U g @sdZddlZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z m Z m Z mZmZmZmZmZmZddlZddlmZmZmZmZmZddlmZddlmZdd lm Z dd l!m"Z"m#Z#dd l$m%Z%m&Z&dd l'm(Z(dd l)m*Z*m+Z+ddl,m-Z-m.Z.ddl/m0Z0ddl1m2Z2ddl3m4Z4ddl5m6Z6ddl7m8Z8ddl9m:Z:ddl;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFmGZGddlHmIZImJZJmKZKmLZLmMZMddlNmOZOddlPmQZQddlRmSZSddlTmUZUmVZVmWZWmXZXmYZYddlZm[Z[m\Z\m]Z]m^Z^ddl_m`Z`maZambZbdd d!d"d#d$d%d&d'd(d)d*g Zcd+d,ldmeZed-d.l:mfZfegehZied/d0Gd1d"d"ZjGd2d#d#ejkZled/d0Gd3d!d!ejZmed/d0Gd4d d ejZned/d0Gd5ddZoe8d6d7d8ZpdTe8eqejresd:d;d<Zte8d6d=d>Zue8d6d?d@ZvejwdAdBdCZxGdDd$d$ZydEdFZzGdGd%d%Z{ed/d0GdHd)d)Z|e8e-j}dIdJdKZ~GdLd&d&Zed/d0GdMd*d*ZGdNdOdOe:jfZGdPdQdQe:jZGdRd'd'ZGdSd(d(ZdS)UzH This module implements support for PDF-specific signing functionality. N) dataclassfield)datetime) IOAnyDictIterableListOptionalSetTupleUnion)algoscmscrlkeysocsp)pdf)VOID)hashes)CertificateValidatorValidationContext)PathBuildingErrorPathValidationError)ValidationPath)ACValidationResultasync_validate_ac)genericmisc)pdfmac)pdf_name)IncrementalPdfFileWriter) PdfFileReader)BasePdfFileWriter) attributes)CAdESSignedAttrSpec) FieldMDPSpecInvisSigSettingsMDPPermSeedLockDocument SigAuthType SigFieldSpecSigSeedSubFilterSigSeedValFlagsSigSeedValueSpecenumerate_sig_fields) SigningErrorfind_unique_cms_attributeget_cms_hash_algo_for_mechanismget_pyca_cryptography_hashsimple_cms_attribute) TimeStamper)BaseStampStyle) constants)PdfCMSEmbedderSigAppearanceSetup SigIOSetup SigMDPSetup SigObjSetup) BuildPropsDocumentTimestampPreparedByteRangeDigestSignatureObject)PdfCMSSignedAttributesSignerselect_suitable_signing_mdPdfSignatureMetadataDSSContentSettingsTimestampDSSContentSettingsGeneralDSSContentSettingsSigDSSPlacementPreferencePdfTimeStamper PdfSignerPdfSigningSessionPdfTBSDocumentPdfPostSignatureDocumentPreSignValidationStatusPostSignInstructions)SerialisedCredential)CMSAttributeProviderT)frozenc@s*eZdZUdZdZeed<dZeed<dS)rHza .. versionadded:: 0.8.0 Settings that govern DSS creation and updating in general. T include_vriskip_if_unneededN)__name__ __module__ __qualname____doc__rVbool__annotations__rWr^r^C/tmp/pip-unpacked-wheel-owvgwkas/pyhanko/sign/signers/pdf_signer.pyrH[s   c@s(eZdZdZeZeZeZdS)rIz .. versionadded:: 0.8.0 Preference for where to perform a DSS update with validation information for a specific signature. N) rXrYrZr[enumautoTOGETHER_WITH_SIGNATURESEPARATE_REVISIONTOGETHER_WITH_NEXT_TSr^r^r^r_rI~s   c@s&eZdZUdZdZeed<ddZdS)rGaY .. versionadded:: 0.8.0 Settings for a DSS update with validation information for a document timestamp. .. note:: In most workflows, adding a document timestamp doesn't trigger any DSS updates beyond VRI additions, because the same TSA is used for signature timestamps and for document timestamps. Fupdate_before_tscCs|jr|jrtddS)e Check settings for consistency, and raise :class:`.SigningError` otherwise. zqIf VRI entries are to be included, DSS updates can only be performed after the timestamp in question was created.N)rVrer0selfr^r^r_ assert_viables z)TimestampDSSContentSettings.assert_viableN)rXrYrZr[rer\r]rir^r^r^r_rGs  c@sFeZdZUdZejZeed<dZe e ed<e dddZ dd Z dS) rFzm .. versionadded:: 0.8.0 Settings for a DSS update with validation information for a signature. placementNnext_ts_settingsreturncCs0|j}|dk r|S|jtjk}t|j|j|dS)z Retrieve DSS update settings for document timestamps that are part of our signing workflow, if there are any. N)rVrWre)rkrjrIrbrGrVrW)rhZ ts_settingsrer^r^r_get_settings_for_tss z&DSSContentSettings.get_settings_for_tscCs.|jtjk}|jr|rtd|dS)rfzqIf VRI entries are to be included, DSS updates can only be performed after the signature in question was created.N)rjrIrbrVr0rnri)rhZpre_signr^r^r_ris  z DSSContentSettings.assert_viable) rXrYrZr[rIrdrjr]rkr rGrnrir^r^r^r_rFs  c@sXeZdZUdZdZeeed<dZeeed<dZ eeed<dZ eeed<dZ eeed<dZ eeed<dZ eeed <dZeeed <dZeeed <d Zeed <dZeeed<d Zeed<d Zeed<dZeeed<dZeeed<ejZeed<edddZ e!eed<dZ"ee#ed<e$Z%e$ed<d Z&eed<dZ'eeed<dS)rEz, Specification for a PDF signature. N field_name md_algorithmlocationreason contact_infonameapp_build_propsprop_auth_timeprop_auth_typeFcertify subfilterembed_validation_info use_pades_ltatimestamp_field_namevalidation_contextdocmdp_permissionscCstjSN)r8ZDEFAULT_SIGNER_KEY_USAGEr^r^r^r_zPdfSignatureMetadata.default_factorysigner_key_usagecades_signed_attr_spec