U cI@sddlZddlZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZmZdd lmZd gZeeZeed ddZdeeeeeeeeddd ZdS)N)datetimetimezone)Optional)CertValidationPolicySpecValidationDataHandlers)ValidationError)PastValidatePrecheckFailureTimeSlideFailure) time_slide)ValidationTimingInfo)ValidationPath) NO_REVOCATIONCertRevTrustPolicy)async_validate_path past_validate)pathvalidation_policy_specc st|jdd}tdd|D}tdd|D}||krDtdt||dd}tj|tt d d j |dd }zt |||j IdHWn,t k r}ztd |W5d}~XYnXdS) NF)Z include_rootcss|] }|jVqdSN)Znot_valid_before.0crG/tmp/pip-unpacked-wheel-rwcmptg8/pyhanko_certvalidator/ltv/ades_past.py $sz*_past_validate_precheck..css|] }|jVqdSr)Znot_valid_afterrrrrr%sz`The intersection of the validity periods of the certificates in the path is empty or degenerate.TZvalidation_timebest_signature_timeZpoint_in_time_validation)Zrevocation_checking_policy)revinfo_policyZ timing_infohandlersz\Elementary path validation routine failed during pre-check for past point-in-time validation)listZ iter_certsmaxminrr dataclassesreplacerr build_validation_contextrpkix_validation_paramsr)rrcertsZ lower_boundZ upper_boundref_timevalidation_contexterrr_past_validate_prechecksB r*)rrvalidation_data_handlersinit_control_timerreturnc st||IdHzN|p"tjtjd}t|||j|j|j|j dIdH}t d| |Wn6t k r}ztd| |W5d}~XYnXt||p|dd}|j||d}t|||jd IdH|S) u Execute the ETSI EN 319 102-1 past certificate validation algorithm against the given path (ETSI EN 319 102-1, § 5.6.2.1). Instead of merely evaluating X.509 validation constraints, the algorithm will perform a full point-in-time reevaluation of the path at the control time mandated by the specification. This implies that a caller implementing the past signature validation algorithm no longer needs to explicitly reevaluate CA certificate revocation times and/or algorithm constraints based on POEs. .. warning:: This is incubating internal API. :param path: The prospective validation path against which to execute the algorithm. :param validation_policy_spec: The validation policy specification. :param validation_data_handlers: The handlers used to manage collected certificates,revocation information and proof-of-existence records. :param init_control_time: Initial control time; defaults to the current time. :param best_signature_time: Usage time to use in freshness computations. :return: The control time returned by the time sliding algorithm. Informally, the last time at which the certificate was known to be valid. N)tz)r,Zrev_trust_policyZalgo_usage_policytime_tolerancerevinfo_managerzAAdES time slide yields %s as the control time for path with leaf zKFailed to get control time for point-in-time validation for path with leaf Trr) parameters)r*rnowrutcr rZalgorithm_usage_policyr/r0loggerinfoZ describe_leafrr r r$rr%) rrr+r,rZ control_timer)r'r(rrrrGsN&     )NN)r"loggingrrtypingrZpyhanko_certvalidator.contextrrZpyhanko_certvalidator.errorsrZ pyhanko_certvalidator.ltv.errorsrr Z$pyhanko_certvalidator.ltv.time_slider Zpyhanko_certvalidator.ltv.typesr Zpyhanko_certvalidator.pathr Z!pyhanko_certvalidator.policy_declr rZpyhanko_certvalidator.validater__all__ getLogger__name__r4r*rrrrrs4        1