RevinfoManager.new_revocation_certsjs!D*1133444r)r&c|j}||j}|j}|j}|}|I|drC|dD]<}||r!|||j<|||9dSdSdS)z Extracts any certificates included with an OCSP response and adds them to the certificate registry :param ocsp_response: An asn1crypto.ocsp.OCSPResponse object to look for certs inside of Ncerts)dt)rr>rrextract_basic_ocsp_responseregister issuer_serial)r%r&poe_man ocsp_poe_timeregistry revo_certsbasic other_certs r'r#z"RevinfoManager._extract_ocsp_certsss# @A -+ 99;;  w #Gn C C $$Z00C;EJz78$$ZM$BBB     C Cr)c$||j|j<dS)aU Records the certificate that issued a certificate list. Used to reduce processing code when dealing with self-issued certificates and multiple CRLs. :param certificate_list: An ans1crypto.crl.CertificateList object :param cert: An ans1crypto.x509.Certificate object N)r signature)r%certificate_listcerts r'record_crl_issuerz RevinfoManager.record_crl_issuers<@-7888r)c@|j|jS)a3 Checks to see if the certificate that signed a certificate list has been found :param certificate_list: An ans1crypto.crl.CertificateList object :return: None if not found, or an asn1crypto.x509.Certificate object of the issuer )r getrR)r%rSs r'check_crl_issuerzRevinfoManager.check_crl_issuers#''(8(BCCCr)cK|js|jS|j} |j|}n0#t$r#|j|d{V}YnwxYwd|D}||jzS)z .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :return: A list of :class:`CRLContainer` objects Nc,g|]}t|Sr2)r)r5r3s r'r7z6RevinfoManager.async_retrieve_crls..s ===Hh''===r))r$r!r9fetched_crls_for_certKeyErrorfetch)r%rTrrcontss r'async_retrieve_crlsz"RevinfoManager.async_retrieve_crlss~ : > :'==dCCDD : : :!-33D99999999DDD :=====tz!!s4*A! A! authoritycjK|js|jS|j}d|j|D}|sm|j||d{V}t j|}|D]5} ||#t$rtdwxYw||jzS)a  .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :param authority: The issuing authority for the certificate :return: A list of :class:`OCSPContainer` objects c,g|]}t|Sr2)r)r5resps r'r7z7RevinfoManager.async_retrieve_ocsps..s0    $     r)Nz9Failed to extract certificates from fetched OCSP response) r$r"r?fetched_responses_for_certr]r load_multir# ValueErrorr )r%rTr`rrr>rcs r'async_retrieve_ocspsz#RevinfoManager.async_retrieve_ocspss ~ ; >   -HHNN    '/'<'B'Bi(("""""" ",-?@@E   ,,T2222!(0 t{""s 8BB(hashes_to_evictcpdtffd }tt||j|_dS)z Internal API to eliminate local OCSP records from consideration. :param hashes_to_evict: A collection of OCSP response hashes; see :func:`.digest_for_poe`. containercXt|j}|vSr)rr>dumprjdigestrhs r'pz%RevinfoManager.evict_ocsps..ps*#I$@$E$E$G$GHHF0 0r)N)rr8filterr"r%rhros ` r' evict_ocspszRevinfoManager.evict_ocspssI 1 1 1 1 1 1 16!T[1122 r)cpdtffd }tt||j|_dS)z Internal API to eliminate local CRLs from consideration. :param hashes_to_evict: A collection of CRL hashes; see :func:`.digest_for_poe`. rjcXt|j}|vSr)rr3rlrms r'roz$RevinfoManager.evict_crls..ps*#I$6$;$;$=$=>>F0 0r)N)rr8rpr!rqs ` r' evict_crlszRevinfoManager.evict_crlssI 1 1 1 1 1 1 1&DJ//00 r)r)%__name__ __module__ __qualname____doc__rrrrrrr r(propertyrrboolr/rrCertificateListrr OCSPResponserr CertificaterDr#rUrXr_r rgrbytesrrrur2r)r'rrsj0(, ""1" "|$ "  & " 8$ """"4!Z!!!X! *&9***X* *$***X* Jd3./JJJXJ QtD-. Q Q QX Q5d4+;&<555X5CCCCC. @ @ @ DHT=M4N D D D D"l1C""""**#(*# m *#*#*#*#X 33u: 3 3 3 3 1#e* 1 1 1 1 1 1r)rN)typingrrrrr asn1cryptorr r pyhanko_certvalidator.authorityr pyhanko_certvalidator.errorsr pyhanko_certvalidator.fetchersr pyhanko_certvalidator.ltv.poerrpyhanko_certvalidator.registryr&pyhanko_certvalidator.revinfo.archivalrrrrr2r)r'rs66666666666666&&&&&&&&&&555555777777333333DDDDDDDD>>>>>>r1r1r1r1r1r1r1r1r1r1r)