WwgpddlZddlmZddlmZddlmZddlmZddlm Z m Z m Z m Z m Z mZmZmZmZmZddlmZmZmZmZmZddlmZmZmZdd lmZdd lm Z d d l!m"Z"d dl#m$Z$m%Z%d dl&m'Z'm(Z(m)Z)ddl*m+Z+m,Z,ddl-m.Z.gdZ/ej`e1Z2edGddZ3edGddZ4edGdde4Z5edGddZ6edGdde6Z7d ee8d!e8d"e9d#e:fd$Z;Gd%d&Z<Gd'd(Z=edGd)d*Z>edGd+d,Z?edGd-d.e?e4Z@eGd/d0e"ZAedGd1d2ZBedGd3d4eBe@ZCedGd5d6eBe5ZDy)7N) defaultdict) dataclass)datetime)unique) AnyClassVar CollectionDictIterableListOptionalSetTupleUnion)cmscorecrlkeysx509)PathBuildingErrorPathValidationErrorValidationError)ValidationPath)ACValidationResult) OrderedEnum) AdESFailure AdESSubIndic) DiffResultModificationLevelSuspiciousModification)SignatureValidationErrorSigSeedValueValidationError)KeyUsageConstraints)SignatureStatusTimestampSignatureStatusX509AttributeInfoCertifiedAttributeInfoClaimedAttributesCertifiedAttributesCAdESSignerAttributeAssertionsStandardCMSSignatureStatusSignatureCoverageLevelModificationInfoPdfSignatureStatusDocumentTimestampStatusRevocationDetailsSignerAttributeStatusT)frozencHeZdZUdZeed< eed< ejed<y)r3zQ Contains details about a certificate revocation related to a signature. ca_revokedrevocation_daterevocation_reasonN) __name__ __module__ __qualname____doc__bool__annotations__rr CRLReasonU/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko/sign/validation/status.pyr3r3:s2 }}$rBr3cveZdZUdZeed< eed< eeed< ejed< e ed< e ed< ee ed< ee ed < ee ed < d hZeee ed < d Zeeee ed< ee ed< dZedefdZedefdZdde fdZe ddeedefdZede fdZy )r'zE Class describing the validity of a (general) CMS signature. intactvalidtrust_problem_indic signing_certpkcs7_signature_mechanism md_algorithmvalidation_pathrevocation_detailserror_time_horizonnon_repudiation key_usageNextd_key_usagevalidation_timec#TK|jrd}n|jrd}nd}|yw)NTRUSTEDREVOKED UNTRUSTED)trustedrevoked)self cert_statuss rCsummary_fieldszSignatureStatus.summary_fieldss) <<#K \\#K%Ks&(returnc|jduS)z Reports whether the signer's certificate has been revoked or not. If this field is ``True``, then obviously :attr:`trusted` will be ``False``. N)rLrXs rCrWzSignatureStatus.revokeds&&d22rBcv|jxr,|jxr|jduxr|jduS)z Reports whether the signer's certificate is trusted w.r.t. the currently relevant validation context and key usage requirements. N)rFrErGrKr]s rCrVzSignatureStatus.trustedsD JJ 1  1((D0 1$$D0  rBcx|jr.|jr"d|j|jzSy)zQ Provide a textual but machine-parsable summary of the validity. zINTACT:INVALID)rErFjoinrZ)rX delimiters rCsummaryzSignatureStatus.summarys1 ;;4::y~~d.A.A.CDD DrBkey_usage_settingsc|xs t}t|j |jn |j|j |jn |j}|S)N)rOrP)r&rOrP)clsrds rCdefault_usage_constraintsz)SignatureStatus.default_usage_constraintssh0H3F3H0&//7 '11&44<""'66  "!rBcf|j%|jd}|jjSy)NrzNo path to trust anchor found.)rKsubjecthuman_friendly)rX trust_anchors rC _trust_anchorzSignatureStatus._trust_anchors3    +-1-A-A!