WwgBdZddlZddlmZddlmZddlmZddlmZm Z m Z ddl m Z ddl mZdd lmZmZdd lmZmZmZdd lmZdd lmZdd lmZmZddlmZmZddl m!Z!gdZ"dZ#GddejHZ%GddejHZ&edGddZ'GddejPZ)Gdde)Z*edGd d!Z+Gd"d#e*Z,Gd$d%e*Z-y)&z} This module contains the low-level building blocks for dealing with bookkeeping around ``/ByteRange`` digests in PDF files. N) dataclass)datetime)BytesIO)IOOptionalUnion)cms)hashes)genericmisc)pdf_datepdf_name pdf_string)IncrementalPdfFileWriter)BasePdfFileWriter) SigningErrorget_pyca_cryptography_hash) SigAuthTypeSigSeedSubFilter) constants)PreparedByteRangeDigestPdfByteRangeDigest PdfSignedDataSignatureObjectDocumentTimestamp BuildProps<c$eZdZdZdZdZddZy)SigByteRangeObjectzH Internal class to handle the ``/ByteRange`` arrays themselves. cJd|_d|_d|_d|_d|_y)NFr)_filled_range_object_offsetfirst_region_lensecond_region_offsetsecond_region_lenselfs Y/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko/sign/signers/pdf_byterange.py__init__zSigByteRangeObject.__init__-s) $(! !$%!!"c:|jr td|j td|j}||_||_||z |_|j|j|j|d|j|d|_y)NzOffsets already filledz3Could not determine where to write /ByteRange valueT) r# ValueErrorr$tellr%r&r'seekwrite_to_stream)r)stream sig_startsig_endeofold_seeks r* fill_offsetszSigByteRangeObject.fill_offsets4s <<56 6  $ $ ,E ;;= )$+!!$w  D--. VT* H r,Nc8|j?|j|_|jd|jdtzydd|j|j |j fz}t|tdzksJ|j|y)Ns[] s [%d %d %d %d]rr)r$r/write"BYTE_RANGE_ARR_PLACE_HOLDER_LENGTHr%r&r'len)r)r2handler container_ref string_reprs r*r1z"SigByteRangeObject.write_to_streamIs  $ $ ,(. D % LL  LL BB C*%%))&& .K {#'IA'MM MM LL %r,NN)__name__ __module__ __qualname____doc__r+r7r1r,r*r!r!(s#* &r,r!c0eZdZdZddZedZddZy)DERPlaceholderz@ Internal class to handle placeholders for DER content. Nc.d|xsdz|_d|_y)N0i@)value_offsets)r)bytes_reserveds r*r+zDERPlaceholder.__init__^s^8y9  r,cH|j td|jS)NzNo offsets available)rKr.r(s r*offsetszDERPlaceholder.offsetsbs" == 34 4}}r,c|j}|jd|j|j|jd|j}|j ||f|_yy)N<>)r/r:rJrK)r)r2r=r>startends r*r1zDERPlaceholder.write_to_streamisZ  T TZZ  Tkkm == !3JDM !r,Nr@)rArBrCrDr+propertyrNr1rEr,r*rGrGYs% 'r,rGT)frozencteZdZUdZeed< eed< eed< dedeee jffdZ dedefd Z y ) ra .. versionadded:: 0.7.0 .. versionchanged:: 0.14.0 Removed ``md_algorithm`` attribute since it was unused. Bookkeeping class that contains the digest of a document that is about to be signed (or otherwise authenticated) based on said digest. It also keeps track of the region in the output stream that is omitted in the byte range. Instances of this class can easily be serialised, which allows for interrupting the signing process partway through. document_digestreserved_region_startreserved_region_endoutputcms_dataclt|tr|}n|j}|j||S)aK Write a DER-encoded CMS object to the reserved region indicated by :attr:`reserved_region_start` and :attr:`reserved_region_end` in the output stream. :param output: Output stream to use. Must be writable and seekable. :param cms_data: CMS object to write. Can be provided as an :class:`asn1crypto.cms.ContentInfo` object, or as raw