Wwg* ddlmZddlmZmZmZddlmZddlm Z ddl m Z ddd e d e d edfd Zd Zdeej de fdZd e de fdZd edfdZGddZGddeZy)) defaultdict)IterableOptionalSet)x509) ValProcState)PathValidationErrorvalid_policy_treePolicyTreeRootdepthany_policy_uninhibitedreturncd}t}|D]}|dj}|dk(r|}|j||d}d} d} |j|dz D]8} | jdk(r| } || j vr#d} | j |||h:| r| s| j |||h|rH|rF|j|dz D]/} | j D]} | |vs| j | |d| h 1t||dz }|S)zO Internal method to update the policy tree during RFC 5280 validation. Npolicy_identifier any_policypolicy_qualifiersFrT)setnativeaddat_depth valid_policyexpected_policy_set add_child_prune_policy_tree) certificate_policiesr r rcert_any_policycert_policy_identifierspolicyrrpolicy_id_matchparent_any_policynodeexpected_policy_identifiers X/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/policy_tree.pyupdate_policy_treer% slO!e'"#67>>  ,$O ##$56"#67 &..uqy9 D  L0$(! (@(@@"O NN!#47H6I   #4  ' '!#47H6I 7@1%..uqy9 D.2.F.F *-5LLNN2'(;<34  ++EE '(? @ G G'(,,-BC !L 0$ 4%00:++-./:;  $ r&policy_mapping_uninhibitedc|jD]\}}|rrd}d}|j|D],}|jdk(r|}|j|k(s$d}||_.|rO|sR|jj ||j |z|j|D]-}|j|k(s|jj|/t||dz }|S)z Internal function to apply the policy mapping to the current policy tree in accordance with the algorithm in RFC 5280. FNrTr) itemsrrrr+r qualifier_setr,r) r4r r r7r0subject_domain_policiesissuer_domain_policy_matchrr"s r$apply_policy_mappingr=ns:D9I9I9KQ55 %). &"O)2259 G$$ 4&*O$$(<<15./FD,  G./&&00(#11+*2259 3$$(<<KK,,T2 3!33Deai P 3Q4 r&cz t|j  fd}t|} td|j|D}|j}|J|j }|z D]}|j |||h|j|t||dz S#t$rYwxYw)Nc3KD]7}|j}|dk(s|vr||jj|9yw)Nr)rr+r,) policy_node policy_idacceptable_policiesvalid_policy_node_sets r$_filter_acceptablez7prune_unacceptable_policies.._filter_acceptablesJ0 =K#00IL(I9L,L""// <  =s>Ac3>K|]}|jdk(r|yw)rN)r).0r@s r$ z.prune_unacceptable_policies..s&0 ''<7 0 sr) rnodes_in_current_domainnextrr+r:rr, StopIterationr) path_lengthr rBrDvalid_and_acceptablefinal_any_policywildcard_parentwildcard_qualsacceptable_policyrCs ` @r$prune_unacceptable_policiesrQs 1 I I KL=134  +/0 099+F0 ,  +11***)77!47K!K    % %!>4E3F   $$%56 /q AA    sA,B.. B:9B:c\eZdZdZedZdZdZdZde dfdZ d Z de dfd Z y ) r zH A generic policy tree node, used for the root node in the tree c@t}|j||||S)aq Accepts values for a PolicyTreeNode that will be created at depth 0 :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs )r r)clsrr:rroots r$init_policy_treezPolicyTreeRoot.init_policy_trees" |]4GH r&c d|_g|_yr()r+r*)selfs r$__init__zPolicyTreeRoot.__init__s  r&cbt|||}||_|jj|y)ab Creates a new PolicyTreeNode as a child of this node :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)PolicyTreeNoder+r*append)rXrr:rchilds r$rzPolicyTreeRoot.add_childs,|]= 0 of the depth of nodes to yield :return: A generator yielding PolicyTreeNode objects rrN)listr*rrXr r] grandchilds r$rzPolicyTreeRoot.at_depthsN$--( %Ez "'..";%J$$%  %sAAc#Kt|jD](}|dk7r|j|dz D]}||*yw)aW Returns a generator yielding all nodes in the tree at a specific depth, or above. Yields nodes starting with leaves and traversing up to the root. :param depth: An integer >= 0 of the depth of nodes to walk up from :return: A generator yielding PolicyTreeNode objects rrN)rbr*r)rcs r$r)zPolicyTreeRoot.walk_upsN$--( Ez"'-- ":%J$$%K  sAAc#K|jD].}||jdk(s|jEd{0y7w)zy Returns a generator yielding all nodes in the tree that are children of an ``any_policy`` node. rN)r*rrHr`s r$rHz&PolicyTreeRoot.nodes_in_current_domain!sE ]] ;EK!!\1 88::: ;;s#AAAAN) __name__ __module__ __qualname____doc__ classmethodrVrYrr,rrr)rHr&r$r r sS"$$$%*:!;%$& ;2B)C ;r&cPeZdZdZdedej deeffd ZdZ xZ S)r[zD A policy tree node that is used for all nodes but the root rr:rcLt|||_||_||_y)a$ :param valid_policy: A unicode string of a policy name or OID :param qualifier_set: An instance of asn1crypto.x509.PolicyQualifierInfos :param expected_policy_set: A set of unicode strings containing policy names or OIDs N)superrYrr:r)rXrr:r __class__s r$rYzPolicyTreeNode.__init__2s( (*#6 r&c#<K|}|||j}|yywr()r+)rXr"s r$ path_to_rootzPolicyTreeNode.path_to_rootHs'J;;Ds) rgrhrirjstrrPolicyQualifierInfosrrYrr __classcell__)rps@r$r[r[-s877007!X 7,r&r[N) collectionsrtypingrrr asn1cryptor_stater errorsr intboolr%r PolicyMappingr6r=rQr r[rlr&r$r~s#** ':': :! :  :zt))*8D<"*-"KO"J/B /Bde;e;P^r&