Wwgm7 vddlZddlZddlmZddlmZddlmZmZmZm Z m Z ddl m Z m Z mZddlmZddlmZmZddlmZmZmZgd ZGd d ej2Zed GddZGddeej8Ze deZdeedeefdZdZ deedeedededef dZ!deejDfdZ#ed GddeZ$ed Gd d!eZ%e e&e jNe%fZ(e e&ejRe$fZ*d"ee(dee%fd#Z+d$ee*dee$fd%Z,y)&N) dataclass)datetime)IterableListOptionalTypeVarUnion)algoscrlocsp) type_name)IssuedItemContainerValidationTimingParams)#FRESHNESS_FALLBACK_VALIDITY_DEFAULTCertRevTrustPolicyFreshnessReqType)RevinfoUsabilityRatingRevinfoUsabilityRevinfoContainer OCSPContainer CRLContainersort_freshest_firstprocess_legacy_crl_inputprocess_legacy_ocsp_inputceZdZdZej Z ej Z ej Z ej Z e de fdZ y)rzz Description of whether a piece of revocation information is considered usable in the circumstances provided. returncF|tjtjfvS)zs Boolean indicating whether the assigned rating corresponds to a "fresh" judgment in AdES. )rOKTOO_NEWselfs ]/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/archival.py usable_adesz"RevinfoUsabilityRating.usable_ades>s( " % % " * *   N) __name__ __module__ __qualname____doc__enumautorSTALErUNCLEARpropertyboolr#r$r"rr sr B DIIKEdiikGdiikG   T    r$rT)frozenc2eZdZUdZeed< dZeeed<y)rz` Usability rating and cutoff date for a particular piece of revocation information. ratingNlast_usable_at) r%r&r'r(r__annotations__r3rrr/r$r"rrKs* #"*.NHX&-r$rcTeZdZdZdededefdZede e jfdZ y)rz< A container for a piece of revocation information. policy timing_paramsrct)af Assess the usability of the revocation information given a revocation information trust policy and timing parameters. :param policy: The revocation information trust policy. :param timing_params: Timing-related information. :return: A :class:`.RevinfoUsability` judgment. NotImplementedError)r!r6r7s r" usable_atzRevinfoContainer.usable_atcs "!r$ct)z Extract the signature mechanism used to guarantee the authenticity of the revocation information, if applicable. r9r s r"revinfo_sig_mechanism_usedz+RevinfoContainer.revinfo_sig_mechanism_usedss "!r$N) r%r&r'r(rrrr;r-rr SignedDigestAlgorithmr=r/r$r"rr^sK"("9O" " " %-- .""r$r RevInfoType)boundlstrc2dtfd}t||dS)aV Sort a list of revocation information containers in freshest-first order. Revocation information that does not have a well-defined issuance date will be grouped at the end. :param lst: A list of :class:`.RevinfoContainer` objects of the same type. :return: The same list sorted from fresh to stale. containerc&|j}|du|fSN) issuance_date)rCdts r"_keyz!sort_freshest_first.._keys  $ $~r!!r$T)keyreverse)rsorted)rArHs r"rrs "(" #4 ..r$cZ|j}| | ||k\r||z }|t||z}|SrE) freshnessabs)r6 this_update next_updatetime_tolerancefreshness_deltas r"_freshness_deltarSsE&&O  "{k'A)K7O"o.? r$rOrPr6r7cj|ttjS|j}|j}|j t jk(r\t||||}|ttjS|j}||z |kr ttj||zS|j t jk(rOt||||}|ttjS|||z krttj||zS|j t jk(r`| |tz}|j}|s!|||z krttjS|||zkDr$ttj||zSt ttj"S)N)r3)rrr,validation_timerQfreshness_req_typerTIME_AFTER_SIGNATURErSbest_signature_timer+MAX_DIFF_REVOCATION_VALIDATIONDEFAULTrretroactive_revinforr:r) rOrPr6r7rUrQrRsignature_poe_time retroactives r"_judge_revinfor^s  6 > >??#33O"11N  $4$I$II+ Kn   "#$:$B$BC C*>> + +o =#&,,*_<  !!  : : ;+ Kn   "#$:$B$BC C ?: :#&,,*_<   " "&6&>&> >   &(KKK00 ~1MM#$:$B$BC C [>9 9#&,,*^;  "! 