U [e.@sdZddlmZmZmZddlZddlZddlZddlm Z m Z ddl m Z m Z mZmZmZmZz ddlZWnek rdZYnXejddGd d d eZd d Zd dZddZddZejdddGdddeZejddGdddeZejdddGdddeZejdddGdddeZejdddGdddeZejddGdd d eZ ejdddGd!d"d"eZ!ejdddGd#d$d$eZ"d%d&Z#d'd(Z$e d)d*Z%dS)+z Common verification code. )absolute_importdivisionprint_functionN) maketrans text_type)CertificateError DNSMismatchIPAddressMismatch SRVMismatch URIMismatchVerificationErrorT)slotsc@s eZdZdZeZeZdS) ServiceMatchz< A match of a service id and a certificate pattern. N)__name__ __module__ __qualname____doc__attrib service_id cert_patternrrZ/var/www/html/services/stratfitenv/lib/python3.8/site-packages/service_identity/_common.pyrsrcCsg}t||t||}dd|D}|D]}||kr*||j|dq*|D]*}||krNt||jrN||j|dqN|rt|d|S)z Verify whether *cert_patterns* are valid for *obligatory_ids* and *optional_ids*. *obligatory_ids* must be both present and match. *optional_ids* must match if a pattern of the respective type is present. cSsg|] }|jqSr)r).0matchrrr 4sz+verify_service_identity..)Z mismatched_id)errors) _find_matchesappenderror_on_mismatch_contains_instance_of pattern_classr ) cert_patternsZobligatory_idsZ optional_idsrmatchesZ matched_idsirrrverify_service_identity's$   r&cCs8g}|D]*}|D] }||r|t||dqq|S)a Search for matching certificate patterns and service_ids. :param cert_ids: List certificate IDs like DNSPattern. :type cert_ids: `list` :param service_ids: List of service IDs like DNS_ID. :type service_ids: `list` :rtype: `list` of `ServiceMatch` )rr)verifyrr)r#Z service_idsr$ZsidZcidrrrrIs  rcCs|D]}t||rdSqdS)zB :type seq: iterable :type cl: type :rtype: bool TF) isinstance)seqclerrrr!]s r!cCst|tr0z|d}Wntk r.YdSXzt|WdStk rRYnXzt|ddWntk rYdSXdS)z Check whether *pattern* could be/match an IP address. :param pattern: A pattern for a host name. :type pattern: `bytes` or `unicode` :return: `True` if *pattern* could be an IP address, else `False`. :rtype: bool asciiFT*1) r(bytesdecode UnicodeErrorint ValueError ipaddress ip_addressreplacepatternrrr_is_ip_addressjs r9F)initrc@s*eZdZdZeZedZ ddZ dS) DNSPatternz7 A DNS pattern as extracted from certificates. ^[a-z0-9\-_.]+$cCsdt|tstd|}|dks2t|s2d|kr@td||t|_ d|j kr`t |j dS)( :type pattern: `bytes` z'The DNS pattern must be a bytes string.zInvalid DNS pattern {0!r}.*N) r(r/ TypeErrorstripr9rformat translate_TRANS_TO_LOWERr8_validate_patternselfr8rrr__init__s   zDNSPattern.__init__N) rrrrrrr8recompile_RE_LEGAL_CHARSrIrrrrr;s r;c@s$eZdZdZeZeddZdS)IPAddressPatternz? An IP address pattern as extracted from certificates. cCs:z|t|dWStk r4td|YnXdS)Nr7z Invalid IP address pattern {!r}.)r4r5r3rrC)clsbsrrr from_bytess zIPAddressPattern.from_bytesN) rrrrrrr8 classmethodrPrrrrrMsrMc@s(eZdZdZeZeZddZdS) URIPatternz8 An URI pattern as extracted from certificates. cCsdt|tstd|t}d|ks8d|ks8t|rFtd|| d\|_ }t ||_ dS)r=z'The URI pattern must be a bytes string.:r@zInvalid URI pattern {0!r}.N) r(r/rArBrDrEr9rrCsplitprotocol_patternr; dns_pattern)rHr8hostnamerrrrIs zURIPattern.