ث
    Wwچg<3  م                   َو  — d dl Z d dlZd dlmZmZmZmZ d dlmZ d dl	m
Z
 d dlmZ ddlmZ dd	lmZmZmZmZ dd
lmZmZ ddlmZmZ ddlmZmZmZmZ ddlm Z m!Z!m"Z"m#Z#m$Z$ ddl%m&Z& ddl'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z- g d¢Z. ede,¬«      Z/e,dddddfdej`                  dee1   dee
   dee2   dee&   f
d„Z3dddejh                  dfdee1eejj                  ejl                  f   dej`                  dee
   dee
   dee&   de-fd„Z7	 	 	 	 	 d(de!dee
   dee
   d ee   dee&   d!e8de*fd"„Z9	 	 	 d)de!dee
   d ee   d!e8de(f
d#„Z:dd$dddejh                  fde!de
fd%„Z;	 	 	 	 	 	 d*de!d&ed ee   dee&   d!e8de*fd'„Z<y)+é    N)عIOعOptionalعTypeVarعUnion)عcms)عValidationContext)عmiscé   )ع
DiffPolicyé   )عVRIعDocumentSecurityStoreعasync_add_validation_infoعcollect_validation_info)عSigSeedValueValidationErrorعValidationInfoReadingError)عasync_validate_cms_signatureعasync_validate_detached_cms)عRevocationInfoValidationTypeعapply_adobe_revocation_infoع async_validate_pdf_ltv_signatureعget_timestamp_chain)ع
DocMDPInfoعEmbeddedPdfSignatureعasync_validate_pdf_signatureعasync_validate_pdf_timestampعread_certification_data)عKeyUsageConstraints)عDocumentTimestampStatusعModificationInfoعPdfSignatureStatusعSignatureCoverageLevelعSignatureStatusعStandardCMSSignatureStatus)r"   r!   r   r$   r    r   r   r   r   r   r   r   r   عvalidate_pdf_signaturer   عvalidate_cms_signaturer   عvalidate_detached_cmsr   عvalidate_pdf_timestampr   عvalidate_pdf_ltv_signaturer   r   عadd_validation_infoع
StatusType)عboundFعsigned_dataع
raw_digestعvalidation_contextعstatus_kwargsعkey_usage_settingsc                 َ‚   — t        j                  dt        «       t        | |||||¬«      }t	        j
                  |«      S )a‘  
    .. deprecated:: 0.9.0
        Use :func:`~.generic_cms.async_validate_cms_signature` instead.

    .. versionchanged:: 0.7.0
        Now handles both detached and enveloping signatures.

    .. versionchanged:: 0.17.0
        The ``encap_data_invalid`` parameter is ignored.

    Validate a CMS signature (i.e. a ``SignedData`` object).

    :param signed_data:
        The :class:`.asn1crypto.cms.SignedData` object to validate.
    :param status_cls:
        Status class to use for the validation result.
    :param raw_digest:
        Raw digest, computed from context.
    :param validation_context:
        Validation context to validate the signer's certificate.
    :param status_kwargs:
        Other keyword arguments to pass to the ``status_class`` when reporting
        validation results.
    :param key_usage_settings:
        A :class:`.KeyUsageConstraints` object specifying which key usages
        must or must not be present in the signer's certificate.
    :param encap_data_invalid:
        As of version ``0.17.0``, this parameter is ignored.
    :return:
        A :class:`.SignatureStatus` object (or an instance of a proper subclass)
    zR'validate_cms_signature' is deprecated, use 'async_validate_cms_signature' instead)r-   ع
status_clsr.   r/   r0   r1   )عwarningsعwarnعDeprecationWarningr   عasyncioعrun)r-   r3   r.   r/   r0   r1   عencap_data_invalidعcoros           ْW/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko/sign/validation/__init__.pyr&   r&   N   sH   € ôR ‡MپMً	1نôô (طططط-ط#ط-ô€Dô ڈ;‰;گtسذَ    ع
input_dataعsigner_validation_contextعts_validation_contextعreturnc           	      َ„   — t        j                  dt        «       t        | ||||||¬«      }t	        j
                  |«      S )aئ  
    .. deprecated:: 0.9.0
        Use :func:`.generic_cms.async_validate_detached_cms` instead.

    .. versionadded: 0.7.0

    Validate a detached CMS signature.