255 66r$cz|dj}|dk7ry|d}|djdk7ry|djS)Nresponse_status successfulresponse_bytes response_typebasic_ocsp_responseresponse)nativeparsed) ocsp_responsestatusrbs r"_extract_basic_ocsp_responserjsS, - 4 4F "#34No&--1FF * % , ,,r$c"eZdZUdZej ed< dZeed< e dej de dfdZ e de efdZd ed edefd Zde ej(fd Zde ej,fd Ze de ej2fdZy)rz) Container for an OCSP response. ocsp_response_datarindexrhrct|}|gS|d}tt|dDcgc]}t||c}Scc}w)a Turn an OCSP response object into one or more :class:`.OCSPContainer` objects. If a :class:`.OCSPContainer` contains more than one ``SingleResponse``, then the same OCSP response will be duplicated into multiple containers, each with a different ``index`` value. :param ocsp_response: An OCSP response. :return: A list of :class:`.OCSPContainer` objects, one for each ``SingleResponse`` value. tbs_response_data responses)rlrm)rjrangelenr)clsrhrd tbs_responseixs r" load_multizOCSPContainer.load_multis]";=I  &I*+>? C [ 9:;  ]" E   sAcF|j}|y|djS)NrO)extract_single_responserf)r! cert_responses r"rFzOCSPContainer.issuance_date/s*446  ]+222r$r6r7c|j}|ttjS|dj}|dj}t ||||S)NrOrPr6r7)rxrrr,rfr^)r!r6r7ryrOrPs r"r;zOCSPContainer.usable_at7sc446  #$:$B$BC C#M299 #M299   '   r$c,t|jS)z Extract the ``BasicOCSPResponse``, assuming there is one (i.e. the OCSP response is a standard, non-error response). )rjrlr s r"extract_basic_ocsp_responsez)OCSPContainer.extract_basic_ocsp_responseGs ,D,C,CDDr$c|j}|y|d}t|d|jkry|d|jS)z^ Extract the unique ``SingleResponse`` value identified by the index. Nrorp)r}rrrm)r!rdrts r"rxz%OCSPContainer.extract_single_responseOsT #>>@  &*+>? |K( )TZZ 7K(44r$c4|j}|dS|dSNsignature_algorithm)r})r! basic_resps r"r=z(OCSPContainer.revinfo_sig_mechanism_used^s(557 !)tPz:O/PPr$N)r%r&r'r(r OCSPResponser4rmint classmethodrrvr-rrrFrrrr;BasicOCSPResponser}SingleResponserxr r>r=r/r$r"rrs)))E3N   -- o   43x133 ( 9O  EXd6L6L-ME 5$2E2E)F 5Q %-- .QQr$rceZdZUdZej ed< dedede fdZ e de e fdZe dej fdZy ) rz< Container for a certificate revocation list (CRL). crl_datar6r7rcz|jd}|dj}|dj}t||||S)N tbs_cert_listrOrPr{)rrfr^)r!r6r7rrOrPs r"r;zCRLContainer.usable_atqsH o6 #M299 #M299  V=  r$c>|jd}|djS)NrrO)rrf)r!rs r"rFzCRLContainer.issuance_date{s! o6 ]+222r$c |jdSr)rr s r"r=z'CRLContainer.revinfo_sig_mechanism_useds}}233r$N)r%r&r'r(r CertificateListr4rrrr;r-rrrFr r>r=r/r$r"rrfsx!!! ( 9O  3x1334E,G,G44r$rcrlsc0g}|D]}t|trtjj |}t|tjr t |}t|t r|j |ytdt||S)z Internal function to process legacy CRL data into one or more :class:`.CRLContainer`. :param crls: Legacy CRL input data. :return: A list of :class:`.CRLContainer` objects. zScrls must be a list of byte strings or asn1crypto.crl.CertificateList objects, not ) isinstancebytesr rloadrappend TypeErrorr )rnew_crlscrl_s r"rrsH  dE "&&++D1D dC// 0%D dL ) OOD !??H>OQ   Or$ocspschg}|D]}t|trtjj |}t|tjr't j |}|j|st|t r|j|tdt||S)z Internal function to process legacy OCSP data into one or more :class:`.OCSPContainer`. :param ocsps: Legacy OCSP input data. :return: A list of :class:`.OCSPContainer` objects. zRocsps must be a list of byte strings or asn1crypto.ocsp.OCSPResponse objects, not ) rrr rrrrvextendrrr )r new_ocspsocsp_extrs r"rrsI  eU #%%**51E eT.. / ++E2D   T " } -   U #==Fu=Mrs !;;''2 ( TYY( V $$"*CGG"@m+;< /Xk2/tK7H/4L7(#L7(#L7 L7* L7  L7^ - d$$% - $_Q$_Q_QD $4#44<s22L@A 1 1=@A ? # ,: $ % -r$