dss_settingstight_size_estimatesac_validation_context)(rXrYrZr[ror strr]rprqrrrsrtrur>rvintrwr*rxr\ryr,rzr{r|r}rr( FILL_FORMSr~rrr rr%rFrrrr^r^r^r_rEs2         Z pdf_writercCs&|jdd|jdkr"|tjdS)z Helper function to ensure that the output PDF is at least PDF 1.7, and that the relevant ESIC extension for PAdES is enabled if the version lower than 2.0. )r7versionrSrN)ensure_output_versionZoutput_versionregister_extensionr8ZESIC_EXTENSION_1rr^r^r__ensure_esic_exts  rF)pdf_outrp signed_datadocument_digestc Cs||}|dd}|dj}tt|}|||} |rH| }|j|| |d} |d} | tkrrt g} | t d| | |d<dS)a Utility function to add a MAC token to an externally generated CMS payload. The payload is modified in-place. :param pdf_out: Writer to contain output. :param md_algorithm: The message digest algorithm to use for the MAC. :param document_digest: The document digest that should go into the MAC token. :param signed_data: A CMS signed data value. :param dry_run: Whether this is considered a dry run for size estimation purposes. Z signer_infosr signaturersignature_digestdry_runZunsigned_attrs pdf_mac_dataN) _init_mac_handlernativerHashr3updatefinalizebuild_pdfmac_tokenrr CMSAttributesappendr4) rrprrr mac_handlersiZsignature_bytesmd sig_digestZ mac_tokenZuar^r^r_add_mac_to_external_cmss$     rcCs|jdd|tjdSNrr)rrr8ZISO32001rr^r^r__ensure_iso32001_exts rcCs|jdd|tjdSr)rrr8ZISO32002rr^r^r__ensure_iso32002_exts r)pubkeycCs|j\}}|dko|tjkS)Nnamed)Zcurver8ZISO32002_CURVE_NAMES)rkindZcurve_idr^r^r__is_iso32002_curves rc@seZdZdZdedfeeeeedddZe eddd Z dd de e j d d eeee ed d dZdd de e j d ddeeee eedddZdde j ejfedddZdde j ejdfeedddZdS)rJz] Class to encapsulate the process of appending document timestamps to PDF files. NZ Timestamp) timestamperroinvis_settingsreadable_field_namecCs||_||_||_||_dSr)default_timestamper _field_name_readable_field_name_invis_settings)rhrrorrr^r^r___init__&szPdfTimeStamper.__init__rlcCs|jpdttS)z Retrieve or generate the field name for the signature field to contain the document timestamp. :return: The field name, as a (Python) string. z Timestamp-)rruuidZuuid4rgr^r^r_ro2s zPdfTimeStamper.field_nameF)in_placeoutputr chunk_sizer)rrrrc Cs*t|j||||||||| | | d } | S)a .. versionchanged:: 0.9.0 Wrapper around :meth:`async_timestamp_pdf`. Timestamp the contents of ``pdf_out``. Note that ``pdf_out`` should not be written to after this operation. :param pdf_out: An :class:`.IncrementalPdfFileWriter`. :param md_algorithm: The hash algorithm to use when computing message digests. :param validation_context: The :class:`.pyhanko_certvalidator.ValidationContext` against which the TSA response should be validated. This validation context will also be used to update the DSS. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. :param validation_paths: If the validation path(s) for the TSA's certificate are already known, you can pass them using this parameter to avoid having to run the validation logic again. :param timestamper: Override the default :class:`.TimeStamper` associated with this :class:`.PdfTimeStamper`. :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :param dss_settings: DSS output settings. See :class:`.TimestampDSSContentSettings`. :param tight_size_estimates: When estimating the size of a document timestamp container, do not add safety margins. .. note:: External TSAs cannot be relied upon to always produce the exact same output length, which makes this option risky to use. :return: The output stream containing the signed output. ) r}bytes_reservedvalidation_pathsrrrrrr)asynciorunasync_timestamp_pdf) rhrrpr}rrrrrrrrresultr^r^r_ timestamp_pdfBs DzPdfTimeStamper.timestamp_pdfT)rrrrr embed_roots)rrrrrc st||jdk o|jj} ddlm}|p.|j}|dk r||}|dkrNg}|2z3dHW}||qR6| | j r|j j |d||| d|j }|dkr| |IdH}| rt|||ddddt|d }| r|}n|d |d }t|d }t||j|jd }t|d j||dd}t||t|d}| rLt||t|||| d}||\}}||j|IdH}| rt|||d|jd||}|dk r| j s| jsd}d}|jr|j}|r| }|j j!||||| j" | |dt#$||S)au .. versionadded:: 0.9.0 Timestamp the contents of ``pdf_out``. Note that ``pdf_out`` should not be written to after this operation. :param pdf_out: An :class:`.IncrementalPdfFileWriter`. :param md_algorithm: The hash algorithm to use when computing message digests. :param validation_context: The :class:`.pyhanko_certvalidator.ValidationContext` against which the TSA response should be validated. This validation context will also be used to update the DSS. