pyhanko_certvalidator.fetchers package
Subpackages
- pyhanko_certvalidator.fetchers.aiohttp_fetchers package
- pyhanko_certvalidator.fetchers.requests_fetchers package
Submodules
pyhanko_certvalidator.fetchers.api module
Asynchronous API for fetching OCSP responses, CRLs and certificates.
- class pyhanko_certvalidator.fetchers.api.OCSPFetcher
Bases:
ABC
Utility interface to fetch and cache OCSP responses.
- async fetch(cert: Certificate | AttributeCertificateV2, authority: Authority) OCSPResponse
Fetch an OCSP response for a certificate.
- Parameters:
cert – The certificate for which an OCSP response has to be fetched.
authority – The issuing authority.
- Raises:
OCSPFetchError - Raised if an OCSP response could not be obtained.
- Returns:
An OCSP response.
- fetched_responses() Iterable[OCSPResponse]
Return all responses fetched by this OCSP fetcher.
- fetched_responses_for_cert(cert: Certificate | AttributeCertificateV2) Iterable[OCSPResponse]
Return all responses fetched by this OCSP fetcher that are relevant to determine the revocation status of the given certificate.
- class pyhanko_certvalidator.fetchers.api.CRLFetcher
Bases:
ABC
Utility interface to fetch and cache CRLs.
- async fetch(cert: Certificate | AttributeCertificateV2, *, use_deltas=None) Iterable[CertificateList]
Fetches the CRLs for a certificate.
- Parameters:
cert – An asn1crypto.x509.Certificate object to get the CRL for
use_deltas – A boolean indicating if delta CRLs should be fetched
- Raises:
CRLFetchError - when a network/IO error or decoding error occurs
- Returns:
An iterable of CRLs fetched.
- fetched_crls() Iterable[CertificateList]
Return all CRLs fetched by this CRL fetcher.
- fetched_crls_for_cert(cert: Certificate | AttributeCertificateV2) Iterable[CertificateList]
Return all relevant fetched CRLs for the given certificate
- Parameters:
cert – A certificate.
- Returns:
An iterable of CRLs
- Raises:
KeyError – if no fetch operations have been performed for this certificate
- class pyhanko_certvalidator.fetchers.api.CertificateFetcher
Bases:
ABC
Utility interface to fetch and cache certificates.
- fetch_cert_issuers(cert: Certificate | AttributeCertificateV2) AsyncGenerator[Certificate, None]
Fetches certificates from the authority information access extension of a certificate.
- Parameters:
cert – A certificate
- Raises:
CertificateFetchError - when a network I/O or decoding error occurs
- Returns:
An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.
- fetch_crl_issuers(certificate_list) AsyncGenerator[Certificate, None]
Fetches certificates from the authority information access extension of an asn1crypto.crl.CertificateList.
- Parameters:
certificate_list – An asn1crypto.crl.CertificateList object
- Raises:
CertificateFetchError - when a network I/O or decoding error occurs
- Returns:
An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.
- fetched_certs() Iterable[Certificate]
Return all certificates retrieved by this certificate fetcher.
- class pyhanko_certvalidator.fetchers.api.Fetchers(ocsp_fetcher: OCSPFetcher, crl_fetcher: CRLFetcher, cert_fetcher: CertificateFetcher)
Bases:
object
Models a collection of fetchers to be used by a validation context.
The intention is that these can share resources (like a connection pool) in a unified, controlled manner. See also
FetcherBackend
.- ocsp_fetcher: OCSPFetcher
- crl_fetcher: CRLFetcher
- cert_fetcher: CertificateFetcher
- class pyhanko_certvalidator.fetchers.api.FetcherBackend
Bases:
ABC
Generic, bare-bones interface to help abstract away instantiation logic for fetcher implementations.
Intended to operate as an asynchronous context manager, with async with backend_obj as fetchers: … putting the resulting
Fetchers
object in to the variable named fetchers.Note
The initialisation part of the API is necessarily synchronous, for backwards compatibility with the old
ValidationContext
API. If you need asynchronous resource management, handle it elsewhere, or use some form of lazy resource provisioning.Alternatively, you can pass
Fetchers
objects to the validation context yourself, and forgo use of theFetcherBackend
API altogether.- async close()
Clean up the resources associated with this fetcher backend, asynchronously.
pyhanko_certvalidator.fetchers.common_utils module
Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses.