    :param input_data:
        The input data to sign. This can be either a :class:`bytes` object,
        a file-like object or a :class:`cms.ContentInfo` /
        :class:`cms.EncapsulatedContentInfo` object.

        If a CMS content info object is passed in, the `content` field
        will be extracted.
    :param signed_data:
        The :class:`cms.SignedData` object containing the signature to verify.
    :param signer_validation_context:
        Validation context to use to verify the signer certificate's trust.
    :param ts_validation_context:
        Validation context to use to verify the TSA certificate's trust, if
        a timestamp token is present.
        By default, the same validation context as that of the signer is used.
    :param key_usage_settings:
        Key usage parameters for the signer.
    :param chunk_size:
        Chunk size to use when consuming input data.
    :param max_read:
        Maximal number of bytes to read from the input stream.
    :return:
        A description of the signature's status.
    zP'validate_detached_cms' is deprecated, use 'async_validate_detached_cms' instead)r=   r-   r>   r?   r1   ع
chunk_sizeعmax_read)r4   r5   r6   r   r7   r8   )r=   r-   r>   r?   r1   rB   rC   r:   s           r;   r'   r'   ˆ   sK   € ôT ‡MپMً	0نôô 'ططط";ط3ط-ططô€Dô ڈ;‰;گtسذr<   عembedded_sigعdiff_policyع	skip_diffc                 َN   — t        | |||||¬«      }t        j                  |«      S )a  
    .. versionchanged:: 0.9.0
        Wrapper around :func:`~.pdf_embedded.async_validate_pdf_signature`.

    Validate a PDF signature.

    :param embedded_sig:
        Embedded signature to evaluate.
    :param signer_validation_context:
        Validation context to use to validate the signature's chain of trust.
    :param ts_validation_context:
        Validation context to use to validate the timestamp's chain of trust
        (defaults to ``signer_validation_context``).
    :param diff_policy:
        Policy to evaluate potential incremental updates that were appended
        to the signed revision of the document.
        Defaults to
        :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`.
    :param key_usage_settings:
        A :class:`.KeyUsageConstraints` object specifying which key usages
        must or must not be present in the signer's certificate.
    :param skip_diff:
        If ``True``, skip the difference analysis step entirely.
    :return:
        The status of the PDF signature in question.
    )rD   r>   r?   rE   r1   rF   )r   r7   r8   )rD   r>   r?   rE   r1   rF   r:   s          r;   r%   r%   ؤ   s2   € ôD (ط!ط";ط3طط-طô€Dô ڈ;‰;گtسذr<   c                 َJ   — t        | |||¬«      }t        j                  |«      S )aة  
    .. versionchanged:: 0.9.0
        Wrapper around :func:`~.pdf_embedded.async_validate_pdf_timestamp`.

    Validate a PDF document timestamp.

    :param embedded_sig:
        Embedded signature to evaluate.
    :param validation_context:
        Validation context to use to validate the timestamp's chain of trust.
    :param diff_policy:
        Policy to evaluate potential incremental updates that were appended
        to the signed revision of the document.
        Defaults to
        :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`.
    :param skip_diff:
        If ``True``, skip the difference analysis step entirely.
    :return:
        The status of the PDF timestamp in question.
    )rD   r/   rE   rF   )r   r7   r8   )rD   r/   rE   rF   r:   s        r;   r(   r(   ٌ   s+   € ô4 (ط!ط-ططô	€Dô ڈ;‰;گtسذr<   Tc           
      َR   — t        | |||||||¬«      }t        j                  |«      S )al  
    .. versionchanged:: 0.9.0
        Wrapper around :func:`~.dss.async_add_validation_info`

    Add validation info (CRLs, OCSP responses, extra certificates) for a
    signature to the DSS of a document in an incremental update.

