
    Wwg^"                        d dl Z d dlmZ d dlmZ d dlmZmZ ddlm	Z	 ddl
mZ  ed	       G d
 d             Z G d de j                        Z G d d      Zdej                   defdZ G d de      Z G d de      Z G d de      Zy)    N)	dataclass)Optional)keysx509   )process_general_subtrees)PKIXValidationParamsT)frozenc                   R    e Zd ZU dZdZed   ed<   	 dZee   ed<   	 dZ	ee   ed<   y)TrustQualifierszY
    .. versionadded 0.20.0

    Parameters that allow a trust root to be qualified.
    Nr	   standard_parametersmax_path_lengthmax_aa_path_length)
__name__
__module____qualname____doc__r   r   __annotations__r   intr        V/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/authority.pyr   r      sK     =A"89@
 &*OXc])
 )-,r   r   c                       e Zd ZdZedej                  fd       Zedej                  fd       Z
ed        Zd Zd Zedee   fd       Zd	ej"                  defd
Zy)	AuthorityzM
    .. versionadded:: 0.20.0

    Abstract authority, i.e. a named key.
    returnc                     t         )z'
        The authority's name.
        NotImplementedErrorselfs    r   namezAuthority.name/   
    
 "!r   c                     t         )z-
        The authority's public key.
        r   r   s    r   
public_keyzAuthority.public_key6   r"   r   c                     t         )zm
        A hashable unique identifier of the authority, used in ``__eq__``
        and ``__hash__``.
        r   r   s    r   hashablezAuthority.hashable=   s
     "!r   c                 ,    t        | j                        S N)hashr&   r   s    r   __hash__zAuthority.__hash__E   s    DMM""r   c                 V    t        |t              sy| j                  |j                  k(  S NF)
isinstancer   r&   r    others     r   __eq__zAuthority.__eq__H   s"    %+}}..r   c                     t         )z
        Key ID as (potentially) referenced in an authorityKeyIdentifier
        extension. Only used to eliminate non-matching trust anchors,
        never to retrieve keys or to definitively identify trust anchors.
        r   r   s    r   key_idzAuthority.key_idN   s
     "!r   certc                     |j                   | j                  k7  ry|j                  r&| j                  r|j                  | j                  k7  ryy)z
        Function to determine whether this trust root could potentially be an
        issuer of a given certificate.
        This function is used during path building.

        :param cert:
            The certificate to evaluate.
        FT)issuerr!   authority_key_identifierr2   r    r3   s     r   is_potential_issuer_ofz Authority.is_potential_issuer_ofW   s>     ;;$))#((T[[,,;r   N)r   r   r   r   propertyr   Namer!   r   PublicKeyInfor$   r&   r*   r0   r   bytesr2   Certificateboolr8   r   r   r   r   r   (   s     "dii " " "D.. " " " "#/ " " "4+;+;  r   r   c                   b    e Zd ZdZ	 ddedee   fdZedefd       Z	edefd       Z
d	 Zd
 Zy)TrustAnchorz
    Abstract trust root. A trust root is an authority with trust qualifiers.
    Equality of trust roots reduces to equality of authorities.
    N	authorityqualsc                      || _         || _        y r(   )
_authority_quals)r    rA   rB   s      r   __init__zTrustAnchor.__init__n   s     $r   r   c                     | j                   S r(   )rD   r   s    r   rA   zTrustAnchor.authorityt   s    r   c                 2    | j                   xs
 t               S )z0
        Qualifiers for the trust root.
        )rE   r   r   s    r   trust_qualifierszTrustAnchor.trust_qualifiersx   s    
 {{/o//r   c                 X    t        |t              xr |j                  | j                  k(  S r(   )r-   r@   rD   r.   s     r   r0   zTrustAnchor.__eq__   s(    uk* 4  DOO3	
r   c                 ,    t        | j                        S r(   )r)   rD   r   s    r   r*   zTrustAnchor.__hash__   s    DOO$$r   r(   )r   r   r   r   r   r   r   rF   r9   rA   rI   r0   r*   r   r   r   r@   r@   h   sh     HL"+3O+D 9   0/ 0 0
%r   r@   r3   r   c                    d}dx}}| j                   bd}| j                   }|d   }t        |t        j                        rt	        |      }|d   }t        |t        j                        rt	        |      }d}| j
                  4d}| j
                  }t        |D 	cg c]  }	|	d   j                   c}	      }d}
|rt        |xs t        dg      |du||      }
t        | j                  |
	      S c c}	w )
a  
    Extract trust qualifiers from data and extensions of a certificate.

    .. note::
        Recall that any property of a trust root other than its name and public
        key are in principle irrelevant to the PKIX validation algorithm
        itself.
        This function is merely a helper function that allows the certificate's
        other data to be conveniently gathered to populate the default
        validation parameters for paths deriving from that trust root.

