WwghdZddlZddlmZddlmZmZmZddlm Z m Z m Z m Z m Z ddlmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZmZddlm Z ddl!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'ddl(m)Z)ddl*m+Z+ddl,m-Z-m.Z.gdZ/ej`e1Z2Gdde"Z3GddZ4GddeZ5GddeZ6GddZ7ddd d!d"d#d$d%Z8e8jsDcic]\}}|| c}}Z:dVd&ejvfd'Z<ed()Gd*d+Z=eGd,d-eZ>eGd.d/eZ?eGd0d1e"Z@eGd2d3eZAed()Gd4d5ZBGd6d7eZCed()Gd8d9ZDed()Gd:d;ZEed()Gd<d=ZFed()Gd>d?ZG dWd@e+fdAZHdXd@e+dBeIfdCZJ dVdDe+fdEZKdFejdGejfdHZMdIejdGe eNeNffdJZO dYdKe)dLe eIdMe ePfdNZQ dZdOZRdPe+dQeGfdRZSdPe+dFejdQeGfdSZTGdTdUejZUycc}}w)[zQ Utilities to deal with signature form fields and their properties in PDF files. N) dataclass)EnumFlagunique)ListOptionalSetTupleUnion)x509)KeyUsage)AuthorityWithCert)InvalidCertificateError)ValidationPath)generic) RawContent)pdf_name pdf_string)BoxConstraints) OrderedEnumPdfError PdfReadError PdfWriteError get_and_applyrd) PdfHandler)BasePdfFileWriter) SigningErrorUnacceptableSignerError) SigFieldSpecSigSeedValFlagsSigCertConstraintsSigSeedValueSpecSigCertConstraintFlagsSigSeedSubFilterSeedValueDictVersionSeedLockDocumentSigCertKeyUsageMDPPermFieldMDPAction FieldMDPSpecSignatureFormFieldInvisSigSettingsVisibleSigSettingsenumerate_sig_fieldsappend_signature_fieldensure_sig_flagsprepare_sig_fieldapply_sig_field_spec_propertiesannot_width_heightget_sig_field_annotc eZdZdZdZ dZ dZy)r)zL Indicates a ``/DocMDP`` level. Cf. Table 254 in ISO 32000-1. N)__name__ __module__ __qualname____doc__ NO_CHANGES FILL_FORMSANNOTATEJ/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko/sign/fields.pyr)r)@s+ JJHrBr)c6eZdZdZddeefdZdZdefdZ y) SeedSignatureTypea+ Signature type indicator to be embedded into the seed value dictionary attached to a signature field. :param mdp_perm: If not ``None``, indicates that the signature field is intended for a certification signature. The :class:`MDPPerm` value passed as the ``mdp_perm`` parameter indicates the modification policy that the certification signature should use. A value of ``None`` indicates that the signature field is intended for an approval signature (i.e. a non-certification signature). Nmdp_permc||_yNrF)selfrFs rC__init__zSeedSignatureType.__init__ms   rBcXt|txr|j|jk(SrH) isinstancerErFrJothers rC__eq__zSeedSignatureType.__eq__ps' u/ 0 0$--/ rBreturnc|jduSrHrIrJs rCcertification_signaturez)SeedSignatureType.certification_signaturevs}}D((rBrH) r:r;r<r=rr)rKrPboolrTrArBrCrErE^s) !'!2! ))rBrEcDeZdZdZdZ dZ dZ dZ dZ dZ dZ d Z d Z y ) r!a Flags for the ``/Ff`` entry in the seed value dictionary for a signature field. These mark which of the constraints are to be strictly enforced, as opposed to optional ones. .. warning:: The flags :attr:`LEGAL_ATTESTATION` and :attr:`APPEARANCE_FILTER` are processed in accordance with the specification when creating a signature, but support is nevertheless limited. * PyHanko does not support legal attestations at all, so given that the :attr:`LEGAL_ATTESTATION` requirement flag only restricts the legal attestations that can be used by the signer, pyHanko can safely ignore it when signing. On the other hand, since the validator is not aware of legal attestations