U cA8@sddlZddlZddlmZddlmZddlmZmZmZm Z m Z ddl m Z m Z mZddlmZddlmZmZddlmZmZd d d d d dddgZGdd d ejZeddGdd d ZGdd d eejZe dedZeeeedddZddZeeeeeeedddZ eej!dd d!Z"eddGd"d d eZ#eddGd#d d eZ$e e%e j&e$fZ'e e%ej(e#fZ)ee'ee$d$d%dZ*ee)ee#d&d'dZ+dS)(N) dataclass)datetime)IterableListOptionalTypeVarUnion)algoscrlocsp) type_name)IssuedItemContainerValidationTimingParams)CertRevTrustPolicyFreshnessReqTypeRevinfoUsabilityRatingRevinfoUsabilityRevinfoContainer OCSPContainer CRLContainersort_freshest_firstprocess_legacy_crl_inputprocess_legacy_ocsp_inputc@sBeZdZdZeZeZeZeZ e e dddZ dS)rzz Description of whether a piece of revocation information is considered usable in the circumstances provided. returncCs|tjtjfkS)zs Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. )rOKTOO_NEWselfrJ/tmp/pip-unpacked-wheel-rwcmptg8/pyhanko_certvalidator/revinfo/archival.py usable_ades=sz"RevinfoUsabilityRating.usable_adesN) __name__ __module__ __qualname____doc__enumautorSTALErUNCLEARpropertyboolr!rrrr rsT)frozenc@s*eZdZUdZeed<dZeeed<dS)rz` Usability rating and cutoff date for a particular piece of revocation information. ZratingNlast_usable_at) r"r#r$r%r__annotations__r-rrrrrr rJs c@s:eZdZdZeeedddZee e j dddZ dS) rz< A container for a piece of revocation information. policy timing_paramsrcCstdS)af Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. NNotImplementedError)rr0r1rrr usable_atbszRevinfoContainer.usable_atrcCstdS)z Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. Nr2rrrr revinfo_sig_mechanism_usedrsz+RevinfoContainer.revinfo_sig_mechanism_usedN) r"r#r$r%rrrr4r*rr SignedDigestAlgorithmr5rrrr r]s  RevInfoType)bound)lstrcCstddd}t||ddS)aV Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. ) containercSs|j}|dk |fSN) issuance_date)r:dtrrr _keysz!sort_freshest_first.._keyT)keyreverse)rsorted)r9r>rrr rs  cCs>|j}|dkr&|dk r&||kr&||}|dk r:t||}|Sr;)Z freshnessabs)r0 this_update next_updatetime_tolerancefreshness_deltarrr _freshness_deltas rG)rCrDr0r1rc CsX|dkrttjS|j|kr8|jr.|jtjkr8ttjS|j}|j }|jtj krt ||||}|dkrpttjS|j }|||krttj ||dSn|jtjkrt ||||}|dkrttjS|||krttj ||dSnl|jtjkrJ|dkrttjS|j}|s(|||kr(ttjS|||krNttj ||dSntttjS)N)r-)rrr)validation_timeZretroactive_revinfoZfreshness_req_typerDEFAULTrrEZTIME_AFTER_SIGNATURErGZbest_signature_timer(ZMAX_DIFF_REVOCATION_VALIDATIONr3r) rCrDr0r1rHrErFZsignature_poe_timeZ retroactiverrr _judge_revinfosn           rJrcCs:|dj}|dkrdS|d}|djdkr0dS|djS)NZresponse_statusZ successfulresponse_bytesZ response_typebasic_ocsp_responseresponse)nativeparsed) ocsp_responsestatusrKrrr _extract_basic_ocsp_responses rRc@seZdZUdZejed<dZeed<e eje ddddZ e e edd d Zeeed d d Ze ejdddZe ejdddZe e ejdddZdS)rz) Container for an OCSP response. ocsp_response_datarindex)rPrcs:t}|dkrgS|d}fddtt|dDS)a Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. Ntbs_response_datacsg|]}t|dqS))rSrT)r).0ixrPrr 0sz,OCSPContainer.load_multi.. responses)rRrangelen)clsrPrL tbs_responserrXr load_multis zOCSPContainer.load_multircCs|}|dkrdS|djS)NrC)extract_single_responserN)r cert_responserrr r<5szOCSPContainer.issuance_dater/cCs>|}|dkrttjS|dj}|dj}t||||dS)NrCrDr0r1)r`rrr)rNrJ)rr0r1rarCrDrrr r4=s   zOCSPContainer.usable_atcCs t|jS)z Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). )rRrSrrrr extract_basic_ocsp_responseNsz)OCSPContainer.extract_basic_ocsp_responsecCs@|}|dkrdS|d}t|d|jkr2dS|d|jS)z^ Extract the unique ``SingleResponse`` value identified by the index. NrUrZ)rcr\rT)rrLr^rrr r`Vsz%OCSPContainer.extract_single_responsecCs|}|dkrdS|dSNZsignature_algorithm)rc)rZ basic_resprrr r5esz(OCSPContainer.revinfo_sig_mechanism_usedN)r"r#r$r%r OCSPResponser.rTint classmethodrr_r*rrr<rrrr4BasicOCSPResponsercZSingleResponser`r r6r5rrrr r s$    c@sXeZdZUdZejed<eee dddZ e e e dddZe ejdd d Zd S) rz< Container for a certificate revocation list (CRL). crl_datar/cCs.|jd}|dj}|dj}t||||dS)N tbs_cert_listrCrDrb)rirNrJ)rr0r1rjrCrDrrr r4xs   zCRLContainer.usable_atrcCs|jd}|djS)NrjrC)rirN)rrjrrr r<s zCRLContainer.issuance_datecCs |jdSrd)rirrrr r5sz'CRLContainer.revinfo_sig_mechanism_usedN)r"r#r$r%r CertificateListr.rrrr4r*rrr<r r6r5rrrr rms   )crlsrcCsdg}|D]V}t|tr"tj|}t|tjr6t|}t|trL||qtdt|q|S)z Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. zScrls must be a list of byte strings or asn1crypto.crl.CertificateList objects, not ) isinstancebytesr rkloadrappend TypeErrorr )rlZnew_crlsZcrl_rrr rs       )ocspsrcCsrg}|D]d}t|tr"tj|}t|tjrDt|}||qt|trZ||qt dt |q|S)z Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. zRocsps must be a list of byte strings or asn1crypto.ocsp.OCSPResponse objects, not ) rmrnr rerorr_extendrprqr )rrZ new_ocspsZocsp_Zextrrrr rs         ),abcr&Z dataclassesrrtypingrrrrrZ asn1cryptor r r Zpyhanko_certvalidator._typesr Zpyhanko_certvalidator.ltv.typesr rZ!pyhanko_certvalidator.policy_declrr__all__EnumrrABCrr7rrGrJrhrRrrrnrkZLegacyCompatCRLreZLegacyCompatOCSPrrrrrr sX    +   V c