U g@shdZddlZddlmZmZmZddlmZddlm Z ddl m Z m Z m Z mZdgZGd ddZdS) z Module to handle the timestamping functionality in pyHanko. Many PDF signature profiles require trusted timestamp tokens. The tools in this module allow pyHanko to obtain such tokens from :rfc:`3161`-compliant time stamping authorities. N)algoscmstsp)CertificateValidator)SimpleCertificateStore) dummy_digestextract_ts_certs get_noncehandle_tsp_response TimeStamperc@sneZdZdZdddZddZddZd d Zd d Ze j d ddZ e j e jdddZe j d ddZdS)r z .. versionchanged:: 0.9.0 Made API more asyncio-friendly _(breaking change)_ Class to make :rfc:`3161` timestamp requests. TcCsi|_i|_t|_||_dSN)_dummy_response_cache_certsr cert_registry include_nonce)selfrr?/tmp/pip-unpacked-wheel-owvgwkas/pyhanko/sign/timestamps/api.py__init__"szTimeStamper.__init__cCsPdttd|i|ddd}|jr>t}t||d<nd}|t|fS)a& Format the body of an :rfc:`3161` request as a CMS object. Subclasses with more specific needs may want to override this. :param message_digest: Message digest to which the timestamp will apply. :param md_algorithm: Message digest algorithm to use. .. note:: As per :rfc:`8933`, ``md_algorithm`` should also be the algorithm used to compute ``message_digest``. :return: An :class:`.asn1crypto.tsp.TimeStampReq` object. r algorithm)Zhash_algorithmZhashed_messageT)versionZmessage_imprintZcert_reqnonceN) rZMessageImprintrZDigestAlgorithmrr rZInteger TimeStampReq)rmessage_digest md_algorithmreqrrrr request_cms(s  zTimeStamper.request_cmscsLIdHfdd}t|j}t|D]}|IdHVq6dS)a+ Produce validation paths for the certificates gathered by this :class:`.TimeStamper`. This is internal API. :param validation_context: The validation context to apply. :return: An asynchronous generator of validation paths. Ncs t|jd}|tdhS)N)Zintermediate_certsvalidation_contextZ time_stamping)rrZasync_validate_usageset)certZ validatorrrrr_validation_jobZs z5TimeStamper.validation_paths.._validation_job) _ensure_dummymaprvaluesasyncioZ as_completed)rrr"jobsZjobrr!rvalidation_pathsLs zTimeStamper.validation_pathscCs,||j|<t||jD]}||j|j<qdSr )rr rrZ issuer_serial)rrdummyr rrr_register_dummygs zTimeStamper._register_dummycs&|js"ddlm}||IdHdS)Nr) DEFAULT_MD)rZ pyhanko.signr+async_dummy_response)rr+rrrr#ls zTimeStamper._ensure_dummy)returncsHz |j|WStk r6|t||IdH}YnX||||S)a9 Return a dummy response for use in CMS object size estimation. For every new ``md_algorithm`` passed in, this method will call the :meth:`timestamp` method exactly once, with a dummy digest. The resulting object will be cached and reused for future invocations of :meth:`dummy_response` with the same ``md_algorithm`` value. :param md_algorithm: Message digest algorithm to use. :return: A timestamp token, encoded as an :class:`.asn1crypto.cms.ContentInfo` object. N)rKeyErrorasync_timestamprr*)rrr)rrrr,ss  z TimeStamper.async_dummy_response)rr-cstdS)aF Submit the specified timestamp request to the server. :param req: Request body to submit. :return: A timestamp response from the server. :raises IOError: Raised in case of an I/O issue in the communication with the timestamping server. N)NotImplementedError)rrrrrasync_request_tsa_responsesz&TimeStamper.async_request_tsa_responsecs*|||\}}||IdH}t||S)a+ Request a timestamp for the given message digest. :param message_digest: Message digest to which the timestamp will apply. :param md_algorithm: Message digest algorithm to use. .. note:: As per :rfc:`8933`, ``md_algorithm`` should also be the algorithm used to compute ``message_digest``. :return: A timestamp token, encoded as an :class:`.asn1crypto.cms.ContentInfo` object. :raises IOError: Raised in case of an I/O issue in the communication with the timestamping server. :raises TimestampRequestError: Raised if the timestamp server did not return a success response, or if the server's response is invalid. N)rr1r )rrrrrresrrrr/szTimeStamper.async_timestampN)T)__name__ __module__ __qualname____doc__rrr(r*r#rZ ContentInfor,rrZ TimeStampRespr1r/rrrrr s $ )r6r&Z asn1cryptorrrZpyhanko_certvalidatorrZpyhanko_certvalidator.registryrZ common_utilsrr r r __all__r rrrrs