76 lines
2.5 KiB
Python
76 lines
2.5 KiB
Python
from datetime import timedelta
|
|
from typing import Any, Dict, Iterable, Union
|
|
|
|
from pyhanko.config import api
|
|
from pyhanko.config.errors import ConfigurationError
|
|
from pyhanko.keys import load_certs_from_pemder
|
|
|
|
__all__ = ['init_validation_context_kwargs', 'parse_trust_config']
|
|
|
|
|
|
def init_validation_context_kwargs(
|
|
*,
|
|
trust: Union[Iterable[str], str],
|
|
trust_replace: bool,
|
|
other_certs: Union[Iterable[str], str],
|
|
retroactive_revinfo: bool = False,
|
|
time_tolerance: Union[timedelta, int, None] = None,
|
|
) -> Dict[str, Any]:
|
|
if not isinstance(time_tolerance, timedelta):
|
|
if time_tolerance is None:
|
|
time_tolerance = DEFAULT_TIME_TOLERANCE
|
|
elif isinstance(time_tolerance, int):
|
|
time_tolerance = timedelta(seconds=time_tolerance)
|
|
else:
|
|
raise ConfigurationError(
|
|
"time-tolerance parameter must be specified in seconds"
|
|
)
|
|
vc_kwargs: Dict[str, Any] = {'time_tolerance': time_tolerance}
|
|
if retroactive_revinfo:
|
|
vc_kwargs['retroactive_revinfo'] = True
|
|
if trust:
|
|
if isinstance(trust, str):
|
|
trust = (trust,)
|
|
# add trust roots to the validation context, or replace them
|
|
trust_certs = list(load_certs_from_pemder(trust))
|
|
if trust_replace:
|
|
vc_kwargs['trust_roots'] = trust_certs
|
|
else:
|
|
vc_kwargs['extra_trust_roots'] = trust_certs
|
|
if other_certs:
|
|
if isinstance(other_certs, str):
|
|
other_certs = (other_certs,)
|
|
vc_kwargs['other_certs'] = list(load_certs_from_pemder(other_certs))
|
|
return vc_kwargs
|
|
|
|
|
|
def parse_trust_config(
|
|
trust_config, time_tolerance, retroactive_revinfo
|
|
) -> dict:
|
|
api.check_config_keys(
|
|
'ValidationContext',
|
|
(
|
|
'trust',
|
|
'trust-replace',
|
|
'other-certs',
|
|
'time-tolerance',
|
|
'retroactive-revinfo',
|
|
'signer-key-usage',
|
|
'signer-extd-key-usage',
|
|
'signer-key-usage-policy',
|
|
),
|
|
trust_config,
|
|
)
|
|
return init_validation_context_kwargs(
|
|
trust=trust_config.get('trust'),
|
|
trust_replace=trust_config.get('trust-replace', False),
|
|
other_certs=trust_config.get('other-certs'),
|
|
time_tolerance=trust_config.get('time-tolerance', time_tolerance),
|
|
retroactive_revinfo=trust_config.get(
|
|
'retroactive-revinfo', retroactive_revinfo
|
|
),
|
|
)
|
|
|
|
|
|
DEFAULT_TIME_TOLERANCE: timedelta = timedelta(seconds=30)
|