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. :param validation_paths: If the validation path(s) for the TSA's certificate are already known, you can pass them using this parameter to avoid having to run the validation logic again. :param timestamper: Override the default :class:`.TimeStamper` associated with this :class:`.PdfTimeStamper`. :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :param dss_settings: DSS output settings. See :class:`.TimestampDSSContentSettings`. :param tight_size_estimates: When estimating the size of a document timestamp container, do not add safety margins. .. note:: External TSAs cannot be relied upon to always produce the exact same output length, which makes this option risky to use. :param embed_roots: Option that controls whether the root certificate of each validation path should be embedded into the DSS. The default is ``True``. .. note:: Trust roots are configured by the validator, so embedding them typically does nothing in a typical validation process. Therefore they can be safely omitted in most cases. Nonetheless, embedding the roots can be useful for documentation purposes. :return: The output stream containing the signed output. Nr validation) sig_contentspathsr}rcontentrT)rprrrrS)r)sig_field_nameZinvis_sig_settingsrnew_field_specFrowriterexisting_fields_only)sig_placeholder)rprrr)rprr) output_streamrrr} force_writerfile_credential)%rsecurity_handlerpdf_mac_enabled pyhanko.signrrrrrireDocumentSecurityStoresupply_dss_in_writerroZasync_dummy_responserlendumpr?r+rrr9 write_cmsnextsendr=_register_mac_on_sigr;Zasync_timestamprrVextract_credential serialiseadd_dssrWrfinalise_output)rhrrpr}rrrrrrrrrZneed_macrZ paths_coropathroZtest_tsttest_lenZ timestamp_obj field_spec cms_writer sig_obj_refZsig_ioZ prep_digest res_outputZ timestamp_cmsrcredential_ser credentialr^r^r_rsO            z"PdfTimeStamper.async_timestamp_pdfreadercCs |j||||||d}t|S)a .. versionchanged:: 0.9.0 Wrapper around :meth:`async_update_archival_timestamp_chain`. Validate the last timestamp in the timestamp chain on a PDF file, and write an updated version to an output stream. :param reader: A :class:`PdfReader` encapsulating the input file. :param validation_context: :class:`.pyhanko_certvalidator.ValidationContext` object to validate the last timestamp. :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :param default_md_algorithm: Message digest to use if there are no preceding timestamps in the file. :return: The output stream containing the signed output. )rr}rrrdefault_md_algorithm)%async_update_archival_timestamp_chainrr)rhrr}rrrrcoror^r^r_update_archival_timestamp_chainUs&z.PdfTimeStamper.update_archival_timestamp_chain)rrcs(ddlm}ddlm} ||} z t| } Wn"tk rPtdd} YnXd} | dkrd|} n.| }| j }|j |||IdH}|j } |} |r|j}n*t|}|jdtt||j|t|}| dk r| dk st|jj|| j| jf||d|j|| |d|d IdHt||S) a .. versionadded:: 0.9.0 Validate the last timestamp in the timestamp chain on a PDF file, and write an updated version to an output stream. :param reader: A :class:`PdfReader` encapsulating the input file. :param validation_context: :class:`.pyhanko_certvalidator.ValidationContext` object to validate the last timestamp. :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :param default_md_algorithm: Message digest to use if there are no preceding timestamps in the file. :param embed_roots: Option that controls whether the root certificate of each validation path should be embedded into the DSS. The default is ``True``. .. note:: Trust roots are configured by the validator, so embedding them typically does nothing in a typical validation process. Therefore they can be safely omitted in most cases. Nonetheless, embedding the roots can be useful for documentation purposes. :return: The output stream containing the signed output. rSr)TimestampSignatureStatuszVDocument does not have any document timestamps yet. This may cause unexpected results.Nr)rr}rT)rr)rZvalidation.statusrget_timestamp_chainr