WwgM$ddlmZddlmZmZmZmZmZddlmZm Z m Z ddl m Z ddl mZddlmZddlmZmZmZmZmZmZddlmZdd lmZdd lmZmZmZGd d Z y ))datetime)DictIterableListOptionalSet)crlocspx509) Authority)OCSPFetchError)Fetchers)KnownPOE POEManagerPOETypeValidationObjectValidationObjectTypedigest_for_poe)NonRevokedStatusAssertion)CertificateRegistry) CRLContainer OCSPContainersort_freshest_firstceZdZdZ ddededeedeedee de e f d Z e d efd Ze d efd Ze d efd Ze d eej(fdZe d eej.fdZe d eej4fdZdefdZdZd e ej4fdZd eefdZde d eefdZ!de"e#fdZ$de"e#fdZ%dej4de&d efdZ'y)RevinfoManagera .. versionadded:: 0.20.0 Class to manage and potentially fetch revocation information. :param certificate_registry: The associated certificate registry. :param poe_manager: The proof-of-existence (POE) data manager. :param crls: CRL data. :param ocsps: OCSP response data. :param fetchers: Fetchers for collecting revocation information. If ``None``, no fetching will be performed. Ncertificate_registry poe_managercrlsocsps assertionsfetchersc,||_||_i|_i|_g|_|rt ||_g|_|r*t |x|_}|D]}|j|||_|Dcic]}|j|c}|_ ycc}wN) _certificate_registry _poe_manager_revocation_certs_crl_issuer_map_crlsr_ocsps_extract_ocsp_certs _fetchers cert_sha256 _assertions) selfrrrrr r! ocsp_response assertions \/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/revinfo/manager.py__init__zRevinfoManager.__init__-s&:"'@B>@)+ ,T2DJ+- "5e"< HD 1:I ! !9 ,D D s4Breturnc|jS)z< The proof-of-existence (POE) data manager. )r%r.s r1rzRevinfoManager.poe_managerKs    c|jS)z6 The associated certificate registry. )r$r5s r1rz#RevinfoManager.certificate_registryRs )))r6c|jduS)zA Boolean indicating whether fetching is allowed. N)r+r5s r1fetching_allowedzRevinfoManager.fetching_allowedYs ~~T))r6c|jDcgc]}|j}}|js|St|jjj |zScc}w)zK A list of all cached :class:`crl.CertificateList` objects )r(crl_datar+list crl_fetcher fetched_crls)r.contraw_crlss r1rzRevinfoManager.crls`sS /3jj9dDMM99~~ODNN..;;=>II:A"c|jDcgc]}|j}}|js|St|jjj |zScc}w)zI A list of all cached :class:`ocsp.OCSPResponse` objects )r)ocsp_response_datar+r< ocsp_fetcherfetched_responses)r.r? raw_ocspss r1rzRevinfoManager.ocspsksW :>ET,,E E~~ DNN//AACDyPP FrAcHt|jjS)z A list of newly-fetched :class:`x509.Certificate` objects that were obtained from OCSP responses and CRLs )r<r&valuesr5s r1new_revocation_certsz#RevinfoManager.new_revocation_certswsD**11344r6r/c |j}||}|j}|j}|j}||dr|dD]}|j |s|||j <|j ttjt|j|ttj|yyy)z Extracts any certificates included with an OCSP response and adds them to the certificate registry :param ocsp_response: An asn1crypto.ocsp.OCSPResponse object to look for certs inside of Ncerts) object_typevalue)poe_typedigestpoe_timevalidation_object)r%r$r&extract_basic_ocsp_responseregister issuer_serialregister_known_poerr VALIDATIONrdumprr CERTIFICATE)r.r/poe_man ocsp_poe_timeregistry revo_certsbasic other_certs r1r*z"RevinfoManager._extract_ocsp_certss## . --++ 99;  w#Gn  $$Z0;EJz778.. %,%7%7#1*//2C#D&3.