U c @s"ddlZddlZddlmZddlmZddlmZmZmZddl m Z m Z ddl m Z ddlmZddlmZmZdd lmZdd lmZmZdd lmZmZmZmZmZdd lmZm Z m!Z!m"Z"m#Z#m$Z$dd l%m&Z&m'Z'm(Z(ddl)m*Z*m+Z+m,Z,ddl-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7ddl8m9Z9m:Z:m;Z;dddddddgZZ?eej@dddZAee dddZBej@eCdd dZDGd!ddZEedd"d#gZFeeeFd$d%dZGeEd&d'd(ZHeEeeId)d*dZJd+d,ZKd2eEe e e ee7eIe:d.d/dZLd3eEe eeIe9d0d1dZMdS)4N) namedtuple)datetime)ListOptionalUnion)cmsx509)ValidationContext)ValidationPath)genericmisc)pdf_name) PdfFileReaderprocess_data_at_eof)DEFAULT_DIFF_POLICY DiffPolicy DiffResultModificationLevelSuspiciousModification) FieldMDPSpecMDPPermSeedLockDocumentSigSeedSubFilterSigSeedValFlagsSigSeedValueSpec)UnacceptableSignerErrorbyte_range_digestextract_signer_info)SignatureValidationErrorSigSeedValueValidationErrorValidationInfoReadingError)cms_basic_validationcollect_signer_attr_statuscollect_timing_infocompute_signature_tst_digestextract_certs_for_validationextract_self_reported_tsextract_tst_datavalidate_tst_signed_data)KeyUsageConstraints)DocumentTimestampStatusPdfSignatureStatusSignatureCoverageLevelEmbeddedPdfSignature DocMDPInforead_certification_dataasync_validate_pdf_signatureasync_validate_pdf_timestampreport_seed_value_validationextract_contentsreturncCsNz |d}Wntk r"YdSX|D] }|}|d|kr(|Sq(dS)Nz /Referencez/TransformMethod)KeyError get_object) signature_objmethodZsig_refsrefr<H/tmp/pip-unpacked-wheel-0kb_yl26/pyhanko/sign/validation/pdf_embedded.py_extract_reference_dictBs  r>c Csdt|d}|dkrdSz|dd}t|WSttfk r^}ztd|W5d}~XYnXdS)N/DocMDP/TransformParams/Pz#Failed to read document permissions)r>raw_getr ValueErrorr7r)r9r;Z raw_permser<r<r=_extract_docmdp_for_sigNs  rE) sig_objectr6cCsXz|jdtjjd}Wntk r4tdYnXt|tjtj fsRtd|j S)z Internal function to extract the (DER-encoded) signature bytes from a PDF signature dictionary. :param sig_object: A signature dictionary. :return: The extracted contents as a byte string. z /Contents)Zdecryptz+Could not read /Contents entry in signaturez/Contents must be string-like) rBr ZEncryptedObjAccessZRAWr7r PdfReadError isinstanceZTextStringObjectZByteStringObjectoriginal_bytes)rF cms_contentr<r<r=r4[s    c@seZdZUdZejed<ejed<ejed<e eje dddZ dd Z e eejd d d Ze eejd d dZe ejd ddZe ejd ddZe ddZe eed ddZe eejd ddZd0ddZed ddZe eed dd Z e ee!d d!d"Z"e ee#d d#d$Z$e%d d%d&Z&ee%d d'd(Z'e(d d)d*Z)d+d,Z*e+e,e-e.fd-d.d/Z/dS)1r.zA Class modelling a signature embedded in a PDF document. sig_fieldrF signed_data)readerrKfq_namec Csn||_t|tjr|}||_|d}||_}t|tjsHt z|d|_ Wnt k rvt dYnXt||_}tj|}|d}||_t||_d|_|jd} | dj|_|d} | dj} | d kr|j|_n(| d kr| djd } | d dj|_|jj|j|_d|_ d|_!d|_"d|_#|_$d |_%|_&d|_'d|_(d |_)||_*dS)Nz/Vz /ByteRangez,Could not read /ByteRange entry in signaturecontentZdigest_algorithm algorithmZencap_content_info content_typedataZtst_infoZmessage_imprintZhash_algorithmF)+rMrHr ZIndirectObjectr8rKrBrFDictionaryObjectAssertionError byte_ranger7r rGr4 pkcs7_contentrZ ContentInfoloadrLr signer_info _sd_cert_infoZnativelower md_algorithmexternal_md_algorithmparsedxrefsZget_last_change referencesigned_revisioncoverageexternal_digest total_len_docmdp _fieldmdp_docmdp_queried_fieldmdp_queriedtst_signature_digest diff_result_integrity_checkedrN) selfrMrKrNZsig_object_refrFrJmessagerLZ digest_algoZecirQmir<r<r=__init__sR            zEmbeddedPdfSignature.