U ;g^"@sddlZddlmZddlmZddlmZmZddlm Z ddl m Z edd Gd d d Z Gd d d ej ZGdddZeje dddZGdddeZGdddeZGdddeZdS)N) dataclass)Optional)keysx509)process_general_subtrees)PKIXValidationParamsT)frozenc@sBeZdZUdZdZeded<dZeeed<dZ eeed<dS)TrustQualifierszY .. versionadded 0.20.0 Parameters that allow a trust root to be qualified. Nrstandard_parametersmax_path_lengthmax_aa_path_length) __name__ __module__ __qualname____doc__r r__annotations__r intr rrC/tmp/pip-unpacked-wheel-hgp_x7fx/pyhanko_certvalidator/authority.pyr s r c@s|eZdZdZeejdddZeej dddZ eddZ d d Z d d Z eeedd dZejedddZdS) AuthorityzM .. versionadded:: 0.20.0 Abstract authority, i.e. a named key. returncCstdS)z' The authority's name. NNotImplementedErrorselfrrrname/szAuthority.namecCstdS)z- The authority's public key. Nrrrrr public_key6szAuthority.public_keycCstdS)zm A hashable unique identifier of the authority, used in ``__eq__`` and ``__hash__``. Nrrrrrhashable=szAuthority.hashablecCs t|jSN)hashrrrrr__hash__EszAuthority.__hash__cCst|tsdS|j|jkS)NF) isinstancerrrotherrrr__eq__Hs zAuthority.__eq__cCstdS)z Key ID as (potentially) referenced in an authorityKeyIdentifier extension. Only used to eliminate non-matching trust anchors, never to retrieve keys or to definitively identify trust anchors. Nrrrrrkey_idNszAuthority.key_idcertrcCs0|j|jkrdS|jr,|jr,|j|jkr,dSdS)z Function to determine whether this trust root could potentially be an issuer of a given certificate. This function is used during path building. :param cert: The certificate to evaluate. FT)issuerrZauthority_key_identifierr'rr)rrris_potential_issuer_ofWs   z Authority.is_potential_issuer_ofN)rrrrpropertyrNamerr PublicKeyInforrr"r&rbytesr' Certificateboolr,rrrrr(s rc@sZeZdZdZdeeedddZeedddZ eedd d Z d d Z d dZ dS) TrustAnchorz Abstract trust root. A trust root is an authority with trust qualifiers. Equality of trust roots reduces to equality of authorities. N) authorityqualscCs||_||_dSr ) _authority_quals)rr4r5rrr__init__nszTrustAnchor.__init__rcCs|jSr )r6rrrrr4tszTrustAnchor.authoritycCs |jp tS)z0 Qualifiers for the trust root. )r7r rrrrtrust_qualifiersxszTrustAnchor.trust_qualifierscCst|to|j|jkSr )r#r3r6r$rrrr&s  zTrustAnchor.__eq__cCs t|jSr )r!r6rrrrr"szTrustAnchor.__hash__)N) rrrrrrr r8r-r4r9r&r"rrrrr3hs r3r(c Csd}d}}|jdk rXd}|j}|d}t|tjrsz*derive_quals_from_cert..Z any_policy)Zuser_initial_policy_setZinitial_explicit_policyZinitial_permitted_subtreesZinitial_excluded_subtrees)r r ) Zname_constraints_valuer#rZGeneralSubtreesrZcertificate_policies_value frozensetrr r ) r)Z ext_foundr:r;Znc_extZ permitted_valZ excluded_valZacceptable_policiesZ policies_valparamsrrrderive_quals_from_certs<       rAcseZdZdZejdddZeejdddZ edd Z ed d Z ee e dd d ZeejdddZejdfdd ZZS)AuthorityWithCertzz .. versionadded:: 0.20.0 Authority provisioned as a certificate. :param cert: The certificate. )r)cCs ||_dSr _certr+rrrr8szAuthorityWithCert.__init__rcCs|jjSr )rDsubjectrrrrrszAuthorityWithCert.namecCs|jjSr )rDrrrrrrszAuthorityWithCert.public_keycCs|j}|jj|jfSr )rDrErrdumpr+rrrrszAuthorityWithCert.hashablecCs|jjSr )rDkey_identifierrrrrr'szAuthorityWithCert.key_idcCs|jSr rCrrrr certificateszAuthorityWithCert.certificatecs,t|sdS|jr(|j|jjkr(dSdS)NFT)superr,Zauthority_issuer_serialrDZ issuer_serialr+ __class__rrr,s  z(AuthorityWithCert.is_potential_issuer_of)rrrrrr1r8r-r.rrrrr0r'rHr, __classcell__rrrJrrBs   rBcsXeZdZdZd ejeeedfdd Z e ejddd Z e edd d Z Z S) CertTrustAnchora .. versionadded:: 0.20.0 Trust anchor provisioned as a certificate. :param cert: The certificate, usually self-signed. :param quals: Explicit trust qualifiers. :param derive_default_quals_from_cert: Flag indicating to derive default trust qualifiers from the certificate content if explicit ones are not provided. Defaults to ``False``. NF)r)r5derive_default_quals_from_certcs&t|}||_t||||_dSr )rBrDrIr8_derive)rr)r5rNr4rJrrr8szCertTrustAnchor.__init__rcCs|jSr rCrrrrrHszCertTrustAnchor.certificatecCs4|jdk r|jS|jr*t|j|_}|StSdSr )r7rOrArDr )rr5rrrr9 s  z CertTrustAnchor.trust_qualifiers)NF)rrrrrr1rr r2r8r-rHr9rLrrrJrrMs rMc@sfeZdZdZejejdddZe ejdddZ e dd Z e e e dd d Ze d d ZdS)NamedKeyAuthorityz Authority provisioned as a named key. :param entity_name: The name of the entity that controls the private key of the trust root. :param public_key: The trust root's public key. ) entity_namercCs||_||_dSr )_name _public_key)rrQrrrrr8 szNamedKeyAuthority.__init__rcCs|jSr )rRrrrrr$szNamedKeyAuthority.namecCs|jSr )rSrrrrr(szNamedKeyAuthority.public_keycCsdSr rrrrrr',szNamedKeyAuthority.key_idcCs|jj|jfSr )rRrrSrFrrrrr0szNamedKeyAuthority.hashableN)rrrrrr.rr/r8r-rrrr0r'rrrrrrPs  rP)abc dataclassesrtypingrZ asn1cryptorrZ name_treesrZ policy_declrr ABCrr3r1rArBrMrPrrrrs    @!9+)