    :param cert:
        The certificate from which to extract qualifiers (usually a
        self-signed one)
    :return:
        A :class:`TrustQualifiers` object with the extracted qualifiers.
    FNTpermitted_subtreesexcluded_subtreespolicy_identifier
any_policy)user_initial_policy_setinitial_explicit_policyinitial_permitted_subtreesinitial_excluded_subtrees)r   r   )name_constraints_valuer-   r   GeneralSubtreesr   certificate_policies_value	frozensetdottedr	   r   r   )r3   	ext_foundrM   rN   nc_extpermitted_valexcluded_valacceptable_policiespolicies_valpol_infoparamss              r   derive_quals_from_certrb      s   & I-11*"".	'+'B'B34mT%9%9:!9-!H12lD$8$89 8 F&&2	151P1P'BNOhX)*11O
 F%#@y,'@ %8t$C'9&7	
 ,,& ! Ps   C1c                        e Zd ZdZdej
                  fdZedej                  fd       Z	ed        Z
ed        Zedee   fd       Zedej
                  fd	       Zdej
                  f fd
Z xZS )AuthorityWithCertzz
    .. versionadded:: 0.20.0

    Authority provisioned as a certificate.

    :param cert:
        The certificate.
    r3   c                     || _         y r(   _certr7   s     r   rF   zAuthorityWithCert.__init__   s	    
r   r   c                 .    | j                   j                  S r(   )rg   subjectr   s    r   r!   zAuthorityWithCert.name   s    zz!!!r   c                 .    | j                   j                  S r(   )rg   r$   r   s    r   r$   zAuthorityWithCert.public_key   s    zz$$$r   c                 z    | j                   }|j                  j                  |j                  j	                         fS r(   )rg   ri   r&   r$   dumpr7   s     r   r&   zAuthorityWithCert.hashable   s-    zz||$$doo&:&:&<<<r   c                 .    | j                   j                  S r(   )rg   key_identifierr   s    r   r2   zAuthorityWithCert.key_id   s    zz(((r   c                     | j                   S r(   rf   r   s    r   certificatezAuthorityWithCert.certificate       zzr   c                     t         |   |      sy|j                  r$|j                  | j                  j                  k7  ryy)NFT)superr8   authority_issuer_serialrg   issuer_serial)r    r3   	__class__s     r   r8   z(AuthorityWithCert.is_potential_issuer_of   s:    w-d3''++tzz/G/GGr   )r   r   r   r   r   r=   rF   r9   r:   r!   r$   r&   r   r<   r2   rp   r8   __classcell__rv   s   @r   rd   rd      s    T--  "dii " " % % = = ) ) ) T--  4+;+;  r   rd   c                        e Zd ZdZ	 	 d	dej
                  dee   def fdZ	e
dej
                  fd       Ze
defd       Z xZS )
CertTrustAnchora  
    .. versionadded:: 0.20.0

    Trust anchor provisioned as a certificate.

    :param cert:
        The certificate, usually self-signed.
    :param quals:
        Explicit trust qualifiers.
    :param derive_default_quals_from_cert:
        Flag indicating to derive default trust qualifiers from the certificate
        content if explicit ones are not provided. Defaults to ``False``.
    r3   rB   derive_default_quals_from_certc                 X    t        |      }|| _        t        |   ||       || _        y r(   )rd   rg   rs   rF   _derive)r    r3   rB   r{   rA   rv   s        r   rF   zCertTrustAnchor.__init__   s,     &d+	
E*5r   r   c                     | j                   S r(   rf   r   s    r   rp   zCertTrustAnchor.certificate  rq   r   c                     | j                   | j                   S | j                  rt        | j                        x| _         }|S t	               S r(   )rE   r}   rb   rg   r   )r    rB   s     r   rI   z CertTrustAnchor.trust_qualifiers  s@    ;;";;\\"8"DDDK%L"$$r   r,   )r   r   r   r   r   r=   r   r   r>   rF   r9   rp   rI   rw   rx   s   @r   rz   rz      sx    " ,0/4		6	6 (	6 )-		6 T--   %/ % %r   rz   c                       e Zd ZdZdej
                  dej                  fdZe	dej
                  fd       Z
e	d        Ze	dee   fd       Ze	d	        Zy
)NamedKeyAuthorityz
    Authority provisioned as a named key.

    :param entity_name:
        The name of the entity that controls the private key of the trust root.
    :param public_key:
        The trust root's public key.
    entity_namer$   c                      || _         || _        y r(   )_name_public_key)r    r   r$   s      r   rF   zNamedKeyAuthority.__init__   s     
%r   r   c                     | j                   S r(   )r   r   s    r   r!   zNamedKeyAuthority.name$  rq   r   c                     | j                   S r(   )r   r   s    r   r$   zNamedKeyAuthority.public_key(  s    r   c                      y r(   r   r   s    r   r2   zNamedKeyAuthority.key_id,  s    r   c                 b    | j                   j                  | j                  j                         fS r(   )r   r&   r   rl   r   s    r   r&   zNamedKeyAuthority.hashable0  s&    zz""D$4$4$9$9$;;;r   N)r   r   r   r   r   r:   r   r;   rF   r9   r!   r$   r   r<   r2   r&   r   r   r   r   r     s    &DII &4;M;M & dii          < <r   r   )abcdataclassesr   typingr   
asn1cryptor   r   
name_treesr   policy_declr	   r   ABCr   r@   r=   rb   rd   rz   r   r   r   r   <module>r      s    
 !  ! 0 -
 $  4= =@% %B6!1!1 6o 6r(	 (V&%k &%R<	 <r   