Wwg/ddlZddlmZddlmZmZmZmZmZddl m Z m Z ddl m Z ddlmZmZmZmZddlmZmZed Gd d Zee j.e j0fZGd dZy)N) dataclass) FrozenSetIterableIteratorOptionalUnion)cmsx509) AAControls) AuthorityAuthorityWithCertCertTrustAnchor TrustAnchor)get_ac_extension_value get_issuer_dnT)frozenc0eZdZUeed< eed< eed<y)QualifiedPolicyissuer_domain_policy_iduser_domain_policy_id qualifiersN)__name__ __module__ __qualname__str__annotations__ frozensetQ/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/path.pyrrs'  r rceZdZUdZdZeeeed<dZ de de e jdeefdZede fd Zed Zedeefd Zdeefd Zdee jfd Zede jfdZde efdZdefdZde jdefdZde jfdZdefdZd"dZdZdeeefdZ de!jDde#fdZ$edZ%dZ&dZ'de#de(e jfdZ)d Z*d!Z+y)#ValidationPathza Represents a path going towards an end-entity certificate or attribute certificate. N_qualified_policies trust_anchorintermleafc^|r |s tdt||_||_||_y)Nz-Leafless paths cannot have intermediate certs) ValueErrorlist_interm_root_leaf)selfr%r&r's r!__init__zValidationPath.__init__1s. $LM MF| !  r returnc|jSN)r,r.s r!r%zValidationPath.trust_anchor=s zzr c|jj}t|tr |jS|j r|j dSt|j tjr |j Sy)a Returns the current beginning of the path - for a path to be complete, this certificate should be a trust root .. warning:: This is a compatibility property, and will return the first non-root certificate if the trust root is not provisioned as a certificate. If you want the trust root itself (even when it doesn't have a certificate), use :attr:`trust_anchor`. :return: The first asn1crypto.x509.Certificate object in the path rN) r, authority isinstancer certificater+r-r Certificate)r.roots r!firstzValidationPath.firstAsbzz## d- .## # \\<<? "  D$4$4 5:: 6r c|j |jS|js0t|jtr|jj Sy)a< Returns the current leaf certificate (AC or public-key). The trust root's certificate will be returned if there is one and there are no other certificates in the path. If the trust root is certificate-less and there are no certificates, the result will be ``None``. N)r-r+r6r,rr7r3s r!r'zValidationPath.leafXs? :: !:: *TZZ"I::)) )r c|j}t|tjr|jj St|t jryy)Nz)r'r6r r8subjecthuman_friendlyr AttributeCertificateV2r.r's r! describe_leafzValidationPath.describe_leafisAyy dD,, -<<.. . c88 9,r cT|j}t|tjr|Sy)z Returns the current leaf certificate if it is an X.509 public-key certificate, and ``None`` otherwise. :return: N)r'r6r r8r@s r!get_ee_cert_safezValidationPath.get_ee_cert_safers%yy dD,, -Kr c6|j}|r|St)z Returns the last certificate in the path if it is an X.509 public-key certificate, and throws an error otherwise. :return: The last asn1crypto.x509.Certificate object in the path )rC LookupErrorr.certs r!lastzValidationPath.lasts $$& K r c#xK|jj|jD]}t|yw)zU Iterate over all authorities in the path, including the trust root. N)r,r5r+rrFs r!iter_authoritieszValidationPath.iter_authoritiess6jj"""LL *D#D) ) *s8:rGc6t|}t|tjr |j}nt |d}|r|dj nd}|jD]+}|j|k(s|j}|r|r||k7r)|cStd)aK Return the issuer of the cert specified, as defined by this path :param cert: A certificate to get the issuer of :raises: LookupError - when the issuer of the certificate could not be found :return: An asn1crypto.x509.Certificate object of the issuer authority_key_identifierkey_identifierN6Unable to find the issuer of the certificate specified) rr6r r8rLrnativerJnamekey_idrE)r.rG issuer_nameakiaki_extr5keyids r!find_issuing_authorityz%ValidationPath.find_issuing_authoritys$D) dD,, -//C,T3MNG6='*+224C..0 !I~~,!