o >e* @sdZddlZddlZddlZddlmZmZmZmZm Z m Z ddl m Z m Z mZmZmZmZddlmZddlmZddlmZgd ZeeZegd Zegd Zegd Zegd Z de!dee"de"de#fddZ$de!de"fddZ%de ej&e j'fdedej(fddZ)dej&dede"de#fdd Z*de!d!ej+d"e"fd#d$Z,e d%Z-e d&Z.d'ee-e e.e/ffd(ee-ej0fd)e-d*egee.fde e.e/ff d+d,Z1d-d.Z2d/d0Z3d1d2Z4d3d4Z5de ej&e j'ffd5d6Z6d7d8Z7dS)9zd Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. N) AwaitableCallableDictOptionalTypeVarUnion)algoscmscoreocsppemx509)errors) Authority)get_ac_extension_value) unpack_cert_contentformat_ocsp_requestprocess_ocsp_response_dataqueue_fetch_taskcrl_job_results_as_completedocsp_job_get_earliestcomplete_certificate_fetch_jobsgather_aia_issuer_urls$ACCEPTABLE_STRICT_CERT_CONTENT_TYPESACCEPTABLE_CERT_PEM_ALIASESACCEPTABLE_PKCS7_DER_ALIASESACCEPTABLE_CERT_DER_ALIASES)application/pkix-certapplication/pkcs7-mimeapplication/x-x509-ca-cert application/x-pkcs7-certificates)zapplication/x-pem-filez text/plainapplication/octet-streambinary/octet-stream)rr r"r#)rr!r# response_data content_typeurl permit_pemc cst|}|dus|tvrB|sB|durtd|dttj|}|dkr3t ||EdHdS|dkr@t j |VdSdS|t vrR|sRt ||EdHdS|ry|rytj |ddD]\}}}|dkrot ||EdHq]t j |Vq]dStd|d |d ) Nz)Response to certificate fetch request to zi did not include a content type, verifying it's sequence length to check if it is a certificate or pkcs7.rT)multiplePKCS7zFailed to extract certs from z payload. Source URL: .)r detectrloggerwarninglenr Sequenceload_unpack_der_pkcs7r Certificaterunarmor ValueError) r$r%r&r'is_pemder_sequence_length type_name_datar;l/var/www/html/humari/django-venv/lib/python3.10/site-packages/pyhanko_certvalidator/fetchers/common_utils.pyrGs8   r pkcs7_data pkcs7_urlccsvtj|}|dj}|dkrtd|d|d|d}t|dtjr7|dD] }|jdkr6|jVq+dSdS) Nr% signed_dataziExpected CMS SignedData when extracting certs from application/pkcs7-mime payload, but content type was 'z'. Source URL: r+content certificates certificate) r ContentInfor1nativer5 isinstanceCertificateSetnamechosen)r=r> content_infocms_ctr? cert_choicer;r;r<r2ns&    r2cert authorityreturncCsXt|tjr |j}n|ddj}t|j|}tt d|i|t|j ||d}|S)Nac_info serial_number algorithm)hash_algorithmissuer_name_hashissuer_key_hashrP) rEr r3rPrDgetattrrGr CertIdrDigestAlgorithm public_key)rLrMcertid_hash_algorP iss_name_hashcert_idr;r;r< get_certid~s    r\rYrequest_noncesc Csrt|||d}td|i}tdt|gi}|r2tddtt dd}t |g|d<t d |iS) N)rYreq_cert request_listnonceF)extn_idcritical extn_valuerequest_extensions tbs_request) r\r Request TBSRequestRequestsTBSRequestExtensionr OctetStringosurandomTBSRequestExtensions OCSPRequest)rLrMrYr]r[requestrfnonce_extensionr;r;r<rs( r ocsp_requestocsp_urlcCs|ztj|}Wn tytdw|dj}|dkr'td||f|j}|r<|j}|r<|j|jkr+sz)ocsp_job_get_earliest..) return_whenzNo OCSP results)rrFIRST_COMPLETEDrrwr)rqueue ocsp_resprdoneocsp_jobrr;r;r<r*s(  rccsrt|tjr |j}nt|d}|durdS|D]}|djdkr6|d}|jdkr+q|j}|dr6|VqdS)Nauthority_information_access access_method ca_issuersaccess_locationuniform_resource_identifierhttp)rEr r3"authority_information_access_valuerrDrG startswith)rL aia_valueentrylocationr&r;r;r<r>s     rc Csnt|D].}z|IdH}Wntjy+}ztd|dWYd}~qd}~ww|D]}|Vq.qdS)Nz8Error during certificate fetch job, skipping... (Error: ))rrrCertificateFetchErrorr-r.) fetch_jobs fetch_job certs_fetchedrrLr;r;r<rQs" r)8__doc__rloggingrltypingrrrrrr asn1cryptorr r r r r rrMrutilr__all__ getLogger__name__r- frozensetrrrrbytesstrboolrr2r3AttributeCertificateV2rVr\rrorr~rrrrrrrrrrr;r;r;r<s           '  #    1