-DL''66 63rB),N)r:r;r<r=r>r?r rr Certificatestrrr3rrOrrrPrZpropertyrWrVrc classmethodr&rgrlrArBrCr'r'Qsr L K ",// """ #" n-- !!233 !**&7$7IxC!7 48NHXc#h/07h''333      AE"!)*=!>" ""$4s44rBr'cReZdZUdZeZeeee d< dhZ e e d< dZ y)r(zG Signature status class used when validating timestamp tokens. rO time_stamping timestampc 6|j}d|jr|jrdndd|jjd|j j d|jj d|jd|jrdd Sdd S) Nz`This timestamp is backed by a time stamping authority. The timestamp token is cryptographically unz!sound. TSA certificate subject: "z$" TSA certificate SHA1 fingerprint: z% TSA certificate SHA256 fingerprint: z TSA cert trust anchor: "z" The TSA certificate is ztrusted.) rHrErFrirjsha1hexsha256rlrV)rXtsas rCdescribe_timestamp_trustz1TimestampSignatureStatus.describe_timestamp_trusts 8[[TZZrT:;**-++*D*D)EF1140@A336::>>3C2DE((,(:(:';<&\\r,H 6 (,,H 6 rBN) r:r;r<r=setrOrrrpr?rPrr}rArBrCr(r(sD%(EIxC!)&&N   rBr(cVeZdZUdZej ed< eejed<y)r)z% Info on an X.509 attribute. attr_type attr_valuesN) r:r;r<r=rAttCertAttributeTyper?r r Asn1ValuerArBrCr)r)s0'''$..))rBr)c"eZdZUdZeeed<y)r*zI Info on a certified attribute, including AC validation results. validation_resultsN)r:r;r<r=r rr?rArBrCr*r*#s!!344rBr*r attr_kinderrfatalc|sdnd|d}d|d|d|jd}|rt|tj|tj || y) Nz unknown typeztype ''zFailed to parse z of z: r)ades_subindication)exc_info)argsr$rFORMAT_FAILUREloggerwarning)rrrr attr_type_strmsgs rC_handle_attr_errr1sf+4N6)A9NM YKtM?"SXXa[M JC & K$>$>   sS)rBcjeZdZdZe d deefdZddZde de fdZ dZ d Z d Zde defd Zy )r,zJ Container class for extracted attribute certificate information. resultsc td}|D]i}|jjD]J}|dj} t |d}||\} } | j|| j|Lkt} |jD]H\}\} } ttj|t| t| | j|<J| S#t $r}t |d||Yd}~d}~wwxYw)Nc ggfSrnrArArBrCz2CertifiedAttributes.from_results..Is RrBtypevalueszcertified attributer)rrr)rapproved_attributesrnativelist ValueErrorrextendappendr,itemsr*rrtuple_attrs) rfrparse_error_fatalby_typeresultattrrre type_values type_resultsinfoss rC from_resultsz CertifiedAttributes.from_resultsCs ( )  ,F2299; , L//  !$x.1F-4I,>) \""6*##F+ , ,"$%6=mmo  2I2 \&<229=!+.#(#6 'ELL #  )"$!-/  sC"" D+C??Dci|_yrnrr]s rC__init__zCertifiedAttributes.__init__fs 9; rBitemr[c |j|SrnrrXrs rC __getitem__zCertifiedAttributes.__getitem__i{{4  rBc,t|jSrnlenrr]s rC__len__zCertifiedAttributes.__len__l4;;rBc,t|jSrnr>rr]s rC__bool__zCertifiedAttributes.__bool__oDKK  rBcHt|jjSrniterrrr]s rC__iter__zCertifiedAttributes.__iter__rDKK&&())rBc||jvSrnrrs rC __contains__z CertifiedAttributes.__contains__ut{{""rBNF)rXr,)r:r;r<r=rrr rrrrpr*rrrrr>rrArBrCr,r,>shFK 12  D<!!(>! !