o ֞\.@sdZddlmZmZmZddlZddlZddlZddlm Z m Z ddl m Z m Z mZmZmZmZzddlZWn eyAdZYnwejddGd d d eZd d Zd dZddZddZejdddGdddeZejddGdddeZejdddGdddeZejdddGdddeZejdddGdddeZejddGdd d eZ ejdddGd!d"d"eZ!ejdddGd#d$d$eZ"d%d&Z#d'd(Z$e d)d*Z%dS)+z Common verification code. )absolute_importdivisionprint_functionN) maketrans text_type)CertificateError DNSMismatchIPAddressMismatch SRVMismatch URIMismatchVerificationErrorT)slotsc@s eZdZdZeZeZdS) ServiceMatchz< A match of a service id and a certificate pattern. N)__name__ __module__ __qualname____doc__attrib service_id cert_patternrr:/usr/lib/python3/dist-packages/service_identity/_common.pyrs rcCsg}t||t||}dd|D}|D]}||vr$||j|dq|D]}||vr4sz+verify_service_identity..) mismatched_id)errors) _find_matchesappenderror_on_mismatch_contains_instance_of pattern_classr ) cert_patternsobligatory_ids optional_idsrmatches matched_idsirrrverify_service_identity's$   r*cCs8g}|D]}|D]}||r|t||dqq|S)a Search for matching certificate patterns and service_ids. :param cert_ids: List certificate IDs like DNSPattern. :type cert_ids: `list` :param service_ids: List of service IDs like DNS_ID. :type service_ids: `list` :rtype: `list` of `ServiceMatch` )rr)verifyr r)r$ service_idsr'sidcidrrrrIs  rcCs|D] }t||r dSqdS)zB :type seq: iterable :type cl: type :rtype: bool TF) isinstance)seqclerrrr"]s  r"cCs~t|trz|d}Wn tyYdSwzt|WdSty'Ynwz t|ddWdSty>YdSw)z Check whether *pattern* could be/match an IP address. :param pattern: A pattern for a host name. :type pattern: `bytes` or `unicode` :return: `True` if *pattern* could be an IP address, else `False`. :rtype: bool asciiFT*1) r/bytesdecode UnicodeErrorint ValueError ipaddress ip_addressreplacepatternrrr_is_ip_addressjs$    r@F)initrc@s*eZdZdZeZedZ ddZ dS) DNSPatternz7 A DNS pattern as extracted from certificates. ^[a-z0-9\-_.]+$cCsht|ts td|}|dkst|sd|vr td||t|_ d|j vr2t |j dSdS)( :type pattern: `bytes` z'The DNS pattern must be a bytes string.zInvalid DNS pattern {0!r}.*N) r/r6 TypeErrorstripr@rformat translate_TRANS_TO_LOWERr?_validate_patternselfr?rrr__init__s   zDNSPattern.__init__N) rrrrrrr?recompile_RE_LEGAL_CHARSrPrrrrrBs   rBc@s$eZdZdZeZeddZdS)IPAddressPatternz? An IP address pattern as extracted from certificates. cCs0z |t|dWStytd|w)Nr>z Invalid IP address pattern {!r}.)r;r<r:rrJ)clsbsrrr from_bytess zIPAddressPattern.from_bytesN) rrrrrrr? classmethodrWrrrrrTs rTc@(eZdZdZeZeZddZdS) URIPatternz8 An URI pattern as extracted from certificates. cCsdt|ts td|t}d|vsd|vst|r#td|| d\|_ }t ||_ dS)rDz'The URI pattern must be a bytes string.:rGzInvalid URI pattern {0!r}.N) r/r6rHrIrKrLr@rrJsplitprotocol_patternrB dns_pattern)rOr?hostnamerrrrPs zURIPattern.