either, it cannot validate signatures that make :attr:`~.SigSeedValueSpec.legal_attestations` a mandatory constraint. * Since pyHanko does not define any named appearances, setting the :attr:`APPEARANCE_FILTER` flag and the :attr:`~.SigSeedValueSpec.appearance` entry in the seed value dictionary will make pyHanko refuse to sign the document. When validating, the situation is different: since pyHanko has no way of knowing whether the signer used the named appearance imposed by the seed value dictionary, it will simply emit a warning and continue validating the signature. r7r8 @N) r:r;r<r=FILTER SUBFILTERVREASONSLEGAL_ATTESTATION ADD_REV_INFO DIGEST_METHOD LOCK_DOCUMENTAPPEARANCE_FILTERrArBrCr!r!zsu<F I AGLMMrBr!cDeZdZdZdZ dZ dZ dZ dZ dZ dZ eezZ y ) r$a^ Flags for the ``/Ff`` entry in the certificate seed value dictionary for a dictionary field. These mark which of the constraints are to be strictly enforced, as opposed to optional ones. .. warning:: While this enum records values for all flags, not all corresponding constraint types have been implemented yet. r7r8rWrXrYrZr[N) r:r;r<r=SUBJECTISSUEROID SUBJECT_DNRESERVED KEY_USAGEURL UNSUPPORTEDrArBrCr$r$skGF CJHI CS.KrBr$ceZdZdZ d deedeefdZdZedZ e d dee e dee e fdZ d e e fd Z d e e fd Zd Zy)r(u Encodes the key usage bits that must (resp. must not) be active on the signer's certificate. .. note:: See § 4.2.1.3 in :rfc:`5280` and :class:`.KeyUsage` for more information on key usage extensions. .. note:: The human-readable names of the key usage extensions are recorded in ``camelCase`` in :rfc:`5280`, but this class uses the naming convention of :class:`.KeyUsage` in ``asn1crypto``. The conversion is done by replacing ``camelCase`` with ``snake_case``. For example, ``nonRepudiation`` becomes ``non_repudiation``, and ``digitalSignature`` turns into ``digital_signature``. .. note:: This class is intended to closely replicate the definition of the KeyUsage entry Table 235 in ISO 32000-1. In particular, it does *not* provide a mechanism to deal with extended key usage extensions (cf. § 4.2.1.12 in :rfc:`5280`). :param must_have: The :class:`.KeyUsage` object encoding the key usage extensions that must be present on the signer's certificate. :param forbidden: The :class:`.KeyUsage` object encoding the key usage extensions that must *not* be present on the signer's certificate. N must_have forbiddenc||ntt|_|||_ytt|_yrH)r setrqrr)rJrqrrs rCrKzSigCertKeyUsage.__init__s0 '0&;#%&/&;#%rBcddtffd djfdtdDS)z Encode the key usage requirements in the format specified in the PDF specification. :return: A string. bitcFj|ryj|ryy)N10Xrqrr)rvrJs rCfmt_bitz4SigCertKeyUsage.encode_to_sv_string..fmt_bit0s$~~c"$rBc3.K|] }|ywrHrA).0rvr|s rC z6SigCertKeyUsage.encode_to_sv_string..8s8ws|8s )intjoinrange)rJr|s`@rCencode_to_sv_stringz#SigCertKeyUsage.encode_to_sv_string's*  ww8uQx888rBcnddfd}tt|dt|dS)a Parse a PDF KeyUsage string into an instance of :class:`.SigCertKeyUsage`. See Table 235 in ISO 32000-1. :param ku_str: A PDF KeyUsage string. :return: An instance of :class:`.SigCertKeyUsage`. Nrc.tfdDS)Nc30K|] }|k(rdndyw)r7rNrA)rvalwith_vals rCrzISigCertKeyUsage.read_from_sv_string.._as_tuple..HsGcXo14Gs)tuple)rku_strs`rC _as_tuplez6SigCertKeyUsage.read_from_sv_string.._as_tupleGsGGG GrBrxryr{)r(r )clsrrs ` rCread_from_sv_stringz#SigCertKeyUsage.read_from_sv_string:s= Hy~.y~.  