*###rBr,c~eZdZdZe d deejfdZddZ de de fdZ dZ d Zd Zde defd Zy )r+z| Container class for extracted information on attributes asserted by a signer without an attribute certificate. attrsct}tt}|D]6}d} |dj}t|d}||j |8|jD];\}} ttj|t| |j|<=|S#t$r}t |d||Yd}~d}~wwxYw)Nrrzclaimed attributer)rr) r+rrrrrrrr)rrrr) rfrrrrrrrrrs rC from_iterablezClaimedAttributes.from_iterables"#d# .DI  L// d8n- I  % %f - .'.mmo  "I{&7229=!+.'ELL #     2A=N  sB%% C.CCci|_yrnrr]s rCrzClaimedAttributes.__init__s 46 rBrr[c |j|Srnrrs rCrzClaimedAttributes.__getitem__rrBc,t|jSrnrr]s rCrzClaimedAttributes.__len__rrBc,t|jSrnrr]s rCrzClaimedAttributes.__bool__rrBcHt|jjSrnrr]s rCrzClaimedAttributes.__iter__rrBc||jvSrnrrs rCrzClaimedAttributes.__contains__rrBNr)rXr+)r:r;r<r=rrr rAttCertAttributerrrpr)rrrrr>rrArBrCr+r+ysl FKS11227!!(9! !*###rBr+czeZdZUdZeed< dZeeed< dZ ee e e e fed< dZeed< edZy) r-z Value type describing information extracted (and, if relevant, validated) from a ``signer-attrs-v2`` signed attribute. claimed_attrsNcertified_attrsac_validation_errsFunknown_attrs_presentc|j Srn)rr]s rCrFz$CAdESSignerAttributeAssertions.valids****rB)r:r;r<r=r+r?rr r,rr rrrrr>rqrFrArBrCr-r-s %$ 6:OX129 5*;;<= #(4'++rBr-c^eZdZUdZeeed< dZeee e e fed< dZ ee ed<y)r4Nac_attrsrcades_signer_attrs)r:r;r<rr r,r?rr rrrrr-rArBrCr4r4s`.2Hh*+2( 5,.??@A DH!?@GrBr4ceZdZUdZdZeeed< dZee ed< dZ ee ed< e de fdZ fdZd Zdeeeeffd ZxZS) r.zs Status of a standard "end-entity" CMS signature, potentially with timing information embedded inside. Nsigner_reported_dttimestamp_validitycontent_timestamp_validityr[cF|j}|d}n(|jxr|jxr |j}|j}|d}n(|jxr|jxr |j}|jxr"|jxr|jxr|xr|S)ab Formulates a general judgment on the validity of this signature. This takes into account the cryptographic validity of the signature, the signature's chain of trust and the validity of the timestamp token (if present). :return: ``True`` if all constraints are satisfied, ``False`` otherwise. T)rrFrErVr)rXts timestamp_ok content_tscontent_timestamp_oks rC bottom_linez&StandardCMSSignatureStatus.bottom_lines $ $ :L88@ @bjjL44  #'   MZ%6%6M:;M;M ! KK %  %  % %%  rBc#BKt|Ed{|j!d|jjdz|j!d|jjdz|j |j j sdyyy7w)NzTIMESTAMP_TOKEN<%s>|)rbzCONTENT_TIMESTAMP_TOKEN<%s>CERTIFIED_SIGNER_ATTRS_INVALID)superrZrrcrrrFrX __class__s rCrZz)StandardCMSSignatureStatus.summary_fields?s7)+++  " " .'''//#/>   * * 6///77#7F   # # /++112 22 0 ,sBBBBcd|j}d|jrdndd}|jd|fdjfd|DS) NcDdj|dt|z|dfS)N -)rar)hdrbodys rC fmt_sectionzDStandardCMSSignatureStatus.pretty_print_details..fmt_sectionQs"99c3S>4>? ?rBzThe signature is judged rwINzVALID.z Bottom linerc36K|]\}}||ywrnrA).0rrrs rC zBStandardCMSSignatureStatus.pretty_print_details..YsJICS$/Js)pretty_print_sectionsrrra)rXsectionsrrs @rCpretty_print_detailsz/StandardCMSSignatureStatus.pretty_print_detailsPs] @--/&T-=-=r4&H O   45yyJJJJrBc |j}|jrd}n|jrd}nd}d|jjd|j j d|jj d|jd|d }d |jr|jrd nd d |jd|jd}d|jvrM|jdd}|jdk(r,|j}|d|j d|j"dz }g}|j$}|"|j'd|j)|j*} | ?