    :param embedded_sig:
        The signature for which the revocation information needs to be
        collected.
    :param validation_context:
        The validation context to use.
    :param skip_timestamp:
        If ``True``, do not attempt to validate the timestamp attached to
        the signature, if one is present.
    :param add_vri_entry:
        Add a ``/VRI`` entry for this signature to the document security store.
        Default is ``True``.
    :param output:
        Write the output to the specified output stream.
        If ``None``, write to a new :class:`.BytesIO` object.
        Default is ``None``.
    :param in_place:
        Sign the original input stream in-place.
        This parameter overrides ``output``.
    :param chunk_size:
        Chunk size parameter to use when copying output to a new stream
        (irrelevant if ``in_place`` is ``True``).
    :param force_write:
        Force a new revision to be written, even if not necessary (i.e.
        when all data in the validation context is already present in the DSS).
    :return:
        The (file-like) output object to which the result was written.
    )rD   r/   عskip_timestampعadd_vri_entryعoutputعin_placerB   عforce_write)r   r7   r8   )	rD   r/   rJ   rK   rM   rL   rN   rB   r:   s	            r;   r*   r*     s8   € ôZ %ط!ط-ط%ط#ططططô	€Dô ڈ;‰;گtسذr<   عvalidation_typec           
      َR   — t        | |||||||¬«      }t        j                  |«      S )aû  
    .. versionchanged:: 0.9.0
        Wrapper around :func:`async_validate_pdf_ltv_signature`.

    Validate a PDF LTV signature according to a particular profile.

    :param embedded_sig:
        Embedded signature to evaluate.
    :param validation_type:
        Validation profile to use.
    :param validation_context_kwargs:
        Keyword args to instantiate
        :class:`.pyhanko_certvalidator.ValidationContext` objects needed over
        the course of the validation.
    :param bootstrap_validation_context:
        Validation context used to validate the current timestamp.
    :param force_revinfo:
        Require all certificates encountered to have some form of live
        revocation checking provisions.
    :param diff_policy:
        Policy to evaluate potential incremental updates that were appended
        to the signed revision of the document.
        Defaults to
        :const:`~pyhanko.sign.diff_analysis.DEFAULT_DIFF_POLICY`.
    :param key_usage_settings:
        A :class:`.KeyUsageConstraints` object specifying which key usages
        must or must not be present in the signer's certificate.
    :param skip_diff:
        If ``True``, skip the difference analysis step entirely.
    :return:
        The status of the signature.
    )rD   rO   عvalidation_context_kwargsعbootstrap_validation_contextعforce_revinforE   r1   rF   )r   r7   r8   )	rD   rO   rQ   rR   rS   rE   r1   rF   r:   s	            r;   r)   r)   N  s8   € ôT ,ط!ط'ط";ط%Aط#طط-طô	€Dô ڈ;‰;گtسذr<   )NNNNF)NNF)NNFNNF)=r7   r4   عtypingr   r   r   r   ع
asn1cryptor   عpyhanko_certvalidatorr   عpyhanko.pdf_utilsr	   عdiff_analysisr   عdssr   r   r   r   عerrorsr   r   عgeneric_cmsr   r   عltvr   r   r   r   عpdf_embeddedr   r   r   r   r   عsettingsr   عstatusr   r    r!   r"   r#   r$   ع__all__r+   ع
SignedDataعbytesعdictr&   عDEFAULT_CHUNK_SIZEعContentInfoعEncapsulatedContentInfor'   عboolr%   r(   r*   r)   © r<   r;   ْ<module>ri      s—  ًغ غ ك /س /ه ف 3ه "ه &÷َ ÷ L÷÷َ ÷ُ ُ *÷÷ ٍ€ٌ: گ\¨ش9€
ً ط"&ط6:ط$(ط8<طٌ7ط—‘ً7ً ک‘ً7ً !ذ!2ر3ً	7ً
 کD‘>ً7ً !ذ!4ر5َ7ًz >Bط9=ط8<ط×&ر&طٌ9طگeکR §،°#×2Mر2MذMرNً9à—‘ً9ً  (ذ(9ر:ً9ً $ذ$5ر6ً	9ً
 !ذ!4ر5ً9ً  َ9ً| >Bط9=ط(,ط8<طٌ*ط&ً*à'ذ(9ر:ً*ً $ذ$5ر6ً*ً ک*ر%ً	*ً
 !ذ!4ر5ً*ً ً*ً َ*ً^ 7;ط(,طٌ	 ط&ً à ذ!2ر3ً ً ک*ر%ً ً ً	 ً
 َ ًL ططططط×&ر&ٌ7ط&ً7à)َ7ًz #ط!%طط(,ط8<طٌ4ط&ً4à1ً4ً ک*ر%ً4ً !ذ!4ر5ً4ً ً4ً ô4r<   