Wwg ddlZddlZddlmZmZddlmZddlmZmZddl m Z ddl m Z m Z ddlmZddlmZdd lmZdd lmZmZmZdd lmZd gZej6eZd edefdZ dd edededeedeedef dZy)N)datetimetimezone)Optional)CertValidationPolicySpecValidationDataHandlers)ValidationError)PastValidatePrecheckFailureTimeSlideFailure) time_slide)ValidationTimingInfo)ValidationPath) NO_REVOCATIONAcceptAllAlgorithmsCertRevTrustPolicy)async_validate_path past_validatepathvalidation_policy_speccKt|jd}td|D}td|D}||k\r t dt ||d}t j|ttt j|d } t|||jd{y7#t$r}t d |d}~wwxYww) NF) include_rootc34K|]}|jywN)not_valid_before.0cs Z/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/ades_past.py z*_past_validate_precheck..(s8Qa((8c34K|]}|jywr)not_valid_afterrs rrz*_past_validate_precheck..)s7Aa''7rz`The intersection of the validity periods of the certificates in the path is empty or degenerate.Tvalidation_timebest_signature_timepoint_in_time_validation)revocation_checking_policy)revinfo_policyalgorithm_usage_policy timing_infohandlersz\Elementary path validation routine failed during pre-check for past point-in-time validation)list iter_certsmaxminr r dataclassesreplacerrrbuild_validation_contextrpkix_validation_paramsr)rrcerts lower_bound upper_boundref_timevalidation_contextes r_past_validate_precheckr:s e4 5E8%88K777Kk!) 2  $#'!%H %,,)'4  34  8dC  !   " 9 9   ) 0  s<BC C:C;C?CC C CCCvalidation_data_handlersinit_control_timer$returncJKt||d{ |xs$tjtj}t |||j |j|j|jd{}tjd|j|t||xs|d}|j!||}t#|||j$ d{|S77t#t$r"}td|j|d}~wwxYw78w) u Execute the ETSI EN 319 102-1 past certificate validation algorithm against the given path (ETSI EN 319 102-1, § 5.6.2.1). Instead of merely evaluating X.509 validation constraints, the algorithm will perform a full point-in-time reevaluation of the path at the control time mandated by the specification. This implies that a caller implementing the past signature validation algorithm no longer needs to explicitly reevaluate CA certificate revocation times and/or algorithm constraints based on POEs. .. warning:: This is incubating internal API. :param path: The prospective validation path against which to execute the algorithm. :param validation_policy_spec: The validation policy specification. :param validation_data_handlers: The handlers used to manage collected certificates,revocation information and proof-of-existence records. :param init_control_time: Initial control time; defaults to the current time. :param best_signature_time: Usage time to use in freshness computations. :return: The control time returned by the time sliding algorithm. Informally, the last time at which the certificate was known to be valid. N)tz)r<rev_trust_policyalgo_usage_policytime_tolerancerevinfo_managerzAAdES time slide yields %s as the control time for path with leaf zKFailed to get control time for point-in-time validation for path with leaf Tr"r)) parameters)r:rnowrutcr r'r(rBrCloggerinfo describe_leafrr r r2rr3) rrr;r<r$ control_timer9r7r8s rrrLsSL "   -N1N' /3BB4KK1@@4DD     &&() +  $$/?rZs'9<@5 ?     8 $+ +4+d-1.2 \ \4\5\ ) \ "(+ \  \rY