| j,} |j'd| j)d| j/|j0} | ?| j,} |j'd| j)d| j/|sdndj3|} d|fd|fd | fgS)!NrVrW untrustedzCertificate subject: "z " Certificate SHA1 fingerprint: z! Certificate SHA256 fingerprint: z Trust anchor: "z" The signer's certificate is .z#The signature is cryptographically rwrxz'sound. The digest algorithm used was 'z%'. The signature mechanism used was 'z'.ecdsa algorithm parametersnamedz@ The elliptic curve used for the signer's ECDSA public key was 'z' (OID: z).z$Signing time as reported by signer: zSignature timestamp token: z9 The token is guaranteed to be newer than the signature. zContent timestamp token: z9 The token is guaranteed to be older than the signature. z0No available information about the signing time.z z Signer info Integrityz Signing time)rHrVrWrirjryrzr{rlrErFrJrI public_keynamechosenrdottedrr isoformatrrur}rra) rXcert trust_status about_signer validity_info ec_params curve_oid timing_infos reported_ts tst_statusrcontent_tst_status timing_infos rCrz0StandardCMSSignatureStatus.pretty_print_sections[so!%!2!2 <<$L \\$L&L%dll&A&A%BC--1YY]]_,=>//3{{/@.AB#1123++7.  ;  2[[TZZrT:;..2.?.?-@A../r  3  d44 4151M2I~~(3<3C3C ''0'7'7&89&--.b2  --  "   6{7L7L7N6OP ,,  !%%B   -blln-=>L6689;  "<<  )#--B   +BLLN+;>@AC   ?\*  L ) - ( [ )  rB)r:r;r<r=rr rr?rr(rrqr>rrZrr rrpr __classcell__rs@rCr.r.s .2*1 >B!9:A FJ)A BI  T  B3" KE tE#s(O'<E rBr.c&eZdZdZdZ dZ dZ dZy)r/a" Indicate the extent to which a PDF signature (cryptographically) covers a document. Note that this does *not* pass judgment on whether uncovered updates are legitimate or not, but as a general rule, a legitimate signature will satisfy at least :attr:`ENTIRE_REVISION`. rr#rrN)r:r;r<r=UNCLEARCONTIGUOUS_BLOCK_FROM_STARTENTIRE_REVISION ENTIRE_FILErArBrCr/r/s8G #$OKrBr/cveZdZUdZeeed< dZeee e fed< dZ ee ed< e deefdZy)r0Ncoverage diff_result docmdp_okr[c@|j}|jG|tjk(ry|tjk(rt j St jSt|jtr|jjSt jS)z Indicates the degree to which the document was modified after the signature was applied. Will be ``None`` if difference analysis results are not available; an instance of :class:`.ModificationLevel` otherwise. N) rrr/rrr!NONEOTHER isinstancer modification_level)rXrs rCr!z#ModificationInfo.modification_levels==    #1AAA5AAA"&& ',,  ((* 5##66 6$** *rB)r:r;r<rr r/r?rrr r"rr>rqr!r!rArBrCr0r0sp15Hh-.5HLK% ,B BCDK !%Ix~$+H->$?