U <ßôgWã@sxddlmZddlmZmZddlmZddlmZddl m Z m Z m Z e e edœdd„Zed d Gd d „d e ƒƒZd S)é)Ú dataclass)ÚOptionalÚSet)Úx509)ÚInvalidCertificateError)ÚConfigurableMixinÚprocess_bit_string_flagsÚ process_oids©ÚrequiredZpresentÚneed_allcCs|r|| St||@ƒSdS©N)Úboolr ©rúD/tmp/pip-unpacked-wheel-w101_d3s/pyhanko/sign/validation/settings.pyÚ _match_usagess rT)ÚfrozencsšeZdZUdZdZeeeed<dZ eeeed<dZ eeeed<dZ e ed<dZ e ed <ejd œd d „Zd d„Zdd„Ze‡fdd„ƒZ‡ZS)ÚKeyUsageConstraintsa5 Convenience class to pass around key usage requirements and validate them. Intended to be flexible enough to handle both PKIX and ISO 32000 certificate seed value constraint semantics. .. versionchanged:: 0.6.0 Bring extended key usage semantics in line with :rfc:`5280` (PKIX). NÚ key_usageÚkey_usage_forbiddenÚextd_key_usageTÚ explicit_extd_key_usage_requiredFÚmatch_all_key_usages)ÚcertcCs| |j¡| |j¡dSr )Ú_validate_key_usageZkey_usage_valueÚ_validate_extd_key_usageZextended_key_usage_value)ÚselfrrrrÚvalidatefs zKeyUsageConstraints.validatecCs²|js dS|jptƒ}|jp tƒ}|dk r4t|jƒntƒ}||@}|rjtdd„|ƒ}tdd |¡›dƒ‚|j}t|||ƒs®tdd„|ƒ}td|r–dnd ›d d |¡›d ƒ‚dS) NcSs | dd¡S©NÚ_ú ©Úreplace©ÚsrrrÚzóz9KeyUsageConstraints._validate_key_usage..zBThe active key usage policy explicitly bans certificates used for ú, Ú.cSs | dd¡Srr!r#rrrr%ƒr&z%The active key usage policy requires Úzat least one of zthe key usage extensions z to be present.) rÚsetrÚnativeÚmaprÚjoinrr)rZkey_usage_extension_valuerrZcert_kuZ forbidden_kuÚ rephrasedZ need_all_kurrrrjs(  ÿ ýÿ ÿz'KeyUsageConstraints._validate_key_usagecCs¨|jdkrdS|dk }|r$t|jƒntƒ}d|kr<|jsKeyUsageConstraints._validate_extd_key_usage..zRelevant key purposes are r'r(z,There are no acceptable extended key usages.zfThe extended key usages for which this certificate is valid do not match the active key usage policy. )rr*r+rrrr,r-)rZeku_extension_valueZhas_extd_key_usage_extZcert_ekurr.Zok_listrrrrŠs2 ÿÿþ ÿÿz,KeyUsageConstraints._validate_extd_key_usagec svtƒ |¡dD]6}| |d¡}|dk rtttj|| dd¡ƒƒ||<q| dd¡}|dk rrtttj |dƒƒ|d<dS)N)rrrú-rzextd-key-usage) ÚsuperÚprocess_entriesÚgetr*rrÚKeyUsager"r Z KeyPurposeId)ÚclsZ config_dictZkey_usage_settZaffected_flagsr©Ú __class__rrr1­s(   ýÿ  ÿÿz#KeyUsageConstraints.process_entries)Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrÚstrÚ__annotations__rrrrrrÚ CertificaterrrÚ classmethodr1Ú __classcell__rrr5rrs     #rN)Ú dataclassesrÚtypingrrZ asn1cryptorZpyhanko_certvalidator.errorsrZpyhanko.config.apirrr r*rrrrrrrÚs