U ;g*@sddlmZddlmZmZmZddlmZddlm Z ddl m Z de e eddd d Zd d Zeeje d ddZe e dddZeddddZGdddZGdddeZdS)) defaultdict)IterableOptionalSet)x509) ValProcState)PathValidationErrorPolicyTreeRoot)valid_policy_treedepthany_policy_uninhibitedreturnc Csd}t}|D]}|dj}|dkr*|}q|||d}d} d} ||dD]2} | jdkrd| } || jkrpqRd} | |||hqR| s| r| |||hq|r|r||dD],} | jD] } | |kr| | |d| hqqt||d}|S)zO Internal method to update the policy tree during RFC 5280 validation. Npolicy_identifier any_policypolicy_qualifiersFrT)setnativeaddat_depth valid_policyexpected_policy_set add_child_prune_policy_tree) Zcertificate_policiesr r r cert_any_policyZcert_policy_identifierspolicyrrZpolicy_id_matchZparent_any_policynodeZexpected_policy_identifierrE/tmp/pip-unpacked-wheel-hgp_x7fx/pyhanko_certvalidator/policy_tree.pyupdate_policy_tree sN      rcCs0||D]}|js |j|q |js,d}|SN)walk_upchildrenparent remove_child)r r rrrrrGs r)mappings proc_statecCs`tt}|D]N}|dj}|dj}||||dksB|dkr td|d|q |S)z Internal function to process policy mapping extension values into a Python dictionary mapping issuer domain policies to the corresponding policies in the subject policy domain. issuer_domain_policysubject_domain_policyrz(The path could not be validated because z/ contains a policy mapping for the "any policy")rrrrr Z from_stateZ describe_cert)r%r& policy_mapmappingr'r(rrrenumerate_policy_mappingsPs  r+)r policy_mapping_uninhibitedc Cs|D]\}}|rjd}d}||D]&}|jdkr8|}|j|kr&d}||_q&|s|r|j||j|q||D]}|j|krt|j|qtt||d}q|S)z Internal function to apply the policy mapping to the current policy tree in accordance with the algorithm in RFC 5280. FNrTr) itemsrrrr#r qualifier_setr$r) r)r r r,r'Zsubject_domain_policiesZissuer_domain_policy_matchrrrrrapply_policy_mappingns*   r/rc st|fdd}t|}z\tdd||D}|j}|dk sPt|j}|D]}||||hq^||Wnt k rYnXt ||dS)Nc3s8D].}|j}|dks|kr&|Vq|j|qdS)Nr)rr#r$) policy_nodeZ policy_idacceptable_policiesZvalid_policy_node_setrr_filter_acceptables z7prune_unacceptable_policies.._filter_acceptablecss|]}|jdkr|VqdS)rN)r).0r1rrr s z.prune_unacceptable_policies..r) rnodes_in_current_domainnextrr#AssertionErrorr.rr$ StopIterationr) path_lengthr r3r4Zvalid_and_acceptableZfinal_any_policyZwildcard_parentZwildcard_qualsZacceptable_policyrr2rprune_unacceptable_policiess(    r<c@s`eZdZdZeddZddZddZdd Ze d d d d Z ddZ e d d ddZ dS)r zH A generic policy tree node, used for the root node in the tree cCst}|||||S)aq Accepts values for a PolicyTreeNode that will be created at depth 0 :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs )r r)clsrr.rrootrrrinit_policy_treeszPolicyTreeRoot.init_policy_treecCsd|_g|_dSr )r#r")selfrrr__init__szPolicyTreeRoot.__init__cCs"t|||}||_|j|dS)ab Creates a new PolicyTreeNode as a child of this node :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)PolicyTreeNoder#r"append)r@rr.rchildrrrrs zPolicyTreeRoot.add_childcCs|j|dS)zq Removes a child from this node :param child: An instance of PolicyTreeNode N)r"remover@rDrrrr$szPolicyTreeRoot.remove_childrBr0ccs>t|jD].}|dkr|Vq ||dD] }|Vq,q dS)z Returns a generator yielding all nodes in the tree at a specific depth :param depth: An integer >= 0 of the depth of nodes to yield :return: A generator yielding PolicyTreeNode objects rrN)listr"rr@r rDZ grandchildrrrrs zPolicyTreeRoot.at_depthccs<t|jD],}|dkr0||dD] }|Vq$|Vq dS)aW Returns a generator yielding all nodes in the tree at a specific depth, or above. Yields nodes starting with leaves and traversing up to the root. :param depth: An integer >= 0 of the depth of nodes to walk up from :return: A generator yielding PolicyTreeNode objects rrN)rGr"r!rHrrrr!s zPolicyTreeRoot.walk_upccs.|jD]"}|V|jdkr|EdHqdS)zy Returns a generator yielding all nodes in the tree that are children of an ``any_policy`` node. rN)r"rr7rFrrrr7!s  z&PolicyTreeRoot.nodes_in_current_domainN) __name__ __module__ __qualname____doc__ classmethodr?rArr$rrr!r7rrrrr s  cs8eZdZdZeejeedfdd ZddZ Z S)rBzD A policy tree node that is used for all nodes but the root )rr.rcs t||_||_||_dS)a$ :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)superrArr.r)r@rr.r __class__rrrA2s zPolicyTreeNode.__init__ccs|}|dk r|V|j}qdSr )r#)r@rrrr path_to_rootHszPolicyTreeNode.path_to_root) rIrJrKrLstrrZPolicyQualifierInfosrrArQ __classcell__rrrOrrB-s rBN) collectionsrtypingrrrZ asn1cryptor_statererrorsr intboolrrZ PolicyMappingr+r/r<r rBrrrrs(     =   ' 2h