h/ddlZddlmZddlmZmZmZmZmZddl m Z m Z ddl m Z ddlmZmZmZmZddlmZmZed Gd d Zee je jfZGd dZdS)N) dataclass) FrozenSetIterableIteratorOptionalUnion)cmsx509) AAControls) AuthorityAuthorityWithCertCertTrustAnchor TrustAnchor)get_ac_extension_value get_issuer_dnT)frozenc2eZdZUeed< eed< eed<dS)QualifiedPolicyissuer_domain_policy_iduser_domain_policy_id qualifiersN)__name__ __module__ __qualname__str__annotations__ frozensetV/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/path.pyrrsH    r rc.eZdZUdZdZeeeed<dZ de de e j deefdZede fd Zed Zedeefd Zdeefd Zdee j fd Zede j fdZde efdZdefdZde j defdZde j fdZdefdZd"dZdZdeeefdZ de!j"de#fdZ$edZ%dZ&dZ'de#de(e j fdZ)d Z*d!Z+dS)#ValidationPathza Represents a path going towards an end-entity certificate or attribute certificate. N_qualified_policies trust_anchorintermleafcp|r|stdt||_||_||_dS)Nz-Leafless paths cannot have intermediate certs) ValueErrorlist_interm_root_leaf)selfr%r&r's r!__init__zValidationPath.__init__1sC  N$ NLMM MF|| !  r returnc|jSN)r,r.s r!r%zValidationPath.trust_anchor=s zr c|jj}t|tr|jS|jr |jdSt|jtjr|jSdS)a Returns the current beginning of the path - for a path to be complete, this certificate should be a trust root .. warning:: This is a compatibility property, and will return the first non-root certificate if the trust root is not provisioned as a certificate. If you want the trust root itself (even when it doesn't have a certificate), use :attr:`trust_anchor`. :return: The first asn1crypto.x509.Certificate object in the path rN) r, authority isinstancer certificater+r-r Certificate)r.roots r!firstzValidationPath.firstAsiz# d- . . # # \ <? "  D$4 5 5 :   r c||j|jS|js&t|jtr |jjSdS)a< Returns the current leaf certificate (AC or public-key). The trust root's certificate will be returned if there is one and there are no other certificates in the path. If the trust root is certificate-less and there are no certificates, the result will be ``None``. N)r-r+r6r,rr7r3s r!r'zValidationPath.leafXsA : !:  **TZ"I"I *:) )tr c|j}t|tjr |jjSt|t jrdSdS)Nz)r'r6r r8subjecthuman_friendlyr AttributeCertificateV2r.r's r! describe_leafzValidationPath.describe_leafisIy dD, - - <. . c8 9 9 ,,4r cL|j}t|tjr|SdS)z Returns the current leaf certificate if it is an X.509 public-key certificate, and ``None`` otherwise. :return: N)r'r6r r8r@s r!get_ee_cert_safezValidationPath.get_ee_cert_safers*y dD, - - K4r c@|}|r|St)z Returns the last certificate in the path if it is an X.509 public-key certificate, and throws an error otherwise. :return: The last asn1crypto.x509.Certificate object in the path )rC LookupErrorr.certs r!lastzValidationPath.lasts($$&&  K r c#\K|jjV|jD]}t|VdS)zU Iterate over all authorities in the path, including the trust root. N)r,r5r+rrFs r!iter_authoritieszValidationPath.iter_authoritiessKj""""L * *D#D)) ) ) ) ) * *r rGc4t|}t|tjr|j}n!t |d}|r |djnd}|D]#}|j|kr|j }|r |r||kr|cS$td)aK Return the issuer of the cert specified, as defined by this path :param cert: A certificate to get the issuer of :raises: LookupError - when the issuer of the certificate could not be found :return: An asn1crypto.x509.Certificate object of the issuer authority_key_identifierkey_identifierN6Unable to find the issuer of the certificate specified) rr6r r8rLrnativerJnamekey_idrE)r.rG issuer_nameakiaki_extr5keyids r!find_issuing_authorityz%ValidationPath.find_issuing_authoritys$D)) dD, - - H/CC,T3MNNG6=G'*+224C..00 ! !I~,,!