U c'@sddlmZddlZddlmZddlmZmZmZm Z m Z m Z ddl m Z mZmZmZddlmZddlmZmZddlmZmZmZmZmZmZd d d d d dZdd dddZdd dddZdddddZ dd dddZ!dddd Z"dd!dd"d#Z#dd!dd$d%Z$dd!dd&d'Z%d(d)Z&dd*d+d,Z'dd*d-d.Z(d;ddd/d d d0d1d2Z)e d3Z*ed4d5Gd6d7d7ee*Z+e d8Z,Gd9d:d:ej-ee,Z.dS)<) annotationsN) dataclass) AsyncIteratorGenericListOptionalTypeVarUnion)algoscmscorex509) PublicKeyInfo)hashes serialization)dsaeced448ed25519paddingrsazx509.GeneralNamesstrz x509.Name)nameserr_msg_prefixreturncCsBztdd|D}Wn"tk r8t|dYnX|S)Ncss|]}|jdkr|jVqdS)Zdirectory_nameN)namechosen).0gnamer>/tmp/pip-unpacked-wheel-rwcmptg8/pyhanko_certvalidator/util.py s z#extract_dir_name..z>; only distinguished names are supported, and none were found.)next StopIterationNotImplementedErrorZuntag)rrrrrr extract_dir_names  r%zcms.AttributeCertificateV2) attr_certrcCsR|dd}|jdkr|j}n*|j}t|dtjs>|d}n tg}t|dS)Nac_infoissuerZv1_form issuer_namez Could not extract AC issuer name)rr isinstancer Voidr Z GeneralNamesr%)r&Z issuer_recZaa_namesZissuerv2rrr extract_ac_issuer_dir_name#s    r,z3Union[x509.Certificate, cms.AttributeCertificateV2])certrcCst|tjr|jSt|SdSN)r*r Certificater(r,r-rrr get_issuer_dn2s r1bytescCs:t|tjr|jSt|}d|j|ddjf}|SdS)Ns%s:%dr'Z serial_number)r*r r/ issuer_serialr,sha256native)r-r)Z result_bytesrrr r3;s  r3r&ext_namecs<z tfdd|ddDWStk r6YdSXdS)Nc3s&|]}|djkr|djVqdS)Zextn_idZ extn_valueN)r5parsed)rextr7rr r!Msz)get_ac_extension_value..r' extensions)r"r#r6rr:r get_ac_extension_valueIs   r<z$Optional[x509.CRLDistributionPoints])dpsccsX|dkr dS|D]B}|d}t|tjr*q|jdkr6q|jD]}|jdkr<|VqZdistribution_point_nameZ general_namerrr _get_absolute_http_crlsVs    r@zList[x509.DistributionPoint]cCst|d}tt|S)Ncrl_distribution_pointsr<listr@)r&Zdps_extrrr _get_ac_crl_dpsis rDcCst|d}tt|S)NZ freshest_crlrB)r&Z delta_dps_extrrr _get_ac_delta_crl_dpsps rEcCsLt|tj}|rt|j}nt|}|rH|r:||jn|t||Sr.) r*r r/rCrArDextendZdelta_crl_distribution_pointsrE)r-Z use_deltasZis_pkcsourcesrrr get_relevant_crl_dpsws  rHccsV|dkr dS|D]@}|djdkr|d}|jdkr6q|j}|dr|VqdS)N access_methodocspZaccess_locationr?)zhttp://zhttps://)r5rlower startswith)Zaia_extentrylocationurlrrr _get_http_ocsp_urlss rPr0cCs*t|tjr|j}n t|d}tt|S)Nauthority_information_access)r*r r/"authority_information_access_valuer<rCrP)r-aiarrr get_ocsp_urlss  rTcCs^t|tjr|j}|j}nt|d}t|d}|dk }|dk rRtdd|D}nd}||fS)NrQrAcss|]}|djdkVqdS)rIrJN)r5)rrMrrr r!sz'get_declared_revinfo..F)r*r r/rRZcrl_distribution_points_valuer<any)r-rSZcrl_dpsZhas_crlZhas_ocsprrr get_declared_revinfos   rVr) signature signed_datapublic_key_infosig_algo hash_algocCshddlm}m}|dkr2|ddjdkr2|d|jdkr|}t|tjsTt |ddj}|dk r|||jkr||ddd i|d<t | } |d krt| t jst tt|} | ||t| n|dkrt| t jst t|tjst |d } | djd ks"td | ddj} |dj} tt| }tjtj|d| d}tt|}| ||||n|dkrt| tjst tt|}| |||n|dkrt| tjst tt|}| ||t|nd|dkr*t| tjst | ||n:|dkrTt| tj sFt | ||ntd|ddS)N)DSAParametersUnavailablePSSParameterMismatchr algorithm parametersz,DSA public key parameters were not provided.Z rsassa_psszPPublic key info includes PSS parameters that do not match those on the signaturerZrsassa_pkcs1v15Zmask_gen_algorithmZmgf1zOnly MFG1 is supported salt_length)r_)ZmgfraZecdsarrzSignature mechanism z is not supported.)!errorsr]r^r5r_copyr*r ZRSASSAPSSParamsAssertionErrorrZload_der_public_keydumprZ RSAPublicKeygetattrrupperverifyrZPKCS1v15r$ZPSSZMGF1rZ DSAPublicKeyrZEllipticCurvePublicKeyZECDSArZEd25519PublicKeyrZEd448PublicKey)rWrXrYrZr[r`r]r^Zpss_key_paramsZpub_keyhZmgaZ mgf_md_nameZsalt_lenZmgf_mdZ pss_paddingZ hash_specrrr validate_sigsl          rjListElemT)frozenc@speZdZUded<dZded<edddd Zed dd d d ZddZd ddddZ ddZ ddZ dS)ConsListzOptional[ListElem]headNzOptional[ConsList[ListElem]]tailzConsList[ListElem])rcCs tddS)Nrnrmrrrr emptyszConsList.emptyrk)valuercCst|tSr.)rmrr)rsrrr singsz ConsList.singccs"|}|jdk r|jV|j}qdSr.)rnro)selfcurrrr __iter__s zConsList.__iter__)rnrcCs t||Sr.rq)rurnrrr cons%sz ConsList.conscCsdttt|dS)Nz ConsList())rCreversedrurrr __repr__(szConsList.__repr__cCs |jdk Sr.rpr{rrr __bool__+szConsList.__bool__) __name__ __module__ __qualname____annotations__ro staticmethodrrrtrwrxr|r}rrrr rms  rmTc@seZdZddZdS)CancelableAsyncIteratorcstdSr.)r$r{rrr cancel3szCancelableAsyncIterator.cancelN)r~rrrrrrr r2sr)N)/ __future__rabcZ dataclassesrtypingrrrrrr Z asn1cryptor r r r Zasn1crypto.keysrZcryptography.hazmat.primitivesrrZ)cryptography.hazmat.primitives.asymmetricrrrrrrr%r,r1r3r<r@rDrErHrPrTrVrjrkrmrABCrrrrr s4        J