DER-encoded bytes. :return: A :class:`bytes` object containing the contents that were written, plus any additional padding. ) isinstancebytesdumpfill_reserved_region)r)r[r\ der_bytess r* fill_with_cmsz%PreparedByteRangeDigest.fill_with_cmss1$ h & I I((;;r, content_bytescvtj|j}|j}|j}||z dz }t |}||kDrt d|d|d|j|dz|j||jdt|dzt |z }||zS)aA Write hex-encoded contents to the reserved region indicated by :attr:`reserved_region_start` and :attr:`reserved_region_end` in the output stream. :param output: Output stream to use. Must be writable and seekable. :param content_bytes: Content bytes. These will be padded, hexadecimally encoded and written to the appropriate location in output stream. :return: A :class:`bytes` object containing the contents that were written, plus any additional padding. rz8Final ByteRange payload larger than expected: allocated z bytes, but contents required z bytes.rr) binasciihexlifyupperrYrZr<rr0r:r_) r)r[rd content_hexrRrSrLlengthpaddings r*raz,PreparedByteRangeDigest.fill_reserved_regions&&}5;;= **&&uq[! N "+,-"87,   EAI  [! A!+c-.@@Aw&&r,N) rArBrCrDr___annotations__intrrr ContentInforcrarEr,r*rrssd   <<$)%*@$A<0)'2)'e)'r,rc`eZdZdZedfddfd ZddejfdefdZ xZ S) ra General class to model a PDF Dictionary that has a ``/ByteRange`` entry and a another data entry (named ``/Contents`` by default) that will contain a value based on a digest computed over said ``/ByteRange``. The ``/ByteRange`` will cover the entire file, except for the value of the data entry itself. .. danger:: This is internal API. :param data_key: Name of the data key, which is ``/Contents`` by default. :param bytes_reserved: Number of bytes to reserve for the contents placeholder. If ``None``, a generous default is applied, but you should try to estimate the size as accurately as possible. z /ContentsNrLct|||dzdk(r td||_t |}|x||<|_t }|x|td<|_y)Nrrzbytes_reserved must be evenrpz /ByteRange) superr+r.data_keyrGcontentsr!r byte_range)r)rsrLrtru __class__s r*r+zPdfByteRangeDigest.__init__sk   %.1*<*A:; ;  !@)11X') 9CCXl #$tr,Fwriterc#Kd|_|rBt|ts td|jj }|j n&tj|}|j||j}|jj\}}|jj||||t|} t!j"| } d} t|t$r|j'} n t)|} | 9| j-| d|| j-| ||| j/nbt1|} |j3dtj4| || ||j3|tj4| || ||z | j7} t9| ||}||f}|j;||y#tt*f$rYwxYww)a Generator coroutine that handles the document hash computation and the actual filling of the placeholder data. .. danger:: This is internal API; you should use use :class:`.PdfSigner` wherever possible. If you *really* need fine-grained control, use :class:`~pyhanko.sign.signers.cms_embedder.PdfCMSEmbedder` instead. Tz4in_place is only meaningful for incremental writers.Nr)max_read)rXrYrZ)digest_aware_writer^r TypeErrorprevr2write_in_placer prepare_rw_output_streamr:r/rtrNrur7rr Hashr getbuffer memoryviewIOErrorupdaterelease bytearrayr0chunked_digestfinalizerrc)r)rw md_algorithmin_placer[ chunk_sizer5r3r4md_specmd output_buffer temp_buffer digest_valueprepared_br_digestr\s r*fillzPdfByteRangeDigest.fills&%)! f&>?J[[''F  ! ! #226:F LL kkm!]]22 7 $$VYE-\: [[ ! fg &",,.M  *6 2   $ IImJY/ 0 IImGC0 1  ! ! ##J/K KKN    VR) L KK    VR#- P{{} 4("+ '  ,V33 ..vx@@5w'  s+C%?