Wwg?:ddlZddlmZmZddlmZmZmZmZmZddl m Z m Z m Z ddl mZddlmZmZmZmZddlmZmZddlmZdd lmZmZmZdd lmZdd lm Z dd l!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'm(Z(m)Z)ddl*m+Z+ddgZ,dede dededeee"ee'ff dZ-defdZ.dede j^dede j`def dZ1dedededefd Z2d!eedededeed"e j`def d#Z3ded$ede ded%eeded&e+e4d'e+edefd(Z5ded$ede ded%eededefd)Z6y)*N)datetime timedelta)IterableListOptionalSetTuple)algoskeysx509) ValProcState)DisallowedAlgorithmErrorInsufficientPOEErrorInsufficientRevinfoError RevokedError)ValidationTimingInfoValidationTimingParams)ValidationPath)AlgorithmUsagePolicyCertRevTrustPolicyRevocationCheckingRule)RevinfoContainer)RevinfoManager) CRLOfInterest_check_cert_on_crl_and_delta_CRLErrs collect_relevant_crls_with_paths)OCSPResponseOfInterest_check_ocsp_status%collect_relevant_responses_with_paths)ConsList time_slideades_gather_prima_facie_revinfopathrevinfo_manager control_timerevocation_checking_rulereturncK|j}|jr#t||||d{}|j}ng}|jr&t ||||d{}|j }||fSg}||fS7K7w)a Gather potentially relevant revocation information for the leaf certificate of a candidate validation path. Only the scope of the revocation information will be checked, no detailed validation will occur. :param path: The candidate validation path. :param revinfo_manager: The revocation info manager. :param control_time: The time horizon that serves as a relevance cutoff. :param revocation_checking_rule: Revocation info rule controlling which kind(s) of revocation information will be fetched. :return: A 2-element tuple containing a list of the fetched CRLs and OCSP responses, respectively. N)leaf ocsp_relevantr responses crl_relevantrcrls) r$r%r&r'cert ocsp_resultocsps crl_resultr.s [/var/www/horilla/myenv/lib/python3.12/site-packages/pyhanko_certvalidator/ltv/time_slide.pyr#r#*s4 99D--A $  %%,,; $   ; ;  s!*A<A80A<A:A<:A<c#K|}|df|jdkDr'|j}|df|jdkDr&yyw)NTF)pkix_lencopy_and_drop_leaf)r$cur_paths r3_tailsr9WsKH D.   a ..0o   a s =AA algo_policy algo_used public_keyval_proc_statec"|j|||}|dj}|js`|jrt ||j}|Sd|d}|j |d|j z }t j||d|S)N algorithmz Algorithm z- is banned outright without time constraints.z Reason: ) banned_since)signature_algorithm_allowednativeallowednot_allowed_afterminfailure_reasonr from_state)r:r;r&r<r=sig_constraint algo_namemsgs r3_apply_algo_policyrK_s!<<<N+&--I  ! !  + +|^-M-MNL YK($% ,,8>#@#@"ABB*55!  revinfo_containerrev_trust_policytime_tolerancec |j|tt||d|}|j}|jj s|j xs|}| t||}|S)NT)validation_timebest_signature_timepoint_in_time_validation) timing_inforO) usable_atrr issuance_daterating usable_adeslast_usable_atrE)r&rMrNrO usabilityrV cutoff_dates r3"_update_control_time_for_unrevokedr\~s{"++, ,$0)- *   I&33M    ' ' ..?-  "{L9L rL revoked_dateissuer_public_keyc`|r t||}|j}||t|||||}|SN)rErevinfo_sig_mechanism_usedrK)r]r&rMr:r^r=r;s r3_update_control_timerbsJ<6 !<j||j.|j@tC \}}|j>j}t%|t&j(sJ||duz}|j.