U Nf* @sdZddlZddlZddlZddlmZmZmZmZm Z m Z ddl m Z m Z mZmZmZmZddlmZddlmZddlmZd d d d d dddddddg ZeeZeddddgZeddddgZeddddgZedddgZ e!ee"e"e#ddd Z$e!e"dd d!Z%e ej&e j'feej(d"d#d$Z)ej&ee"e#d%d&d Z*e!ej+e"d'd(d Z,e d)Z-e d*Z.ee-e e.e/ffee-ej0fe-egee.fe e.e/fd+d,d Z1d-d.Z2d/d Z3d0d1Z4d2dZ5e ej&e j'fd3d4dZ6d5dZ7dS)6zd Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses. N) AwaitableCallableDictOptionalTypeVarUnion)algoscmscoreocsppemx509)errors) Authority)get_ac_extension_valueunpack_cert_contentformat_ocsp_requestprocess_ocsp_response_dataqueue_fetch_taskcrl_job_results_as_completedocsp_job_get_earliestcomplete_certificate_fetch_jobsgather_aia_issuer_urls$ACCEPTABLE_STRICT_CERT_CONTENT_TYPESACCEPTABLE_CERT_PEM_ALIASESACCEPTABLE_PKCS7_DER_ALIASESACCEPTABLE_CERT_DER_ALIASESzapplication/pkix-certzapplication/pkcs7-mimezapplication/x-x509-ca-certz application/x-pkcs7-certificateszapplication/x-pem-filez text/plainzapplication/octet-streamzbinary/octet-stream) response_data content_typeurl permit_pemc cst|}|dks|tkrz|sz|dkr8td|dttj|}|dkrbt ||EdHq|dkrt j |Vn|t kr|st ||EdHnb|r|rtj |ddD]2\}}}|dkrt ||EdHqt j |Vqntd|d |d dS) Nz)Response to certificate fetch request to zi did not include a content type, verifying it's sequence length to check if it is a certificate or pkcs7.rT)multipleZPKCS7zFailed to extract certs from z payload. Source URL: .)r detectrloggerwarninglenr Sequenceload_unpack_der_pkcs7r CertificaterZunarmor ValueError) rrr r!Zis_pemZder_sequence_length type_name_datar1O/tmp/pip-unpacked-wheel-p64bl1fm/pyhanko_certvalidator/fetchers/common_utils.pyrGs4   ) pkcs7_data pkcs7_urlccsptj|}|dj}|dkr4td|d|d|d}t|dtjrl|dD]}|jdkrT|jVqTdS) Nr signed_dataziExpected CMS SignedData when extracting certs from application/pkcs7-mime payload, but content type was 'z'. Source URL: r$contentZ certificatesZ certificate) r Z ContentInfor*nativer- isinstanceZCertificateSetnameZchosen)r3r4Z content_infoZcms_ctr5Z cert_choicer1r1r2r+ns    r+)cert authorityreturncCsXt|tjr|j}n|ddj}t|j|}tt d|i|t|j ||d}|S)NZac_info serial_number algorithm)Zhash_algorithmZissuer_name_hashZissuer_key_hashr=) r8r r,r=r7getattrr9r CertIdrZDigestAlgorithmZ public_key)r:r;certid_hash_algor=Z iss_name_hashcert_idr1r1r2 get_certid~s    rC)r:r;rArequest_noncesc Csrt|||d}td|i}tdt|gi}|rdtddtt dd}t |g|d<t d |iS) N)rAZreq_certZ request_listnonceF)Zextn_idcriticalZ extn_valueZrequest_extensions tbs_request) rCr RequestZ TBSRequestZRequestsZTBSRequestExtensionr Z OctetStringosurandomZTBSRequestExtensions OCSPRequest)r:r;rArDrBrequestrHZnonce_extensionr1r1r2rs, )r ocsp_requestocsp_urlcCsztj|}Wntk r.tdYnX|dj}|dkrTtd||f|j}|r~|j}|r~|j|jkr~td|S)Nz)Failed to parse response from OCSP serverZresponse_statusZ successfulz5OCSP server at %s returned an error. Status was '%s'.zQUnable to verify OCSP response since the request and response nonces do not match) r Z OCSPResponser*r-rOCSPFetchErrorr7ZOCSPValidationErrorZ nonce_value)rrNrOZ ocsp_responsestatusZ request_nonceZresponse_noncer1r1r2rs& TR)results running_jobstag async_funr<c sXz(||}tdt|dt|WStk r<YnXzP||}tdt|d|IdHtdt|dt||WStk rRtdt|dt||<}z|IdH}WnBtk r}z"td t|d ||}W5d}~XYnX|||<td t|d ||=| t|YSXdS) NzResult for fetch job with tag z was available in cache.zWaiting for fetch job with tag z to return...z,Received completion signal for job with tag r$z Starting new fetch job with tag z...zNew fetch job with tag z threw an exception: z returned.) r&debugrepr_return_or_raiseKeyErrorwaitasyncioEvent Exceptionset)rTrUrVrWresultZ wait_eventer1r1r2rs>  cCst|tr||SN)r8r_)rar1r1r2rZ s rZc Csnd}d}tt|D]B}z|IdH}|VWqtjk rV}z|}W5d}~XYqXq|dk rj|sj|dS)NF)r] as_completedlistrZ CRLFetchError)jobslast_eZat_least_one_successZcrl_jobZ fetched_crlrbr1r1r2rs   cs<tj|}|z|IdHWntjk r6YnXdSrc)r]ZgathercancelZCancelledError)Z pending_taskspendingr1r1r2 cancel_all!s  rjc sdd|D}d}}|r~tj|tjdIdH\}}|D]B}z|IdH}WqWq8tjk rx}z|}W5d}~XYq8Xq8q|dk rt|IdH|S|ptddS)NcSsg|]}t|qSr1)r]Z create_task).0coror1r1r2 +sz)ocsp_job_get_earliest..)Z return_whenzNo OCSP results)r]r\ZFIRST_COMPLETEDrrPrj)rfqueueZ ocsp_resprgdoneZocsp_jobrbr1r1r2r*s"  )r:ccspt|tjr|j}n t|d}|dkr*dS|D]<}|djdkr.|d}|jdkrTq.|j}|dr.|Vq.dS)NZauthority_information_accessZ access_methodZ ca_issuersZaccess_locationZuniform_resource_identifierhttp)r8r r,Z"authority_information_access_valuerr7r9 startswith)r:Z aia_valueentrylocationr r1r1r2r>s    c Csrt|D]b}z|IdH}Wn>tjk rZ}ztd|dWYq W5d}~XYnX|D] }|Vq`q dS)Nz8Error during certificate fetch job, skipping... (Error: ))r]rdrZCertificateFetchErrorr&r')Z fetch_jobsZ fetch_jobZ certs_fetchedrbr:r1r1r2rQs )8__doc__r]loggingrJtypingrrrrrrZ asn1cryptorr r r r r rr;rutilr__all__ getLogger__name__r& frozensetrrrrbytesstrboolrr+r,ZAttributeCertificateV2r@rCrrLrrRrSr_r^rrZrrjrrrr1r1r1r2s           '  $   1