WwgWddlmZddlmZmZddlmZddlmZddl m Z m Z m Z de de defd Zed Gd d e Zy)) dataclass)OptionalSet)x509)InvalidCertificateError)ConfigurableMixinprocess_bit_string_flags process_oidsrequiredpresentneed_allc.|r||z St||zSN)bool)r r r s W/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko/sign/validation/settings.py _match_usagesrs%w&''Hw&''T)frozenceZdZUdZdZeeeed< dZ eeeed< dZ eeeed< dZ e ed< dZ e ed < d ejfd Zd Zd ZefdZxZS)KeyUsageConstraintsa5 Convenience class to pass around key usage requirements and validate them. Intended to be flexible enough to handle both PKIX and ISO 32000 certificate seed value constraint semantics. .. versionchanged:: 0.6.0 Bring extended key usage semantics in line with :rfc:`5280` (PKIX). N key_usagekey_usage_forbiddenextd_key_usageT explicit_extd_key_usage_requiredFmatch_all_key_usagescertcp|j|j|j|jyr)_validate_key_usagekey_usage_value_validate_extd_key_usageextended_key_usage_value)selfrs rvalidatezKeyUsageConstraints.validatefs*   !5!56 %%d&C&CDrc|jsy|jxs t}|jxs t}|t|jn t}||z}|r+t d|}t ddj |d|j}t|||s2t d|}t d|rdndd dj |d y) Nc&|jddSN_ replacess rz9KeyUsageConstraints._validate_key_usage..zaiiS&9rzBThe active key usage policy explicitly bans certificates used for , .c&|jddSr&r)r+s rr-z9KeyUsageConstraints._validate_key_usage..r.rz%The active key usage policy requires zat least one of zthe key usage extensions z to be present.) rsetrnativemaprjoinrr)r"key_usage_extension_valuerrcert_ku forbidden_ku rephrased need_all_kus rrz'KeyUsageConstraints._validate_key_usagejs~~ NN+ce "66?#% )4 )00 1 !44 9<HI) IIi014  // Y=99EI)7$2*<=>$$(IIi$8#9J >rct|jy|du}|rt|jn t}d|vr |jsy|jxs t}|s|jr t dyt ||ds5|r#t d|}ddj|d}nd }t d |y) Nany_extended_key_usagezEThe active key usage policy requires an extended key usage extension.F)r c&|jddSr&r)r+s rr-z>KeyUsageConstraints._validate_extd_key_usage..s!))C*=rzRelevant key purposes are r/r0z,There are no acceptable extended key usages.zfThe extended key usages for which this certificate is valid do not match the active key usage policy. )rr3r4rrrr5r6)r"eku_extension_valuehas_extd_key_usage_extcert_ekurr:ok_lists rr z,KeyUsageConstraints._validate_extd_key_usages    & !4D!@/EC#** +35  % 099 ,,5%44-+ ^XF =~N 6tyy7K6LANH)==DIG  Grc Bt||dD]N}|j|d}|tt t j ||jdd||<P|jdd}|(ttt j|d|d<yy)N)rrr'-rzextd-key-usage) superprocess_entriesgetr3r rKeyUsager*r KeyPurposeId)cls config_dictkey_usage_settaffected_flagsr __class__s rrFz#KeyUsageConstraints.process_entriess  ,C N(__^TBN).1, &&..sC8/ N+ %)94@  %,/%%~7G-K( ) &r)__name__ __module__ __qualname____doc__rrrstr__annotations__rrrrrr Certificater#rr classmethodrF __classcell__)rNs@rrrs%)IxC!( /3#c(+2*.NHSX&-<.2$d1 "'$&ET--E@!FrrN) dataclassesrtypingrr asn1cryptorpyhanko_certvalidator.errorsrpyhanko.config.apirr r r3rrrrrr^sY! @(C(#(( $m+mmr