U c @s ddlmZddlmZddlmZmZddlmZddlm Z ddl m Z ddl m Z mZddlmZdd lmZdd lmZdd lmZmZd d lmZd dlmZmZmZmZmZddl m!Z!m"Z"e#dddhZ$ee$Z%de%dfe&e&ej'ej(e)eeeedddZ*ej+dddZ,dS))datetime)Optional)cmsx509) serialization)padding) DSAPublicKey)ECDSAEllipticCurvePublicKey)Ed448PublicKey)Ed25519PublicKey) RSAPublicKey)AlgorithmUsagePolicyDisallowWeakAlgorithmsPolicy)AdESIndeterminate)MultivaluedAttributeErrorNonexistentAttributeErrorfind_unique_cms_attributeget_pyca_cryptography_hashprocess_pss_params)DisallowedAlgorithmErrorSignatureValidationErrorsha1md5Zmd2FN) signature signed_datacertsignature_algorithm md_algorithmalgorithm_policy time_indiccCs&|dk r\|j|||jd}|s\d|djd} |jdk rJ| d|j7} t| |jdkdztd|ji} Wnt k rd} YnXtd|i} | dk r| | krt d| djd |djt j d t||d } t|j } |j}|d kr(t| tst| ||t| n|d krjt| tsBtt|d||d \}}| ||||n|dkrt| tst| ||| n|dkrt| tst| ||t| n`|dkrt| tst| ||n8|dkrt| tst| ||ntd|ddS)z1 Validate a raw signature. Internal API. N)Zmoment public_keyzSignature algorithm algorithmz, is not allowed by the current usage policy.z Reason: )Z permanentzDigest algorithm z5 does not match value implied by signature algorithm )Zades_subindication) prehashedZrsassa_pkcs1v15Z rsassa_pss parametersZdsaZecdsaZed25519Zed448zSignature mechanism z is not supported.)Zsignature_algorithm_allowedr#nativeZfailure_reasonrZnot_allowed_afterrZDigestAlgorithm hash_algo ValueErrordumprrZCRYPTO_CONSTRAINTS_FAILURErrZload_der_public_keyZsignature_algo isinstancer AssertionErrorverifyrZPKCS1v15rrr r r r NotImplementedError)rrrrr r%r!r"Zsig_algo_allowedmsgZ sig_hash_algoZ hash_algo_objZ verify_mdZpub_keyZsig_algoZ pss_paddingr(r0A/tmp/pip-unpacked-wheel-0kb_yl26/pyhanko/sign/validation/utils.py validate_raw$sx            r2) signer_infoc Cs<zt|dd}|jWSttfk r6tdYnXdS)NZ signed_attrsZmessage_digestzUMessage digest not found in signature, or multiple message digest attributes present.)rr'rrr)r3Zembedded_digestr0r0r1extract_message_digestssr4)-rtypingrZ asn1cryptorrZcryptography.hazmat.primitivesrZ)cryptography.hazmat.primitives.asymmetricrZ-cryptography.hazmat.primitives.asymmetric.dsarZ,cryptography.hazmat.primitives.asymmetric.ecr r Z/cryptography.hazmat.primitives.asymmetric.ed448r Z1cryptography.hazmat.primitives.asymmetric.ed25519r Z-cryptography.hazmat.primitives.asymmetric.rsar Z!pyhanko_certvalidator.policy_declrrZ ades.reportrZgeneralrrrrrerrorsrr frozensetZDEFAULT_WEAK_HASH_ALGORITHMSZDEFAULT_ALGORITHM_USAGE_POLICYbytesZ CertificateZSignedDigestAlgorithmstrr2Z SignerInfor4r0r0r0r1s:          O