h^":ddlZddlmZddlmZddlmZmZddlm Z ddl m Z ed Gd d Z Gd d ej ZGddZdejde fdZGddeZGddeZGddeZdS)N) dataclass)Optional)keysx509)process_general_subtrees)PKIXValidationParamsT)frozencfeZdZUdZdZeded< dZeeed< dZ eeed<dS)TrustQualifierszY .. versionadded 0.20.0 Parameters that allow a trust root to be qualified. Nr standard_parametersmax_path_lengthmax_aa_path_length) __name__ __module__ __qualname____doc__r r__annotations__rintr[/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/authority.pyr r sq =A"89@@@ &*OXc]))) )- ,,,rr ceZdZdZedejfdZedej fdZ edZ dZ dZ edeefdZd ejdefd Zd S) AuthorityzM .. versionadded:: 0.20.0 Abstract authority, i.e. a named key. returnct)z' The authority's name. NotImplementedErrorselfs rnamezAuthority.name/ "!rct)z- The authority's public key. rrs r public_keyzAuthority.public_key6r"rct)zm A hashable unique identifier of the authority, used in ``__eq__`` and ``__hash__``. rrs rhashablezAuthority.hashable=s "!rc*t|jSN)hashr&rs r__hash__zAuthority.__hash__EsDM"""rcPt|tsdS|j|jkSNF) isinstancerr&r others r__eq__zAuthority.__eq__Hs(%++ 5}..rct)z Key ID as (potentially) referenced in an authorityKeyIdentifier extension. Only used to eliminate non-matching trust anchors, never to retrieve keys or to definitively identify trust anchors. rrs rkey_idzAuthority.key_idNs "!rcertcj|j|jkrdS|jr|jr|j|jkrdSdS)z Function to determine whether this trust root could potentially be an issuer of a given certificate. This function is used during path building. :param cert: The certificate to evaluate. FT)issuerr!authority_key_identifierr2r r3s ris_potential_issuer_ofz Authority.is_potential_issuer_ofWsF ;$) # #5  ( T[ , ;;utrN)rrrrpropertyrNamer!r PublicKeyInfor$r&r*r0rbytesr2 Certificateboolr8rrrrr(s "di"""X" "D."""X" ""X"###/// """"X"4+;rrcveZdZdZ d dedeefdZedefdZ edefdZ d Z d Z dS) TrustAnchorz Abstract trust root. A trust root is an authority with trust qualifiers. Equality of trust roots reduces to equality of authorities. N authorityqualsc"||_||_dSr() _authority_quals)r rArBs r__init__zTrustAnchor.__init__ns$ rrc|jSr()rDrs rrAzTrustAnchor.authorityts rc,|jp tS)z0 Qualifiers for the trust root. )rEr rs rtrust_qualifierszTrustAnchor.trust_qualifiersxs {/o///rcLt|to|j|jkSr()r-r@rDr.s rr0zTrustAnchor.__eq__s& uk * * 4 DO3 rc*t|jSr()r)rDrs rr*zTrustAnchor.__hash__sDO$$$rr() rrrrrrr rFr9rArIr0r*rrrr@r@hs HL"+3O+D 9X0/000X0    %%%%%rr@r3rcd}dx}}|jkd}|j}|d}t|tjrt |}|d}t|tjrt |}d}|j"d}|j}t d|D}d} |r%t|pt dg|du||} t|j | S) a Extract trust qualifiers from data and extensions of a certificate. .. note:: Recall that any property of a trust root other than its name and public key are in principle irrelevant to the PKIX validation algorithm itself. This function is merely a helper function that allows the certificate's other data to be conveniently gathered to populate the default validation parameters for paths deriving from that trust root. :param cert: The certificate from which to extract qualifiers (usually a self-signed one) :return: A :class:`TrustQualifiers` object with the extracted qualifiers. FNTpermitted_subtreesexcluded_subtreesc(g|]}|djS)policy_identifier)dotted).0pol_infos r z*derive_quals_from_cert..s! O O OhX) * 1 O O Or any_policy)user_initial_policy_setinitial_explicit_policyinitial_permitted_subtreesinitial_excluded_subtrees)rr ) name_constraints_valuer-rGeneralSubtreesrcertificate_policies_value frozensetr r r) r3 ext_foundrMrNnc_ext permitted_val excluded_valacceptable_policies policies_valparamss rderive_quals_from_certres,&I-11* ". '+'B34 mT%9 : : I!9-!H!H 12 lD$8 9 9 G 8 F F  &2 151P ' O O, O O O  F  %#@y,'@'@%8t$C'9&7     ,&   rceZdZdZdejfdZedejfdZ edZ edZ ede e fdZedejfd Zdejffd ZxZS) AuthorityWithCertzz .. versionadded:: 0.20.0 Authority provisioned as a certificate. :param cert: The certificate. r3c||_dSr(_certr7s rrFzAuthorityWithCert.__init__s  rrc|jjSr()rjsubjectrs rr!zAuthorityWithCert.names z!!rc|jjSr()rjr$rs rr$zAuthorityWithCert.public_keys z$$rcZ|j}|jj|jfSr()rjrlr&r$dumpr7s rr&zAuthorityWithCert.hashables'z|$do&:&:&<&<< &d++   E***5 rrc|jSr(rirs rrszCertTrustAnchor.certificatertrc|j|jS|jrt|jx|_}|St Sr()rErrerjr )r rBs rrIz CertTrustAnchor.trust_qualifiers sC ; ";  \ %"8"D"D DDK%L"$$ $rr,)rrrrrr=rr r>rFr9rsrIrzr{s@rr}r}s  ",0/4 6 6 6( 6)- 6 6 6 6 6 6T-X%/%%%X%%%%%rr}ceZdZdZdejdejfdZe dejfdZ e dZ e de e fdZe d Zd S) NamedKeyAuthorityz Authority provisioned as a named key. :param entity_name: The name of the entity that controls the private key of the trust root. :param public_key: The trust root's public key. entity_namer$c"||_||_dSr()_name _public_key)r rr$s rrFzNamedKeyAuthority.__init__ s  %rrc|jSr()rrs rr!zNamedKeyAuthority.name$rtrc|jSr()rrs rr$zNamedKeyAuthority.public_key(s rcdSr(rrs rr2zNamedKeyAuthority.key_id,strcL|jj|jfSr()rr&rrors rr&zNamedKeyAuthority.hashable0s!z"D$4$9$9$;$;;;rN)rrrrrr:rr;rFr9r!r$rr<r2r&rrrrrs&DI&4;M&&&&diX  X X<<X<<rs !!!!!!!!!!!!!!000000------  $4========@%%%%%%%%B6!16o6666r((((( (((V&%&%&%&%&%k&%&%&%R<<<<< <<<<