pyhanko.sign.ades package

Submodules

pyhanko.sign.ades.api module

class pyhanko.sign.ades.api.GenericCommitment(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

PROOF_OF_ORIGIN = 1

PROOF_OF_RECEIPT = 2

PROOF_OF_DELIVERY = 3

PROOF_OF_SENDER = 4

PROOF_OF_APPROVAL = 5

PROOF_OF_CREATION = 6

property asn1: CommitmentTypeIndication

class pyhanko.sign.ades.api.CAdESSignedAttrSpec(commitment_type: CommitmentTypeIndication | None = None, timestamp_content: bool = False, signature_policy_identifier: SignaturePolicyIdentifier | None = None, signer_attributes: SignerAttrSpec | None = None)

Bases: object

Class that controls signed CAdES attributes on a PDF signature.

commitment_type: CommitmentTypeIndication | None = None

Signature commitment type. Can be one of the standard values, or a custom one.

timestamp_content: bool = False

Indicate whether the signature should include a signed timestamp.

Note

This should be contrasted with unsigned timestamps: a signed timestamp proves that the signature was created after some point in time, while an unsigned timestamp computed over the signed content proves that the signature existed before said point in time.

signature_policy_identifier: SignaturePolicyIdentifier | None = None

Signature policy identifier to embed into the signature.

Warning

Right now, pyHanko does not “understand” signature policies, so the signature policy identifier will be taken at face value and embedded without paying any heed to the actual rules of the signature policy. It is the API user’s responsibility to make sure that all relevant provisions of the signature policy are adhered to.

signer_attributes: SignerAttrSpec | None = None

Settings for signer’s attributes, to be included in a signer-attributes-v2 attribute on the signature.

prepare_providers(message_digest, md_algorithm, timestamper: TimeStamper | None = None)

class pyhanko.sign.ades.api.SignerAttrSpec(claimed_attrs: Iterable[AttCertAttribute], certified_attrs: Iterable[AttributeCertificateV2])

Bases: object

Class that controls the signer-attributes-v2 signed CAdES attribute.

These represent attributes of the signing entity, not the signature or signed content.

Note

Out of the box, only basic claimed attributes and certified attributes through V2 X.509 attribute certificates are supported.

claimed_attrs: Iterable[AttCertAttribute]

Attributes claimed by the signer without further justification.

certified_attrs: Iterable[AttributeCertificateV2]

Attribute certificates containing signer attributes.

pyhanko.sign.ades.asn1_util module

pyhanko.sign.ades.asn1_util.as_set_of(asn1_type: Type)

pyhanko.sign.ades.asn1_util.register_cms_attribute(dotted_oid: str, readable_name: str, asn1_type: Type)

pyhanko.sign.ades.cades_asn1 module

class pyhanko.sign.ades.cades_asn1.CommitmentTypeIdentifier(value=None, default=None, contents=None, **kwargs)

Bases: ObjectIdentifier

class pyhanko.sign.ades.cades_asn1.CommitmentTypeQualifier(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.CommitmentTypeQualifiers(value=None, default=None, contents=None, spec=None, **kwargs)

Bases: SequenceOf

class pyhanko.sign.ades.cades_asn1.CommitmentTypeIndication(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SigPolicyQualifierId(value=None, default=None, contents=None, **kwargs)

Bases: ObjectIdentifier

class pyhanko.sign.ades.cades_asn1.NoticeNumbers(value=None, default=None, contents=None, spec=None, **kwargs)

Bases: SequenceOf

class pyhanko.sign.ades.cades_asn1.NoticeReference(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SPUserNotice(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SPDocSpecification(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SigPolicyQualifierInfo(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SigPolicyQualifierInfos(value=None, default=None, contents=None, spec=None, **kwargs)

Bases: SequenceOf

class pyhanko.sign.ades.cades_asn1.SignaturePolicyId(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SignaturePolicyIdentifier(name=None, value=None, **kwargs)

Bases: Choice

class pyhanko.sign.ades.cades_asn1.SignaturePolicyDocument(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SignaturePolicyStore(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.DisplayText(name=None, value=None, **kwargs)

Bases: Choice

class pyhanko.sign.ades.cades_asn1.SignerAttributesV2(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.CertifiedAttributesV2(value=None, default=None, contents=None, spec=None, **kwargs)

Bases: SequenceOf

class pyhanko.sign.ades.cades_asn1.CertifiedAttributeChoices(name=None, value=None, **kwargs)

Bases: Choice

class pyhanko.sign.ades.cades_asn1.OtherAttrCert(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.OtherAttrCertId(value=None, default=None, contents=None, **kwargs)

Bases: ObjectIdentifier

class pyhanko.sign.ades.cades_asn1.SignedAssertions(value=None, default=None, contents=None, spec=None, **kwargs)

Bases: SequenceOf

class pyhanko.sign.ades.cades_asn1.SignedAssertion(value=None, default=None, **kwargs)

Bases: Sequence

class pyhanko.sign.ades.cades_asn1.SignedAssertionId(value=None, default=None, contents=None, **kwargs)

Bases: ObjectIdentifier

pyhanko.sign.ades.report module

Module for AdES reporting data.

Defines enums for all AdES validation statuses defined in ETSI EN 319 102-1, clause 5.1.3.

class pyhanko.sign.ades.report.AdESStatus(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

PASSED = 1

INDETERMINATE = 2

FAILED = 3

class pyhanko.sign.ades.report.AdESSubIndic

Bases: object

property status: AdESStatus

property standard_name

class pyhanko.sign.ades.report.AdESPassed(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: AdESSubIndic, Enum

OK = 1

class pyhanko.sign.ades.report.AdESFailure(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: AdESSubIndic, Enum

FORMAT_FAILURE = 1

HASH_FAILURE = 2

SIG_CRYPTO_FAILURE = 3

REVOKED = 4

NOT_YET_VALID = 5

class pyhanko.sign.ades.report.AdESIndeterminate(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: AdESSubIndic, Enum

SIG_CONSTRAINTS_FAILURE = 1

CHAIN_CONSTRAINTS_FAILURE = 2

CERTIFICATE_CHAIN_GENERAL_FAILURE = 3

CRYPTO_CONSTRAINTS_FAILURE = 4

EXPIRED = 5

NOT_YET_VALID = 6

POLICY_PROCESSING_ERROR = 7

SIGNATURE_POLICY_NOT_AVAILABLE = 8

TIMESTAMP_ORDER_FAILURE = 9

NO_SIGNING_CERTIFICATE_FOUND = 10

NO_CERTIFICATE_CHAIN_FOUND = 11

REVOKED_NO_POE = 12

REVOKED_CA_NO_POE = 13

OUT_OF_BOUNDS_NO_POE = 14

REVOCATION_OUT_OF_BOUNDS_NO_POE = 15

OUT_OF_BOUNDS_NOT_REVOKED = 16

CRYPTO_CONSTRAINTS_FAILURE_NO_POE = 17

NO_POE = 18

TRY_LATER = 19

SIGNED_DATA_NOT_FOUND = 20

GENERIC = 21

Module contents