pyhanko.config module¶
- class pyhanko.config.LogConfig(level: Union[int, str], output: Union[pyhanko.config.StdLogOutput, str])¶
Bases:
object
- level: Union[int, str]¶
Logging level, should be one of the levels defined in the logging module.
- output: Union[pyhanko.config.StdLogOutput, str]¶
Name of the output file, or a standard one.
- static parse_output_spec(spec) Union[pyhanko.config.StdLogOutput, str] ¶
- class pyhanko.config.CLIConfig(validation_contexts: Dict[str, dict], stamp_styles: Dict[str, dict], default_validation_context: str, default_stamp_style: str, time_tolerance: datetime.timedelta, retroactive_revinfo: bool, log_config: Dict[Union[str, NoneType], pyhanko.config.LogConfig], pemder_setups: Dict[str, dict], pkcs12_setups: Dict[str, dict], pkcs11_setups: Dict[str, dict])¶
Bases:
object
- validation_contexts: Dict[str, dict]¶
- stamp_styles: Dict[str, dict]¶
- default_validation_context: str¶
- default_stamp_style: str¶
- time_tolerance: datetime.timedelta¶
- retroactive_revinfo: bool¶
- log_config: Dict[Optional[str], pyhanko.config.LogConfig]¶
- pemder_setups: Dict[str, dict]¶
- pkcs12_setups: Dict[str, dict]¶
- pkcs11_setups: Dict[str, dict]¶
- get_validation_context(name=None, as_dict=False)¶
- get_signer_key_usages(name=None) pyhanko.sign.general.KeyUsageConstraints ¶
- get_stamp_style(name=None) pyhanko.stamp.TextStampStyle ¶
- get_pkcs11_config(name)¶
- get_pkcs12_config(name)¶
- get_pemder_config(name)¶
- pyhanko.config.init_validation_context_kwargs(*, trust, trust_replace, other_certs, retroactive_revinfo=False, time_tolerance=None)¶
- pyhanko.config.parse_trust_config(trust_config, time_tolerance, retroactive_revinfo) dict ¶
- pyhanko.config.parse_logging_config(log_config_spec) Dict[Optional[str], pyhanko.config.LogConfig] ¶
- class pyhanko.config.PKCS12SignatureConfig(pfx_file: str, other_certs: Optional[List[asn1crypto.x509.Certificate]] = None, pfx_passphrase: Optional[bytes] = None, prompt_passphrase: bool = True, prefer_pss: bool = False)¶
Bases:
pyhanko.pdf_utils.config_utils.ConfigurableMixin
Configuration for a signature using key material on disk, contained in a PKCS#12 bundle.
- pfx_file: str¶
Path to the PKCS#12 file.
- other_certs: List[asn1crypto.x509.Certificate] = None¶
Other relevant certificates.
- pfx_passphrase: bytes = None¶
PKCS#12 passphrase (if relevant).
- prompt_passphrase: bool = True¶
Prompt for the PKCS#12 passphrase. Default is
True
.Note
If
key_passphrase
is notNone
, this setting has no effect.
- prefer_pss: bool = False¶
Prefer PSS to PKCS#1 v1.5 padding when creating RSA signatures.
- classmethod process_entries(config_dict)¶
Hook method that can modify the configuration dictionary to overwrite or tweak some of their values (e.g. to convert string parameters into more complex Python objects)
Subclasses that override this method should call
super().process_entries()
, and leave keys that they do not recognise untouched.- Parameters
config_dict – A dictionary containing configuration values.
- Raises
ConfigurationError – when there is a problem processing a relevant entry.
- instantiate(provided_pfx_passphrase: Optional[bytes] = None) pyhanko.sign.signers.pdf_cms.SimpleSigner ¶
- class pyhanko.config.PemDerSignatureConfig(key_file: str, cert_file: str, other_certs: Optional[List[asn1crypto.x509.Certificate]] = None, key_passphrase: Optional[bytes] = None, prompt_passphrase: bool = True, prefer_pss: bool = False)¶
Bases:
pyhanko.pdf_utils.config_utils.ConfigurableMixin
Configuration for a signature using PEM or DER-encoded key material on disk.
