o >h1@sdZddlmZddlZddlZddlmZmZmZm Z ddl Z ddl m Z m Z mZmZmZmZmZzddlZWn eyCdZYnwe jddGd d d Zd@ddZdAddZdBddZdCd d!Ze jddGd"d#d#Ze jddGd$d%d%Ze jddGd&d'd'Ze jddGd(d)d)ZeeeeefZ e Gd*d+d+eZ e jd,dd-Gd.d/d/Z!e jddGd0d1d1Z"e jd,dd-Gd2d3d3Z#e jd,dd-Gd4d5d5Z$dDd9d:Z%dEdd?Z)dS)Fz Common verification code. ) annotationsN)ProtocolSequenceUnionruntime_checkable)CertificateError DNSMismatchIPAddressMismatchMismatch SRVMismatch URIMismatchVerificationErrorT)slotsc@s2eZdZUdZeZded<eZded<dS) ServiceMatchz< A match of a service id and a certificate pattern. ServiceID service_idCertificatePattern cert_patternN) __name__ __module__ __qualname____doc__attribr__annotations__rrrw/var/www/vedio/testing/chatpythonscript.ninositsolution.com/env/lib/python3.10/site-packages/service_identity/hazmat.pyrs r cert_patternsSequence[CertificatePattern]obligatory_idsSequence[ServiceID] optional_idsreturnlist[ServiceMatch]cCs|sd}t|g}t||t||}dd|D}|D]}||vr,||j|dq|D]}||vrDt||jrD||j|dq/|rLt|d|S)z Verify whether *cert_patterns* are valid for *obligatory_ids* and *optional_ids*. *obligatory_ids* must be both present and match. *optional_ids* must match if a pattern of the respective type is present. z3Certificate does not contain any `subjectAltName`s.cSsg|]}|jqSr)r).0matchrrr >sz+verify_service_identity..) mismatched_id)errors)r _find_matchesappenderror_on_mismatch_contains_instance_of pattern_classr)rr r"msgr)matches matched_idsirrrverify_service_identity)s2      r3 service_idscCs8g}|D]}|D]}||r|t||dqq|S)z Search for matching certificate patterns and service_ids. Args: service_ids: List of service IDs like DNS_ID. )rr)verifyr+r)rr4r0sidcidrrrr*Ws   r*seqSequence[object]cltypeboolcstfdd|DS)Nc3s|]}t|VqdSN) isinstance)r%er:rr mz(_contains_instance_of..)any)r8r:rr@rr-lsr-pattern str | bytescCs~t|trz|d}Wn tyYdSwzt|WdSty'Ynwz t|ddWdSty>YdSw)z Check whether *pattern* could be/match an IP address. Args: pattern: A pattern for a host name. Returns: `True` if *pattern* could be an IP address, else `False`. asciiFT*1) r>bytesdecode UnicodeErrorint ValueError ipaddress ip_addressreplacerDrrr_is_ip_addressps$     rRc@s:eZdZUdZeZded<e dZ e d ddZ dS) DNSPatternz7 A DNS pattern as extracted from certificates. rIrD^[a-z0-9\-_.]+$r#cCsnt|ts d}t||}|dkst|sd|vr%d|d}t||t}d|vr2t|||dS)Nz'The DNS pattern must be a bytes string.zInvalid DNS pattern .*rQ) r>rI TypeErrorstriprRr translate_TRANS_TO_LOWER_validate_pattern)clsrDr/rrr from_bytess    zDNSPattern.from_bytesN)rDrIr#rS) rrrrrrrDrrecompile_RE_LEGAL_CHARS classmethodr_rrrrrSs  rSc@s0eZdZUdZeZded<ed ddZ d S) IPAddressPatternz? An IP address pattern as extracted from certificates. -ipaddress.IPv4Address | ipaddress.IPv6AddressrDbsrIr#cCs8z |t|dWStyd|d}t|dw)NrQzInvalid IP address pattern rW)rNrOrMr)r^rfr/rrrr_s    zIPAddressPattern.from_bytesN)rfrIr#rd) rrrrrrrDrrcr_rrrrrds rdc@@eZdZUdZeZded<eZded<e d dd Z d S) URIPatternz8 An URI pattern as extracted from certificates. rIprotocol_patternrS dns_patternrDr#cCspt|ts d}t||t}d|vsd|vst|r(d|d}t||d\}}||t |dS)Nz'The URI pattern must be a bytes string.:rXzInvalid URI pattern rW)rirj r>rIrYrZr[r\rRrsplitrSr_)r^rDr/rihostnamerrrr_s  