StopIterationloggerwarningZcompute_digestrZltvZestablish_timestamp_trustrpstreamrprepare_rw_output_streamseekZ chunked_write bytearrayr!AssertionErrorrrZ pkcs7_contentvalidation_pathrr)rhrr}rrrrrrrZ timestampsZlast_timestampZ tst_statusrpZexpected_imprintZ tst_tokenZlast_tst_statusrrr^r^r_rsZ7            z4PdfTimeStamper.async_update_archival_timestamp_chain)NNNN)NNNN)rXrYrZr[r'r5r rrpropertyrorGrDEFAULT_CHUNK_SIZEr!r\rrr8 DEFAULT_MDr"rrr^r^r^r_rJ s~   Y  C 4cCs2ztt|ddWdStk r,YdSXdS)NT)Z filled_statusF)rr/r)handlerr^r^r__signatures_exists rc@s<eZdZdZdZddddeeeeee ee dddZ e ee dd d Zed d d ZeedddZeee dddZee dddZd%eddddZd&dddejdeeedefdddZd'dddejdeeedefdddZd(dddejded d!d"Zd)dddejded d#d$ZdS)*rKa .. versionchanged: 0.7.0 This class is no longer a subclass of :class:`.PdfTimeStamper`. Class to handle PDF signatures in general. :param signature_meta: The specification of the signature to add. :param signer: :class:`.Signer` object to use to produce the signature object. :param timestamper: :class:`.TimeStamper` object to use to produce any time stamp tokens that might be required. :param stamp_style: Stamp style specification to determine the visible style of the signature, typically an object of type :class:`.TextStampStyle` or :class:`.QRStampStyle`. Defaults to :const:`constants.DEFAULT_SIGNING_STAMP_STYLE`. :param new_field_spec: If a new field is to be created, this parameter allows the caller to specify the field's properties in the form of a :class:`.SigFieldSpec`. This parameter is only meaningful if ``existing_fields_only`` is ``False``. FN)r stamp_styler)signature_metasignerrrrcCs||_|dk r"|j|jkr"td||_|p0tj}||_|z|jd}t ||_ Wnt k rpd|_ YnX||_ ||_ dS)NzLField names specified in SigFieldSpec and PdfSignatureMetadata do not agree.)rrror0rr8ZDEFAULT_SIGNING_STAMP_STYLEr"get_signature_mechanism_for_digestr2signer_hash_algo ValueErrorrr)rhrrrrrZmechr^r^r_rs&     zPdfSigner.__init__rlcCs|jjp |jS)a Name of the default message digest algorithm for this signer, if there is one. This method will try the :attr:`~.PdfSignatureMetadata.md_algorithm` attribute on the signer's :attr:`signature_meta`, or try to retrieve the digest algorithm associated with the underlying :class:`~pyhanko.sign.signers.pdf_cms.Signer`. :return: The name of the message digest algorithm, or ``None``. )rrprrgr^r^r_default_md_for_signer>s zPdfSigner.default_md_for_signerrcCsP|jjrt|rtdddlm}||}|dkr8dS|jtjkrLtddS)NzICertification signatures must be the first signature in a given document.r)read_certification_dataz$Author signature forbids all changes) rrxrr0pyhanko.sign.validationr Z permissionr( NO_CHANGES)rhrr Zcdr^r^r_"_enforce_certification_constraintsMs  z,PdfSigner._enforce_certification_constraintscCs*|jr dS|d}|dkr dSt|S)Nz/SV) _ignore_svgetr.from_pdf_object)rh sig_fieldZsv_dictr^r^r__retrieve_seed_value_spec`s  z#PdfSigner._retrieve_seed_value_spec)sv_specrmcCs|j}|dk r |jr |jd}nd}|jdk r6|j}n2|dk rD|}n$|jjdk r`t|jjj}ntd|jdk rz|jj nd}|dk rt }t d|i}|||std|d|jjd|S)NrzCould not select a default digest algorithm. Please supply a value in the signature settings, or configure the signer with an explicit signature mechanism that includes a digest algorithm specification. algorithmzThe hash algorithm zJ is not allowed in the specified validation context (usage policy of type z).)rdigest_methodsrr signing_certrD public_keyr0r}algorithm_policyrnowrZDigestAlgorithmZdigest_algorithm_allowed __class__rX)rhrrZsv_md_algorithmrprrZ md_algo_objr^r^r__select_md_algorithmks6      zPdfSigner._select_md_algorithm)rrpc Cs|jjtjkrt||jdk r4|jjr4|tj z|j |}|j }WnBt tfk r}z tdt|dWYdSd}~XYnX|dkrt|nZ|dkrt|t|n@|ds|dkrt||j j}|r|dkrt|jrt|dS)Nz*Failed to introspect signature mechanism: z>. Will forgo algorithm-based automatic extension registration.Zed25519Zed448Zsha3Zshake256Zecdsa)rryr,PADESrrrrrZISO32004rrZsignature_algor0rrdebugrrr startswithrrr)rhrrpZsig_mechZsig_algoecertr^r^r_register_extensionss@    zPdfSigner.register_extensionsrLrrmc Cst|tr&|j}|jr&|jjr&td|j}|j}t |j dj |j ||d}t |}|}||} t|tr|||j|| } |j|| d| dk r| jr|dkr| }|j} | dkr| dk r| jr| jd} ntj} t||||| || | d} | S)a Initialise a signing session with this :class:`.PdfSigner` for a specified PDF file writer. This step in the signing process handles all field-level operations prior to signing: it creates