pyhanko.config module¶

class pyhanko.config.StdLogOutput(value)¶

Bases: enum.Enum

An enumeration.

STDERR = 1¶

STDOUT = 2¶

class pyhanko.config.LogConfig(level: Union[int, str], output: Union[pyhanko.config.StdLogOutput, str])¶

Bases: object

level: Union[int, str]¶: Logging level, should be one of the levels defined in the logging module.

output: Union[pyhanko.config.StdLogOutput, str]¶: Name of the output file, or a standard one.

static parse_output_spec(spec) → Union[pyhanko.config.StdLogOutput, str]¶

class pyhanko.config.CLIConfig(validation_contexts: Dict[str, dict], stamp_styles: Dict[str, dict], default_validation_context: str, default_stamp_style: str, time_tolerance: datetime.timedelta, retroactive_revinfo: bool, log_config: Dict[Union[str, NoneType], pyhanko.config.LogConfig], pcks11_setups: Dict[str, dict])¶

Bases: object

validation_contexts: Dict[str, dict]¶

stamp_styles: Dict[str, dict]¶

default_validation_context: str¶

default_stamp_style: str¶

time_tolerance: datetime.timedelta¶

retroactive_revinfo: bool¶

log_config: Dict[Optional[str], pyhanko.config.LogConfig]¶

pcks11_setups: Dict[str, dict]¶

get_validation_context(name=None, as_dict=False)¶

get_signer_key_usages(name=None) → pyhanko.sign.general.KeyUsageConstraints¶

get_stamp_style(name=None) → pyhanko.stamp.TextStampStyle¶

get_pcks11_config(name)¶

pyhanko.config.init_validation_context_kwargs(*, trust, trust_replace, other_certs, retroactive_revinfo=False, time_tolerance=None)¶

pyhanko.config.parse_trust_config(trust_config, time_tolerance, retroactive_revinfo) → dict¶

pyhanko.config.parse_logging_config(log_config_spec) → Dict[Optional[str], pyhanko.config.LogConfig]¶

class pyhanko.config.PKCS11SignatureConfig(module_path: str, token_label: str, cert_label: str, other_certs: Optional[List[asn1crypto.x509.Certificate]] = None, key_label: Optional[str] = None, slot_no: Optional[int] = None, user_pin: Optional[str] = None, prompt_pin: bool = True, other_certs_to_pull: Optional[Iterable[str]] = (), bulk_fetch: bool = True, prefer_pss: bool = False)¶

Bases: pyhanko.pdf_utils.config_utils.ConfigurableMixin

Configuration for a PKCS#11 signature.

This class is used to load PKCS#11 setup information from YAML configuration.

module_path: str¶: Path to the PKCS#11 module shared object.

token_label: str¶: PKCS#11 token name

cert_label: str¶: PKCS#11 label of the signer’s certificate.

other_certs: List[asn1crypto.x509.Certificate] = None¶: Other relevant certificates.

key_label: Optional[str] = None¶: PKCS#11 label of the signer’s private key, if different from cert_label.

slot_no: Optional[int] = None¶: Slot number of the PKCS#11 slot to use.

user_pin: Optional[str] = None¶: The user’s PIN. If unspecified, the user will be prompted for a PIN if prompt_pin is True.

Warning

Some PKCS#11 tokens do not allow the PIN code to be communicated in this way, but manage their own authentication instead (the Belgian eID middleware is one such example). For such tokens, leave this setting set to None and additionally set prompt_pin to False.

prompt_pin: bool = True¶: Prompt for the user’s PIN. Default is True.

Note

If user_pin is not None, this setting has no effect.

other_certs_to_pull: Optional[Iterable[str]] = ()¶: List labels of other certificates to pull from the PKCS#11 device. Defaults to the empty tuple. If None, pull all certificates.

bulk_fetch: bool = True¶: Boolean indicating the fetching strategy. If True, fetch all certs and filter the unneeded ones. If False, fetch the requested certs one by one. Default value is True, unless other_certs_to_pull has one or fewer elements, in which case it is always treated as False.

prefer_pss: bool = False¶: Prefer PSS to PKCS#1 v1.5 padding when creating RSA signatures.

classmethod process_entries(config_dict)¶

Hook method that can modify the configuration dictionary to overwrite or tweak some of their values (e.g. to convert string parameters into more complex Python objects)

Subclasses that override this method should call super().process_entries(), and leave keys that they do not recognise untouched.

Parameters: config_dict – A dictionary containing configuration values.
Raises: ConfigurationError – when there is a problem processing a relevant entry.

pyhanko.config.parse_cli_config(yaml_str)¶