o >eM$@sddlmZddlmZmZmZmZmZddlmZm Z m Z ddl m Z ddl mZddlmZddlmZmZmZmZmZmZddlmZdd lmZdd lmZmZmZGd d d Z d S))datetime)DictIterableListOptionalSet)crlocspx509) Authority)OCSPFetchError)Fetchers)KnownPOE POEManagerPOETypeValidationObjectValidationObjectTypedigest_for_poe)NonRevokedStatusAssertion)CertificateRegistry) CRLContainer OCSPContainersort_freshest_firstc@sTeZdZdZ  d.dededeedeedee d e e f d d Z e d efd dZe d efddZe d efddZe d eejfddZe d eejfddZe d eejfddZdefddZddZd e ejfddZd eefd d!Zd"e d eefd#d$Z!d%e"e#fd&d'Z$d%e"e#fd(d)Z%d*ejd+e&d efd,d-Z'dS)/RevinfoManagera .. versionadded:: 0.20.0 Class to manage and potentially fetch revocation information. :param certificate_registry: The associated certificate registry. :param poe_manager: The proof-of-existence (POE) data manager. :param crls: CRL data. :param ocsps: OCSP response data. :param fetchers: Fetchers for collecting revocation information. If ``None``, no fetching will be performed. Ncertificate_registry poe_managercrlsocsps assertionsfetcherscCsr||_||_i|_i|_g|_|rt||_g|_|r,t||_}|D]}||q$||_dd|D|_ dS)NcSsi|]}|j|qSr) cert_sha256).0 assertionrrf/var/www/html/humari/django-venv/lib/python3.10/site-packages/pyhanko_certvalidator/revinfo/manager.py Gsz+RevinfoManager.__init__..) _certificate_registry _poe_manager_revocation_certs_crl_issuer_map_crlsr_ocsps_extract_ocsp_certs _fetchers _assertions)selfrrrrrr ocsp_responserrr$__init__-s     zRevinfoManager.__init__returncC|jS)z< The proof-of-existence (POE) data manager. )r'r/rrr$rKzRevinfoManager.poe_managercCr3)z6 The associated certificate registry. )r&r4rrr$rRr5z#RevinfoManager.certificate_registrycCs |jduS)zA Boolean indicating whether fetching is allowed. N)r-r4rrr$fetching_allowedYs zRevinfoManager.fetching_allowedcC.dd|jD}|js |St|jj|S)zK A list of all cached :class:`crl.CertificateList` objects cSg|]}|jqSr)crl_datar"contrrr$ fz'RevinfoManager.crls..)r*r-list crl_fetcher fetched_crls)r/raw_crlsrrr$r`szRevinfoManager.crlscCr7)zI A list of all cached :class:`ocsp.OCSPResponse` objects cSr8r)ocsp_response_datar:rrr$r<qr=z(RevinfoManager.ocsps..)r+r-r> ocsp_fetcherfetched_responses)r/ raw_ocspsrrr$rkszRevinfoManager.ocspscCst|jS)z A list of newly-fetched :class:`x509.Certificate` objects that were obtained from OCSP responses and CRLs )r>r(valuesr4rrr$new_revocation_certswsz#RevinfoManager.new_revocation_certsr0c Cs|j}||}|j}|j}|}|dur?|drA|dD]%}||r>|||j<|ttj t | |t t j|ddqdSdSdS)z Extracts any certificates included with an OCSP response and adds them to the certificate registry :param ocsp_response: An asn1crypto.ocsp.OCSPResponse object to look for certs inside of Ncerts) object_typevalue)poe_typedigestpoe_timevalidation_object)r'r&r(extract_basic_ocsp_responseregister issuer_serialregister_known_poerr VALIDATIONrdumprr CERTIFICATE)r/r0poe_man ocsp_poe_timeregistry revo_certsbasic other_certrrr$r,s.     z"RevinfoManager._extract_ocsp_certscCs||j|j<dS)aU Records the certificate that issued a certificate list. Used to reduce processing code when dealing with self-issued certificates and multiple CRLs. :param certificate_list: An ans1crypto.crl.CertificateList object :param cert: An ans1crypto.x509.Certificate object N)r) signature)r/certificate_listcertrrr$record_crl_issuers z RevinfoManager.record_crl_issuercCs|j|jS)a3 Checks to see if the certificate that signed a certificate list has been found :param certificate_list: An ans1crypto.crl.CertificateList object :return: None if not found, or an asn1crypto.x509.Certificate object of the issuer )r)getr\)r/r]rrr$check_crl_issuers zRevinfoManager.check_crl_issuercsb|js|jS|j}z|j|}Wnty$|j|IdH}Ynwdd|D}||jS)z .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :return: A list of :class:`CRLContainer` objects NcSg|]}t|qSr)r)r"r9rrr$r<sz6RevinfoManager.async_retrieve_crls..)r-r*r?fetched_crls_for_certKeyErrorfetch)r/r^r rcontsrrr$async_retrieve_crlss   z"RevinfoManager.async_retrieve_crls authorityc s|js|jS|j}dd|j|D}|s=|j||IdH}t|}|D]}z||Wq(ty<t dw||jS)a  .. versionadded:: 0.20.0 :param cert: An asn1crypto.x509.Certificate object :param authority: The issuing authority for the certificate :return: A list of :class:`OCSPContainer` objects cSrbr)r)r"resprrr$r<sz7RevinfoManager.async_retrieve_ocsps..Nz9Failed to extract certificates from fetched OCSP response) r-r+rCfetched_responses_for_certrer load_multir, ValueErrorr )r/r^rhr rrBrirrr$async_retrieve_ocspss*    z#RevinfoManager.async_retrieve_ocspshashes_to_evictc(dtffdd }tt||j|_dS)z Internal API to eliminate local OCSP records from consideration. :param hashes_to_evict: A collection of OCSP response hashes; see :func:`.digest_for_poe`. containerct|j}|vSN)rrBrTrprLrnrr$p z%RevinfoManager.evict_ocsps..pN)rr>filterr+r/rnrurrtr$ evict_ocspszRevinfoManager.evict_ocspscro)z Internal API to eliminate local CRLs from consideration. :param hashes_to_evict: A collection of CRL hashes; see :func:`.digest_for_poe`. rpcrqrr)rr9rTrsrtrr$rurvz$RevinfoManager.evict_crls..pN)rr>rwr*rxrrtr$ evict_crlsrzzRevinfoManager.evict_crlsr^atcCs*z ||j|jjkWStyYdSw)NF)r.sha256r|rd)r/r^r|rrr$check_asserted_unrevokeds  z'RevinfoManager.check_asserted_unrevoked)rN)(__name__ __module__ __qualname____doc__rrrrrrrr r1propertyrrboolr6rrCertificateListrr OCSPResponserr CertificaterGr,r_rargr rmrbytesryr{rr~rrrr$rs^   " ,rN)!rtypingrrrrr asn1cryptorr r pyhanko_certvalidator.authorityr pyhanko_certvalidator.errorsr pyhanko_certvalidator.fetchersr pyhanko_certvalidator.ltv.poerrrrrr!pyhanko_certvalidator.policy_declrpyhanko_certvalidator.registryr&pyhanko_certvalidator.revinfo.archivalrrrrrrrr$s