pyhanko_certvalidator.fetchers package

Subpackages

• pyhanko_certvalidator.fetchers.aiohttp_fetchers package
  • Submodules
  • pyhanko_certvalidator.fetchers.aiohttp_fetchers.cert_fetch_client module
    • AIOHttpCertificateFetcher
      • AIOHttpCertificateFetcher.fetch_certs()
      • AIOHttpCertificateFetcher.fetch_cert_issuers()
      • AIOHttpCertificateFetcher.fetch_crl_issuers()
      • AIOHttpCertificateFetcher.fetched_certs()
  • pyhanko_certvalidator.fetchers.aiohttp_fetchers.crl_client module
    • AIOHttpCRLFetcher
      • AIOHttpCRLFetcher.fetch()
      • AIOHttpCRLFetcher.fetched_crls()
      • AIOHttpCRLFetcher.fetched_crls_for_cert()
  • pyhanko_certvalidator.fetchers.aiohttp_fetchers.ocsp_client module
    • AIOHttpOCSPFetcher
      • AIOHttpOCSPFetcher.fetch()
      • AIOHttpOCSPFetcher.fetched_responses()
      • AIOHttpOCSPFetcher.fetched_responses_for_cert()
  • pyhanko_certvalidator.fetchers.aiohttp_fetchers.util module
    • LazySession
      • LazySession.get_session()
      • LazySession.close()
    • AIOHttpMixin
      • AIOHttpMixin.get_session()
      • AIOHttpMixin.get_results()
      • AIOHttpMixin.get_results_for_tag()
  • Module contents
    • AIOHttpFetcherBackend
      • AIOHttpFetcherBackend.get_fetchers()
      • AIOHttpFetcherBackend.close()
• pyhanko_certvalidator.fetchers.requests_fetchers package
  • Submodules
  • pyhanko_certvalidator.fetchers.requests_fetchers.cert_fetch_client module
    • RequestsCertificateFetcher
      • RequestsCertificateFetcher.fetch_certs()
      • RequestsCertificateFetcher.fetch_cert_issuers()
      • RequestsCertificateFetcher.fetch_crl_issuers()
      • RequestsCertificateFetcher.fetched_certs()
  • pyhanko_certvalidator.fetchers.requests_fetchers.crl_client module
    • RequestsCRLFetcher
      • RequestsCRLFetcher.fetch()
      • RequestsCRLFetcher.fetched_crls()
      • RequestsCRLFetcher.fetched_crls_for_cert()
  • pyhanko_certvalidator.fetchers.requests_fetchers.ocsp_client module
    • RequestsOCSPFetcher
      • RequestsOCSPFetcher.fetch()
      • RequestsOCSPFetcher.fetched_responses()
      • RequestsOCSPFetcher.fetched_responses_for_cert()
  • pyhanko_certvalidator.fetchers.requests_fetchers.util module
    • RequestsFetcherMixin
      • RequestsFetcherMixin.get_results()
      • RequestsFetcherMixin.get_results_for_tag()
  • Module contents
    • RequestsFetcherBackend
      • RequestsFetcherBackend.get_fetchers()
      • RequestsFetcherBackend.close()

Submodules

pyhanko_certvalidator.fetchers.api module

Asynchronous API for fetching OCSP responses, CRLs and certificates.

class pyhanko_certvalidator.fetchers.api.OCSPFetcher

Bases: ABC

Utility interface to fetch and cache OCSP responses.

async fetch(cert: Certificate | AttributeCertificateV2, authority: Authority) → OCSPResponse

Fetch an OCSP response for a certificate.

Parameters:

• cert – The certificate for which an OCSP response has to be fetched.

• authority – The issuing authority.

Raises:

OCSPFetchError - Raised if an OCSP response could not be obtained.

Returns:

An OCSP response.

fetched_responses() → Iterable[OCSPResponse]

Return all responses fetched by this OCSP fetcher.

fetched_responses_for_cert(cert: Certificate | AttributeCertificateV2) → Iterable[OCSPResponse]

Return all responses fetched by this OCSP fetcher that are relevant to determine the revocation status of the given certificate.

class pyhanko_certvalidator.fetchers.api.CRLFetcher

Bases: ABC

Utility interface to fetch and cache CRLs.

async fetch(cert: Certificate | AttributeCertificateV2, *, use_deltas=None) → Iterable[CertificateList]

Fetches the CRLs for a certificate.