rBctt| tn|t|tS|S)a Initialise a :class:`.SigCertKeyUsage` object from two sets. :param must_have: The key usage extensions that must be present on the signer's certificate. :param forbidden: The key usage extensions that must *not* be present on the signer's certificate. :return: A :class:`.SigCertKeyUsage` object encoding these. r{)r(r rt)rrqrrs rC from_setszSigCertKeyUsage.from_setsOsA$ (9suyI (9suI  ?HI  rBrQc.|jjS)zr Return the set of key usage extensions that must be present on the signer's certificate. )rqnativerSs rC must_have_setzSigCertKeyUsage.must_have_setf ~~$$$rBc.|jjS)zv Return the set of key usage extensions that must not be present on the signer's certificate. )rrrrSs rC forbidden_setzSigCertKeyUsage.forbidden_setmrrBct|txrD|j|jk(xr!|j|jk(SrH)rMr(rrrNs rCrPzSigCertKeyUsage.__eq__tsO uo . >""$(;(;(== >""$(;(;(== rBNN)r:r;r<r=rr rKr classmethodrr strrrrrPrArBrCr(r(s@)-(,QH%QH%Q9&  ()-(, CH% CH%  ,%s3x%%s3x% rBr(CN SerialNumberCLSTOOU)z2.5.4.3z2.5.4.5z2.5.4.6z2.5.4.7z2.5.4.8z2.5.4.10z2.5.4.11namec#K|j}|D]G}|D]@}|d}|d}|j}|rtj||}||jfBIyw)Ntypevalue)chosendottedname_type_abbrevsgetr)rabbreviate_oidsrdnsrdntype_and_valueoidrkeys rCx509_name_keyval_pairsrsp![[D $! $N!/!7C#7+E**C'++C5u||# # $ $sAAT)frozencZeZdZUdZedZeed< dZee e jed< dZ ee jed< dZee e jed< dZeeed< ed Zej(ed < dZee eed < ed Zd Zde jdeefdZy)r"z This part of the seed value dictionary allows the document author to set constraints on the signer's certificate. See Table 235 in ISO 32000-1. rflagsNsubjects subject_dnissuersinfo_urlz/Browserurl_type key_usagec t|tjr|j} |ddk7r t d t |jdd}|jddDcgc]+}tjj|j-}}|jddDcgc]+}tjj|j-}}d }tjj|jd dD cic]#}|jD]\}} ||| %c} }}} d } t|d | } |jd } |jd}||xsd| xsd|xsd| | d}| |||d<|di|S#t $rYnwxYwcc}wcc}wcc} }}w)z Read a PDF dictionary into a :class:`.SigCertConstraints` object. :param pdf_dict: A :class:`~.generic.DictionaryObject`. :return: A :class:`.SigCertConstraints` object. /Type/SVCertz!Object /Type entry is not /SVCert/Ffr/SubjectrA/IssuercT|dd}tj|j|S)Nr7)name_type_abbrevs_revrupper)attrs rC format_attrz7SigCertConstraints.from_pdf_object..format_attrs(8D),,TZZ\4@ @rB /SubjectDNcR|Dcgc]}tj|c}Scc}wrH)r(r)rkus rCparse_key_usagez;SigCertConstraints.from_pdf_object..parse_key_usages!FIJO77;J JJs$ /KeyUsage/URL/URLTypeN)rrrrrrr)rMrIndirectObject get_objectrKeyErrorr$rr Certificateloadoriginal_bytesNamebuilditemsr)rpdf_dictrcertrrrdn_dirrr subject_dnsrrurlrkwargss rCfrom_pdf_objectz"SigCertConstraints.from_pdf_objects h 6 6 7**,H  I-"#FGG.'x||E1'=>! Z4     ! !$"5"5 6  ! Y3     ! !$"5"5 6   Aiioo'll<<  #)<<>  D%D!5( !   K"(KI ll6"<< + (D%-$"   ?x3!)F: }V}Y      s#F"/0F250F7(F< " F/.F/c tjtdtdtdtj|jj i}|j 2tjd|j D|td<|jrstjtjt|jdDcic]\}}td|zt|c}}g|td <|j2tjd |jD|td <|j9t|j|td <|j|td <|j2tjd|jD|td<|Scc}}w)z Render this :class:`.SigCertConstraints` object to a PDF dictionary. :return: A :class:`~.generic.DictionaryObject`. rrrc3bK|]'}tj|j)ywrHrByteStringObjectdumprrs rCrz3SigCertConstraints.as_pdf_object..s&?:>((5?