Merge pull request #11 from MatthiasValvekens/feature/better-error-st…

…ale-revinfo More precise error on stale revocation info
MatthiasValvekens · Oct 5, 2023 · 5f7c50e · 5f7c50e
2 parents 913cb24 + 7cdfb06
commit 5f7c50e
Show file tree

Hide file tree

Showing 9 changed files with 256 additions and 165 deletions.
diff --git a/pyhanko_certvalidator/errors.py b/pyhanko_certvalidator/errors.py
@@ -1,6 +1,6 @@
 # coding: utf-8
 from datetime import datetime
-from typing import Optional, Type, TypeVar
+from typing import List, Optional, Type, TypeVar
 
 from asn1crypto.crl import CRLReason
 from cryptography.exceptions import InvalidSignature
@@ -34,9 +34,16 @@ class CRLFetchError(CRLValidationError):
 
 
 class CRLValidationIndeterminateError(CRLValidationError):
-    @property
-    def failures(self):
-        return self.args[1]
+    def __init__(
+        self,
+        msg: str,
+        failures: List[str],
+        suspect_stale: Optional[datetime] = None,
+    ):
+        self.msg = msg
+        self.failures = failures
+        self.suspect_stale = suspect_stale
+        super().__init__(msg, failures)
 
 
 class OCSPValidationError(Exception):
@@ -48,9 +55,16 @@ class OCSPNoMatchesError(OCSPValidationError):
 
 
 class OCSPValidationIndeterminateError(OCSPValidationError):
-    @property
-    def failures(self):
-        return self.args[1]
+    def __init__(
+        self,
+        msg: str,
+        failures: List[str],
+        suspect_stale: Optional[datetime] = None,
+    ):
+        self.msg = msg
+        self.failures = failures
+        self.suspect_stale = suspect_stale
+        super().__init__(msg, failures)
 
 
 class OCSPFetchError(OCSPValidationError):
@@ -118,6 +132,23 @@ class InsufficientRevinfoError(PathValidationError):
     pass
 
 
+class StaleRevinfoError(InsufficientRevinfoError):
+    @classmethod
+    def format(
+        cls,
+        msg: str,
+        time_cutoff: datetime,
+        proc_state: ValProcState,
+    ):
+        return StaleRevinfoError(msg, time_cutoff, proc_state)
+
+    def __init__(
+        self, msg: str, time_cutoff: datetime, proc_state: ValProcState
+    ):
+        self.time_cutoff = time_cutoff
+        super().__init__(msg, proc_state=proc_state)
+
+
 class InsufficientPOEError(PathValidationError):
     pass
 

diff --git a/pyhanko_certvalidator/revinfo/_err_gather.py b/pyhanko_certvalidator/revinfo/_err_gather.py
@@ -0,0 +1,22 @@
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Any, Optional
+
+
+@dataclass
+class Errors:
+    failures: list = field(default_factory=list)
+    freshness_failures_only: bool = True
+    stale_last_usable_at: Optional[datetime] = None
+
+    def append(self, msg: str, revinfo: Any, is_freshness_failure=False):
+        self.failures.append((msg, revinfo))
+        self.freshness_failures_only &= is_freshness_failure
+
+    def update_stale(self, dt: Optional[datetime]):
+        if dt is not None:
+            self.stale_last_usable_at = (
+                dt
+                if self.stale_last_usable_at is None
+                else max(self.stale_last_usable_at, dt)
+            )