Parameters:

• cert – An asn1crypto.x509.Certificate object to get the CRL for

• use_deltas – A boolean indicating if delta CRLs should be fetched

Raises:

CRLFetchError - when a network/IO error or decoding error occurs

Returns:

An iterable of CRLs fetched.

fetched_crls() → Iterable[CertificateList]

Return all CRLs fetched by this CRL fetcher.

fetched_crls_for_cert(cert: Certificate | AttributeCertificateV2) → Iterable[CertificateList]

Return all relevant fetched CRLs for the given certificate

Parameters:

cert – A certificate.

Returns:

An iterable of CRLs

Raises:

KeyError – if no fetch operations have been performed for this certificate

class pyhanko_certvalidator.fetchers.api.CertificateFetcher

Bases: ABC

Utility interface to fetch and cache certificates.

fetch_cert_issuers(cert: Certificate | AttributeCertificateV2) → AsyncGenerator[Certificate, None]

Fetches certificates from the authority information access extension of a certificate.

Parameters:

cert – A certificate

Raises:

CertificateFetchError - when a network I/O or decoding error occurs

Returns:

An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.

fetch_crl_issuers(certificate_list) → AsyncGenerator[Certificate, None]

Fetches certificates from the authority information access extension of an asn1crypto.crl.CertificateList.

Parameters:

certificate_list – An asn1crypto.crl.CertificateList object

Raises:

CertificateFetchError - when a network I/O or decoding error occurs

Returns:

An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.

fetched_certs() → Iterable[Certificate]

Return all certificates retrieved by this certificate fetcher.

class pyhanko_certvalidator.fetchers.api.Fetchers(ocsp_fetcher: OCSPFetcher, crl_fetcher: CRLFetcher, cert_fetcher: CertificateFetcher)

Bases: object

Models a collection of fetchers to be used by a validation context.

The intention is that these can share resources (like a connection pool) in a unified, controlled manner. See also FetcherBackend.

ocsp_fetcher: OCSPFetcher

crl_fetcher: CRLFetcher

cert_fetcher: CertificateFetcher

class pyhanko_certvalidator.fetchers.api.FetcherBackend

Bases: ABC

Generic, bare-bones interface to help abstract away instantiation logic for fetcher implementations.

Intended to operate as an asynchronous context manager, with async with backend_obj as fetchers: … putting the resulting Fetchers object in to the variable named fetchers.

Note

The initialisation part of the API is necessarily synchronous, for backwards compatibility with the old ValidationContext API. If you need asynchronous resource management, handle it elsewhere, or use some form of lazy resource provisioning.

Alternatively, you can pass Fetchers objects to the validation context yourself, and forgo use of the FetcherBackend API altogether.

get_fetchers() → Fetchers

Set up fetchers synchronously.

Note

This is a synchronous method

async close()

Clean up the resources associated with this fetcher backend, asynchronously.

pyhanko_certvalidator.fetchers.common_utils module

Internal backend-agnostic utilities to help process fetched certificates, CRLs and OCSP responses.

pyhanko_certvalidator.fetchers.common_utils.unpack_cert_content(response_data: bytes, content_type: str | None, url: str, permit_pem: bool)

pyhanko_certvalidator.fetchers.common_utils.format_ocsp_request(cert: Certificate, authority: Authority, *, certid_hash_algo: str, request_nonces: bool)

pyhanko_certvalidator.fetchers.common_utils.process_ocsp_response_data(response_data: bytes, *, ocsp_request: OCSPRequest, ocsp_url: str)

async pyhanko_certvalidator.fetchers.common_utils.queue_fetch_task(results: Dict[T, R | Exception], running_jobs: Dict[T, Event], tag: T, async_fun: Callable[[], Awaitable[R]]) → R | Exception

async pyhanko_certvalidator.fetchers.common_utils.crl_job_results_as_completed(jobs)

async pyhanko_certvalidator.fetchers.common_utils.ocsp_job_get_earliest(jobs)

async pyhanko_certvalidator.fetchers.common_utils.complete_certificate_fetch_jobs(fetch_jobs)

pyhanko_certvalidator.fetchers.common_utils.gather_aia_issuer_urls(cert: Certificate | AttributeCertificateV2)

Module contents

class pyhanko_certvalidator.fetchers.Fetchers(ocsp_fetcher: OCSPFetcher, crl_fetcher: CRLFetcher, cert_fetcher: CertificateFetcher)

Bases: object

Models a collection of fetchers to be used by a validation context.