-/rT)r/rc3bK|]'}tj|j)ywrHrrs rCrz3SigCertConstraints.as_pdf_object..2s&>:>((5>rrrrc3NK|]}t|jywrH)rr)rrs rCrz3SigCertConstraints.as_pdf_object..:s%@9; 21134@s#%r)rDictionaryObjectr NumberObjectrrr ArrayObjectrrrrrrr)rJresultrrs rC as_pdf_objectz SigCertConstraints.as_pdf_objects))!8I#6!5!5djj6F6F!G   == $+2+>+>?BF--?,F8J' ( ??.5-@-@,,/E $/ *U%S3Y/E1BB  .F8L) * << #*1*=*=>BF,,>+F8I& ' == $'1$--'@F8F# $+/==F8J' ( >> %,3,?,?@?C~~@-F8K( ) -s"Gsignervalidation_pathc` |j}|tjzr td|tjzr8|j ,d|j D}|j |vr td|tjzr|jz| td|jDchc](}t|tr|jj *}}|jD]}|j |vsn td|tjzr~|jrrt!t#|j}t!t#|j$ t' fd|Ds"td|jj(z|tj*zrg|j,Zd d lm} |j,D]:} | | j3| j5d j7|ytd yycc}w#t8$rYZwxYw)a Evaluate whether a signing certificate satisfies the required constraints of this :class:`.SigCertConstraints` object. :param signer: The candidate signer's certificate. :param validation_path: Validation path of the signer's certificate. :raises UnacceptableSignerError: Raised if the conditions are not met. zRCertificate constraint flags include mandatory constraints that are not supported.Nc34K|]}|jywrH) issuer_serial)rss rCrz2SigCertConstraints.satisfied_by..]sAa!//Az+Signer certificate not on SVCert whitelist.zValidation path not provided.z.sIt|+IszASubject does not have some of the following required attributes: r7)KeyUsageConstraintsT)rkey_usage_forbiddenmatch_all_key_usageszeThe signer satisfies none of the key usage extension profiles specified in the seed value dictionary.)rr$roNotImplementedErrorrhrrrririter_authoritiesrMr certificaterkrlistrsubjectallhuman_friendlyrmrvalidation.settingsrrrvalidater) rJrrr acceptable authoritypath_iss_serialsissuerrequirement_listrrrs @rC satisfied_byzSigCertConstraints.satisfied_by@s7$  )55 5%*  *22 2mm'B4==AJ##:5-A *11 1t||7O&-.MNN"1!A!A!C i):;%%33    ,, ''+;;  . *55 54?? $$:4??$KL  6v~~ FGLI8HII-#%)__%C%CD *44 4nn( @nn  '"$"2"2"4,.,<,<,>-1  hv& .Q) 5? X/s5-H6H!! H-,H-)r:r;r<r=r$r__annotations__rrrr rrrrrrrrr NameObjectrr(rrrrrrArBrCr"r"s%;1$=E !=26HhtD,,-.5'+J#* 15GXd4++, -4 #Hhsm"$,J#7Hg  7 26Ix_-.5;;z.`\  \".1\rBr"c@eZdZdZedZedZedZy)r%z= Enum declaring all supported ``/SubFilter`` values. z/adbe.pkcs7.detachedz/ETSI.CAdES.detachedz /ETSI.RFC3161N)r:r;r<r=rADOBE_PKCS7_DETACHEDPADES ETSI_RFC3161rArBrCr%r%s*$$:; + ,EO,LrBr%c@eZdZdZedZedZedZy) SigAuthTypezA Enum declaring all supported ``/Prop_AuthType`` values. PINPassword FingerprintN)r:r;r<r=rrPASSWORD FINGERPRINTrArBrCrrs' U C*%H]+KrBrc eZdZdZdZ dZ dZy)r&zU Specify the minimal compliance level for a seed value dictionary processor. r7r8r9N)r:r;r<r=PDF_1_5PDF_1_7PDF_2_0rArBrCr&r&s+GGGrBr&cDeZdZdZedZ edZ edZy)r'z Provides a recommendation to the signer as to whether the document should be locked after signing. The corresponding flag in :attr:`.SigSeedValueSpec.flags` determines whether this constraint is a required constraint. z/truez/falsez/autoN)r:r;r<r=rLOCK DO_NOT_LOCKSIGNER_DISCRETIONrArBrCr'r's; G D8$K!)rBr'cjeZdZUdZedZeed< dZee e ed< dZ ee ed< dZ e ed< dZeeed < dZee eed < dZee e ed < dZee ed < dZeeed < dZeeedfed< dZee e ed< dZeeed< dZee