U cc/@sddlZddlmZddlmZmZddlmZmZm Z m Z m Z m Z m Z ddlmZddlmZddlmZeeedd d Zd d Zeeed ddZeedddZeedddZejejdddZGdddejZejeej eej!eej"eiZ#Gddde$Z%ej&dddZ'ej(ddd Z)Gd!d"d"Z*ed#d$Gd%d&d&Z+e ee e+fZ,e e+e,d'd(d)Z-ej.e,d*d+d,Z/Gd-d.d.Z0Gd/d0d0Z1Gd1d2d2Z2e,d3d4d5Z3e,d3d6d7Z4dS)8N) dataclass) IPv4Address IPv6Address)UnionCallableOptionalSetDictListIterable)x509)urisplit)PathValidationError) base_host other_hostreturncCs2|ddkr&||\}}}|o$| S||kSdS)Nr.) rpartition)rrpre_postrZ/var/www/html/project/venv/lib/python3.8/site-packages/pyhanko_certvalidator/name_trees.pyhost_tree_contains s  rcCsPt|}|rt|ttfrL|dk r2d|dnd}td|d|d|S)Nz has host rzis not a well-formed URI.zCURI constraints require URIs with a host specified as a FQDN; URI 'z' )r Zgethost isinstancerr ValueError)Zcand_uriZ cand_hostZhost_errrrr _host_regnames r)baseotherrc CsBz t|}Wn*tk r6}z t|W5d}~XYnXt||SN)rrrr)rrrerrruri_tree_contains#s  r!)rrcCsX|d}|d}t|t|kr(dSt|t|koVtddtt|t|DS)NrFcss|]\}}||kVqdSrr.0xyrrr 3sz$dns_tree_contains..)splitlenallzipreversed)rrZ base_labelsZ other_labelsrrrdns_tree_contains,s  r,cCs:|d\}}}|d\}}}|r,||kSt||SdS)N@)rr)rrZ base_mailboxrZbase_host_or_domainZ other_mailboxZother_host_or_domainrrremail_tree_contains8s r.cCs4|j}|j}t|t|ko2tddt||DS)Ncss|]\}}||kVqdSrrr"rrrr&Isz(dirname_tree_contains..)chosenr(r)r*)rrZbase_rdn_sequenceZother_rdn_sequencerrrdirname_tree_containsEs r0c@seZdZeZeZeZeZeZ eZ eZ eZ eZ eeeeeejfeeejfgefdddZeddddZdS)GeneralNameTypercCs t|dSr)_name_type_checkersgetselfrrrcheck_membership[sz GeneralNameType.check_membershipcCst||Sr)getattrupper)clschoicerrr from_choicebszGeneralNameType.from_choiceN)__name__ __module__ __qualname__enumautoZ OTHER_NAME RFC822_NAMEDNS_NAMEZ X400_ADDRESSDIRECTORY_NAMEZEDI_PARTY_NAMEUNIFORM_RESOURCE_IDENTIFIERZ IP_ADDRESSZ REGISTERED_IDpropertyrrrstrr Nameboolr7 classmethodr<rrrrr1Ps "r1cs"eZdZedfdd ZZS)UnsupportedNameTypeError) name_typecst|jdSr)super__init__namelower)r6rL __class__rrrNpsz!UnsupportedNameTypeError.__init__)r=r>r?r1rN __classcell__rrrQrrKosrK)gnamecCs*t|j}|j}|tjkr"|j}||fSr)r1r<rOr/rDnative)rTZ gname_typevaluerrr_interpret_general_namets   rW)certccszt|jjrtj|jfV|j}|dkrb|jjD].}|D]$}|djdkr8tj|djfVq8q0n|D]}t|VqfdS)NtypeZ email_addressrV) r(subjectr/r1rDZsubject_alt_name_valuerUrBrW)rXZsubject_alt_namesZrdnZ name_pairrOrrr_enumerate_names_in_cert~s  r[c@sFeZdZeeejfdddZeddZ ddZ ddd d Z d S) _StringOrNamerVcCs ||_dSrr])r6rVrrrrNsz_StringOrName.__init__cCs*|j}t|tjrd|fSd|fSdS)Nr)rVrr rHdump)r6valrrr_codes  z_StringOrName._codecCs t|jSr)hashrar5rrr__hash__sz_StringOrName.__hash__)rcCs |j|jkSr)ra)r6rrrr__eq__sz_StringOrName.__eq__N) r=r>r?rrGr rHrNrFrarcrdrrrrr\s  r\T)frozenc@s~eZdZUeed<eeed<dZeed<dZ eeed<e e e j feddd Zedd d d Zeedd ddZdS) NameSubtreerL tree_baserminNmax)itemrcCs<|jdkrdS|jdks"|jdk r*td|j|jj|S)NTrzuThe minimum/maximum fields on a name constraint are not meaningful in the PKIX (RFC 5280) profile --- not processing.)rgrhriNotImplementedErrorrLr7rV)r6rjrrr __contains__s zNameSubtree.