((SUc\   ! D  r new_leafct|jtrE|jjj|jk(rt |jg|S|j }d}t|D]"\}}|j|jk(s |}n| tdt |j|d|dz|S)a Remove all certificates in the path after the cert specified and return them in a new path. Internal API. :param cert: An asn1crypto.x509.Certificate object to find :param new_leaf: A new leaf certificate to append. :raises: LookupError - when the certificate could not be found :return: The current ValidationPath object, for chaining r&r'Nz(Unable to find the certificate specifiedr ) r6r,rr7 issuer_serialr#r+ enumeraterE)r.rGrWcerts cert_indexindexentrys r!truncate_to_and_appendz%ValidationPath.truncate_to_and_appends( djj/ 2zz%%33t7I7II%djj(KK  %e, LE5""d&8&88"    HI I JJu%5zA~6X  r cd}|jjj|r?|jdk(rt |j gdSt |j g|S|j }t|D]X\}}|j|jk(s |jr*|jr|j|jk(sR|}n|}n| tdt |j |d|dz|S)a Remove all certificates in the path after the issuer of the cert specified, as defined by this path, and append a new one. Internal API. :param cert: A new leaf certificate to append. :raises: LookupError - when the issuer of the certificate could not be found :return: The current ValidationPath object, for chaining NmayberYrNr )r') r%r5is_potential_issuer_of self_signedr#r,r+r[r=issuerrMrLrE)r.rG issuer_indexr\r^r_s r!truncate_to_issuer_and_appendz,ValidationPath.truncate_to_issuer_and_appends"     & & = =d C7*&djj$GG%djj$GG %e, LE5}} +''D,I,I++t/L/LL', #(L   H djj%0B,2B*C$OOr c|jdd}|jr|j|jt|j||S)Nr%r&r')r+r-appendr#r,)r.rG new_certss r!copy_and_appendzValidationPath.copy_and_append s@LLO ::   TZZ (ID  r ct|jdk(rt|jdd|jd}}t|j||S)z Drop the leaf cert from this path and return a new path with the last intermediate certificate set as the leaf. rNri)lenr+ IndexErrorr#r,)r. new_intermrWs r!copy_and_drop_leafz!ValidationPath.copy_and_drop_leafsP t||  ! #||CR0$,,r2BH JX  r c||_yr2r$)r.policiess r!_set_qualified_policiesz&ValidationPath._set_qualified_policies!s #+ r c|jSr2rtr3s r!qualified_policiesz!ValidationPath.qualified_policies$s'''r attr_idc|Dcgc]}tj|}}td|D}|sytfd|DScc}w)Nc3$K|]}|du ywr2r).0xs r! z2ValidationPath.aa_attr_in_scope..+sMq}MsTc3DK|]}||jywr2)accept)r|ctrlrys r!r~z2ValidationPath.aa_attr_in_scope..5s*#  G$s )r read_extension_valueanyall)r.ryrGaa_controls_extensionsaa_controls_useds ` r!aa_attr_in_scopezValidationPath.aa_attr_in_scope'sd>B" 6:J + +D 1" " M6LMM2 " sA cRt|j|jrdzSdzS)Nr r)ror+r-r3s r!pkix_lenzValidationPath.pkix_len=s$4<< A;;;;r c d|jzS)Nr )rr3s r!__len__zValidationPath.__len__As4==  r c|dkDrGt|jdz}||k(r|j |jS|j|dz St|jt r|jj Std)Nrr zRoot has no certificate)ror+r-r6r,rr7rE)r.keyleaf_ixs r! __getitem__zValidationPath.__getitem__Esu 7$,,'!+Gg~$**"8zz!<<a( (  O 4::)) )78 8r include_rootc|jj}|rt|tr |jfnd}|j }t|t jr|fnd}tj||j|S)z Iterate over the certificates in the path. :param include_root: Include the root (if it is supplied as a certificate) :return: An iterator. r) r,r5r6rr7r-r r8 itertoolschainr+)r.rr9 from_rootr' from_leafs r! iter_certszValidationPath.iter_certsTsrzz## 41B C     zz)$0@0@ATGr y$,, BBr c&|jdS)NT)r)rr3s r!__iter__zValidationPath.__iter__gsD11r ct|tsy|j|jk(xr4|j|jk(xr|j|jk(S)NF)r6r#r%r+r-)r.others r!__eq__zValidationPath.__eq__lsR%0   !3!3 3 *  - * ekk) r )r0r#),rrr__doc__r$rrrr_path_aa_controlsrrr r8Leafr/propertyr%r:r'rrArCrHr rJrVr`rgrlrrrvrxr AttCertAttributeTypeboolrrrrrrrrrr r!r#r#'s AE)O"<=D ! ))* tn k,htn x} (4+;+;"<  d&&  *(9"5* 4 @# 4+;+;# t# L.P$2B2B.P` D   ,(HY-G$H((@(@T,<<! 9CtC9I9I0JC&2  r r#)r dataclassesrtypingrrrrr asn1cryptor r asn1_typesr r5r rrrutilrrrr8r?rr#rr r!rsm!AA " 8 $" T  s99 9:L L r