The intention is that these can share resources (like a connection pool) in a unified, controlled manner. See also FetcherBackend.

ocsp_fetcher: OCSPFetcher

crl_fetcher: CRLFetcher

cert_fetcher: CertificateFetcher

class pyhanko_certvalidator.fetchers.FetcherBackend

Bases: ABC

Generic, bare-bones interface to help abstract away instantiation logic for fetcher implementations.

Intended to operate as an asynchronous context manager, with async with backend_obj as fetchers: … putting the resulting Fetchers object in to the variable named fetchers.

Note

The initialisation part of the API is necessarily synchronous, for backwards compatibility with the old ValidationContext API. If you need asynchronous resource management, handle it elsewhere, or use some form of lazy resource provisioning.

Alternatively, you can pass Fetchers objects to the validation context yourself, and forgo use of the FetcherBackend API altogether.

get_fetchers() → Fetchers

Set up fetchers synchronously.

Note

This is a synchronous method

async close()

Clean up the resources associated with this fetcher backend, asynchronously.

class pyhanko_certvalidator.fetchers.OCSPFetcher

Bases: ABC

Utility interface to fetch and cache OCSP responses.

async fetch(cert: Certificate | AttributeCertificateV2, authority: Authority) → OCSPResponse

Fetch an OCSP response for a certificate.

Parameters:

• cert – The certificate for which an OCSP response has to be fetched.

• authority – The issuing authority.

Raises:

OCSPFetchError - Raised if an OCSP response could not be obtained.

Returns:

An OCSP response.

fetched_responses() → Iterable[OCSPResponse]

Return all responses fetched by this OCSP fetcher.

fetched_responses_for_cert(cert: Certificate | AttributeCertificateV2) → Iterable[OCSPResponse]

Return all responses fetched by this OCSP fetcher that are relevant to determine the revocation status of the given certificate.

class pyhanko_certvalidator.fetchers.CRLFetcher

Bases: ABC

Utility interface to fetch and cache CRLs.

async fetch(cert: Certificate | AttributeCertificateV2, *, use_deltas=None) → Iterable[CertificateList]

Fetches the CRLs for a certificate.

Parameters:

• cert – An asn1crypto.x509.Certificate object to get the CRL for

• use_deltas – A boolean indicating if delta CRLs should be fetched

Raises:

CRLFetchError - when a network/IO error or decoding error occurs

Returns:

An iterable of CRLs fetched.

fetched_crls() → Iterable[CertificateList]

Return all CRLs fetched by this CRL fetcher.

fetched_crls_for_cert(cert: Certificate | AttributeCertificateV2) → Iterable[CertificateList]

Return all relevant fetched CRLs for the given certificate

Parameters:

cert – A certificate.

Returns:

An iterable of CRLs

Raises:

KeyError – if no fetch operations have been performed for this certificate

class pyhanko_certvalidator.fetchers.CertificateFetcher

Bases: ABC

Utility interface to fetch and cache certificates.

fetch_cert_issuers(cert: Certificate | AttributeCertificateV2) → AsyncGenerator[Certificate, None]

Fetches certificates from the authority information access extension of a certificate.

Parameters:

cert – A certificate

Raises:

CertificateFetchError - when a network I/O or decoding error occurs

Returns:

An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.

fetch_crl_issuers(certificate_list) → AsyncGenerator[Certificate, None]

Fetches certificates from the authority information access extension of an asn1crypto.crl.CertificateList.

Parameters:

certificate_list – An asn1crypto.crl.CertificateList object

Raises:

CertificateFetchError - when a network I/O or decoding error occurs

Returns:

An asynchronous generator yielding asn1crypto.x509.Certificate objects that were fetched.

fetched_certs() → Iterable[Certificate]

Return all certificates retrieved by this certificate fetcher.

pyhanko_certvalidator.fetchers.default_fetcher_backend() → FetcherBackend

Instantiate a default fetcher backend that doesn’t require any resource management, but is less efficient than a fully asynchronous fetcher would be.