>,@,L,L&0/   "0 r6c6||j|j<y)aU Records the certificate that issued a certificate list. Used to reduce processing code when dealing with self-issued certificates and multiple CRLs. :param certificate_list: An ans1crypto.crl.CertificateList object :param cert: An ans1crypto.x509.Certificate object N)r' signature)r.certificate_listcerts r1record_crl_issuerz RevinfoManager.record_crl_issuers<@-778r6cL|jj|jS)a3 Checks to see if the certificate that signed a certificate list has been found :param certificate_list: An ans1crypto.crl.CertificateList object :return: None if not found, or an asn1crypto.x509.Certificate object of the issuer )r'getr`)r.ras r1check_crl_issuerzRevinfoManager.check_crl_issuers"##''(8(B(BCCr6cHK|js |jS|j} |jj|}|Dcgc] }t |}}||jzS#t$r'|jj |d{7}YVwxYwcc}ww)z .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :return: A list of :class:`CRLContainer` objects N)r+r(r=fetched_crls_for_certKeyErrorfetchr)r.rbr!rr;contss r1async_retrieve_crlsz"RevinfoManager.async_retrieve_crlss~~:: >> :''==dCD9==Hh'==tzz!! :!--33D999D :=s@%B"A*B"BB"*'BBBB"BB" authoritycK|js |jS|j}|jj|Dcgc] }t |}}|sR|jj ||d{}t j |}|D]} |j|||jzScc}w7F#t$r tdwxYww)a  .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :param authority: The issuing authority for the certificate :return: A list of :class:`OCSPContainer` objects Nz9Failed to extract certificates from fetched OCSP response) r+r)rDfetched_responses_for_certrrj load_multir* ValueErrorr )r.rbrmr!resprrCs r1async_retrieve_ocspsz#RevinfoManager.async_retrieve_ocspss ~~;; >>!--HHN  $   '/'<'<'B'Bi(" ",,-?@E  ,,T2 t{{""- ""(0s6ACB;#C9C:CC*CCChashes_to_evictcfdtffd }tt||j|_y)z Internal API to eliminate local OCSP records from consideration. :param hashes_to_evict: A collection of OCSP response hashes; see :func:`.digest_for_poe`. containercRt|jj}|vSr#)rrCrWrvrOrts r1pz%RevinfoManager.evict_ocsps..p s'#I$@$@$E$E$GHF0 0r6N)rr<filterr)r.rtrys ` r1 evict_ocspszRevinfoManager.evict_ocspss( 1 16!T[[12 r6cfdtffd }tt||j|_y)z Internal API to eliminate local CRLs from consideration. :param hashes_to_evict: A collection of CRL hashes; see :func:`.digest_for_poe`. rvcRt|jj}|vSr#)rr;rWrxs r1ryz$RevinfoManager.evict_crls..ps'#I$6$6$;$;$=>F0 0r6N)rr<rzr(r{s ` r1 evict_crlszRevinfoManager.evict_crlss( 1 1&DJJ/0 r6rbatcn ||j|jjkS#t$rYywxYw)NF)r-sha256rri)r.rbrs r1check_asserted_unrevokedz'RevinfoManager.check_asserted_unrevokeds9 ))$++6999 9  s %( 44)N)(__name__ __module__ __qualname____doc__rrrrrrrrr2propertyrrboolr9rr CertificateListrr OCSPResponserr CertificaterIr*rcrfrlr rsrbytesr|rrrrr6r1rrs0;='+ 1   |$   &  67  8$ <!Z!! *&9** *$** Jd3../JJ QtD--. Q Q5d4+;+;&<55  D @ DHT=M=M4N D"l1C"**#(*# m *#X 33u: 3 1#e* 1$$*2 r6rN)!rtypingrrrrr asn1cryptor r r pyhanko_certvalidator.authorityr pyhanko_certvalidator.errorsr pyhanko_certvalidator.fetchersrpyhanko_certvalidator.ltv.poerrrrrr!pyhanko_certvalidator.policy_declrpyhanko_certvalidator.registryr&pyhanko_certvalidator.revinfo.archivalrrrrrr6r1rsF66&&573H>IIr6