ed< dZedZ dZ!y)r#z? Python representation of a PDF seed value dictionary. rrNreasonstimestamp_server_urlFtimestamp_requiredr subfiltersdigest_methods add_rev_infoseed_signature_typesv_dict_versionlegal_attestations lock_document appearancectj}tjt dt dt dtj |j ji}|j2tjd|jD|t d<|j;tj}tj|j|t d<|jItj}tjtt|j|t d<|j 2tjd|j D|t d <|j"{tj}tjt d t|j"t dtj |j$rd nd i|t d <|j&&|j&j)|t d<|j*c|j*j,}tjt dtj | |jnd i|t d<|j.2tjd|j.D|t d<|j02tj2}|j0j|t d<|j4!t|j4|t d<|j6}|?tj t9|tr |jn||t d<|Stj |j|t d<|S)z Render this :class:`.SigSeedValueSpec` object to a PDF dictionary. :return: A :class:`~.generic.DictionaryObject`. r/SVrc34K|]}|jywrH)r)rsfs rCrz1SigSeedValueSpec.as_pdf_object..rsAAr /SubFilter /AddRevInfo /DigestMethodc32K|]}t|ywrHr)rreasons rCrz1SigSeedValueSpec.as_pdf_object..s?'- 6"?/Reasonsrr7r /TimeStamp/Cert/P/MDPc32K|]}t|ywrHr0)ratts rCrz1SigSeedValueSpec.as_pdf_object..sH$' 3Hr2/LegalAttestation /LockDocument/AppearanceFilter/V)r&rrrrrrrr rr"r BooleanObjectr!maprrrrrrr#rFr%r&rr'r$rM)rJ min_versionrrFspecified_versions rCrzSigSeedValueSpec.as_pdf_objectbs:+22 ))!8E?!5!5djj6F6F!G   ?? &-4-@-@A#'??A.F8L) *    (.66K.5.C.C!!/F8M* +    *.66K070C0CJ 3 341F8O, - << #+2+>+>?15?,F8J' (  $ $ 0.66K-4-E-EV$j1J1J&KUOW%9%9!44!&.F8L) * 99 (, (?(?(AF8G$ %  # # ///88H'.'?'?TNG$8$8*2*>A%(F8F# $  " " .4;4G4GH+/+B+BH5F8/0 1    ).66K040B0B0H0HF8O, - ?? &4>t4OF8/0 1 00  (%,%9%9/1EF"''&&F8D> " &-%9%9+:K:K%LF8D> " rBct|tjr|j} |ddk7r t d t |jdd} |d}|t jzr|dk7rtd|z |d }tjj}|t jzr||kDrtd |zt|} t|d }|jd d d }fd}t|} |dD cgc]} | j!} } t#|dt} t#|dt} d} t#|d| }d}t#|d|}|jdd }|jdi}|jdd }t|jdd}|jdd }|t$j'|}||| |||| ||| |||| S#t $rYwxYw#t $rYwxYw#t $rd }YZwxYw#t $rd }Y]wxYwcc} w#t $rd } Y(wxYw)z Read from a seed value dictionary. :param pdf_dict: A :class:`~.generic.DictionaryObject`. :return: A :class:`.SigSeedValueSpec` object. rr)zObject /Type entry is not /SVrrz/Filterz/Adobe.PPKLitezVSignature handler '%s' is not available, only the default /Adobe.PPKLite is supported.r=z/Seed value dictionary version %s not supported.Nr-r,c3VKD]} t|y#t$rYwxYwwrH)r% ValueError)rsubfilter_reqss rC _subfiltersz5SigSeedValueSpec.from_pdf_object.._subfilterss9'A.q11&s) ) &)&)r.r3r:c |d}t|dk(rdSt|S#tttf$rt d|dwxYw)Nr6rz /MDP entry z5 in seed value dictionary is not correctly formatted.)rEr)r TypeErrorrDr)mdprs rC read_mdp_dictz7SigSeedValueSpec.from_pdf_object..read_mdp_dictsa $i(LLws|LLi4 "!#'++ s &&$A r7cR t|S#t$rtd|dwxYw)Nz/LockDocument entry 'z ' is invalid.)r'rDr)rs rCread_lock_documentz.read_lock_documents9 O',, O"%:3%}#MNN Os &r;r<r4rr5) rrrrr r!r"rr%r#r$r&r')rMrrrrrr!rr^rr&rrr`rUrlowerrr"r)rrr sig_filterr@ supportedr"r rFrr!rr%rJsignature_typerLr&appearance_filtertimestamp_dictrrcert_constraintsrEs @rCrz SigSeedValueSpec.from_pdf_objects h 6 6 7**,H  E)"#BCC*   UA 67 !),J.....";=GH "4.K,44::I((([9-D"E!"/{;K  78L"lD9  % km,J "19/1JKAaggiKNK *d;*85H$O 'xG O & o'9 %LL)?#<<6  '1AA   !5!!)%11 .''