o

��\"�@s�dZd
dl
mZmZmZ
d
dlZd
dlZd
dlmZ
d
dl	m
Z

d
dlmZ
d
dl
mZ
dd	lmZmZmZmZmZmZmZmZ
dd
lmZ
dg
Zdd�Zd
d�Zed�
Zdd�ZdS)zA
`pyOpenSSL <https://github.com/pyca/pyopenssl>`_-specific code.
�)�absolute_import�division�print_functionN)
�decode)
�	IA5String)
�ObjectIdentifier)
�GeneralNames�
)�DNS_ID�CertificateError�
DNSPattern�IPAddress_ID�IPAddressPattern�
SRVPattern�
URIPattern�verify_service_identity)
�SubjectAltNameWarning�verify_hostnamecC� tt
|���
t|
�
g
gd
�
dS)a?
    Verify whether the certificate of *connection* is valid for *hostname*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode hostname: The hostname that *connection* should be connected
        to.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *hostname*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``
    ��
cert_patterns�obligatory_ids�optional_idsN)r�extract_ids�get_peer_certificater
)�
connection�hostname�r�</usr/lib/python3/dist-packages/service_identity/pyopenssl.pyr s





�cCr)a�
    Verify whether the certificate of *connection* is valid for *ip_address*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode ip_address: The IP address that *connection* should be
        connected to.  Can be an IPv4 or IPv6 address.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *ip_address*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``

    .. versionadded:: 18.1.0
    rN)rrrr
)r�
ip_addressrrr�verify_ip_address7s





�r z1.3.6.1.5.5.7.8.7c

Csp
g}
tj
�|���
D]�}|�|�
}|��d
kr�t|��t�d�\}}|D]g}|�	�}|dkr:|
�
t|���
��
�

q$|dkrK|
�
t�|���
��
�

q$|dkr[|
�
t|���
��
�

q$|dkr�|��}|�d�
}	|	tkr�t|�d�
�
\}
}t|
t�r�|
�
t|
�
��
�

q$td	�
�
	q$	q$q
|
s�d
d�|����D�
}tt|�
d�}d
d�|D�
}
tjd|�d�
f
tdd�
|
S)a

    Extract all valid IDs from a certificate for service verification.

    If *cert* doesn't contain any identifiers, the ``CN``s are used as DNS-IDs
    as fallback.

    :param OpenSSL.SSL.X509 cert: The certificate to be dissected.

    :return: List of IDs.
    ssubjectAltName)
�asn1Spec�dNSName�	iPAddress�uniformResourceIdentifier�	otherNamer
r	zUnexpected certificate content.c
Ss g|]}
|
dd
kr|
d�qS)r
sCNr	r��.0�
crrr�
<listcomp>�s
zextract_ids.<locals>.<listcomp>s<not given>c
Ssg|]}
t|
�
�qSr)
rr&rrrr)�sz�Certificate with CN '%s' has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.  service_identity will remove the support for it in mid-2018.zutf-8�)
�
stacklevel)�six�moves�range�get_extension_count�
get_extension�get_short_namer�get_datar�getName�appendr�getComponent�asOctetsr�
from_bytesr�getComponentByPosition�
ID_ON_DNS_SRV�
isinstancerrr�get_subject�get_components�next�iter�warnings�warnr)
�cert�ids�
i�ext�names�
_�
n�name_string�comp�oid�srv�
components�cnrrrrSsX













��










��

�



�
�	r)�__doc__�
__future__rrrr?r,�pyasn1.codec.der.decoderr�pyasn1.type.charr�pyasn1.type.univr�pyasn1_modules.rfc2459r�_commonr
rrr
rrrr�
exceptionsr�__all__rr r9rrrrr�<module>
s


(