the target form field if necessary, and makes sure the seed value dictionary gets processed. See also :meth:`digest_doc_for_signing` and :meth:`sign_pdf`. :param pdf_out: The writer containing the PDF file to be signed. :param existing_fields_only: If ``True``, never create a new empty signature field to contain the signature. If ``False``, a new field may be created if no field matching :attr:`~.PdfSignatureMetadata.field_name` exists. :return: A :class:`.PdfSigningSession` object modelling the signing session in its post-setup stage. z`Attempting to sign document with hybrid cross-reference sections while hybrid xrefs are disabledrr)rpNr)r) isinstancer!prevstrictZxrefsZhybrid_xrefs_presentr0rrr9rrrorZ get_objectrr rr Ztimestamp_requiredZbuild_timestamperry subfiltersr,ADOBE_PKCS7_DETACHEDrL) rhrrr#rrrZ sig_field_refrrrprysessionr^r^r_init_signing_sessionsZ        zPdfSigner.init_signing_session)appearance_text_paramsrrrrMc Cs.tdtt|j|||||||d}|S)a .. deprecated:: 0.9.0 Use :meth:`async_digest_doc_for_signing` instead. Set up all stages of the signing process up to and including the point where the signature placeholder is allocated, and the document's ``/ByteRange`` digest is computed. See :meth:`sign_pdf` for a less granular, more high-level approach. .. note:: This method is useful in remote signing scenarios, where you might want to free up resources while waiting for the remote signer to respond. The :class:`.PreparedByteRangeDigest` object returned allows you to keep track of the required state to fill the signature container at some later point in time. :param pdf_out: A PDF file writer (usually an :class:`.IncrementalPdfFileWriter`) containing the data to sign. :param existing_fields_only: If ``True``, never create a new empty signature field to contain the signature. If ``False``, a new field may be created if no field matching :attr:`~.PdfSignatureMetadata.field_name` exists. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. :param appearance_text_params: Dictionary with text parameters that will be passed to the signature appearance constructor (if applicable). :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :return: A tuple containing a :class:`.PreparedByteRangeDigest` object, a :class:`.PdfTBSDocument` object and an output handle to which the document in its current state has been written. zR'digest_doc_for_signing' is deprecated, use 'async_digest_doc_for_signing' insteadrrr)rrr)warningswarnDeprecationWarningrrasync_digest_doc_for_signing rhrrrr)rrrrr^r^r_digest_doc_for_signings ? z PdfSigner.digest_doc_for_signingcsx|j||d}||IdH} |dkrB|j| |jjd} | IdH}|j| ||d} | j|||d\} } | | t|| fS)a .. versionadded:: 0.9.0 Set up all stages of the signing process up to and including the point where the signature placeholder is allocated, and the document's ``/ByteRange`` digest is computed. See :meth:`sign_pdf` for a less granular, more high-level approach. .. note:: This method is useful in remote signing scenarios, where you might want to free up resources while waiting for the remote signer to respond. The :class:`.PreparedByteRangeDigest` object returned allows you to keep track of the required state to fill the signature container at some later point in time. :param pdf_out: A PDF file writer (usually an :class:`.IncrementalPdfFileWriter`) containing the data to sign. :param existing_fields_only: If ``True``, never create a new empty signature field to contain the signature. If ``False``, a new field may be created if no field matching :attr:`~.PdfSignatureMetadata.field_name` exists. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. .. warning:: Since the CMS object is written to the output file as a hexadecimal string, you should request **twice** the (estimated) number of bytes in the DER-encoded version of the CMS object. :param appearance_text_params: Dictionary with text parameters that will be passed to the signature appearance constructor (if applicable). :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :return: A tuple containing a :class:`.PreparedByteRangeDigest` object, a :class:`.PdfTBSDocument` object and an output handle to which the document in its current state has been