o Fzc @sddlZddlmZddlmZmZmZmZddlm Z ddl m Z m Z ddl mZddlmZz ddlmZmZWneyPZz dZZWYdZ[ndZ[wwdd lmZed ZGd d d ZdS) N)Path)x509pemcrlocsp)IncrementalPdfFileWriter)signers timestamps)SigSeedSubFilter)ValidationContext)open_pkcs11_session PKCS11Signer)getFileZ xhtml2pdfc@seZdZeddZeddZeddZeddZed d Zed d Z ed dZ eddZ eddZ eddZ eddZeddZeddZeddZeddZdS) PDFSignaturecCs*d|vr|d}t|tr|}|SdS)N passphrase) isinstancestrencode)configrr/xhtml2pdf/builders/signs.pyget_passphrases  zPDFSignature.get_passphrasecCsg}d|vr>|d}t|ts|g}|D])}t|ts t|tr8t|}t|\}}}|t j |q||q|sBdS|S)Nca_chain) rlistrrrrZunarmorgetDataappendrZ Certificateload)rkeyZchainschaincpisafile_Zdigicert_ca_bytesrrr get_chainss  zPDFSignature.get_chainscCsVt|}d|vr%d|vr'|r)t|d}tjj|d|d||d}|SdSdSdS)NrZcertr)Zca_chain_filesZkey_passphrase)rrr"r SimpleSignerr)rrrsignerrrrtest_simple_signer/s    zPDFSignature.test_simple_signercCs6t|}d|vr|rtjj|d|d}|SdSdS)Npfx_file)r&r)rrrr#Z load_pkcs12)rrr$rrrtest_pkcs12_signer;s  zPDFSignature.test_pkcs12_signercCsxt|}t|dddddddddddd }|D]}||vr2|dkr,t|d}|||<q||||<qtdi|}|S)NFTr) Zpkcs11_sessionZ cert_labelZ signing_certrZ key_labelZ prefer_pssZ embed_rootsZother_certs_to_pullZ bulk_fetchZkey_idZcert_idZuse_raw_mechanismr)r get_sessiondictr"r )rsessionkeysrrr$rrrtest_pkcs11_signerDs(     zPDFSignature.test_pkcs11_signercCs d|vrtj|dd}|SdS)NZtsa)url)r ZHTTPTimeStamper)rZ tst_clientrrrget_timestamps\szPDFSignature.get_timestampscCsld|vrdSd}|d}|dkrt|}|S|dkr+tdur$tdtt|}|S|dkr4t|}|S)NengineZpkcs12Zpkcs11zpyhanko.sign.pkcs11 requires pyHanko to be installed with the [pkcs11] option. You can install missing dependencies by running "pip install 'pyHanko[pkcs11]'".simple)rr'r ImportErrorer,r%)rr$r/rrr get_signersbs$    zPDFSignature.get_signerscCs(|ddkr t|||St|||S)NtypeZlta)rlta_sign simple_sign) inputfileoutputrrrrsignxs zPDFSignature.signcCsTg}|D]#}t|tst|tr"t|}tj|}||q||q|SN) rrrrrZCertificateListrrr)crlsZ list_crlsxr Z cert_listrrr parse_crlss  zPDFSignature.parse_crlscCs4g}|D]}t|}tj|}||q|Sr:)rrZ OCSPResponserrr)ZoscpsZ list_oscpr<r datarrr parse_oscps  zPDFSignature.parse_oscpcCstdd}d|vrfd|dvrt|dd|dd<d|dvr/t|dd|dd<d|dvr?t|d|dd<d|dvrOt|d|dd<d|dvr_t|d|dd<||dtd i|S) NT)Zallow_fetchingvalidation_contextr;ZocspsZ trust_rootsZextra_trust_rootsZ other_certsr)r)rr=r?r"updater )rcontextrrrget_validation_contexts      z#PDFSignature.get_validation_contextcCs@tddddddddtjdt|d }d|vr||d|S)N Signature1Zsha256FT) field_nameZ md_algorithmlocationreasonnameZcertifyZembed_validation_infoZ use_pades_ltaZ subfilterZtimestamp_field_namer@meta)r)r ZPADESrrCrA)rrIrrrget_signature_metaszPDFSignature.get_signature_metacCsDt|}|r t|}t|}tj|tjdd|||ddSdS)NrD)rE)r$r8 timestamperT)rr3IncrementalPdfWriterr.rsign_pdfPdfSignatureMetadata)r7r8rr$wrKrrrr6s   zPDFSignature.simple_signcCs^t|}t|}t|}t|}tjdi|}|r+|r-tj|||||ddSdSdS)N)signature_metar$rKr8Tr)rr3r.rLrJrrNrM)r7r8rr$rKrOrIrPrrrr5s    zPDFSignature.lta_signcCsp|dd}|dd}|dd}|dd}|dur2|dur4|dus(|dur6t||||d}|SdSdSdS)N lib_locationslot_no token_labeluser_pin)rRrSrT)getr )rrQrRrSrTr*rrrr(s    zPDFSignature.get_sessionN)__name__ __module__ __qualname__ staticmethodrr"r%r'r,r.r3r9r=r?rCrJr6r5r(rrrrrs>               r)loggingpathlibrZ asn1cryptorrrrZ$pyhanko.pdf_utils.incremental_writerrZ pyhanko.signrr Zpyhanko.sign.fieldsr Zpyhanko_certvalidatorr Zpyhanko.sign.pkcs11r r r1r2Zxhtml2pdf.filesr getLoggerlogrrrrrs