Wwg- ddlZddlZddlmZmZddlmZddlmZddl m Z ddl m Z m Z mZddlmZdd lmZdd lmZdd lmZmZmZdd lmZmZgd Z ddej:deede deefdZGddZy)N)IterableOptional)x509) type_name)ValidationContext)InvalidCertificateErrorPathBuildingErrorValidationError)ValidationPath)PKIXValidationParams)CancelableAsyncIterator)async_validate_pathvalidate_tls_hostnamevalidate_usage) __version____version_info__)rrCertificateValidatorrr find_valid_path certificatepathsvalidation_contextpkix_validation_paramscBKg} |23d{} t|||d{|c|jd{S767"7 #t$r}|j|Yd}~`d}~wwxYw6n?#t$r3|j dvr#t d|jjdwxYw |jd{7n#|jd{7wxYwt|dk(r|dd}|D]}dt|vs|}|r||dw)N>yesmaybez1The X.509 certificate provided is self-signed - ""rr signature) rcancelr appendr self_signedr subjecthuman_friendlylenstr) rrrr exceptionscandidate_pathenon_signature_exception exceptions U/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/__init__.pyrrsZ J$) % %. %)&8N&%lln! % # %!!!$$ % %*   " "&6 6)''667q:   %* llnelln :!m"0 c)n ,&/ #0%% Q-sDA2A0AA0A2A AA A2DADA0A D A-A(#A2(A--A21C 2 .=7B c|jSN)r4)r6s r+rz CertificateValidator.certificatess   r9returncK|j |jS|j}|jjj |}t |||j|j d{x|_}|S7 w)a Builds possible certificate paths and validates them until a valid one is found, or all fail. :raises: pyhanko_certvalidator.errors.PathBuildingError - when an error occurs building the path pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked N)rr)_pathr4r3 path_builderasync_build_paths_lazyrr5)r6rrr's r+rz(CertificateValidator.async_validate_pathwsz :: !:: ''  **AA+N,;  #}}#'<< - '   ^  ' sA0B2B3Bctjdttj|j |||S)a Validates the certificate path and that the certificate is valid for the key usage and extended key usage purposes specified. .. deprecated:: 0.17.0 Use :meth:`async_validate_usage` instead. :param key_usage: A set of unicode strings of the required key usage purposes. Valid values include: - "digital_signature" - "non_repudiation" - "key_encipherment" - "data_encipherment" - "key_agreement" - "key_cert_sign" - "crl_sign" - "encipher_only" - "decipher_only" :param extended_key_usage: A set of unicode strings of the required extended key usage purposes. These must be either dotted number OIDs, or one of the following extended key usage purposes: - "server_auth" - "client_auth" - "code_signing" - "email_protection" - "ipsec_end_system" - "ipsec_tunnel" - "ipsec_user" - "time_stamping" - "ocsp_signing" - "wireless_access_points" An example of a dotted number OID: - "1.3.6.1.5.5.7.3.1" :param extended_optional: A bool - if the extended_key_usage extension may be ommited and still considered valid :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path zB'validate_usage' is deprecated, use 'async_validate_usage' instead)warningswarnDeprecationWarningasynciorunasync_validate_usage)r6 key_usageextended_key_usageextended_optionals r+rz#CertificateValidator.validate_usagesCt   -  {{  % %-/@   r9cK|jd{}t|j|j||||S7)w)aN Validates the certificate path and that the certificate is valid for the key usage and extended key usage purposes specified. :param key_usage: A set of unicode strings of the required key usage purposes. Valid values include: - "digital_signature" - "non_repudiation" - "key_encipherment" - "data_encipherment" - "key_agreement" - "key_cert_sign" - "crl_sign" - "encipher_only" - "decipher_only" :param extended_key_usage: A set of unicode strings of the required extended key usage purposes. These must be either dotted number OIDs, or one of the following extended key usage purposes: - "server_auth" - "client_auth" - "code_signing" - "email_protection" - "ipsec_end_system" - "ipsec_tunnel" - "ipsec_user" - "time_stamping" - "ocsp_signing" - "wireless_access_points" An example of a dotted number OID: - "1.3.6.1.5.5.7.3.1" :param extended_optional: A bool - if the extended_key_usage extension may be ommited and still considered valid :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for the usages specified :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path N)rrr3r4)r6rHrIrJvalidated_paths r+rGz)CertificateValidator.async_validate_usagesHn $7799 MM        :sAA*Ac~tjdttj|j |S)ah Validates the certificate path, that the certificate is valid for the hostname provided and that the certificate is valid for the purpose of a TLS connection. .. deprecated:: 0.17.0 Use :meth:`async_validate_tls` instead. :param hostname: A unicode string of the TLS server hostname :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for TLS or the hostname :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path z>'validate_tls' is deprecated, use 'async_validate_tls' instead)rBrCrDrErFasync_validate_tlsr6hostnames r+ validate_tlsz!CertificateValidator.validate_tlss2,  L  {{4228<==r9cK|jd{t|j|j||jS71w)a Validates the certificate path, that the certificate is valid for the hostname provided and that the certificate is valid for the purpose of a TLS connection. :param hostname: A unicode string of the TLS server hostname :raises: pyhanko_certvalidator.errors.PathValidationError - when an error occurs validating the path pyhanko_certvalidator.errors.RevokedError - when the certificate or another certificate in its path has been revoked pyhanko_certvalidator.errors.InvalidCertificateError - when the certificate is not valid for TLS or the hostname :return: A pyhanko_certvalidator.path.ValidationPath object of the validated certificate validation path N)rrr3r4r>rOs r+rNz'CertificateValidator.async_validate_tls4s?&&&(((dmmT->->Izz )sA A2A )NNN)NF)__name__ __module__ __qualname__r>r Certificaterrrr r8propertyrr rrrGrQrNr9r+rrBs E DH:>6: +C))+C%Xd.>.>%?@+C%%67 +C 23 +CZ!!>4EJD NEJ?B>:r9rr;) rErBtypingrr asn1cryptor_typesrcontextrerrorsr r r pathr policy_declr utilrvalidaterrrversionrr__all__rVrrrXr9r+rds%&OO -)PP2 >B %!!% "> 2%*%%%9: %PGGr9