(  i       K   L "L "!N "slH+H AH%H7II 2I HH H"!H"% H43H47 II I IIcLddlm}|jr||jSy)z Return a timestamper object based on the :attr:`timestamp_server_url` attribute of this :class:`.SigSeedValueSpec` object. :return: A :class:`~.pyhanko.sign.timestamps.HTTPTimeStamper`. r)HTTPTimeStamperN)pyhanko.sign.timestampsrUr)rJrUs rCbuild_timestamperz"SigSeedValueSpec.build_timestamper s& <  $ $"4#<#<= = %rB)"r:r;r<r=r!rrrrrrrrrUrr"r r%r!r"r#rEr$r r&rr%r&r'r'rrrrWrArBrCr#r#sb-Q/E?/$(GXd3i '+/(3-. %$ *.D(% &-48J./07+/NHT#Y'.$(L(4.' 8<"34; ?COU/d:;B/3c+2&15M8,-4!%J $ IVp p d >rBr#cDeZdZdZedZ edZ edZy)r*z9 Marker for the scope of a ``/FieldMDP`` policy. z/Allz/Includez/ExcludeN)r:r;r<r=rALLINCLUDEEXCLUDErArBrCr*r*.s: 6 Cz"Gz"GrBr*ceZdZUdZeed< dZeee ed< de jfdZ de jfdZ de jfdZed d Zd e defd Zy) r+z``/FieldMDP`` policy description. This class models both field lock dictionaries and ``/FieldMDP`` transformation parameters. actionNfieldsrQctjtd|jji}|jt j k7r4tjtt|jxsd|d<|S)z Render this ``/FieldMDP`` policy description as a PDF dictionary. :return: A :class:`~.generic.DictionaryObject`. /ActionrA/Fields) rrrr]rr*rYrr?rr^rJrs rCrzFieldMDPSpec.as_pdf_objectWsp))#T[[%6%6   ;;.,, , ' 3 3J 1r2!F9  rBc^|j}td|d<td|d<|S)a" Render this ``/FieldMDP`` policy description as a PDF dictionary, ready for inclusion into the ``/TransformParams`` entry of a ``/FieldMDP`` dictionary associated with a signature object. :return: A :class:`~.generic.DictionaryObject`. z/TransformParamsrz/1.2r=rrrbs rCas_transform_paramsz FieldMDPSpec.as_transform_paramsis4##%"#56w't  rBcB|j}td|d<|S)z Render this ``/FieldMDP`` policy description as a PDF dictionary, ready for inclusion into the ``/Lock`` dictionary of a signature field. :return: A :class:`~.generic.DictionaryObject`. z /SigFieldLockrrdrbs rCas_sig_field_lockzFieldMDPSpec.as_sig_field_lockxs%##%"?3w rBc t|d}|tjk7r |d}nd}|||S#t$r tdwxYw#t$r tdwxYw)z Read a PDF dictionary into a :class:`.FieldMDPSpec` object. :param pdf_dict: A :class:`~.generic.DictionaryObject`. :return: A :class:`.FieldMDPSpec` object. r`z/Action is required.raz,/Fields is required when /Action is not /AllN)r]r^)r*rrrY)rrr]r^s rCrzFieldMDPSpec.from_pdf_objects 7#HY$78F ^'' ' !), F&00 756 6 7  "B s6AA A# field_namec|jtjk(ry|jtjk(}|jxsdD]}|j |s|cS| S)a  Adjudicate whether a field should be locked by the policy described by this :class:`.FieldMDPSpec` object. :param field_name: The name of a form field. :return: ``True`` if the field should be locked, ``False`` otherwise. TrA)r]r*rYrZr^ startswith)rJri lock_resultscoped_field_names rC is_lockedzFieldMDPSpec.is_lockedsg ;;.,, ,kk^%;%;; !%!2 # $$%67""  # rB)rQr+)r:r;r<r=r*rr^rrrrrrrergrrrUrnrArBrCr+r+Ds #'FHT#Y & w77$ W%=%=  7#;#; 112CDrBr+c@eZdZUdZdZeed< dZeed< dZeed<y)r-a Invisible signature widget generation settings. These settings exist because there is no real way of including an untagged invisible signature in a document that complies with the requirements of both PDF/A-2 (or -3) and PDF/UA-1. Compatibility with PDF/A (the default) requires the print flag to be set. Compatibility with PDF/UA requires the hidden flag to be set (which is banned in PDF/A) or the box to be outside the crop box. Tset_print_flagFset_hidden_flagbox_out_of_boundsN) r:r;r<r=rprUrrqrrrArBrCr-r-s;  ND"OT!