- pyhanko_certvalidator.fetchers.common_utils.unpack_cert_content(response_data: bytes, content_type: str | None, url: str, permit_pem: bool)
- pyhanko_certvalidator.fetchers.common_utils.format_ocsp_request(cert: Certificate, authority: Authority, *, certid_hash_algo: str, request_nonces: bool)
- pyhanko_certvalidator.fetchers.common_utils.process_ocsp_response_data(response_data: bytes, *, ocsp_request: OCSPRequest, ocsp_url: str)
- async pyhanko_certvalidator.fetchers.common_utils.queue_fetch_task(results: Dict[T, R | Exception], running_jobs: Dict[T, Event], tag: T, async_fun: Callable[[], Awaitable[R]]) R | Exception
- async pyhanko_certvalidator.fetchers.common_utils.crl_job_results_as_completed(jobs)
- async pyhanko_certvalidator.fetchers.common_utils.ocsp_job_get_earliest(jobs)
- async pyhanko_certvalidator.fetchers.common_utils.complete_certificate_fetch_jobs(fetch_jobs)
- pyhanko_certvalidator.fetchers.common_utils.gather_aia_issuer_urls(cert: Certificate | AttributeCertificateV2)
Module contents
- class pyhanko_certvalidator.fetchers.Fetchers(ocsp_fetcher: OCSPFetcher, crl_fetcher: CRLFetcher, cert_fetcher: CertificateFetcher)
Bases:
object
Models a collection of fetchers to be used by a validation context.
The intention is that these can share resources (like a connection pool) in a unified, controlled manner. See also
FetcherBackend
.- ocsp_fetcher: OCSPFetcher
- crl_fetcher: CRLFetcher
- cert_fetcher: CertificateFetcher
- class pyhanko_certvalidator.fetchers.FetcherBackend
Bases:
ABC
Generic, bare-bones interface to help abstract away instantiation logic for fetcher implementations.
Intended to operate as an asynchronous context manager, with async with backend_obj as fetchers: … putting the resulting
Fetchers
object in to the variable named fetchers.Note
The initialisation part of the API is necessarily synchronous, for backwards compatibility with the old
ValidationContext
API. If you need asynchronous resource management, handle it elsewhere, or use some form of lazy resource provisioning.Alternatively, you can pass
Fetchers
objects to the validation context yourself, and forgo use of theFetcherBackend
API altogether.- async close()
Clean up the resources associated with this fetcher backend, asynchronously.
- class pyhanko_certvalidator.fetchers.OCSPFetcher
Bases:
ABC
Utility interface to fetch and cache OCSP responses.
- async fetch(cert: Certificate | AttributeCertificateV2, authority: Authority) OCSPResponse
Fetch an OCSP response for a certificate.
- Parameters:
cert – The certificate for which an OCSP response has to be fetched.
authority – The issuing authority.
- Raises:
OCSPFetchError - Raised if an OCSP response could not be obtained.
- Returns:
An OCSP response.
- fetched_responses() Iterable[OCSPResponse]
Return all responses fetched by this OCSP fetcher.
- fetched_responses_for_cert(cert: Certificate | AttributeCertificateV2) Iterable[OCSPResponse]
Return all responses fetched by this OCSP fetcher that are relevant to determine the revocation status of the given certificate.
- class pyhanko_certvalidator.fetchers.CRLFetcher
Bases:
ABC
Utility interface to fetch and cache CRLs.
- async fetch(cert: Certificate | AttributeCertificateV2, *, use_deltas=None) Iterable[CertificateList]
Fetches the CRLs for a certificate.
- Parameters:
cert – An asn1crypto.x509.Certificate object to get the CRL for
use_deltas – A boolean indicating if delta CRLs should be fetched
- Raises:
CRLFetchError - when a network/IO error or decoding error occurs
- Returns:
An iterable of CRLs fetched.
- fetched_crls() Iterable[CertificateList]
Return all CRLs fetched by this CRL fetcher.
- fetched_crls_for_cert(cert: Certificate | AttributeCertificateV2) Iterable[CertificateList]
Return all relevant fetched CRLs for the given certificate
- Parameters:
cert – A certificate.
- Returns:
An iterable of CRLs
- Raises:
KeyError – if no fetch operations have been performed for this certificate
- class pyhanko_certvalidator.fetchers.CertificateFetcher
Bases:
ABC
Utility interface to fetch and cache certificates.
- fetch_cert_issuers(cert: Certificate | AttributeCertificateV2) AsyncGenerator[Certificate, None]
Fetches certificates from the authority information access extension of a certificate.
- Parameters:
cert – A certificate
- Raises:
CertificateFetchError - when a network I/O or decoding error occurs
- Returns:
An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.
- fetch_crl_issuers(certificate_list) AsyncGenerator[Certificate, None]
Fetches certificates from the authority information access extension of an asn1crypto.crl.CertificateList.
- Parameters:
certificate_list – An asn1crypto.crl.CertificateList object
- Raises:
CertificateFetchError - when a network I/O or decoding error occurs
- Returns:
An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.
- fetched_certs() Iterable[Certificate]
Return all certificates retrieved by this certificate fetcher.
- pyhanko_certvalidator.fetchers.default_fetcher_backend() FetcherBackend
Instantiate a default fetcher backend that doesn’t require any resource management, but is less efficient than a fully asynchronous fetcher would be.