Wwgn3ddlZddlZddlmZddlmZmZddlmZm Z m Z m Z m Z m Z mZddlmZddlmZej&eZGddeZd ed ed efd Zd Zdeded efdZdedefdZdedefdZdej>dej>fdZ GddejBZ"e"jFe e"jHee"jJee"jLeiZ'Gdde(Z)dejTfdZ+dejXfdZ-GddZ.edGd d!Z/e e"e e/fZ0d"e ej>d e0fd#Z1d$e e/d e0fd%Z2d&ejfd e0fd'Z4Gd(d)Z5Gd*d+Z6Gd,d-Z7d e0fd.Z8d e0fd/Z9y)0N) dataclass) IPv4Address IPv6Address)CallableDictIterableListOptionalSetUnion)x509)urisplitc eZdZy)NameConstraintErrorN)__name__ __module__ __qualname__W/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/name_trees.pyrr srr base_host other_hostreturncx|ddk(r.|j|\}}}t|xr t| S||k(S)Nr.) rpartitionbool)rrpre_posts rhost_tree_containsr!sF|s!,,Y7 QCy+d^+Y&&rct|j}|rt|ttfr3|d|dnd}d|d|d}t j |t||S)Nz has host rzis not a well-formed URI.zCURI constraints require URIs with a host specified as a FQDN; URI 'z' )rgethost isinstancerrloggerwarningr)cand_uri cand_hosthost_errmsgs r _host_regnamer+s"**,I  9{K.HI$ {! $-   :Rz ,  s!#&& rbaseotherc0t|}t||SN)r+r!)r,r-rs ruri_tree_containsr0,s#E*J dJ //rc |jd}|jd}t|t|kryt|t|k\xr.tdtt |t |DS)NrFc3,K|] \}}||k(ywr/r.0xys r z$dns_tree_contains..9s91aQ9)splitlenallzipreversed)r,r- base_labels other_labelss rdns_tree_containsr@2su**S/K;;s#L <3{++ | K 0 0 S9x 5x 7LM96rc||jd\}}}|jd\}}}|r||k(St||S)N@)rr!)r,r- base_mailboxrbase_host_or_domain other_mailboxother_host_or_domains remail_tree_containsrG>sN,0??3+?(L!(-2-=-=c-B*M1*u}!"57KLLrc|j}|j}t|t|k\xrtdt||DS)Nc3,K|] \}}||k(ywr/rr3s rr7z(dirname_tree_contains..OsE1aQEr8)chosenr:r;r<)r,r-base_rdn_sequenceother_rdn_sequences rdirname_tree_containsrMKsT  ! "c*;&< < E02DEEBrceZdZejZejZejZejZejZ ejZ ejZ ejZ ejZ edeeeeej(feeej(fgeffdZeddZy)GeneralNameTyperc.tj|dSr/)_name_type_checkersgetselfs rcheck_membershipz GeneralNameType.check_membershipbs #&&tT22rc6t||jSr/)getattrupper)clschoices r from_choicezGeneralNameType.from_choicejssFLLN++rN)rrO)rrrenumauto OTHER_NAME RFC822_NAMEDNS_NAME X400_ADDRESSDIRECTORY_NAMEEDI_PARTY_NAMEUNIFORM_RESOURCE_IDENTIFIER IP_ADDRESS REGISTERED_IDpropertyr rr strr NamerrU classmethodr[rrrrOrOWsJ$))+Ktyy{H499;LTYY[NTYY[N"+$))+JDIIKM 3 %TYY'sDII~)>?EF 33,,rrOc$eZdZdeffd ZxZS)UnsupportedNameTypeError name_typecTt||jjyr/)super__init__namelower)rTrm __class__s rrpz!UnsupportedNameTypeError.__init__xs --/0r)rrrrOrp __classcell__)rss@rrlrlws1/11rrlgnamectj|j}|j}|tjk7r |j }||fSr/)rOr[rqrJrbnative)ru gname_typevalues r_interpret_general_namerz|sC ,,UZZ8J LLE_333  u rcertc#xKt|jjrtj|jf|j }|W|jjD]=}|D]6}|dj dk(stj|dj f8?y|D]}t|yw)Ntype email_addressry) r:subjectrJrOrbsubject_alt_name_valuerwr_rz)r{subject_alt_namesrdn name_pairrqs r_enumerate_names_in_certrs 4<<  ,,dll::+/+F+F <<&& QC  Q V$++>)55y7I7P7PPP Q Q & 0D)$/ / 0s A> ! 88q=DHH0%P ..11 ?%77GH t~~++T22rrqc.t|t|S)Nrmr)rr)rYrmrqs r from_namezNameSubtree.from_namesY-:MNNrc|d}t|\}}t|t||dj|djS)Nr,minimummaximum)rr)rzrrrw)rYsubtreerurmname_objs rfrom_general_subtreez NameSubtree.from_general_subtreesN5e< 8  ( # ")) "))   rct|dS)z Tree that contains all names of a given type. :param name_type: The name type to use. :return: Nr)r)rYrms runiversal_treezNameSubtree.universal_treesY$??r)rr)rrrrO__annotations__r rrintrr rhr rirrrjrrrrrrrrs &&CLC#3sDII~!6343"O/OsDII~9NOO  @@=@@rrnamescdtjfd}tj|Dchc] }|| c}iScc}w)NrqcLtjtj|S)N)rmrq)rrrOrb)rqs r_subtreez(x509_names_to_subtrees.._subtrees%$$%444%  r)r rirOrb)rrns rx509_names_to_subtreesrs7 tyy  * *%,HQXa[,H II,Hs;treesci}|D]!