&     #+I#6D$  !r,) rArBrCrDrDEFAULT_SIG_SUBFILTERrrrr+rrs@r*rrEs<.'0&E&E(, 7$7H% 77r,rcTeZdZUdZeed< dZeeed< dejfdZ y)rzy Entries in a signature build properties dictionary; see Adobe PDF Signature Build Dictionary Specification. nameNrevisionreturnctjtdtd|jzi}|jr"tj |j|d<|S)zn Render the build properties as a PDF object. :return: A PDF dictionary. /Name/z/REx)r DictionaryObjectrrrTextStringObject)r)propss r* as_pdf_objectzBuildProps.as_pdf_objectsT(( g tyy 9 :  ==#44T]]CE&M r,) rArBrCrDstrrlrrr rrrEr,r*rrns: I#Hhsm" w77 r,rc zeZdZdZdej ddddddddf deededee dee dee f fd Z xZ S) ra Class modelling a (placeholder for) a regular PDF signature. :param timestamp: The (optional) timestamp to embed into the ``/M`` entry. :param subfilter: See :class:`.SigSeedSubFilter`. :param bytes_reserved: The number of bytes to reserve for the signature. Defaults to 16 KiB. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. :param name: Signer name. You probably want to leave this blank, viewers should default to the signer's subject name. :param location: Optional signing location. :param reason: Optional signing reason. May be restricted by seed values. :params contact_info: Optional information from the signer to enable the receiver to contact the signer and verify the signature. :param app_build_props: Optional dictionary containing informations about the computer environment used for signing. See :class:`.BuildProps`. :param prop_auth_time: Optional information representing the number of seconds since signer was last authenticated. :param prop_auth_type: Optional information about the method of user's authentication See :class:`.SigAuthType`. Nrrapp_build_propsprop_auth_timeprop_auth_typec t |td||| |rt||td<|rt||td<|rt||td<|rt||td<|r:t j td|j i|td<|r!t j||td <| r| j|td <yy) Nz/Sig)rrrrLrz /Locationz/Reasonz /ContactInfoz/Appz /Prop_Buildz/Prop_AuthTimez/Prop_AuthType) rrr+rrr rr NumberObjectrJ) r)rrrlocationreason contact_inforrrrLrvs r*r+zSignatureObject.__init__s f%)   &0&6D'" # *4X*>D+& ' (26(:D)$ % -7 -ED.) * ,3,D,D&!?#@#@#BC-D-( ) /6/C/C0D*+ , /=/C/CD*+ , r,)rArBrCrDrrrrrrrmrr+rrs@r*rrs!J)-&/&E&E 04(,04%DH%%D$%D"*-%D! %D!-%D%Dr,rc$eZdZdZdfd ZxZS)ra Class modelling a (placeholder for) a regular PDF signature. :param bytes_reserved: The number of bytes to reserve for the signature. Defaults to 16 KiB. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. cXt|tdtj|y)Nz /DocTimeStamp)rrrL)rrr+rr ETSI_RFC3161)r)rLrvs r*r+zDocumentTimestamp.__init__s) o.&33)  r,rT)rArBrCrDr+rrs@r*rrs   r,r).rDrf dataclassesrriortypingrrr asn1cryptor cryptography.hazmat.primitivesr pyhanko.pdf_utilsr r pyhanko.pdf_utils.genericr rr$pyhanko.pdf_utils.incremental_writerrpyhanko.pdf_utils.writerrpyhanko.sign.generalrrfieldsrrr__all__r; PdfObjectr!rGrrrrrrrrEr,r*rs !&&1+DDI6I2 &(".&**.&b'W&&'4 $b'b'b'JiA11iAX&7&&7R $   FIDmIDX  r,