__init__cCs|jdkrt|j|_dS)N)rYr&rLrkr<r<r=_init_cert_infos z$EmbeddedPdfSignature._init_cert_infor5cCs|t|jjS)z2 Embedded attribute certificates. )rplistrYZattribute_certsror<r<r=embedded_attr_certssz(EmbeddedPdfSignature.embedded_attr_certscCs|t|jjS)zQ Embedded X.509 certificates, excluding than that of the signer. )rprqrYZ other_certsror<r<r=other_embedded_certssz)EmbeddedPdfSignature.other_embedded_certscCs||jjS)z, Certificate of the signer. )rprY signer_certror<r<r=rtsz EmbeddedPdfSignature.signer_certcCs|jdtdS)a Returns the type of the embedded signature object. For ordinary signatures, this will be ``/Sig``. In the case of a document timestamp, ``/DocTimeStamp`` is returned. :return: A PDF name object describing the type of signature. z/Type/Sig)rFgetr ror<r<r=sig_object_types z$EmbeddedPdfSignature.sig_object_typecCs|jS)zC :return: Name of the signature field. )rNror<r<r= field_nameszEmbeddedPdfSignature.field_namecCsFt|j}|dk r|Sz|jd}t|WStk r@YnXdS)z :return: The signing time as reported by the signer, if embedded in the signature's signed attributes. Nz/M)r'rXrFr Zparse_pdf_dater7)rktsZst_as_pdf_dater<r<r=self_reported_timestamps   z,EmbeddedPdfSignature.self_reported_timestampcCs t|jS)z :return: The signed data component of the timestamp token embedded in this signature, if present. )r(rXror<r<r=attached_timestamp_datasz,EmbeddedPdfSignature.attached_timestamp_dataNFcCsD|||||_|p(t}|s:|||_d|_dS)a Compute the various integrity indicators of this signature. :param diff_policy: Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`. :param skip_diff: If ``True``, skip the difference analysis step entirely. TN) _enforce_hybrid_xref_policycompute_digestcompute_tst_digestevaluate_signature_coveragerarevaluate_modificationsrirj)rk diff_policy skip_diffr<r<r=compute_integrity_infos   z+EmbeddedPdfSignature.compute_integrity_infocCs|jstd|j}|j}|j}d}|dk rdt|tr<|jntj }|tj kp^|dk o^|j |j k }n|t j krx|t j k}|||d}|S)a Compile the integrity information for this signature into a dictionary that can later be passed to :class:`.PdfSignatureStatus` as kwargs. This method is only available after calling :meth:`.EmbeddedPdfSignature.compute_integrity_info`. zGCall compute_integrity_info() before invokingsummarise_integrity_info()N)ra docmdp_okri)rjr docmdp_levelrirarHrZmodification_levelrOTHERvaluer-ENTIRE_REVISION ENTIRE_FILE)rkdocmdprirarZ mod_level status_kwargsr<r<r=summarise_integrity_info3s.    z-EmbeddedPdfSignature.summarise_integrity_infocCs0z|jd}Wntk r$YdSXt|S)Nz/SV)rKr7rfrom_pdf_object)rkZ sig_sv_dictr<r<r=seed_value_spec_s z$EmbeddedPdfSignature.seed_value_speccCs`|jr |jSt|jd}|dkrPz|jd}t|d}Wntk rNYnX||_d|_|S)av :return: The document modification policy required by this signature or its Lock dictionary. .. warning:: This does not take into account the DocMDP requirements of earlier signatures (if present). The specification forbids signing with a more lenient DocMDP than the one currently in force, so this should not happen in a compliant document. That being said, any potential violations will still invalidate the earlier signature with the stricter DocMDP policy. )r9Nz/LockrAT)rfrdrErFrKrr7)rkrZ lock_dictr<r<r=rgs  z!EmbeddedPdfSignature.docmdp_levelc Csx|jr |jSt|jd}d|_|dkr*dSzt|d}Wn0ttfk rl}ztd|W5d}~XYnX||_|S)z :return: Read the field locking policy of this signature, if applicable. See also :class:`~.pyhanko.sign.fields.FieldMDPSpec`. z /FieldMDPTNr@z!Failed to read /FieldMDP