written. rN)validation_infotightr2rr)rrr) r(perform_presign_validation!estimate_signature_container_sizerrprepare_tbs_documentdigest_tbs_documentrr)rhrrrr)rrrsigning_sessionr2 estimation tbs_documentprepared_br_digestrr^r^r_r.ms6>    z&PdfSigner.async_digest_doc_for_signing)rc Cs"t|j|||||||d}|S)a .. versionchanged:: 0.9.0 Wrapper around :meth:`async_sign_pdf`. Sign a PDF file using the provided output writer. :param pdf_out: A PDF file writer (usually an :class:`.IncrementalPdfFileWriter`) containing the data to sign. :param existing_fields_only: If ``True``, never create a new empty signature field to contain the signature. If ``False``, a new field may be created if no field matching :attr:`~.PdfSignatureMetadata.field_name` exists. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. :param appearance_text_params: Dictionary with text parameters that will be passed to the signature appearance constructor (if applicable). :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :return: The output stream containing the signed data. r*)rrasync_sign_pdfr/r^r^r_sign_pdfs- zPdfSigner.sign_pdfcs|j||d}||IdH} |dkrB|j| |jjd} | IdH}|j| ||d} | j|||d\} } | j| jt |j | dkrdn| j |jj ddIdH}|j | |dIdHt|| S) a .. versionadded:: 0.9.0 Sign a PDF file using the provided output writer. :param pdf_out: A PDF file writer (usually an :class:`.IncrementalPdfFileWriter`) containing the data to sign. :param existing_fields_only: If ``True``, never create a new empty signature field to contain the signature. If ``False``, a new field may be created if no field matching :attr:`~.PdfSignatureMetadata.field_name` exists. :param bytes_reserved: Bytes to reserve for the CMS object in the PDF file. If not specified, make an estimate based on a dummy signature. :param appearance_text_params: Dictionary with text parameters that will be passed to the signature appearance constructor (if applicable). :param output: Write the output to the specified output stream. If ``None``, write to a new :class:`.BytesIO` object. Default is ``None``. :param in_place: Sign the original input stream in-place. This parameter overrides ``output``. :param chunk_size: Size of the internal buffer (in bytes) used to feed data to the message digest function if the input stream does not support ``memoryview``. :return: The output stream containing the signed data. r1N)r3r4r5Z signing_timeadobe_revinfo_attrZcades_signed_attrs)rpdf_cms_signed_attrsr)r(r6r7rrr8r9perform_signaturerrB system_timerArpost_signature_processingrr)rhrrrr)rrrr:r2r;r<r=rZpost_signing_docr^r^r_r>sL-     zPdfSigner.async_sign_pdf)F)FN)FN)FN)FN) rXrYrZr[r rErCr r5r6r+rrrrr"r r.rrr#r r(rrr r@rr0r.r?r>r^r^r^r_rKs ! / ( _ T ] =c@seZdZUdZeed<eeed<dZeeeed<dZ ee j ed<e e dZeejed<e e dZeejed <e e dZeeed <dS) rOz .. versionadded:: 0.7.0 Container for validation data collected prior to creating a signature, e.g. for later inclusion in a document's DSS, or as a signed attribute on the signature. signer_pathrNts_validation_pathsrArocsps_to_embed crls_to_embedac_validation_paths)rXrYrZr[rr]r rHr rAasn1_pdfZRevocationInfoArchivalrlistrIrZ OCSPResponserJrZCertificateListrKr^r^r^r_rOXs  rrc Cs.|tdttdtdtd|idS)Nz /AuthCodez /MACLocationz/AttachedToSigz /SigObjRef)Zset_custom_trailer_entryr rDictionaryObjectrNr^r^r_rsrc @seZdZdZdeeeeee ee ee dddZ deeee dddZed d d Zd d ZddZedddZeedddZd ee dddZd!ee ddddZdS)"rLz .. versionadded:: 0.7.0 Class modelling a PDF signing session in its initial state. The ``__init__`` method is internal API, get an instance using :meth:`.PdfSigner.init_signing_session`. N) pdf_signerrrprryrErc CsV||_||_||_||_||_||_||_|tjk|_ |pHt j t d|_| |_dS)N)tz)rPrrrrprryr,r use_padesrrtzlocalZ get_localzonerEr) rhrPrrrrprryrErr^r^r_rs  zPdfSigningSession.