$t#rBr-c@eZdZUdZdZeed< dZeed< dZeed<y)r.zh .. versionadded:: 0.14.0 Additional flags used when setting up visible signature widgets. Trotate_with_pagescale_with_page_zoomprint_signatureN) r:r;r<r=rtrUrrurvrArBrCr.r.s< "d!"&$%!OT rBr.c$eZdZUdZeed< dZeed< dZe e eeeefed< dZ e e ed< dZ e eed< dZe eed < d Zeed < d Zeed < eZeed< dZe eed< eZeed< de ej4fdZy)r z/Description of a signature field to be created.sig_field_nameron_pageNboxseed_value_dictfield_mdp_specdoc_mdp_update_valueTcombine_annotationFempty_field_appearanceinvis_sig_settingsreadable_field_namevisible_sig_settingsrQc|jy|jj}|j,tj|jj |d<|S)Nr6)r|rgr}rrrrbs rCformat_lock_dictionaryz#SigFieldSpec.format_lock_dictionaryZsX    &$$668  $ $ 0"//0I0I0O0OPF4L rB)r:r;r<r=rrryrrzrr r{r#r|r+r}r)r~rUrr-rrr.rrrrrArBrCr r s9GS 04C%S#s*+ ,337OX./6.2NH\*1/3(7+2  $# $)D( ,<+=(=*.#-0B/C,C1I1I(JrBr writerc$|d|dd}}|D]E}t|tjsJ|j} | j dd|k(sEnf||s|} ntj } t || d<||| d<|j| }|j||j|d}|s||fS | d} t|| ||||S#t$r/tjx} | d<|j| d}YHwxYw)Nrr7/Tz/ParentT/Kids) parent_refmodified field_obj) rMrrrrrr add_objectappendupdate_containerrr_insert_or_get_field_at) rr^pathrrrcurrent_partialtail field_reffieldkidss rCrresD!GT!"XTO )W%;%;<<<$$& 99T4 O 3    E,,.E 1d  !)E) %%e,  i ' ""W~ #      ' 3 3 55uW~&sC5DDlock_sig_flagsc|jd}|rB|jdd}tjd|d<|dk7r|j |yy|j t dtjdy)z Ensure the SigFlags setting is present in the AcroForm dictionary. :param writer: A PDF writer. :param lock_sig_flags: Whether to flag the document as append-only. /AcroFormz /SigFlagsNr9r7)rootrrrr setdefaultr)rrformorig_sig_flagss rCr1r1su ;;{ #D+t4#003[ Q   # #D )  -w/C/CA/FGrB update_writerc 2 |d} |d}t||t }d} t |\} } }| t d|z d} |d|fS|jd d } d | i} | jdi|t|fi| }t|||j!d | \}}|j#||| s|j%|d |fS#t$rtjx}|d<YwxYw#t$r|rt d|zYwxYw#t$rx|r t dtj}|j||td<tj}||td<|jd } d}YMwxYw)z Returns a tuple of a boolean and a reference to a signature field. The boolean is ``True`` if the field was created, and ``False`` otherwise. .. danger:: This function is internal API. rra) with_name refs_seenNz:Signature field with name %s appears to be filled already.z,No empty signature field with name %s found.Fz"This file does not contain a form.Trinclude_on_page.)rrrA)rrrenumerate_sig_fields_inrtnextr StopIterationrrr update_rootfind_page_for_modificationupdater,rsplitregister_widget_annotationr)rxrrexisting_fields_onlyrrr^ candidates sig_field_refrir form_createdpage_refsig_form_kwargs sig_fieldcreateds rCr2r2s&K  =)_F- n   /3J/? ,J} "P$%!  m##77:1=H((3OO$V$">E_EI4  ! !# & G] (( F &&v.  o ='.':':'< &>t&DXk "#$$&$*Xi !!!#   sWDCDC6D"C30D2C33D6DDDDA=FFrrQc |d\}|j}|S#ttf$r tdt$r|}Y|SwxYw)z Internal function to get the annotation of a signature field. :param sig_field: A signature field dictionary. :return: The dictionary of the corresponding annotation. rzFailed to access signature field's annotation. Signature field must have exactly one child annotation, or it must be combined with its annotation.)rrDrHrr)r sig_annots rCr5r5sf  ) ((*    "  :   s$AA annot_dictcv |d\}}}}t||z }t||z }||fS#t$rYywxYw)z Internal function to compute the width and height of an annotation. :param annot_dict: Annotation dictionary. :return: a (width, height) tuple /Rect)rr)rabs)rx1y1x2y2whs rCr4r4sR#G,BB