++rBr0ceZdZUdZdZeed< dZee ed< e deffd Z e defdZ fd Z fd ZxZS) r1z;Class to indicate the validation status of a PDF signature.Fhas_seed_valuesNseed_value_constraint_errorr[ctt|}|xr*|jxr|jxs|jduS)a Formulates a general judgment on the validity of this signature. This takes into account the cryptographic validity of the signature, the signature's chain of trust, compliance with the document modification policy, seed value constraint compliance and the validity of the timestamp token (if present). :return: ``True`` if all constraints are satisfied, ``False`` otherwise. N)rr seed_value_okrr!)rXgeneric_checks_okrs rCrzPdfSignatureStatus.bottom_line sF"G/  D"" DB4#:#:d#B rBc|jduS)a Indicates whether the signature satisfies all mandatory constraints in the seed value dictionary of the associated form field. .. warning:: Currently, not all seed value entries are recognised by the signer and/or the validator, so this judgment may not be entirely accurate in some cases. See :class:`~.pyhanko.sign.fields.SigSeedValueSpec`. N)r$r]s rCr&z PdfSignatureStatus.seed_value_ok!s//477rBc#Kt|Ed{|jtjk(rdnN|jtj k(r-|j d|j jzn dnd|jr#|jtjk7rdyydy7w)N UNTOUCHEDEXTENDED_WITH_EXTENDEDNONSTANDARD_COVERAGEACCEPTABLE_MODIFICATIONSILLEGAL_MODIFICATIONS) rrZrr/rrr!rrrs rCrZz!PdfSignatureStatus.summary_fields1s7)+++ ==2>> >  ]]4DD D&&2&)@)@)E)EEE  ( ( >>}} 6 B BB00C* ) ,sCB>B)Cct|}|jtjk(rd}nh|j Z|j t jk(rd}n"|j t jk(rd}nd}d|d|jrdndd }nd }|jd |f|jr;|jrd }nd |jjz}|jd|f|S)Nz%The signature covers the entire file.z1All modifications relate to signature maintenancez?All modifications relate to signing and form filling operationsz&Some modifications may be illegitimatez.The signature does not cover the entire file. z, and they appear to be rwinz9compatible with the current document modification policy.z'Incremental update analysis was skipped Modificationsz4There were no SV issues detected for this signature.zXThe signature did not satisfy the SV constraints on the signature field. Error message: zSeed value constraints)rrrr/rr!r! LTA_UPDATES FORM_FILLINGrrr#r&r$failure_message)rXrmodification_str modlvl_stringsv_infors rCrz(PdfSignatureStatus.pretty_print_sectionsBs 702 ==2>> >F &&2**.?.K.KKK",,0A0N0NN%" %MME$o%=!^^r67<<!$M *:;<   !!P<66FFG OO5w? @rB)r:r;r<r=r#r>r?r$r r%rqrr&rZrrrs@rCr1r1stE!OT!JN*E!FM  T  & 8t 8 8*"&&rBr1ceZdZdZy)r2zDClass to indicate the validation status of a PDF document timestamp.N)r:r;r<r=rArBrCr2r2ksNrBr2)Elogging collectionsr dataclassesrrenumrtypingrrr r r r r rrr asn1cryptorrrrrpyhanko_certvalidator.errorsrrrpyhanko_certvalidator.pathrpyhanko_certvalidator.validaterpdf_utils.miscr ades.reportrr diff_analysisr r!r"errorsr$r%settingsr&__all__ getLoggerr:rr3r'r(r)r*rprr>rr,r+r-r4r.r/r0r1r2rArBrCrJs?#!   21 6=)3 J) "   8 $ $, $W4W4W4t $" " " J $     $ .   *} *), *3= *FJ *8#8#v0#0#f $++++++\ $$$$N $\ !6\ \ ~![!!H $2+2+2+j $i)+EiiX $O.0HOOrB