}||j0|j0kr|}tE|&||jF|&_d}|D]}|jH}|j0}|r|&kDs| |jH&kDr5tK|jL&'(d{& tO|t(&d}||duz}|jLj}!t%|!t&j(sJ||j0|kr|}tE|&||!jF|&9t| jUd}"tW|d&|"jF|&|r||fD#cgc]}#|#|# }$}#tY|$&fdd}%|%t[&|%&&S77>7 #tP$r} | jR}Yd} ~  d} ~ wwxYwcc}#ww)Nr)r%r&r')cert_path_stackz0No proof of existence available for certificate z at control time .zattribute certificatezNo revocation info from before z found for certificate Fc3<K|]}|jywr`)dump).0r/s r3 z_time_slide.. sG $ Gsc 3K|]]}|jjrE|jjjvrt|j _yw)rerfN)r$r*rk _time_slide) rlcrl_pathrdr&new_cert_stacknew_path_stackrNr%sub_path_skip_listrOs r3rmz_time_slide..sj! **$MM..335=OO  $'()#1  sA#A&) crl_issuerr/certificate_list_contdelta_certificate_list_conterrs)rMr:r^r=ro) ocsp_response proc_stater&signature_algorithm)r=c$|jxsSr`)rV)xr&s r3z_time_slide..saoo=rL)keydefault)r&rMrNrO).revocation_checking_policyr6listreversedr9 poe_managerr#ee_certificate_ruleintermediate_ca_cert_ruler*consrkr rrGsubjecthuman_friendly isoformat isinstancer Certificateocsp_no_check_valuercrlrV prov_pathssetasynciogatherrErr$deltarrbr<ryrp prov_pathrr revocation_dtiter_authoritiesrKmaxr\)*r$rcr%rNrdrOrerfchecking_policy partial_pathsr current_pathis_eer.r1r/rzident once_revokedmost_recent_crlcrl_of_interestissued sub_pathssub_path_control_timescandidate_crl_pathr]revoked_reason crl_iss_cert crl_containermost_recent_ocspocsp_of_interestocsp_containere ocsp_iss_certleaf_car~ revinfo_itemsmost_recent_revinfor&rrrsrts* ```` @@@@r3rprps %L&AAO }}  $vd|"456M!--K,y e; +% 33$>>   e  #5#.!.A t | +&11B<<..//@))+,A/   E$ 0 01 33/''/.995l6L6L6N5O-eWA7   $B O$((66FL(223lB'22I .1-@3G(4GD. ,3>>%.,& "& F/EFGL&/ "/K166;;*9*=*=0B0H0H! 0, n 266;; !,0@0@AAA D 88 / 3 3 #+&44#112'4O3  &3 1&2&=&=#-   ) OB H  %-  -;;N#11FL(/==>M!, ** !)) " L /""0+NK!- $  L4 4L,66;;MmT-=-=> >> (#11F:#1 /"0-"/":":) LM- ^  (<88:;B?G-!*+"") L,o>9!-9M9#&=#  #.A!-&9%5#1   iyv u  v&z "  /   /B9sBR QF R QD5R QR Q!3B&R R !R)R-R R R R ! R* Q<6R <RR c Kt||||||tjtjd{S7w)a Execute the ETSI EN 319 102-1 time slide algorithm against the given path. .. warning:: This is incubating internal API. .. note:: This implementation will also attempt to take into account chains of trust of indirect CRLs. This is not a requirement of the specification, but also somewhat unlikely to arise in practice in cases where AdES compliance actually matters. :param path: The prospective validation path against which to execute the time slide algorithm. :param init_control_time: The initial control time, typically the current time. :param revinfo_manager: The revocation info manager. :param rev_trust_policy: The trust policy for revocation information. :param algo_usage_policy: The algorithm usage policy. :param time_tolerance: The tolerance to apply when evaluating time-related constraints. :return: The resulting control time. roN)rpr!empty)r$rcr%rNrdrOs r3r"r"sFH >>#>>#    s;AAA)7rrrtypingrrrrr asn1cryptor r r pyhanko_certvalidator._stater pyhanko_certvalidator.errorsrrrrpyhanko_certvalidator.ltv.typesrrpyhanko_certvalidator.pathr!pyhanko_certvalidator.policy_declrrr&pyhanko_certvalidator.revinfo.archivalr%pyhanko_certvalidator.revinfo.managerr*pyhanko_certvalidator.revinfo.validate_crlrrrr+pyhanko_certvalidator.revinfo.validate_ocsprrr pyhanko_certvalidator.utilr!__all__r#r9SignedDigestAlgorithm PublicKeyInforKr\rbbytesrpr"rLr3rs3(77((5 6 D@  0 : ;* *#**5 *  4 %; < <= *Z%**""  ! >!!'!)! !H8$(./  ))  ! .S SS$S) S  45 SSS(SSl- --$-) -  45 -  --rL