Wwg{*ddlZddlZddlmZddlZddlmZmZddlmZddl Z ddl m Z m Z mZmZddlmZddlmZddlmZdd lmZdd lmZdd lmZdd l mZdd lmZddlm Z dgZ! dmsgs r%_signature_status_strrPOs$ " \!--9"" ..0&2D2DD D>>#V%7%77 7  0 0 , #%(V ,   S : + #$Cc!fL S1% : # $s:&A#A#A##C/6(B)C/) C/5*C*C/*C/returncj t|}|S#t$rtjd|dwxYw)Nz datetime z could not be parsed)rr4r2r3)dt_strdts r%_attempt_iso_dt_parserUnsGO f  I O""Yvj8L#MNNOs #2validatezvalidate signatures)namehelpr8rb)typez--executive-summaryz/only print final judgment on signature validityT)rXrZis_flagdefault show_defaultz--pretty-printz8render a prettier summary for the signatures in the filez --ltv-profilez LTV signature validation profile)rXrZrequiredz--force-revinfozJFail trust validation if a certificate has no known CRL or OCSP endpoints.z--soft-revocation-checkzbDo not fail validation on revocation checking failures (only applied to on-line revocation checks)z--no-revocation-checkzJDo not attempt to check revocation status (meaningless for LTV validation)z--retroactive-revinfozOTreat revocation info as retroactively valid (i.e. ignore thisUpdate timestamp)z--validation-timezOverride the validation time (ISO 8601 date). The special value 'claimed' causes the validation time claimed by the signer to be used. Revocation checking will be disabled. Option ignored in LTV mode.z --passwordz9password to access the file (can also be read from stdin))r^rZrXz--no-diff-analysisz#disable incremental update analysis)r\rZr[rXz --detachedziRead signature CMS object from the indicated file; this can be used to verify signatures on non-PDF files)rZrXz--no-strict-syntaxzAttempt to ignore syntactical problems in the input file and enable signature validation in hybrid-reference files.(warning: this may affect validation results in unexpected ways.)ctxc .  | |duz} | rd} |r|rtjd"|tjdtt|jj ||||| | rdnd d}|dk(rd}n|t | d<t||t |  t5Nt fd || \}}|rtj|ntj| dddy|r#tjd td }n t}|j}t!|t"j$re| t'j&d } |j)| }|j*t"j,j.k(r,tjd|tjdd}t1|j2D]\}j4j6j9}|rj: d<t  fd|| \}}j<}|rqd|dzd|}dt?|z}tj|tj|tj|tjd|zntj|d|d|||z}|stjd dddy#1swYyxYw)NTz8--pretty-print is incompatible with --executive-summary.z6--validation-time is not compatible with --ltv-profileF)allow_fetchingclaimedmoment)soft_revocation_checkrc 2ttdiS)Nr)r@r)detachedr8rr!sr%z%validate_signatures.. s!(:%2 2& )r')rLrMrNzQStrict PDF syntax is disabled; this could impact validation results. Use caution.)strictzFile password: )promptzPassword didn't match.zIThe CLI supports only password-based encryption when validating (for now)c&tS)N)r rr!rr"r)r&)r"rrr no_diff_analysisr!sr%rgz%validate_signatures..Js(9 +"/''9!-. )r'zField z: =z :zValidation failed) r2r3rr objconfigrUrrr rPechor inforsecurity_handler isinstancerStandardSecurityHandlergetpassdecryptr$ AuthStatusFAILED enumerateembedded_regular_signatures signer_certsha256hexself_reported_timestamp field_namelen)!r_r8rNrMr:trust trust_replace other_certsr rrdno_revocation_checkpasswordretroactive_revinforfrkvalidation_timeno_strict_syntaxuse_claimed_validation_time status_str signature_okrsh auth_resultall_signatures_okix fingerprintrWheaderliner"rr!s! ` `` `` @@@r%rrys$z?$66 $)"" F    &&&H 3;?    3uI#()#&*#  $3OD (06HI3#I # $F<  )>! *"3 * &Z :&**:66 !F<F<$  KK( fU3Af%A    b%77 8"??2CD))H-K!!U%5%5%<%<<**+CDD ^&&'  ! )!*G*G H . B +77>>BBDK*&2&J&J (#)>!!*"3 * &Z **D!"q&D62S[( 4  6" 4  6J./ {JGH  - 7 .:!&&':; ;!KF<F<Frs 3 19$#+2#@C ! 8(,$>Xj'<=zuzz$/0  :    C    + ;2;;= >       2   '   )   8    D     .  D  A      A< A<    1>RA