U c@sddlmZmZmZmZmZddlmZmZm Z ddl m Z ddl m Z ddlmZddlmZmZddlmZddlmZmZmZGd d d Zd S) )DictIterableListOptionalSet)crlocspx509) Authority)OCSPFetchError)Fetchers) POEManagerdigest_for_poe)CertificateRegistry) CRLContainer OCSPContainersort_freshest_firstc@s&eZdZdZd$eeeeeee e dddZ e edddZ e edd d Ze edd d Ze eejdd dZe eejdddZe eejdddZedddZddZe ejdddZeedddZeeedddZ e!e"dd d!Z#e!e"dd"d#Z$dS)%RevinfoManagera .. versionadded:: 0.20.0 Class to manage and potentially fetch revocation information. :param certificate_registry: The associated certificate registry. :param poe_manager: The proof-of-existence (POE) data manager. :param crls: CRL data. :param ocsps: OCSP response data. :param fetchers: Fetchers for collecting revocation information. If ``None``, no fetching will be performed. N)certificate_registry poe_managercrlsocspsfetcherscCsb||_||_i|_i|_g|_|r,t||_g|_|rXt||_}|D]}||qH||_dSN) _certificate_registry _poe_manager_revocation_certs_crl_issuer_map_crlsr_ocsps_extract_ocsp_certs _fetchers)selfrrrrr ocsp_responser$I/tmp/pip-unpacked-wheel-rwcmptg8/pyhanko_certvalidator/revinfo/manager.py__init__$s  zRevinfoManager.__init__)returncCs|jS)z< The proof-of-existence (POE) data manager. )rr"r$r$r%r>szRevinfoManager.poe_managercCs|jS)z6 The associated certificate registry. )rr(r$r$r%rEsz#RevinfoManager.certificate_registrycCs |jdk S)zA Boolean indicating whether fetching is allowed. N)r!r(r$r$r%fetching_allowedLszRevinfoManager.fetching_allowedcCs.dd|jD}|js|St|jj|S)zK A list of all cached :class:`crl.CertificateList` objects cSsg|] }|jqSr$)crl_data.0Zcontr$r$r% Ysz'RevinfoManager.crls..)rr!list crl_fetcherZ fetched_crls)r"Zraw_crlsr$r$r%rSszRevinfoManager.crlscCs.dd|jD}|js|St|jj|S)zI A list of all cached :class:`ocsp.OCSPResponse` objects cSsg|] }|jqSr$)ocsp_response_datar+r$r$r%r-dsz(RevinfoManager.ocsps..)rr!r. ocsp_fetcherZfetched_responses)r"Z raw_ocspsr$r$r%r^szRevinfoManager.ocspscCst|jS)z A list of newly-fetched :class:`x509.Certificate` objects that were obtained from OCSP responses and CRLs )r.rvaluesr(r$r$r%new_revocation_certsjsz#RevinfoManager.new_revocation_certs)r#cCsh|j}||j}|j}|j}|}|dk rd|drd|dD]&}||r<|||j<|j||dq.)r!rr/Zfetched_crls_for_certKeyErrorfetch)r"r;rrZcontsr$r$r%async_retrieve_crlss z"RevinfoManager.async_retrieve_crls) authorityr'c s|js |jS|j}dd|j|D}|s|j||IdH}t|}|D]0}z||WqNtk r|t dYqNXqN||jS)a  .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :param authority: The issuing authority for the certificate :return: A list of :class:`OCSPContainer` objects cSsg|] }t|qSr$)r)r,respr$r$r%r-sz7RevinfoManager.async_retrieve_ocsps..Nz9Failed to extract certificates from fetched OCSP response) r!rr1Zfetched_responses_for_certr@rZ load_multir ValueErrorr )r"r;rBrrr0rCr$r$r%async_retrieve_ocspss(    z#RevinfoManager.async_retrieve_ocspshashes_to_evictcs(tdfdd }tt||j|_dS)z Internal API to eliminate local OCSP records from consideration. :param hashes_to_evict: A collection of OCSP response hashes; see :func:`.digest_for_poe`.  containercst|j}|kSr)rr0dumprIdigestrFr$r%psz%RevinfoManager.evict_ocsps..pN)rr.filterrr"rGrMr$rFr% evict_ocspsszRevinfoManager.evict_ocspscs(tdfdd }tt||j|_dS)z Internal API to eliminate local CRLs from consideration. :param hashes_to_evict: A collection of CRL hashes; see :func:`.digest_for_poe`. rHcst|j}|kSr)rr*rJrKrFr$r%rMsz$RevinfoManager.evict_crls..pN)rr.rNrrOr$rFr% evict_crlsszRevinfoManager.evict_crls)N)%__name__ __module__ __qualname____doc__rr rrrrr r&propertyrrboolr)rrZCertificateListrrZ OCSPResponserr Z Certificater3r r<r>rAr rErbytesrPrQr$r$r$r%rs<    ,rN)typingrrrrrZ asn1cryptorrr Zpyhanko_certvalidator.authorityr Zpyhanko_certvalidator.errorsr Zpyhanko_certvalidator.fetchersr Zpyhanko_certvalidator.ltv.poer rZpyhanko_certvalidator.registryrZ&pyhanko_certvalidator.revinfo.archivalrrrrr$r$r$r%s