__contains__r2cCs4|d}t|\}}t|t||dj|djdS)Nrminimummaximum)rhri)rWrfr\rU)r:subtreerTrLZname_objrrrfrom_general_subtrees z NameSubtree.from_general_subtreerLrcCs t|ddS)z Tree that contains all names of a given type. :param name_type: The name type to use. :return: N)rLrg)rf)r:rLrrruniversal_treeszNameSubtree.universal_tree)r=r>r?r1__annotations__rr\rhintrirrGr rHrIrlrJrprrrrrrrfs    rf)treesrc CsHi}|D]:}z||j|Wqtk r@|h||j<YqXq|Sr)rLaddKeyError)ruresulttreerrr_group_subtreessrz)subtreesrcCstdd|DS)Ncss|]}t|VqdSr)rfrp)r#rorrrr&sz+process_general_subtrees..)rz)r{rrrprocess_general_subtreessr|c@s*eZdZdddZddZeddZdS) NameConstraintValidationResultNcCs||_||_dSrfailing_name_type failing_name)r6rrrrrrNsz'NameConstraintValidationResult.__init__cCs |jdkSr)rr5rrr__bool__sz'NameConstraintValidationResult.__bool__cCsD|jdk st|j}t|tjr&|j}|jj}d|d|dS)Nz The name 'z ' of type z is not allowed.) rAssertionErrorrrr rHZhuman_friendlyrOrP)r6Zname_strrLrrr error_messages  z,NameConstraintValidationResult.error_message)NN)r=r>r?rNrrFrrrrrr}s r}c@sJeZdZedddZedddZeeddd Ze j e d d d Z d S)PermittedSubtreesinitial_permitted_subtreescsfddtD}||_dS)Ncs i|]}|t|dgqS)r)setr4r#rLrrr sz.PermittedSubtrees.__init__..)r1_trees)r6rrurrrrNs zPermittedSubtrees.__init__rucCs&|D]\}}|j||qdSr)itemsrappend)r6rurLZ new_permittedrrrintersect_withsz PermittedSubtrees.intersect_withrqcs tfddt|j|DS)Nc3s$|]}tfdd|DVqdS)c3s|]}|kVqdSrrr#ryrOrrr&sz:PermittedSubtrees.accept_name...N)any)r#Ztrees_in_generationrrrr&sz0PermittedSubtrees.accept_name..)r)r+rr6rLrOrrr accept_names  zPermittedSubtrees.accept_namerXrcsLz,tfddt|D\}}t||dWStk rFtYSXdS)Nc3s&|]\}}||s||fVqdSr)rr#rLrOr5rrr&!s z0PermittedSubtrees.accept_cert..r~nextr[r} StopIterationr6rXrrrr5r accept_certs  zPermittedSubtrees.accept_certN) r=r>r? PKIXSubtreesrNrr1rIrr Certificater}rrrrrrs  rc@sJeZdZedddZedddZeeddd Ze j e d d d Z d S)ExcludedSubtrees)initial_excluded_subtreescCsdd|D|_dS)NcSsi|]\}}|t|qSrr)r#rLZtree_setrrrr5sz-ExcludedSubtrees.__init__..)rr)r6rrrrrN0szExcludedSubtrees.__init__rcCs&|D]\}}|j||qdSr)rrupdate)r6rurLZ new_excludedrrr union_with:szExcludedSubtrees.union_withrqcstfdd|j|DS)Nc3s|]}|kVqdSrrrrrrr&@sz/ExcludedSubtrees.reject_name..)rrrrrr reject_name?szExcludedSubtrees.reject_namercsLz,tfddt|D\}}t||dWStk rFtYSXdS)Nc3s&|]\}}||r||fVqdSr)rrr5rrr&Es z/ExcludedSubtrees.accept_cert..r~rrrr5rrBs  zExcludedSubtrees.accept_certN) r=r>r?rrNrr1rIrr rr}rrrrrr.s  rr2cCsddtDS)NcSsi|]}|t|hqSr)rfrrrrrrrSsz.default_permitted_subtrees..r1rrrrdefault_permitted_subtreesRsrcCsddtDS)NcSsi|] }|tqSrrrrrrrZsz-default_excluded_subtrees..rrrrrdefault_excluded_subtreesYsr)5r@ dataclassesr ipaddressrrtypingrrrrr r r Z asn1cryptor Zuritoolsr Zpyhanko_certvalidator.errorsrrGrIrrr!r,r.rHr0Enumr1rDrBrCrEr3rkrKZ GeneralNamerWrr[r\rfrrzZGeneralSubtreesr|r}rrrrrrrrsH $          ' 3$