} ||jj|#|S#t$r|h||j<YAwxYwr/)rmaddKeyError)rresulttrees r_group_subtreesrs\F, , 4>> " & &t ,, M ,&*VF4>> " ,s+AAsubtreesc&td|DS)Nc3FK|]}tj|ywr/)rr)r4rs rr7z+process_general_subtrees..s 6= ((1s!)r)rs rprocess_general_subtreesrs AI rc^eZdZ ddeedeeejdffdZ dZ e dZ y)NameConstraintValidationResultNfailing_name_type failing_namec ||_||_yr/rr)rTrrs rrpz'NameConstraintValidationResult.__init__s =N9Erc|jduSr/)rrSs r__bool__z'NameConstraintValidationResult.__bool__ s%%--rc|jJ|j}t|tjr |j }|jj j}d|d|dS)Nz The name 'z ' of type z is not allowed.)rrr$r rihuman_friendlyrqrr)rTname_strrms r error_messagez,NameConstraintValidationResult.error_messagesh%%111$$ h *..H**//557 H:Z {:JKKr)NN) rrrr rOr rhr rirprrgrrrrrrsT8<48F#O4FCD01F.LLrrcXeZdZdefdZdefdZdedefdZde jde fd Z y ) PermittedSubtreesinitial_permitted_subtreesc xtDcic]}|t|j|dg!}}||_ycc}w)Nr)rOsetrR_trees)rTrrmrs rrpzPermittedSubtrees.__init__sN-@  6::9bIJK K@ @  @ s$7rcp|jD]#\}}|j|j|%yr/)itemsrappend)rTrrm new_permitteds rintersect_withz PermittedSubtrees.intersect_with-s3(-  9 $I} KK " ) )- 8 9rrmrcx tfdt|j|DS#t$rYywxYw)Nc3FK|]}tfd|Dyw)c3&K|]}|v ywr/rr4rrqs rr7z:PermittedSubtrees.accept_name...9sATDDLAN)any)r4trees_in_generationrqs rr7z0PermittedSubtrees.accept_name..8s%'A-@AAs!F)r;r=rrrTrmrqs `r accept_namezPermittedSubtrees.accept_name2sD  +3DKK 4J+K #  s )- 99r{c tfdt|D\}}t||S#t$r tcYSwxYw)Nc3PK|]\}}j||s||fywr/)rr4rmrqrTs rr7z0PermittedSubtrees.accept_cert..Cs23#It'' 48D!3#&rnextrr StopIterationrTr{rrs` r accept_certzPermittedSubtrees.accept_cert?X 4.23'?'E3/ + | 2"3,  413 3 4,0AAN) rrr PKIXSubtreesrprrOrrr CertificaterrrrrrrsH<&9L9 _ t  4$$ 4 ' 4rrcXeZdZdefdZdefdZdedefdZde jde fd Z y ) ExcludedSubtreesinitial_excluded_subtreesct|jDcic]\}}|t|c}}|_ycc}}wr/)rrr)rTrrmtree_sets rrpzExcludedSubtrees.__init__Ps:(A'F'F'H% # 8 s8} $%  % s4rcp|jD]#\}}|j|j|%yr/)rrupdate)rTrrm new_excludeds r union_withzExcludedSubtrees.union_withZs3',{{} 8 #I| KK " ) ), 7 8rrmrcf tfd|j|DS#t$rYywxYw)Nc3&K|]}|v ywr/rrs rr7z/ExcludedSubtrees.reject_name..asGtt|GrT)rrrrs `r reject_namezExcludedSubtrees.reject_name_s4 G I0FGG G"  s $ 00r{c tfdt|D\}}t||S#t$r tcYSwxYw)Nc3PK|]\}}j||r||fywr/)rrs rr7z/ExcludedSubtrees.accept_cert..is23#It##It4D!3rrrrs` rrzExcludedSubtrees.accept_certerrN) rrrrrprrOrrr rrrrrrrrOsH , 8 8 _t 4$$ 4 ' 4rrc^tDcic]}|tj|hc}Scc}wr/)rOrrrms rdefault_permitted_subtreesrus7)   K..y9::  s*cFtDcic] }|tc}Scc}wr/)rOrrs rdefault_excluded_subtreesr|s.= >Isu  >> >s):r\logging dataclassesr ipaddressrrtypingrrrr r r r asn1cryptor uritoolsr getLoggerrr% ValueErrorrrhrr!r+r0r@rGrirMEnumrOrbr_r`rdrQrrl GeneralNamerzrrrrrrrGeneralSubtreesrrrrrrrrrrs !.GGG   8 $ * '#'3'4'"0C000 C   Mc M# M $)),dii,2""$9!4///1B 121 4#3#304#3#30(NN* $/@/@/@fOS%556 J(499"5J,J 8K0 \ t';';  LL.3434l#4#4LL?<?r