BG A BG A a4K s , 88handler filled_statusrc#K |jdd}t|||tEd{y#t$rYywxYw7w)a Enumerate signature fields. :param handler: The :class:`~.rw_common.PdfHandler` to operate on. :param filled_status: Optional boolean. If ``True`` (resp. ``False``) then all filled (resp. empty) fields are returned. If left ``None`` (the default), then all fields are returned. :param with_name: If not ``None``, only look for fields with the specified name. :return: A generator producing signature fields. rraN)rrr)rrrrt)rrrr^s rCr/r/*sY(k*95'#%  s.A6AAA AAAAc #Kt|tjs#tj dt |dy|xsd}|D]d}t|tj stj d4|j|vr td|j}t|tjs#tj dt |d |d}|s|n|d |} |duxr| |k(} | xs|duxr|j| } |f|z} | D] } | d }nd}|d k(r4|jd }|du}|duxs||k(}|duxs| }|r|r| ||fn| rtd | z|| s6| r: t|d| | ||||jhzEd{gy#t$rYuwxYw#t$rYwxYw7'#t$rYwxYww)NzValues of type zA are not valid as field lists, must be array objects -- skipping.rAz>Entries in field list must be indirect references -- skipping.zCircular reference in form treez6Entries in field list must be dictionary objects, not z -- skipping.rr/FT/Sigr=z6Field with name %s exists but is not a signature fieldr) parent_nameparentsrrr)rMrrloggerwarningrr referencerrrrrkrrr) field_listrrrrrrrrifq_nameexplicitly_requestedchild_requested current_path parent_field field_type field_valuefilled status_check name_checks rCrrKsi j'"5"5 6d:./08 9  mGD )W%;%;< NNP     ) +@A A$$&%!9!9: NNH;-}.   tJ  (*5  )4MI9M. T ! Ci&:&:7&C x') ( L )%0  J  ))D/K ,F(D0KFm4KL"d*B.BJ {I55 !H   9M 2'N '('"/'9+>+>*?? wD(   "  ,  sC G"#F1(G"%G(G)G-G"1 F>:G"=F>>G" G  G" G  G"G GG"GG"pdf_outsig_field_specc b|j}|j|jd}t|j||d|j ||j |j|j \}}t|d|std|jz|j}t||||j |j \}}} } t| |z } t| |z } | r| rtjx|t!d<} |j"rFd d | | fzd | | fzd g}t%d j'|t)| | j+}n&t%dt)| | j+}|j-|| t!d<yyyy)z Append signature fields to a PDF file. :param pdf_out: Incremental writer to house the objects. :param sig_field_spec: A :class:`.SigFieldSpec` object describing the signature field to add. rF)rrrzrr~invis_settingsvisible_settings)rrz,Signature field with name %s already exists.)rrNz/APqs$q 0.95 0.95 0.95 rg 0 0 %g %g re f Qs0.5 w 0 0 %g %g re SQ )widthheight)rzrBz/N)rrryr2rxrzr~rrr1rrr3rrrrrrrras_form_xobjectr)rrrr field_createdrrllxllyurxuryrrap_dictappearance_cmds ap_streams rCr0r0s <!/#'.&8&8&CGHTN #)1 &rBcX|j+tj|j|td<|j7|j |jj }||td<|j}||j ||td<yy)zT Internal function to apply field spec properties to a newly created field. Nz/TUr)z/Lock)rrTextStringObjectrr{rrr)rrrsv_reflocks rCr3r3s))5%,%=%=  . .& (5/"%%1##  * * 8 8 : &, (5/"  0 0 2D '.'9'9$'? (7#$rBcXeZdZdddeedddedeffdZdefdZxZS) r,NT)rzrr~rr annot_flagsrrc@|W|Dcgc] }tjt|"} }t|d|dz xrt|d|dz  } n+|jrdnd} tj| gdz} d} t |tdtd td t|i||_ |r|} ntj} td | d <td | d<|Zd}| r#|jr|dz}|jr9|dz}n3|jr|dz}|js|dz}|js|dz}tj || d<tj"| | d<||_||| d<| |_ycc}w)Nrr8r7r9irWTrrrz/Annotrz/Widgetz/Subtyper\rXrYz/Frr6)r FloatObjectrrrrsuperrKrrr~rrqrprvrurtrrrr)rJrirzrr~rrrxrect invisiblecoordr __class__s rCrKzSignatureFormField.__init__s ?8;<1G''1.rsg!##44$=@5%0:336F 2   8 $k<))8KdK\5T5py y z+<*A*A*CD$!QAD $ $" $AAAH-t--,$,,;*t6 $C>C>C>L T, $mmm` $   F $D $eeeX  0 0fH.HH6 K%K\'' 2(( 5%<,%)# D>}F  Up>D >D0<>DB@ @''@!@2I=11I=o+Es) I5