- key_file: str¶
Signer’s private key.
- cert_file: str¶
Signer’s certificate.
- other_certs: List[asn1crypto.x509.Certificate] = None¶
Other relevant certificates.
- key_passphrase: bytes = None¶
Signer’s key passphrase (if relevant).
- prompt_passphrase: bool = True¶
Prompt for the key passphrase. Default is
True
.Note
If
key_passphrase
is notNone
, this setting has no effect.
- prefer_pss: bool = False¶
Prefer PSS to PKCS#1 v1.5 padding when creating RSA signatures.
- classmethod process_entries(config_dict)¶
Hook method that can modify the configuration dictionary to overwrite or tweak some of their values (e.g. to convert string parameters into more complex Python objects)
Subclasses that override this method should call
super().process_entries()
, and leave keys that they do not recognise untouched.- Parameters
config_dict – A dictionary containing configuration values.
- Raises
ConfigurationError – when there is a problem processing a relevant entry.
- instantiate(provided_key_passphrase: Optional[bytes] = None) pyhanko.sign.signers.pdf_cms.SimpleSigner ¶
- class pyhanko.config.PKCS11SignatureConfig(module_path: str, token_label: str, cert_label: str, other_certs: Optional[List[asn1crypto.x509.Certificate]] = None, key_label: Optional[str] = None, slot_no: Optional[int] = None, user_pin: Optional[str] = None, prompt_pin: bool = True, other_certs_to_pull: Optional[Iterable[str]] = (), bulk_fetch: bool = True, prefer_pss: bool = False)¶
Bases:
pyhanko.pdf_utils.config_utils.ConfigurableMixin
Configuration for a PKCS#11 signature.
This class is used to load PKCS#11 setup information from YAML configuration.
- module_path: str¶
Path to the PKCS#11 module shared object.
- token_label: str¶
PKCS#11 token name
- cert_label: str¶
PKCS#11 label of the signer’s certificate.
- other_certs: List[asn1crypto.x509.Certificate] = None¶
Other relevant certificates.
- key_label: Optional[str] = None¶
PKCS#11 label of the signer’s private key, if different from
cert_label
.
- slot_no: Optional[int] = None¶
Slot number of the PKCS#11 slot to use.
- user_pin: Optional[str] = None¶
The user’s PIN. If unspecified, the user will be prompted for a PIN if
prompt_pin
isTrue
.Warning
Some PKCS#11 tokens do not allow the PIN code to be communicated in this way, but manage their own authentication instead (the Belgian eID middleware is one such example). For such tokens, leave this setting set to
None
and additionally setprompt_pin
toFalse
.
- prompt_pin: bool = True¶
Prompt for the user’s PIN. Default is
True
.Note
If
user_pin
is notNone
, this setting has no effect.
- other_certs_to_pull: Optional[Iterable[str]] = ()¶
List labels of other certificates to pull from the PKCS#11 device. Defaults to the empty tuple. If
None
, pull all certificates.
- bulk_fetch: bool = True¶
Boolean indicating the fetching strategy. If
True
, fetch all certs and filter the unneeded ones. IfFalse
, fetch the requested certs one by one. Default value isTrue
, unlessother_certs_to_pull
has one or fewer elements, in which case it is always treated asFalse
.
- prefer_pss: bool = False¶
Prefer PSS to PKCS#1 v1.5 padding when creating RSA signatures.
- classmethod process_entries(config_dict)¶
Hook method that can modify the configuration dictionary to overwrite or tweak some of their values (e.g. to convert string parameters into more complex Python objects)
Subclasses that override this method should call
super().process_entries()
, and leave keys that they do not recognise untouched.- Parameters
config_dict – A dictionary containing configuration values.
- Raises
ConfigurationError – when there is a problem processing a relevant entry.
- pyhanko.config.parse_cli_config(yaml_str)¶