__init__r!c s|j}g}|j}|j}|jrV|jjjdkr4tdn"|dkrFtdn|jsVt d|j}|dkrhdS| ||j IdH}| ||j rt|tr|||jIdH}|dk r| ||j}|dk r||} g} | 2z 3dHW} | | | | q6nd} |jdk rP||j} g} | 2z"3dHW}| || |q(6ng} |jr|js|dk srttj|j|jd}nd}t||| ||j|j| dS)a Perform certificate validation checks for the signer's certificate, including any necessary revocation checks. This function will also attempt to validate & collect revocation information for the relevant TSA (by requesting a dummy timestamp). :param pdf_out: Current PDF writer. Technically optional; only used to look for the end of the timestamp chain in the previous revision when producing a PAdES-LTA signature in a document that is already signed (to ensure that the timestamp chain is uninterrupted). :return: A :class:`PreSignValidationStatus` object, or ``None`` if there is no validation context available. NzkA signer's certificate must be provided if validation/revocation info is to be embedded into the signature.ziA validation context must be provided if validation/revocation info is to be embedded into the signature.zsValidation/revocation info will be embedded, but fetching is not allowed. This may give rise to unexpected results.)Zocsp_responsescrls)rrGrHrArIrJrK)rPrr}rzrrr0Zfetching_allowedrr"_perform_presign_signer_validationrrr{r"r!_perform_prev_ts_validationr#rrr_perform_presign_ac_validationrRrrCZformat_revinfoocspsrTrO)rhrrPrrr}rGZ prev_tsa_pathrZasync_ts_pathsZts_pathsZts_pathZasync_aa_pathsZaa_pathsaa_pathZrevinfor^r^r_r6s         z,PdfSigningSession.perform_presign_validation)r}csv|jjtj}|jjj}|dk r<|jdk r<||jjfdd|D}t |D]}|IdH}|j VqZdS)Ncsg|]}t|jdqS))Z holder_cert)rr).0acrr}r^r_ 6s zDPdfSigningSession._perform_presign_ac_validation..) rPrrMZattribute_certsrrZsigner_attributesextendZcertified_attrsrZ as_completedrY)rhr}Z attr_certsZcades_attr_specZac_jobsZac_jobrr^r\r_rW(s    z0PdfSigningSession._perform_presign_ac_validationc sd|jj}t|j|j|d}z||IdH}Wn0ttfk r^}ztd|W5d}~XYnX|S)NZintermediate_certsr}z/The signer's certificate could not be validated) rPrrr cert_registryasync_validate_usagerrr0)rhr}Z key_usagerZ validatorZsigner_cert_validation_pathrr^r^r_rU@s"z4PdfSigningSession._perform_presign_signer_validationc s|jj}ddlm}d}zt||}Wntk r<YnXd}|dk rt|j|j|d}z |j t dhd}|IdH}Wn0t t fk r} zt d| W5d} ~ XYnX|S)Nr)rr_Z time_stamping)Zextended_key_usageznRequested a PAdES-LTA signature on an existing document, but the most recent timestamp could not be validated.)rPrr rrrrZ signer_certr`rasetrrr0) rhr}Z prev_readerrrZlast_tsZlast_ts_validation_pathZ ts_validatorZ validate_cororr^r^r_rVUs4 z-PdfSigningSession._perform_prev_ts_validationrlc Cs|j}|j}|jj}|dk r`tjtjgtjtj tj gi}| |j g}|dk o\t |jtj@}ng}d}d}}|r||dnd} zB|d}t|}|d} t| } |r| |krtd| dWn@tk rYn.tk r} ztd| W5d} ~ XYnX|j} |j} | dk r~| s*| dk r~|rD| |krD|d} n| dkrR| nt| | } | | kr~td| d | d | s| dk r|dkrttd td td ti|d<}t| j |d<t!| || |j"dS)NFrz/Lockz/PzWInconsistency in form field data. The field lock dictionary imposes the DocMDP policy 'zE', but the seed value dictionary's /LockDocument does not allow that.zFailed to read /Lock dictionaryzDocMDP policy 'zO', was requested, but the signature field settings do not allow that. Setting 'z ' instead.z/Actionz/Includez/Fields)rxZ field_lock docmdp_permsrp)#rrrPrr)ZLOCKr(r Z DO_NOT_LOCKrZANNOTATErZ lock_documentr\flagsr-Z LOCK_DOCUMENTr&rr0KeyErrorrr~rxminrrrrOr Z ArrayObjectZ NumberObjectvaluer<rp)rhrrrZ sv_lock_lutZsv_lock_valuesZsv_lock_value_reqlockZ lock_dictrcZ docmdp_valuerZ meta_permsZ meta_certifyr^r^r__apply_locking_rulesvs           z&PdfSigningSession._apply_locking_rules)rcCs|j}|j}|j}|dk st|j}|jdk rT|jjdkrBtd|j |jj||j dk r|j }||j krdd}td||d||j d|j j }|r||jkrtd|d|jd |s|S|j} |tj@r.|jdk r.|jstd |jd } | dk r.| | kr.td | j| jf| dkrN|jdk rN|jd } |tj@rx|jdk rxtd |jd|tj@r|jdk r|j|jkrtd|jrdnd|jr| tjkrtdtjj|tj@r.|jdk r.|j} | dk r.| } | |jkr.td| d |jf|tj!@r|j"} | pP| dgk} |j#}| rp|dk rptd| s| r|| krtd|d dd| DfdS)NzZCannot verify seed value constraints on the signer's certificate since it is not availablecSs |rdSdS)Nza certificationz an approvalr^)rxr^r^r__typesz@PdfSigningSession._enforce_seed_value_constraints.._typezPThe seed value dictionary's /MDP entry specifies that this field should contain z signature, but z was requested.zaThe seed value dictionary specified that this certification signature should use the MDP policy 'z', but 'z' was requested.zPThe signature encodings mandated by the seed value dictionary are not supported.rzJThe seed value dictionary mandates subfilter '%s', but '%s' was requested.zqpyHanko does not define any named appearances, but the seed value dictionary requires that the named appearance 'z ' be used.zoThe seed value dict mandates that revocation info %sbe added; adjust PdfSignatureMetadata settings accordingly.rznot zdThe seed value dict mandates that Adobe-style revocation info be added; this requires subfilter '%s'zdThe selected message digest %s is not allowed by the seed value dictionary. Please select one of %s.z, .z@The seed value dictionary prohibits giving a reason for signing.zVReason "%s" is not a valid reason for signing, please choose one of the following: %s.css|]}d|VqdS)z"%s"Nr^)rZsr^r^r_ ZszDPdfSigningSession._enforce_seed_value_constraints..)