h6 ddlZddlZddlmZddlmZddlmZmZmZm Z m Z ddl m Z m Z mZddlmZddlmZmZddlmZmZgd ZGd d ejZed GddZGddeejZe deZdeedeefdZdZdeedeedededef dZ deej!fdZ"ed GddeZ#ed Gd d!eZ$e e%e j&e$fZ'e e%ej(e#fZ)d"ee'dee$fd#Z*d$ee)dee#fd%Z+dS)&N) dataclass)datetime)IterableListOptionalTypeVarUnion)algoscrlocsp) type_name)IssuedItemContainerValidationTimingParams)CertRevTrustPolicyFreshnessReqType)RevinfoUsabilityRatingRevinfoUsabilityRevinfoContainer OCSPContainer CRLContainersort_freshest_firstprocess_legacy_crl_inputprocess_legacy_ocsp_inputceZdZdZejZ ejZ ejZ ejZ e de fdZ dS)rzz Description of whether a piece of revocation information is considered usable in the circumstances provided. returnc6|tjtjfvS)zs Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. )rOKTOO_NEWselfs b/var/www/html/Sam_Eipo/venv/lib/python3.11/site-packages/pyhanko_certvalidator/revinfo/archival.py usable_adesz"RevinfoUsabilityRating.usable_ades=s" " % " *   N) __name__ __module__ __qualname____doc__enumautorSTALErUNCLEARpropertyboolr"r#r!rrs B DIKKEdikkGdikkG   T    X    r#rT)frozenc:eZdZUdZeed< dZeeed<dS)rz` Usability rating and cutoff date for a particular piece of revocation information. ratingNlast_usable_at) r$r%r&r'r__annotations__r2rrr.r#r!rrJsJ #"""*.NHX&---r#rcXeZdZdZdededefdZede e j fdZ dS)rz< A container for a piece of revocation information. policy timing_paramsrct)af Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. NotImplementedError)r r5r6s r! usable_atzRevinfoContainer.usable_atbs "!r#ct)z Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. r8rs r!revinfo_sig_mechanism_usedz+RevinfoContainer.revinfo_sig_mechanism_usedrs "!r#N) r$r%r&r'rrrr:r,rr SignedDigestAlgorithmr<r.r#r!rr]sz"("9O" """" " %- ."""X"""r#r RevInfoType)boundlstrc<dtfd}t||dS)aV Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. containerc|j}|du|fSN) issuance_date)rBdts r!_keyz!sort_freshest_first.._keys  $~r!!r#T)keyreverse)rsorted)r@rGs r!rrs5"("""" #4 . . ..r#cZ|j}| | ||kr||z }|t||z}|SrD) freshnessabs)r5 this_update next_updatetime_tolerancefreshness_deltas r!_freshness_deltarRsH&O  "{k'A'A)K7O"o..? r#rNrOr5r6cP|ttjS|j}|j}|jt jkr\t||||}|ttjS|j }||z |krttj ||zSn|jt j krUt||||}|ttjS|||z krttj ||zSn|jt j krn|ttjS|j }|s"|||z krttjS|||zkrttj ||zSntttjS)N)r2)rrr+validation_timerPfreshness_req_typerTIME_AFTER_SIGNATURErRbest_signature_timer*MAX_DIFF_REVOCATION_VALIDATIONDEFAULTretroactive_revinforr9r) rNrOr5r6rTrPrQsignature_poe_time retroactives r!_judge_revinfor]s  6 >???#3O"1N $4$III+ Kn    "#$:$BCC C*> + +o = =#&,*_<  > !  : ; ;+ Kn    "#$:$BCC C ?: : :#&,*_<  ;  "&6&> > >  #$:$BCC C0  D~1MMM#$:$BCC C [>9 9 9#&,*^;  : "! 25 6 66r#c||dj}|dkrdS|d}|djdkrdS|djS)Nresponse_status successfulresponse_bytes response_typebasic_ocsp_responseresponse)nativeparsed) ocsp_responsestatusras r!