(SUc\\    -  D   r new_leafcbt|jtr1|jjj|jkrt |jg|S|j}d}t|D]\}}|j|jkr|}n|tdt |j|d|dz|S)a Remove all certificates in the path after the cert specified and return them in a new path. Internal API. :param cert: An asn1crypto.x509.Certificate object to find :param new_leaf: A new leaf certificate to append. :raises: LookupError - when the certificate could not be found :return: The current ValidationPath object, for chaining r&r'Nz(Unable to find the certificate specifiedr ) r6r,rr7 issuer_serialr#r+ enumeraterE)r.rGrWcerts cert_indexindexentrys r!truncate_to_and_appendz%ValidationPath.truncate_to_and_appends( dj/ 2 2 Lz%3t7III%dj(KKKK  %e,,  LE5"d&888" 9  HII I Ju%5zA~%56X    r cd}|jj|r9|jdkrt |jgdSt |jg|S|j}t|D]<\}}|j|j kr'|j r|j r|j |j kr|}n8|}n=|tdt |j|d|dz|S)a Remove all certificates in the path after the issuer of the cert specified, as defined by this path, and append a new one. Internal API. :param cert: A new leaf certificate to append. :raises: LookupError - when the issuer of the certificate could not be found :return: The current ValidationPath object, for chaining NmayberYrNr )r') r%r5is_potential_issuer_of self_signedr#r,r+r[r=issuerrMrLrE)r.rG issuer_indexr\r^r_s r!truncate_to_issuer_and_appendz,ValidationPath.truncate_to_issuer_and_appends&"    & = =d C C H7**&dj$GGGG%dj$GGGG %e,,  LE5} ++'D,I+t/LLL', M$)LE,  H dj%0B,2B0B*C$OOOOr c|jdd}|jr||jt|j||S)Nr%r&r')r+r-appendr#r,)r.rG new_certss r!copy_and_appendzValidationPath.copy_and_append sQLO : )   TZ ( ( (ID    r ct|jdkrt|jdd|jd}}t|j||S)z Drop the leaf cert from this path and return a new path with the last intermediate certificate set as the leaf. rNri)lenr+ IndexErrorr#r,)r. new_intermrWs r!copy_and_drop_leafz!ValidationPath.copy_and_drop_leafsZ t|   ! ! #|CRC0$,r2BH JX    r c||_dSr2r$)r.policiess r!_set_qualified_policiesz&ValidationPath._set_qualified_policies!s#+   r c|jSr2rtr3s r!qualified_policiesz!ValidationPath.qualified_policies$s ''r attr_idcd|D}td|D}|sdStfd|DS)Nc6g|]}tj|Sr)r read_extension_value).0rGs r! z3ValidationPath.aa_attr_in_scope..(s0" " " 6:J +D 1 1" " " r c3K|]}|duV dSr2r)r}xs r! z2ValidationPath.aa_attr_in_scope..+s&MMq}MMMMMMr Tc3FK|]}||VdSr2)accept)r}ctrlrys r!rz2ValidationPath.aa_attr_in_scope..5sE#  G$$$### r )anyall)r.ryaa_controls_extensionsaa_controls_useds ` r!aa_attr_in_scopezValidationPath.aa_attr_in_scope's" " >B" " " MM6LMMMMM 42 r cBt|j|jrdndzS)Nr r)ror+r-r3s r!pkix_lenzValidationPath.pkix_len=s"4<  $:AA;;r cd|jzS)Nr )rr3s r!__len__zValidationPath.__len__As4=  r c|dkr;t|jdz}||kr|j|jS|j|dz St|jt r |jjStd)Nrr zRoot has no certificate)ror+r-r6r,rr7rE)r.keyleaf_ixs r! __getitem__zValidationPath.__getitem__Esx 77$,''!+Gg~~$*"8z!<a( (  O 4 4 9:) )788 8r include_rootc|jj}|rt|tr|jfnd}|j}t|t jr|fnd}tj ||j |S)z Iterate over the certificates in the path. :param include_root: Include the root (if it is supplied as a certificate) :return: An iterator. r) r,r5r6rr7r-r r8 itertoolschainr+)r.rr9 from_rootr' from_leafs r! iter_certszValidationPath.iter_certsTszz#  *41B C C T     z)$0@AAITGGr y$, BBBr c.|dS)NT)r)rr3s r!__iter__zValidationPath.__iter__gsD111r ct|tsdS|j|jko|j|jko|j|jkS)NF)r6r#r%r+r-)r.others r!__eq__zValidationPath.__eq__lsN%00 5  !3 3 *  - * ek) r )r0r#),rrr__doc__r$rrrr_path_aa_controlsrrr r8Leafr/propertyr%r:r'rrArCrHr rJrVr`rgrlrrrvrxr AttCertAttributeTypeboolrrrrrrrrrr r!r#r#'s AE)O"<=DDD ! )* tn    kXX,htnX x} (4+;"<     d&   X *(9"5**** 4    @# 4+;# t# # # # L.P$2B.P.P.P.P` D         ,,,(HY-G$H(((((@T,<<X<!!! 9 9 9CtC9I0JCCCC&222      r r#)r dataclassesrtypingrrrrr asn1cryptor r asn1_typesr r5r rrrutilrrrr8r?rr#rr r!rsb!!!!!!AAAAAAAAAAAAAA """""" 87777777 $" T s9 9:L L L L L L L L L L r