$rrPrrrdrrrr0 satisfied_byZseed_signature_typeZcertification_signaturerxZmdp_permr~ryr-Z SUBFILTERr%NotImplementedErrorrgZAPPEARANCE_FILTERZ appearanceZ ADD_REV_INFOZ add_rev_inforzr,r&Z DIGEST_METHODrrlowerjoinZREASONSreasonsrr)rhrrrPrrdZ sv_certifyrjZ sv_mdp_permZ selected_sfZ mandated_sfZ selected_mdrrZ must_omitZ reason_givenr^r^r__enforce_seed_value_constraintss             z1PdfSigningSession._enforce_seed_value_constraintsF)r2c s|j}|jj}|jj}|jdkr(tdt|}t| }t |j |dkrPdn|j |j d}|j|||jd|j|dIdH} t| d} |r| } n| d| d} | S)NzAutomatic signature size estimation is not available without a signer's certificate. Space must be allocated manually using bytes_reserved=...r@T)rRrrsigned_attr_settingsrSr)rprPrrrr0r3rrrrBrErAr async_signrRrrr) rhr2r3rprrZmd_specZtest_md signed_attrsZtest_signature_cmsrrr^r^r_r7^s:   z3PdfSigningSession.estimate_signature_container_sizerM)r2rmc Cs|j}|jj}|jdk r0||dkr(dn|j|j}|j}|j}|jr|dk r| |j t j krddl m} |j} | jj| d|j|j|j|d|j} |} |j} |j}t|j|p|j| |d}t||j| |r|nd|j|j|j |j!|j"|j#d }|j$%t&|| |d}|j}|jj'}|dk rN|j(rNt)|j|t*|j+||j,|j}|j-}d}}|jr|j.r|dkrt/d|j0r|j,}d}|dk r|1}|dk r|2}t3|| ||j4|j|j5||d }t6|j$|| |j,|j||d S) aM Set up the signature appearance (if necessary) and signature dictionary in the PDF file, to put the document in its final pre-signing state. :param validation_info: Validation information collected prior to signing. :param bytes_reserved: Bytes to reserve for the signature container. :param appearance_text_params: Optional text parameters for the signature appearance content. :return: A :class:`.PdfTBSDocument` describing the document in its final pre-signing state. Nrr)rrrXrTr)stylert timestampZ text_params) rryrxrtrqrrrsrvrwru)rZ mdp_setupZappearance_setupz>Requested embedding of validation info, but none was collected)r2timestamp_md_algorithmrr|rrrrrrrprrRpost_sign_instructionsr})7rPrrrsrGrrrrRrirjrIrbrrrrrrrIrJrprirErtr:rZ subject_namerAryrqrrrsrvrwrurrr=rrrPdfMacAttrProviderSpecinstallrr}rzr0r{rrrPr|rrM)rhr2rr)rPrrrrrrrpZ sig_mdp_setuprEZname_specifiedZsig_appearanceZsig_objrrr}Zpost_signing_instrZdoc_timestamperrrr^r^r_r8s         z&PdfSigningSession.prepare_tbs_document)NN)N)F)N)rXrYrZr[rKr#rr r5r,rr.rrOr6rrWrUrVr<rirrsr7r8r^r^r^r_rLsD  q !e  4c@seZdZUdZeed<dZeeed<dZ ee ed<dZ ee ed<e Z e ed<dZeed <d Zeed <dZeeed <dS) rPz .. versionadded:: 0.7.0 Container class housing instructions for incremental updates to the document after the signature has been put in place. Necessary for PAdES-LT and PAdES-LTA workflows. r2Nrryr|rFrTrr)rXrYrZr[rOr]rr r5ryrr|rFrrr\rrrRr^r^r^r_rP! s  c@s,eZdZdZeeddddZd ddZd S) PdfMacAttrProviderrzpdfmac.PdfMacTokenHandlerrrrcCs||_||_||_dSrr)rhrrrr^r^r_rt szPdfMacAttrProvider.__init__Fcs|jj|j|j|dS)Nr)rrrr)rhrr^r^r_build_attr_value s z#PdfMacAttrProvider.build_attr_valueN)F)rXrYrZZattribute_typebytesrrr^r^r^r_r~q s  r~c@s\eZdZdZdeeedddZeee dddZ d d Z ee j eeed d d ZdS)r|zF Internal handler to deal with signatures under ISO/TS 32004. N)rrcCs"||_||_d|_d|_d|_dSr)rrwrapped_orig_target)rhrrr^r^r_r s zPdfMacAttrProviderSpec.__init__)rrcCs2|jdkst||_|j|_|||_||_dS)a Install the provider on a signer. NOTE: this is a stateful operation and won't work if the signer is shared, but we have a safeguard in place for that (will fail during size estimation under normal circumstances). N)rrrunsigned_attr_prov_specZ_unsigned_attr_provider_specr)rhrrr^r^r_r} s  zPdfMacAttrProviderSpec.installcCs|j|j_dS)zE Remove the provider from its target (internal API). N)rrrrgr^r^r_ uninstall sz PdfMacAttrProviderSpec.uninstall)rrvdigest_algorithmrmc cs|jdk std|j|||}|D]}t|trr?r@rAZpdf_cmsrBrCrD__all__Zpdf_utils.cryptrRrT getLoggerrXrrHEnumrIrGrFrErrZ SignedDatarrrrZ PublicKeyInforrJrrKrOZIndirectObjectrrLrPr~ZUnsignedAttributeProviderSpecr|rMrNr^r^r^r_s ,           0       "0!@I ,\[/ OT