o
    À\"  ã                   @   s¶   d Z ddlmZmZmZ ddlZddlZddlmZ ddl	m
Z
 ddlmZ ddlmZ dd	lmZmZmZmZmZmZmZmZ dd
lmZ dgZdd„ Zdd„ ZedƒZdd„ ZdS )zA
`pyOpenSSL <https://github.com/pyca/pyopenssl>`_-specific code.
é    )Úabsolute_importÚdivisionÚprint_functionN)Údecode)Ú	IA5String)ÚObjectIdentifier)ÚGeneralNamesé   )ÚDNS_IDÚCertificateErrorÚ
DNSPatternÚIPAddress_IDÚIPAddressPatternÚ
SRVPatternÚ
URIPatternÚverify_service_identity)ÚSubjectAltNameWarningÚverify_hostnamec                 C   ó    t t|  ¡ ƒt|ƒgg d dS )a?  
    Verify whether the certificate of *connection* is valid for *hostname*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode hostname: The hostname that *connection* should be connected
        to.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *hostname*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``
    ©Zcert_patternsZobligatory_idsZoptional_idsN)r   Úextract_idsÚget_peer_certificater
   )Ú
connectionZhostname© r   ú</usr/lib/python3/dist-packages/service_identity/pyopenssl.pyr       s
   

ýc                 C   r   )a†  
    Verify whether the certificate of *connection* is valid for *ip_address*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode ip_address: The IP address that *connection* should be
        connected to.  Can be an IPv4 or IPv6 address.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *ip_address*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``

    .. versionadded:: 18.1.0
    r   N)r   r   r   r   )r   Z
ip_addressr   r   r   Úverify_ip_address7   s
   

ýr   z1.3.6.1.5.5.7.8.7c                 C   sp  g }t j |  ¡ ¡D ]‚}|  |¡}| ¡ dkrŒt| ¡ tƒ d\}}|D ]g}| 	¡ }|dkr:| 
t| ¡  ¡ ƒ¡ q$|dkrK| 
t | ¡  ¡ ¡¡ q$|dkr[| 
t| ¡  ¡ ƒ¡ q$|dkrŠ| ¡ }| d¡}	|	tkrˆt| d¡ƒ\}
}t|
tƒr„| 
t|
 ¡ ƒ¡ q$td	ƒ‚	 q$	 q$q
|s¶d
d„ |  ¡  ¡ D ƒ}tt|ƒdƒ}dd„ |D ƒ}tjd| d¡f tdd |S )a  
    Extract all valid IDs from a certificate for service verification.

    If *cert* doesn't contain any identifiers, the ``CN``s are used as DNS-IDs
    as fallback.

    :param OpenSSL.SSL.X509 cert: The certificate to be dissected.

    :return: List of IDs.
    s   subjectAltName)Zasn1SpecZdNSNameZ	iPAddressZuniformResourceIdentifierZ	otherNamer   r	   zUnexpected certificate content.c                 S   s    g | ]}|d  dkr|d ‘qS )r   s   CNr	   r   ©Ú.0Úcr   r   r   Ú
<listcomp>„   s
    ÿÿzextract_ids.<locals>.<listcomp>s   <not given>c                 S   s   g | ]}t |ƒ‘qS r   )r   r   r   r   r   r   ˆ   s    zîCertificate with CN '%s' has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.  service_identity will remove the support for it in mid-2018.zutf-8é   )Ú
stacklevel)ÚsixZmovesÚrangeZget_extension_countZget_extensionZget_short_namer   Úget_datar   ZgetNameÚappendr   ZgetComponentZasOctetsr   Ú
from_bytesr   ZgetComponentByPositionÚID_ON_DNS_SRVÚ
isinstancer   r   r   Zget_subjectZget_componentsÚnextÚiterÚwarningsÚwarnr   )ZcertZidsÚiÚextÚnamesÚ_ÚnZname_stringÚcompZoidZsrvZ
componentsZcnr   r   r   r   S   sX   

ÿÿ

ÿ€
ÿ
üù	r   )Ú__doc__Z
__future__r   r   r   r+   r"   Zpyasn1.codec.der.decoderr   Zpyasn1.type.charr   Zpyasn1.type.univr   Zpyasn1_modules.rfc2459r   Z_commonr
   r   r   r   r   r   r   r   Ú
exceptionsr   Ú__all__r   r   r'   r   r   r   r   r   Ú<module>   s    (