zURIPattern.from_bytesN)rDrIr#rh) rrrrrrrirrjrcr_rrrrrh rhc@rg) SRVPatternz8 An SRV pattern as extracted from certificates. rI name_patternrSrjrDr#cCst|ts d}t||t}|ddks$d|vs$d|vs$t|r.d|d}t||dd\}}||ddt |d S) Nz'The SRV pattern must be a bytes string.r_.rXzInvalid SRV pattern rWr)rqrjrl)r^rDr/namernrrrr_s   zSRVPattern.from_bytesN)rDrIr#rp) rrrrrrrqrrjrcr_rrrrrprorpc@s2eZdZedddZedddZdd d Zd S)rr#type[CertificatePattern]cCdSr=rselfrrrr. zServiceID.pattern_classtype[Mismatch]cCrvr=rrwrrrr,ryzServiceID.error_on_mismatchrDrr<cCrvr=rrxrDrrrr5szServiceID.verifyN)r#ru)r#rzrDrr#r<)rrrpropertyr.r,r5rrrrr s   rF)initrc@sHeZdZUdZeZded<e dZ e Z e ZdddZdd d ZdS)DNS_IDz) A DNS service ID, aka hostname. rIrnrTstrcCst|ts d}t||}|rt|rd}t|tdd|Dr2tr,t|}n d}t ||d}| t |_ |j |j durLd}t|dS)NzDNS-ID must be a text string.zInvalid DNS-ID.css|] }t|dkVqdS)N)ord)r%crrrrA+sz"DNS_ID.__init__..z+idna library is required for non-ASCII IDs.rF)r>rrYrZrRrMrCidnaencode ImportErrorr[r\rnrbr&)rxrnr/ascii_idrrr__init__!s$     zDNS_ID.__init__rDrr#r<cCst||jr t|j|jSdS)zC https://tools.ietf.org/search/rfc6125#section-6.4 F)r>r._hostname_matchesrDrnr{rrrr59s z DNS_ID.verifyN)rnrr|)rrrrrrrnrr`rarbrSr.r r,rr5rrrrrs   rc@s:eZdZUdZejejdZde d<e Z e Z d d d Zd S) IPAddress_IDz# An IP address service ID. ) converterreiprDrr#r<cCst||jr |j|jkSdS)zC https://tools.ietf.org/search/rfc2818#section-3.1 F)r>r.rrDr{rrrr5Ps  zIPAddress_ID.verifyNr|)rrrrrrrNrOrrrdr.r r,r5rrrrrCs rc@NeZdZUdZeZded<eZded<e Z e Z ddd Z dddZdS)URI_IDz An URI service ID. rIprotocolrdns_idurircCsnt|ts d}t||}d|vst|rd}t||d\}}|dt |_ t |d|_ dS)NzURI-ID must be a text string.:zInvalid URI-ID.rF/) r>rrYrZrRrMrmrr[r\rrr)rxrr/protrnrrrrfs zURI_ID.__init__rDrr#r<cCs*t||jr|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.2 F)r>r.rirrr5rjr{rrrr5us   z URI_ID.verifyN)rrr|)rrrrrrrrrrhr.r r,rr5rrrrrZ  rc@r)SRV_IDz An SRV service ID. rIrtrrsrvrcCs~t|ts d}t||}d|vst|s|ddkr#d}t||dd\}}|dddt |_ t ||_ dS)NzSRV-ID must be a text string.rWr_zInvalid SRV-ID.rrF) r>rrYrZrRrMrmrr[r\rtrr)rxrr/rtrnrrrrs zSRV_ID.__init__rDrr#r<cCs*t||jr|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.1 F)r>r.rtrqrr5rjr{rrrr5s z SRV_ID.verifyN)rrr|)rrrrrrrtrrrpr.r r,rr5rrrrrrrrrIactual_hostnamecCsVd|vr'|dd\}}|dd\}}||krdS|dr!dS|d|fvS||kS)zT :return: `True` if *cert_pattern* matches *actual_hostname*, else `False`. rXrsrFsxn--)rm startswith)rr cert_head cert_tail actual_head actual_tailrrrrs  rNonecCs|d}|dkrd|d}t||d}t|dkr(d|d}t|d|dvr8d|d }t|td d |DrKd|d }t|d S)zh Check whether the usage of wildcards within *cert_pattern* conforms with our expectations. rXrzCertificate's DNS-ID z contains too many wildcards.rsz0 has too few host components for wildcard usage.rz+ has a wildcard outside the left-most part.css|]}t| VqdSr=)len)r%prrrrArBz$_validate_pattern..z contains empty parts.N)countrrmrrC)rcntr/partsrrrr]s        r]sABCDEFGHIJKLMNOPQRSTUVWXYZsabcdefghijklmnopqrstuvwxyz)rrr r!r"r!r#r$)rrr4r!r#r$)r8r9r:r;r#r<)rDrEr#r<)rrIrrIr#r<)rrIr#r)*r __future__rrNr`typingrrrrr exceptionsrr r r r r rrrsrr3r*r-rRrSrdrhrprrrrrrrr]rI maketransr\rrrrsZ $    .      !   .  ' &