U ;gm7@sddlZddlZddlmZddlmZddlmZmZmZm Z m Z ddl m Z m Z mZddlmZddlmZmZddlmZmZmZd d d d d dddgZGdd d ejZeddGdd d ZGdd d eejZe dedZeeeedddZddZ eeeeeeedddZ!eej"dd d!Z#eddGd"d d eZ$eddGd#d d eZ%e e&e j'e%fZ(e e&ej)e$fZ*ee(ee%d$d%dZ+ee*ee$d&d'dZ,dS)(N) dataclass)datetime)IterableListOptionalTypeVarUnion)algoscrlocsp) type_name)IssuedItemContainerValidationTimingParams)#FRESHNESS_FALLBACK_VALIDITY_DEFAULTCertRevTrustPolicyFreshnessReqTypeRevinfoUsabilityRatingRevinfoUsabilityRevinfoContainer OCSPContainer CRLContainersort_freshest_firstprocess_legacy_crl_inputprocess_legacy_ocsp_inputc@sBeZdZdZeZeZeZeZ e e dddZ dS)rzz Description of whether a piece of revocation information is considered usable in the circumstances provided. returncCs|tjtjfkS)zs Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. )rOKTOO_NEWselfr J/tmp/pip-unpacked-wheel-hgp_x7fx/pyhanko_certvalidator/revinfo/archival.py usable_ades>sz"RevinfoUsabilityRating.usable_adesN) __name__ __module__ __qualname____doc__enumautorSTALErUNCLEARpropertyboolr"r r r r!r sT)frozenc@s*eZdZUdZeed<dZeeed<dS)rz` Usability rating and cutoff date for a particular piece of revocation information. ZratingNlast_usable_at) r#r$r%r&r__annotations__r.rrr r r r!rKs c@s:eZdZdZeeedddZee e j dddZ dS) rz< A container for a piece of revocation information. policy timing_paramsrcCstdS)af Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. NNotImplementedError)rr1r2r r r! usable_atcszRevinfoContainer.usable_atrcCstdS)z Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. Nr3rr r r!revinfo_sig_mechanism_usedssz+RevinfoContainer.revinfo_sig_mechanism_usedN) r#r$r%r&rrrr5r+rr SignedDigestAlgorithmr6r r r r!r^s  RevInfoType)bound)lstrcCstddd}t||ddS)aV Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. ) containercSs|j}|dk |fSN) issuance_date)r;dtr r r!_keysz!sort_freshest_first.._keyT)keyreverse)rsorted)r:r?r r r!rs  cCs>|j}|dkr&|dk r&||kr&||}|dk r:t||}|Sr<)Z freshnessabs)r1 this_update next_updatetime_tolerancefreshness_deltar r r!_freshness_deltas rH)rDrEr1r2rc Cs*|dkrttjS|j}|j}|jtjkrpt||||}|dkrJttjS|j }|||krnttj ||dSn|jtj krt||||}|dkrttjS|||krttj ||dSnd|jtj kr|dkr|t }|j}|s|||krttjS|||kr ttj ||dSntttjS)N)r.)rrr*validation_timerFZfreshness_req_typerZTIME_AFTER_SIGNATURErHZbest_signature_timer)ZMAX_DIFF_REVOCATION_VALIDATIONDEFAULTrZretroactive_revinforr4r) rDrEr1r2rIrFrGZsignature_poe_timeZ retroactiver r r!_judge_revinfosb       rKrcCs:|dj}|dkrdS|d}|djdkr0dS|djS)Nresponse_statusZ successfulresponse_bytesZ response_typebasic_ocsp_responseresponse)nativeparsed) ocsp_responsestatusrMr r r!_extract_basic_ocsp_responses rTc@seZdZUdZejed<dZeed<e eje ddddZ e e edd d Zeeed d d Ze ejdddZe ejdddZe e ejdddZdS)rz) Container for an OCSP response. ocsp_response_datarindex)rRrcs:t}|dkrgS|d}fddtt|dDS)a Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. Ntbs_response_datacsg|]}t|dqS))rUrV)r).0ixrRr r! *sz,OCSPContainer.load_multi.. responses)rTrangelen)clsrRrN tbs_responser rZr! load_multis zOCSPContainer.load_multircCs|}|dkrdS|djS)NrD)extract_single_responserP)r cert_responser r r!r=/szOCSPContainer.issuance_dater0cCs>|}|dkrttjS|dj}|dj}t||||dS)NrDrEr1r2)rbrrr*rPrK)rr1r2rcrDrEr r r!r57s   zOCSPContainer.usable_atcCs t|jS)z Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). )rTrUrr r r!extract_basic_ocsp_responseGsz)OCSPContainer.extract_basic_ocsp_responsecCs@|}|dkrdS|d}t|d|jkr2dS|d|jS)z^ Extract the unique ``SingleResponse`` value identified by the index. NrWr\)rer^rV)rrNr`r r r!rbOsz%OCSPContainer.extract_single_responsecCs|}|dkrdS|dSNsignature_algorithm)re)rZ basic_respr r r!r6^sz(OCSPContainer.revinfo_sig_mechanism_usedN)r#r$r%r&r OCSPResponser/rVint classmethodrrar+rrr=rrrr5BasicOCSPResponsereZSingleResponserbr r7r6r r r r!rs$    c@sXeZdZUdZejed<eee dddZ e e e dddZe ejdd d Zd S) rz< Container for a certificate revocation list (CRL). crl_datar0cCs.|jd}|dj}|dj}t||||dS)N tbs_cert_listrDrErd)rlrPrK)rr1r2rmrDrEr r r!r5qs   zCRLContainer.usable_atrcCs|jd}|djS)NrmrD)rlrP)rrmr r r!r={s zCRLContainer.issuance_datecCs |jdSrf)rlrr r r!r6sz'CRLContainer.revinfo_sig_mechanism_usedN)r#r$r%r&r CertificateListr/rrrr5r+rrr=r r7r6r r r r!rfs   )crlsrcCsdg}|D]V}t|tr"tj|}t|tjr6t|}t|trL||qtdt|q|S)z Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. zScrls must be a list of byte strings or asn1crypto.crl.CertificateList objects, not ) isinstancebytesr rnloadrappend TypeErrorr )roZnew_crlsZcrl_r r r!rs       )ocspsrcCsrg}|D]d}t|tr"tj|}t|tjrDt|}||qt|trZ||qt dt |q|S)z Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. zRocsps must be a list of byte strings or asn1crypto.ocsp.OCSPResponse objects, not ) rprqr rhrrrraextendrsrtr )ruZ new_ocspsZocsp_Zextrr r r!rs         )-abcr' dataclassesrrtypingrrrrrZ asn1cryptor r r Zpyhanko_certvalidator._typesr Zpyhanko_certvalidator.ltv.typesr rZ!pyhanko_certvalidator.policy_declrrr__all__EnumrrABCrr8rrHrKrkrTrrrqrnZLegacyCompatCRLrhZLegacyCompatOCSPrrr r r r!sX    +   Q b