__init__N) rrrrrrrUrVrIrrrrrRsrRc@s(eZdZdZeZeZddZdS) SRVPatternz8 An SRV pattern as extracted from certificates. cCs~t|tstd|t}|ddksDd|ksDd|ksDt|rRtd|| dd\}}|dd|_ t ||_ dS) r=z'The SRV pattern must be a bytes string.r_.r@zInvalid SRV pattern {0!r}.rN) r(r/rArBrDrEr9rrCrT name_patternr;rV)rHr8namerWrrrrIs"  zSRVPattern.__init__N) rrrrrrr[rVrIrrrrrXsrXc@s:eZdZdZeZedZ e Z e Z ddZddZdS)DNS_IDz) A DNS service ID, aka hostname. r<cCst|tstd|}|dks*t|r2tdtdd|Dr^trTt|}qht dn |d}| t |_ |j |j dkrtddS) z+ :type hostname: `unicode` z DNS-ID must be a unicode string.zInvalid DNS-ID.css|]}t|dkVqdS)N)ord)rcrrr sz"DNS_ID.__init__..z+idna library is required for non-ASCII IDs.r,N)r(rrArBr9r3anyidnaencode ImportErrorrDrErWrLr)rHrWZascii_idrrrrIs    zDNS_ID.__init__cCs"t||jrt|j|jSdSdS)zC https://tools.ietf.org/search/rfc6125#section-6.4 FN)r(r"_hostname_matchesr8rWrGrrrr's z DNS_ID.verifyN)rrrrrrrWrJrKrLr;r"r r rIr'rrrrr]s r]c@s.eZdZdZejejdZe Z e Z ddZ dS) IPAddress_IDz# An IP address service ID. ) convertercCs |j|jkS)zC https://tools.ietf.org/search/rfc2818#section-3.1 )ipr8rGrrrr',szIPAddress_ID.verifyN)rrrrrrr4r5rjrMr"r r r'rrrrrh!s rhc@s8eZdZdZeZeZeZ e Z ddZ ddZ dS)URI_IDz An URI service ID. cCsft|tstd|}d|ks*t|r2td|d\}}|dt |_ t |d|_ dS)z& :type uri: `unicode` z URI-ID must be a unicode string.:zInvalid URI-ID.r,/N) r(rrArBr9r3rTrerDrEprotocolr]dns_id)rHuriZprotrWrrrrI?s zURI_ID.__init__cCs.t||jr&|j|jko$|j|jSdSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.2 FN)r(r"rUrnror'rVrGrrrr'Os    z URI_ID.verifyN)rrrrrrrnrorRr"r r rIr'rrrrrk3srkc@s8eZdZdZeZeZeZ e Z ddZ ddZ dS)SRV_IDz An SRV service ID. cCsvt|tstd|}d|ks6t|s6|ddkr>td|dd\}}|dddt |_ t ||_ dS) z& :type srv: `unicode` z SRV-ID must be a unicode string..r_zInvalid SRV-ID.rNr,) r(rrArBr9r3rTrerDrEr\r]ro)rHZsrvr\rWrrrrIhs zSRV_ID.__init__cCs.t||jr&|j|jko$|j|jSdSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.1 FN)r(r"r\r[ror'rVrGrrrr'xs  z SRV_ID.verifyN)rrrrrrr\rorXr"r r rIr'rrrrrq\srqcCs^d|krR|dd\}}|dd\}}||kr4dS|drBdS|dkpP||kS||kSdS)z :type cert_pattern: `bytes` :type actual_hostname: `bytes` :return: `True` if *cert_pattern* matches *actual_hostname*, else `False`. :rtype: `bool` r@rZrFsxn--N)rT startswith)rZactual_hostnameZ cert_headZ cert_tailZ actual_headZ actual_tailrrrrgs rgcCs|d}|dkr td||d}t|dkrDtd|d|dkr^td|td d |Dr~td |d S) z Check whether the usage of wildcards within *cert_pattern* conforms with our expectations. :type hostname: `bytes` :return: None r@rz7Certificate's DNS-ID {0!r} contains too many wildcards.rZzJCertificate's DNS-ID {0!r} has too few host components for wildcard usage.rzECertificate's DNS-ID {0!r} has a wildcard outside the left-most part.css|]}t| VqdS)N)len)rprrrrbsz$_validate_pattern..z0Certificate's DNS-ID {0!r} contains empty parts.N)countrrCrTrvrc)rZcntpartsrrrrFs4    rFsABCDEFGHIJKLMNOPQRSTUVWXYZsabcdefghijklmnopqrstuvwxyz)&r __future__rrrr4rJrZ_compatrr exceptionsrr r r r r rdrfsobjectrr&rr!r9r;rMrRrXr]rhrkrqrgrFrErrrrsL     "      /  ( '%