settings) rgrer>rFrrrCr7r)rkZref_dictsprDr<r<r=fieldmdps zEmbeddedPdfSignature.fieldmdpcCs6|jdk r|jSt|jj|j|jd\|_}||_|S)z Compute the ``/ByteRange`` digest of this signature. The result will be cached. :return: The digest value. N)rUr[)rbrrMstreamrUr\rcrkdigestr<r<r=r}s  z#EmbeddedPdfSignature.compute_digestcCs$|jdk r|jSt|j|_}|S)a Compute the digest of the signature needed to validate its timestamp token (if present). .. warning:: This computation is only relevant for timestamp tokens embedded inside a regular signature. If the signature in question is a document timestamp (where the entire signature object is a timestamp token), this method does not apply. :return: The digest value, or ``None`` if there is no timestamp token. N)rhr%rXrr<r<r=r~s   z'EmbeddedPdfSignature.compute_tst_digestcCs"|jj}|jj}t|jdks,|jddkr2tjS|j\}}}}|dtj t|j dd}|||}| |k} | rtj S|||k} | stjS|||j } z&t|} || } | | krtjWSWntjk rtjYSXt| dD]"}||}|j|krtjSqtjS)z Internal method used to evaluate the coverage level of a signature. :return: The coverage level of the signature. rr)rMr^rlenrUr-ZUNCLEARseekosSEEK_ENDrVtellrr`rZget_startxref_for_revisionZCONTIGUOUS_BLOCK_FROM_STARTr rGrangeZget_xref_container_infoZ end_locationr)rkZ xref_cacher_Zlen1Zstart2Zlen2Zembedded_sig_contentZsigned_zone_lenZ file_covered contiguousZ signed_revZ startxrefexpectedrevisionZ xref_metar<r<r=rs8          z0EmbeddedPdfSignature.evaluate_signature_coveragecCs |j}|jr|jjrtddS)NzJSettings do not permit validation of signatures in hybrid-reference files.)rMstrictr^Zhybrid_xrefs_presentr)rkrMr<r<r=r|s z0EmbeddedPdfSignature._enforce_hybrid_xref_policy)rr6cCsH|jtjkrtdS|jtjkr.ttjtS|j |j |j |j |j dS)zY Internal method used to evaluate the modification level of a signature. z$Nonstandard signature coverage level)Zfield_mdp_specdoc_mdp)rar-rrrrrNONEsetZ review_filerMr`rr)rkrr<r<r=rs  z+EmbeddedPdfSignature.evaluate_modifications)NF)0__name__ __module__ __qualname____doc__r rS__annotations__rZ SignedDatarstrrnrppropertyrZAttributeCertificateV2rrrZ CertificatersrtZ NameObjectrwrxrrrzr{rdictrrrrrrrbytesr}r~r-rr|rrrrrr<r<r<r=r.vsL     F   ,H Z permissionZ author_sig)rMr6cCs<z|jdd}Wntk r(YdSXt|}t||S)z Read the certification information for a PDF document, if present. :param reader: Reader representing the input document. :return: A :class:`.DocMDPInfo` object containing the relevant data, or ``None``. /Permsr?N)rootr7rEr/)rMZcertification_sigpermr<r<r=r03s )emb_sigc Cs|j}|j}|jdk rVz|j||Wn,tk rT}zt||W5d}~XYnX|sh|jrhtd|j}|jdk r,|j }z$|j j d}| d} | |j k} Wn ttjtfk rd} YnX|| krdd} td| |d| | d |r,|jj} |j} | | kr,td | d | d |j}|s._typezPThe seed value dictionary's /MDP entry specifies that this field should contain z signature, but z appears to have been used.zaThe seed value dictionary specified that this certification signature should use the MDP policy 'z', but 'z' was used in the signature. /SubFilterzPThe signature encodings mandated by the seed value dictionary are not supported.rzVThe seed value dictionary mandates subfilter '%s', but '%s' was used in the signature.zThe signature's seed value dictionary specifies the /AppearanceFilter entry as mandatory, but this constraint is impossible to validate.zpyHanko does not support legal attestations, but the seed value dictionary mandates that they be restricted to a specific subset.zrErr4r.r/r0rboolr3rr1r2r<r<r<r=s      (    7   ! m