Wwg* dZddlZddlZddlZddlmZmZmZmZm Z m Z ddl m Z m Z mZmZmZmZddlmZddlmZddlmZgd Zej2eZegd Zegd Zegd Zegd Z de!dee"de"de#fdZ$de!de"fdZ%de ejLe jNfdedejPfdZ)dejLdede"de#fdZ*de!dejVde"fdZ,e d Z-e d!Z.d"ee-e e.e/ffd#ee-ej`fd$e-d%egee.fde e.e/ff d&Z1d'Z2d(Z3d)Z4d*Z5de ejLe jNffd+Z6d,Z7y)-zd Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. N) AwaitableCallableDictOptionalTypeVarUnion)algoscmscoreocsppemx509)errors) Authority)get_ac_extension_value) unpack_cert_contentformat_ocsp_requestprocess_ocsp_response_dataqueue_fetch_taskcrl_job_results_as_completedocsp_job_get_earliestcomplete_certificate_fetch_jobsgather_aia_issuer_urls$ACCEPTABLE_STRICT_CERT_CONTENT_TYPESACCEPTABLE_CERT_PEM_ALIASESACCEPTABLE_PKCS7_DER_ALIASESACCEPTABLE_CERT_DER_ALIASES)application/pkix-certapplication/pkcs7-mimeapplication/x-x509-ca-cert application/x-pkcs7-certificates)zapplication/x-pem-filez text/plainapplication/octet-streambinary/octet-stream)rr!r#r$)r r"r$ response_data content_typeurl permit_pemc#Ktj|}||tvr|s|tj d|dt t jj|}|dk(rt||Ed{y|dk(r"tjj|yy|tvr|st||Ed{y|r^|r\tj|dD]A\}}}|dk(rt||Ed{!tjj|Cytd|d |d 77y7?w) Nz)Response to certificate fetch request to zi did not include a content type, verifying it's sequence length to check if it is a certificate or pkcs7.rT)multiplePKCS7zFailed to extract certs from z payload. Source URL: .)r detectrloggerwarninglenr Sequenceload_unpack_der_pkcs7r Certificaterunarmor ValueError) r%r&r'r(is_pemder_sequence_length type_name_datas b/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/fetchers/common_utils.pyrrHsM ZZ &F 0K K   NN;C5A9:  "$--"4"4]"CD ! #(< < < A %""'' 6 6& 6 6$]C888 #&++md"K 2 Iq$G#,T3777&&++D11  2 +L>:%q "   = 9 8s7A9E;D:D>?E pkcs7_data pkcs7_urlc#,Ktjj|}|dj}|dk7rt d|d|d|d}t |dtj r)|dD] }|jdk(s|j"yyw) Nr& signed_dataziExpected CMS SignedData when extracting certs from application/pkcs7-mime payload, but content type was 'z'. Source URL: r-content certificates certificate) r ContentInfor3nativer7 isinstanceCertificateSetnamechosen)r>r? content_infocms_ctrA cert_choices r=r4r4os$'OO$8$8$DL . ) 0 0F  xyk 4  y)K+n-s/A/AB&~6 )K=0!((( )Cs A?BBcert authorityreturnc*t|tjr |j}n|ddj}t |j |}tjtjd|i|t |j||d}|S)Nac_info serial_number algorithm)hash_algorithmissuer_name_hashissuer_key_hashrS) rGrr5rSrFgetattrrIr CertIdr DigestAlgorithm public_key)rNrOcertid_hash_algorS iss_name_hashcert_ids r= get_certidr_s $(()** Y8?? INN,<=Mkk#33./!.&y';';=MN*   G Nr\request_noncesc t|||}tjd|i}tjdtj|gi}|rXtj ddt jtjdd}tj|g|d<tjd |iS) N)r\req_cert request_listnonceF)extn_idcritical extn_valuerequest_extensions tbs_request) r_r Request TBSRequestRequestsTBSRequestExtensionr OctetStringosurandomTBSRequestExtensions OCSPRequest)rNrOr\rar^requestrknonce_extensions r=rrsy;KLGll  G // DMM7)4 K 22"!"..rzz"~>  -1,E,E  - ()   ]K8 99r` ocsp_requestocsp_urlc~ tjj|}|dj }|dk7rt jd|d|d|j}|r<|j}|r.|j |j k7rt jd|S#t$rt j dwxYw)Nz)Failed to parse response from OCSP serverresponse_status successfulzOCSP server at z returned an error. Status was 'z'.zQUnable to verify OCSP response since the request and response nonces do not match) r OCSPResponser3r7rOCSPFetchErrorrFOCSPValidationError nonce_value)r%rwrx ocsp_responsestatus request_nonceresponse_nonces r=rrsQ))..}= , - 4 4F (( !  !,,M&22 }33~7L7LL,,/  - Q##$OPPQs BB<TRresults running_jobstag async_func*K ||}tjdt|dt|S#t$rYnwxYw ||}tjdt|d|j d{7tjdt|dt||S#t$rtjdt|dt jx||<} |d{7}n<#t$r0}tjd t|d ||}Yd}~nd}~wwxYw|||<tjd t|d ||=|jt|cYSwxYww) NzResult for fetch job with tag z was available in cache.zWaiting for fetch job with tag z to return...z,Received completion signal for job with tag r-z Starting new fetch job with tag z...zNew fetch job with tag z threw an exception: z returned.) r/debugrepr_return_or_raiseKeyErrorwaitasyncioEvent Exceptionset)rrrrresult wait_eventes r=rrs  ,T#YK7O P  ''    ($0$5  6tCykOPoo :49+Q G   -- ( 7S {#FG)08 SJ $;&&F  LL)$s)4I!M F     .tCykDE  ''!(sF16F AFAF:B6B4B65F6AF; D DD  F E&E;FEAF FFFc*t|tr||SN)rGr)rs r=rrs&)$ Mr`cKd}d}tjt|D]} |d{}|||s|yy7#tj$r }|}Yd}~9d}~wwxYww)NF)r as_completedlistr CRLFetchError)jobslast_eat_least_one_successcrl_job fetched_crlrs r=rrsx F ''T 3  '-K "6 #7 (## F s=&A&AA A A&AA#AA&A##A&cKtj|}|j |d{y7#tj$rYywxYwwr)rgathercancelCancelledError) pending_taskspendings r= cancel_allr"sAnnm,G NN   ! !   s1#A 313A 3A A A  A cK|Dcgc]}tj|}}dx}}|rFtj|tjd{\}}|D]} |d{}n|rF|t |d{|S|xst j dcc}w7R7A#tj $r }|}Yd}~gd}~wwxYw7Jw)N) return_whenzNo OCSP results)r create_taskrFIRST_COMPLETEDrr}r)rcoroqueue ocsp_resprdoneocsp_jobrs r=rr+s37 84W  & 8E 8I #LL w66  e H "*N     rs  FF88!)    8 $(1($(( ) $ $ 3-$  $  $ N )% )C )    #"<"<< =  [[ 2 :    : : :  :F+/+;+;GJ< CL CL.( !U1i<(( ).(q'--'(.( .(IaL() .(  1i< .(b  =(   #"<"<< =& r`