_extract_basic_ocsp_responserisT, - 4F t"#34No&-1FFFt * % ,,r#c"eZdZUdZejed< dZeed< e dejde dfdZ e de efdZd ed edefd Zde ejfd Zde ejfd Ze de ejfdZdS)rz) Container for an OCSP response. ocsp_response_datarindexrgrct}|gS|d}fdtt|dDS)a Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. Ntbs_response_datac2g|]}t|S))rkrl)r).0ixrgs r! z,OCSPContainer.load_multi..$s6    ]" E E E   r# responses)rirangelen)clsrgrc tbs_responses ` r! load_multizOCSPContainer.load_multisi";=II  &I*+>?     C [ 9::;;    r#cL|}|dS|djS)NrN)extract_single_responsere)r cert_responses r!rEzOCSPContainer.issuance_date)s,4466  4]+22r#r5r6c|}|ttjS|dj}|dj}t ||||S)NrNrOr5r6)rzrrr+rer])r r5r6r{rNrOs r!r:zOCSPContainer.usable_at1sj4466  #$:$BCC C#M29 #M29   '     r#c*t|jS)z Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). )rirkrs r!extract_basic_ocsp_responsez)OCSPContainer.extract_basic_ocsp_responseAs ,D,CDDDr#c|}|dS|d}t|d|jkrdS|d|jS)z^ Extract the unique ``SingleResponse`` value identified by the index. Nrnrs)rrurl)r rcrws r!rzz%OCSPContainer.extract_single_responseIs] #>>@@  &4*+>? |K( ) )TZ 7 74K(44r#cB|}|dn|dSNsignature_algorithm)r)r basic_resps r!r<z(OCSPContainer.revinfo_sig_mechanism_usedXs*5577 !)ttz:O/PPr#N)r$r%r&r'r OCSPResponser3rlint classmethodrrxr,rrrErrrr:BasicOCSPResponserSingleResponserzr r=r<r.r#r!rrs\))))E3NNN   - o    [ 43x1333X3 ( 9O     EXd6L-MEEEE 5$2E)F 5 5 5 5Q %- .QQQXQQQr#rceZdZUdZejed< dedede fdZ e de e fdZe dejfdZd S) rz< Container for a certificate revocation list (CRL). crl_datar5r6rcv|jd}|dj}|dj}t||||S)N tbs_cert_listrNrOr})rrer])r r5r6rrNrOs r!r:zCRLContainer.usable_atksJ o6 #M29 #M29  V=    r#c6|jd}|djS)NrrN)rre)r rs r!rEzCRLContainer.issuance_dateus o6 ]+22r#c|jdSr)rrs r!r<z'CRLContainer.revinfo_sig_mechanism_usedzs}233r#N)r$r%r&r'r CertificateListr3rrrr:r,rrrEr r=r<r.r#r!rr`s!!!! ( 9O     3x1333X34E,G444X444r#rcrlsc`g}|D]}t|trtj|}t|tjrt |}t|t r||tdt||S)z Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. zScrls must be a list of byte strings or asn1crypto.crl.CertificateList objects, not ) isinstancebytesr rloadrappend TypeErrorr )rnew_crlscrl_s r!rrsH   dE " " 2&++D11D dC/ 0 0 &%%D dL ) )  OOD ! ! ! !Q?HQQ  Or#ocspscg}|D]}t|trtj|}t|tjr0t |}||t|t r||tdt||S)z Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. zRocsps must be a list of byte strings or asn1crypto.ocsp.OCSPResponse objects, not ) rrr rrrrxextendrrr )r new_ocspsocsp_extrs r!rrsI   eU # # 2%**511E eT. / /  ++E22D   T " " " " } - -    U # # # #P=Fu=M=MPP  r#),abcr( dataclassesrrtypingrrrrr asn1cryptor r r pyhanko_certvalidator._typesr pyhanko_certvalidator.ltv.typesrr!pyhanko_certvalidator.policy_declrr__all__EnumrrABCrr>rrRr]rrirrrrLegacyCompatCRLrLegacyCompatOCSPrrr.r#r!rs !!!!!!;;;;;;;;;;;;;;''''''''''222222   ( ( ( ( ( TY( ( ( V $$"""""*CG"""@gm+;<<< /Xk2/tK7H////4G7(#G7(#G7 G7* G7  G7G7G7G7T - d$% - - - - $_Q_Q_Q_Q_Q$_Q_Q_QD $44444#444<s2L@A 1=@A ? # ,: $ % -r#