__init__N) rrrrrrr]r^rPrrrrrZ  rZc@rY) SRVPatternz8 An SRV pattern as extracted from certificates. cCs~t|ts td|t}|ddks"d|vs"d|vs"t|r)td|| dd\}}|dd|_ t ||_ dS) rDz'The SRV pattern must be a bytes string.r_.rGzInvalid SRV pattern {0!r}.rN) r/r6rHrIrKrLr@rrJr\ name_patternrBr^)rOr?namer_rrrrPs"  zSRVPattern.__init__N) rrrrrrrdr^rPrrrrrar`rac@s:eZdZdZeZedZ e Z e Z ddZddZdS)DNS_IDz) A DNS service ID, aka hostname. rCcCst|ts td|}|dkst|rtdtdd|Dr.tr*t|}n t d|d}| t |_ |j |j durFtddS) z+ :type hostname: `unicode` z DNS-ID must be a unicode string.zInvalid DNS-ID.css|] }t|dkVqdS)N)ord)rcrrr sz"DNS_ID.__init__..z+idna library is required for non-ASCII IDs.r3N)r/rrHrIr@r:anyidnaencode ImportErrorrKrLr_rSr)rOr_ascii_idrrrrPs    zDNS_ID.__init__cCst||jr t|j|jSdS)zC https://tools.ietf.org/search/rfc6125#section-6.4 F)r/r#_hostname_matchesr?r_rNrrrr+s z DNS_ID.verifyN)rrrrrrr_rQrRrSrBr#r r!rPr+rrrrrfs  rfc@s.eZdZdZejejdZe Z e Z ddZ dS) IPAddress_IDz# An IP address service ID. ) convertercCs |j|jkS)zC https://tools.ietf.org/search/rfc2818#section-3.1 )ipr?rNrrrr+,s zIPAddress_ID.verifyN)rrrrrrr;r<rtrTr#r r!r+rrrrrr!s  rrc@8eZdZdZeZeZeZ e Z ddZ ddZ dS)URI_IDz An URI service ID. cCsft|ts td|}d|vst|rtd|d\}}|dt |_ t |d|_ dS)z& :type uri: `unicode` z URI-ID must be a unicode string.:zInvalid URI-ID.r3/N) r/rrHrIr@r:r\rnrKrLprotocolrfdns_id)rOuriprotr_rrrrP?s zURI_ID.__init__cCs*t||jr|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.2 F)r/r#r]ryrzr+r^rNrrrr+Os   z URI_ID.verifyN)rrrrrrryrzrZr#r r!rPr+rrrrrv3 rvc@ru)SRV_IDz An SRV service ID. cCsvt|ts td|}d|vst|s|ddkrtd|dd\}}|dddt |_ t ||_ dS) z& :type srv: `unicode` z SRV-ID must be a unicode string..r_zInvalid SRV-ID.rNr3) r/rrHrIr@r:r\rnrKrLrerfrz)rOsrvrer_rrrrPhs zSRV_ID.__init__cCs*t||jr|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.1 F)r/r#rerdrzr+r^rNrrrr+xs z SRV_ID.verifyN)rrrrrrrerzrar#r r!rPr+rrrrr~\r}r~cCsZd|vr)|dd\}}|dd\}}||krdS|dr!dS|dkp(||kS||kS)z :type cert_pattern: `bytes` :type actual_hostname: `bytes` :return: `True` if *cert_pattern* matches *actual_hostname*, else `False`. :rtype: `bool` rGrcrFsxn--)r\ startswith)ractual_hostname cert_head cert_tail actual_head actual_tailrrrrqs rqcCs|d}|dkrtd||d}t|dkr"td|d|dvr/td|td d |Dr?td |d S) z Check whether the usage of wildcards within *cert_pattern* conforms with our expectations. :type hostname: `bytes` :return: None rGrz7Certificate's DNS-ID {0!r} contains too many wildcards.rczJCertificate's DNS-ID {0!r} has too few host components for wildcard usage.rzECertificate's DNS-ID {0!r} has a wildcard outside the left-most part.css|]}t| VqdS)N)len)rprrrrksz$_validate_pattern..z0Certificate's DNS-ID {0!r} contains empty parts.N)countrrJr\rrl)rcntpartsrrrrMs2    rMsABCDEFGHIJKLMNOPQRSTUVWXYZsabcdefghijklmnopqrstuvwxyz)&r __future__rrrr;rQr_compatrr exceptionsrr r r r r rmrosobjectrr*rr"r@rBrTrZrarfrrrvr~rqrMrLrrrrsN     "      /  ('%