U ;g @sBddlmZddlmZddlmZddlmZGdddZdS))Optional)x509ValidationPath)ConsListc@sfeZdZdddeeeeedddZe ddZ e ed d d Z e j d d dZdddZdS) ValProcStateNF)ee_name_overrideis_side_validation)cert_path_stackrr cCs8|jdkrtdd|_||_t|p(|j|_||_dS)NzEmpty path stackr)head ValueErrorindexrbooltailr r )selfr rr r@/tmp/pip-unpacked-wheel-hgp_x7fx/pyhanko_certvalidator/_state.py__init__ s zValProcState.__init__cCs(ddlm}|jj}t||s"t|jS)z Length of the path being validated. .. note:: This is the path length in the sense of RFC 5280, i.e. the root doesn't count. rr)pyhanko_certvalidator.pathrr r isinstanceAssertionErrorZpkix_len)rrpathrrrpath_lens zValProcState.path_len)returncCs |j|jkS)N)r r)rrrr is_ee_cert)szValProcState.is_ee_cert)ee_certcCs<ddlm}|jD]$}|}|r|j|jkr|SqdS)a Helper method to avoid recursion in indirect CRL validation. There are some questionable-but-technically-valid CA setups where a CRL issuer is authorised to assert its own revocation status, which could cause a naive implementation to recurse. rrN)rrr Zget_ee_cert_safesha256)rrrrcertrrrcheck_path_verif_recursion-s    z'ValProcState.check_path_verif_recursioncCsf| }|jdkr |jdkr d}n2|js<||M}d|j}n|jdk rN|j}nd}|r^d|S|SdS)zy :return: A unicode string describing the position of a certificate in the chain N certificatezintermediate certificate zend-entity certificatezthe )r rr)rZ def_intermZ never_defprefixresultrrr describe_cert=s zValProcState.describe_cert)FF)__name__ __module__ __qualname__rrrstrrrpropertyrrr Certificaterr#rrrrr s  rN) typingrZ asn1cryptorrrZpyhanko_certvalidator.utilrrrrrrs