U gW@sxddlmZddlmZmZddlmZddlmZddl m Z m Z m Z e e edddZed d Gd d d e Zd S)) dataclass)OptionalSet)x509)InvalidCertificateError)ConfigurableMixinprocess_bit_string_flags process_oidsrequiredZpresentneed_allcCs|r|| St||@SdSN)boolr rD/tmp/pip-unpacked-wheel-owvgwkas/pyhanko/sign/validation/settings.py _match_usagess rT)frozencseZdZUdZdZeeeed<dZ eeeed<dZ eeeed<dZ e ed<dZ e ed <ejd d d Zd dZddZefddZZS)KeyUsageConstraintsa5 Convenience class to pass around key usage requirements and validate them. Intended to be flexible enough to handle both PKIX and ISO 32000 certificate seed value constraint semantics. .. versionchanged:: 0.6.0 Bring extended key usage semantics in line with :rfc:`5280` (PKIX). N key_usagekey_usage_forbiddenextd_key_usageT explicit_extd_key_usage_requiredFmatch_all_key_usages)certcCs||j||jdSr )_validate_key_usageZkey_usage_value_validate_extd_key_usageZextended_key_usage_value)selfrrrrvalidatefs zKeyUsageConstraints.validatecCs|js dS|jpt}|jp t}|dk r4t|jnt}||@}|rjtdd|}tdd|d|j}t|||stdd|}td|rdnd d d|d dS) NcSs |ddSN_ replacesrrrzz9KeyUsageConstraints._validate_key_usage..zBThe active key usage policy explicitly bans certificates used for , .cSs |ddSrr!r#rrrr%r&z%The active key usage policy requires zat least one of zthe key usage extensions z to be present.) rsetrnativemaprjoinrr)rZkey_usage_extension_valuerrZcert_kuZ forbidden_ku rephrasedZ need_all_kurrrrjs(    z'KeyUsageConstraints._validate_key_usagecCs|jdkrdS|dk }|r$t|jnt}d|kr<|jsKeyUsageConstraints._validate_extd_key_usage..zRelevant key purposes are r'r(z,There are no acceptable extended key usages.zfThe extended key usages for which this certificate is valid do not match the active key usage policy. )rr*r+rrrr,r-)rZeku_extension_valueZhas_extd_key_usage_extZcert_ekurr.Zok_listrrrrs2  z,KeyUsageConstraints._validate_extd_key_usagec svt|dD]6}||d}|dk rtttj||dd||<q|dd}|dk rrtttj |d|d<dS)N)rrr-rzextd-key-usage) superprocess_entriesgetr*rrZKeyUsager"r Z KeyPurposeId)clsZ config_dictZkey_usage_settZaffected_flagsr __class__rrr1s(     z#KeyUsageConstraints.process_entries)__name__ __module__ __qualname____doc__rrrstr__annotations__rrrrrrZ Certificaterrr classmethodr1 __classcell__rrr4rrs     #rN)Z dataclassesrtypingrrZ asn1cryptorZpyhanko_certvalidator.errorsrZpyhanko.config.apirrr r*rrrrrrrs