pyhanko.sign.validation module
- pyhanko.sign.validation.dss module
- pyhanko.sign.validation.errors module
- pyhanko.sign.validation.generic_cms module
- pyhanko.sign.validation.ltv module
- pyhanko.sign.validation.pdf_embedded module
- pyhanko.sign.validation.settings module
- pyhanko.sign.validation.status module
- pyhanko.sign.validation.utils module
Direct members
This package also exports a number of convenience functions at the package level. These are all synchronous wrappers around asynchronous functions. Some are deprecated and preserved only for compatibility reasons.
- pyhanko.sign.validation.validate_pdf_signature(embedded_sig: EmbeddedPdfSignature, signer_validation_context: Optional[ValidationContext] = None, ts_validation_context: Optional[ValidationContext] = None, diff_policy: Optional[DiffPolicy] = None, key_usage_settings: Optional[KeyUsageConstraints] = None, skip_diff: bool = False) PdfSignatureStatus
Changed in version 0.9.0: Wrapper around
async_validate_pdf_signature()
.Validate a PDF signature.
- Parameters
embedded_sig – Embedded signature to evaluate.
signer_validation_context – Validation context to use to validate the signature’s chain of trust.
ts_validation_context – Validation context to use to validate the timestamp’s chain of trust (defaults to
signer_validation_context
).diff_policy – Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to
DEFAULT_DIFF_POLICY
.key_usage_settings – A
KeyUsageConstraints
object specifying which key usages must or must not be present in the signer’s certificate.skip_diff – If
True
, skip the difference analysis step entirely.
- Returns
The status of the PDF signature in question.
- pyhanko.sign.validation.validate_cms_signature(signed_data: ~asn1crypto.cms.SignedData, status_cls: ~typing.Type[~pyhanko.sign.validation.StatusType] = <class 'pyhanko.sign.validation.status.SignatureStatus'>, raw_digest: ~typing.Optional[bytes] = None, validation_context: ~typing.Optional[~pyhanko_certvalidator.context.ValidationContext] = None, status_kwargs: ~typing.Optional[dict] = None, key_usage_settings: ~typing.Optional[~pyhanko.sign.validation.settings.KeyUsageConstraints] = None, encap_data_invalid=False)
Deprecated since version 0.9.0: Use
async_validate_cms_signature()
instead.Changed in version 0.7.0: Now handles both detached and enveloping signatures.
Validate a CMS signature (i.e. a
SignedData
object).- Parameters
signed_data – The
asn1crypto.cms.SignedData
object to validate.status_cls – Status class to use for the validation result.
raw_digest – Raw digest, computed from context.
validation_context – Validation context to validate the signer’s certificate.
status_kwargs – Other keyword arguments to pass to the
status_class
when reporting validation results.key_usage_settings – A
KeyUsageConstraints
object specifying which key usages must or must not be present in the signer’s certificate.encap_data_invalid –
If
True
, the encapsulated data inside the CMS is invalid, but the remaining validation logic still has to be run (e.g. a timestamp token, which requires validation of the embedded message imprint).This option is considered internal API, the semantics of which may change without notice in the future.
- Returns
A
SignatureStatus
object (or an instance of a proper subclass)
- pyhanko.sign.validation.validate_detached_cms(input_data: Union[bytes, IO, ContentInfo, EncapsulatedContentInfo], signed_data: SignedData, signer_validation_context: Optional[ValidationContext] = None, ts_validation_context: Optional[ValidationContext] = None, key_usage_settings: Optional[KeyUsageConstraints] = None, chunk_size=4096, max_read=None) StandardCMSSignatureStatus
Deprecated since version 0.9.0: Use
generic_cms.async_validate_detached_cms()
instead.Validate a detached CMS signature.
- Parameters
input_data –
The input data to sign. This can be either a
bytes
object, a file-like object or acms.ContentInfo
/cms.EncapsulatedContentInfo
object.If a CMS content info object is passed in, the content field will be extracted.
signed_data – The
cms.SignedData
object containing the signature to verify.signer_validation_context – Validation context to use to verify the signer certificate’s trust.
ts_validation_context – Validation context to use to verify the TSA certificate’s trust, if a timestamp token is present. By default, the same validation context as that of the signer is used.
key_usage_settings – Key usage parameters for the signer.
chunk_size – Chunk size to use when consuming input data.
max_read – Maximal number of bytes to read from the input stream.
- Returns
A description of the signature’s status.
- pyhanko.sign.validation.validate_pdf_timestamp(embedded_sig: EmbeddedPdfSignature, validation_context: Optional[ValidationContext] = None, diff_policy: Optional[DiffPolicy] = None, skip_diff: bool = False) DocumentTimestampStatus
Changed in version 0.9.0: Wrapper around
async_validate_pdf_timestamp()
.Validate a PDF document timestamp.
- Parameters
embedded_sig – Embedded signature to evaluate.
validation_context – Validation context to use to validate the timestamp’s chain of trust.
diff_policy – Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to
DEFAULT_DIFF_POLICY
.skip_diff – If
True
, skip the difference analysis step entirely.
- Returns
The status of the PDF timestamp in question.
- pyhanko.sign.validation.validate_pdf_ltv_signature(embedded_sig: EmbeddedPdfSignature, validation_type: RevocationInfoValidationType, validation_context_kwargs=None, bootstrap_validation_context=None, force_revinfo=False, diff_policy: Optional[DiffPolicy] = None, key_usage_settings: Optional[KeyUsageConstraints] = None, skip_diff: bool = False) PdfSignatureStatus
Changed in version 0.9.0: Wrapper around
async_validate_pdf_ltv_signature()
.Validate a PDF LTV signature according to a particular profile.
- Parameters
embedded_sig – Embedded signature to evaluate.
validation_type – Validation profile to use.
validation_context_kwargs – Keyword args to instantiate
pyhanko_certvalidator.ValidationContext
objects needed over the course of the validation.bootstrap_validation_context – Validation context used to validate the current timestamp.
force_revinfo – Require all certificates encountered to have some form of live revocation checking provisions.
diff_policy – Policy to evaluate potential incremental updates that were appended to the signed revision of the document. Defaults to
DEFAULT_DIFF_POLICY
.key_usage_settings – A
KeyUsageConstraints
object specifying which key usages must or must not be present in the signer’s certificate.skip_diff – If
True
, skip the difference analysis step entirely.
- Returns
The status of the signature.
- pyhanko.sign.validation.add_validation_info(embedded_sig: EmbeddedPdfSignature, validation_context: ValidationContext, skip_timestamp=False, add_vri_entry=True, in_place=False, output=None, force_write=False, chunk_size=4096)
Changed in version 0.9.0: Wrapper around
async_add_validation_info()
Add validation info (CRLs, OCSP responses, extra certificates) for a signature to the DSS of a document in an incremental update.
- Parameters
embedded_sig – The signature for which the revocation information needs to be collected.
validation_context – The validation context to use.
skip_timestamp – If
True
, do not attempt to validate the timestamp attached to the signature, if one is present.add_vri_entry – Add a
/VRI
entry for this signature to the document security store. Default isTrue
.output – Write the output to the specified output stream. If
None
, write to a newBytesIO
object. Default isNone
.in_place – Sign the original input stream in-place. This parameter overrides
output
.chunk_size – Chunk size parameter to use when copying output to a new stream (irrelevant if
in_place
isTrue
).force_write – Force a new revision to be written, even if not necessary (i.e. when all data in the validation context is already present in the DSS).
- Returns
The (file-like) output object to which the result was written.