pyhanko.sign.timestamps package

Submodules

pyhanko.sign.timestamps.aiohttp_client module

class pyhanko.sign.timestamps.aiohttp_client.AIOHttpTimeStamper(url, session: Union[ClientSession, LazySession], https=False, timeout=5, headers=None, auth: Optional[BasicAuth] = None)

Bases: TimeStamper

async async_request_headers() → dict

Format the HTTP request headers. Subclasses can override this to perform their own header generation logic.

Returns:

Header dictionary.

async get_session() → ClientSession

async async_timestamp(message_digest, md_algorithm) → ContentInfo

Request a timestamp for the given message digest.

Parameters:

• message_digest – Message digest to which the timestamp will apply.

• md_algorithm –

  Message digest algorithm to use.

  Note

  As per RFC 8933, md_algorithm should also be the algorithm used to compute message_digest.

Returns:

A timestamp token, encoded as an asn1crypto.cms.ContentInfo object.

Raises:

• IOError – Raised in case of an I/O issue in the communication with the timestamping server.

• TimestampRequestError – Raised if the timestamp server did not return a success response, or if the server’s response is invalid.

async async_request_tsa_response(req: TimeStampReq) → TimeStampResp

Submit the specified timestamp request to the server.

Parameters:

req – Request body to submit.

Returns:

A timestamp response from the server.

Raises:

IOError – Raised in case of an I/O issue in the communication with the timestamping server.

pyhanko.sign.timestamps.api module

Module to handle the timestamping functionality in pyHanko.

Many PDF signature profiles require trusted timestamp tokens. The tools in this module allow pyHanko to obtain such tokens from RFC 3161-compliant time stamping authorities.

class pyhanko.sign.timestamps.api.TimeStamper(include_nonce=True)

Bases: object

Changed in version 0.9.0: Made API more asyncio-friendly _(breaking change)_

Class to make RFC 3161 timestamp requests.

request_cms(message_digest, md_algorithm)

Format the body of an RFC 3161 request as a CMS object. Subclasses with more specific needs may want to override this.

Parameters:

• message_digest – Message digest to which the timestamp will apply.

• md_algorithm –

  Message digest algorithm to use.

  Note

  As per RFC 8933, md_algorithm should also be the algorithm used to compute message_digest.

Returns:

An asn1crypto.tsp.TimeStampReq object.

async validation_paths(validation_context)

Produce validation paths for the certificates gathered by this TimeStamper.

This is internal API.

Parameters:

validation_context – The validation context to apply.

Returns:

An asynchronous generator of validation paths.

async async_dummy_response(md_algorithm) → ContentInfo

Return a dummy response for use in CMS object size estimation.

For every new md_algorithm passed in, this method will call the timestamp() method exactly once, with a dummy digest. The resulting object will be cached and reused for future invocations of dummy_response() with the same md_algorithm value.

Parameters:

md_algorithm – Message digest algorithm to use.

Returns:

A timestamp token, encoded as an asn1crypto.cms.ContentInfo object.

async async_request_tsa_response(req: TimeStampReq) → TimeStampResp

Submit the specified timestamp request to the server.

Parameters:

req – Request body to submit.

Returns:

A timestamp response from the server.

Raises:

IOError – Raised in case of an I/O issue in the communication with the timestamping server.

async async_timestamp(message_digest, md_algorithm) → ContentInfo

Request a timestamp for the given message digest.

Parameters:

• message_digest – Message digest to which the timestamp will apply.

• md_algorithm –

  Message digest algorithm to use.

  Note

  As per RFC 8933, md_algorithm should also be the algorithm used to compute message_digest.

Returns:

A timestamp token, encoded as an asn1crypto.cms.ContentInfo object.

Raises:

• IOError – Raised in case of an I/O issue in the communication with the timestamping server.

• TimestampRequestError – Raised if the timestamp server did not return a success response, or if the server’s response is invalid.

pyhanko.sign.timestamps.common_utils module

exception pyhanko.sign.timestamps.common_utils.TimestampRequestError

Bases: OSError

Raised when an error occurs while requesting a timestamp.

pyhanko.sign.timestamps.common_utils.get_nonce()

pyhanko.sign.timestamps.common_utils.extract_ts_certs(ts_token, store: CertificateStore)

pyhanko.sign.timestamps.common_utils.dummy_digest(md_algorithm: str) → bytes

pyhanko.sign.timestamps.common_utils.handle_tsp_response(response: TimeStampResp, nonce: Optional[bytes]) → ContentInfo

pyhanko.sign.timestamps.common_utils.set_tsp_headers(headers: dict)

pyhanko.sign.timestamps.dummy_client module

class pyhanko.sign.timestamps.dummy_client.DummyTimeStamper(tsa_cert: Certificate, tsa_key: PrivateKeyInfo, certs_to_embed: Optional[CertificateStore] = None, fixed_dt: Optional[datetime] = None, include_nonce=True, override_md=None)

Bases: TimeStamper

Timestamper that acts as its own TSA. It accepts all requests and signs them using the certificate provided. Used for testing purposes.

request_tsa_response(req: TimeStampReq) → TimeStampResp

async async_request_tsa_response(req: TimeStampReq) → TimeStampResp

Submit the specified timestamp request to the server.

Parameters:

req – Request body to submit.

Returns:

A timestamp response from the server.

Raises:

IOError – Raised in case of an I/O issue in the communication with the timestamping server.

pyhanko.sign.timestamps.requests_client module

class pyhanko.sign.timestamps.requests_client.HTTPTimeStamper(url, https=False, timeout=5, auth=None, headers=None)

Bases: TimeStamper

Standard HTTP-based timestamp client.

request_headers() → dict

Format the HTTP request headers.

Returns:

Header dictionary.

async async_request_tsa_response(req: TimeStampReq) → TimeStampResp

Submit the specified timestamp request to the server.

Parameters:

req – Request body to submit.

Returns:

A timestamp response from the server.

Raises:

IOError – Raised in case of an I/O issue in the communication with the timestamping server.