Spade
Mini Shell
| Directory:~$ /proc/self/root/usr/lib/python2.7/site-packages/acme/ |
| [Home] [System Details] [Kill Me] |
�
���_c@s\dZddlZddlZddlZddlZddlZddlZddlZddl m
Z
ddl m
Z
ddl
m
Z
ddlmZddlmZddlmZeje�Ze
jZd efd
��YZd
efd
��YZd
deddd�Ze
d�Z
d�Z
d�Z dd
e
dd�Z!e
j"d�Z#dS(
sCrypto
utilities.i����N(tcrypto(tSSL(terrors(tCallable(tTuple(tUniont_DefaultCertSelectioncBseZd�Zd�ZRS(cCs
||_dS(N(tcerts(tselfR((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt__init__ scCs |j�}|jj|d�S(N(tget_servernameRtgettNone(Rt
connectiont
server_name((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt__call__"s
(t__name__t
__module__R R(((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR
s t SSLSocketcBsTeZdZdeddd�Zd�Zd�Zdefd��YZ d�Z
RS(s�SSL wrapper for sockets.
:ivar socket sock: Original wrapped socket.
:ivar dict certs: Mapping from domain names (`bytes`) to
`OpenSSL.crypto.X509`.
:ivar method: See `OpenSSL.SSL.Context` for allowed values.
:ivar alpn_selection: Hook to select negotiated ALPN protocol for
connection.
:ivar cert_selection: Hook to select certificate for connection. If
given,
`certs` parameter would be ignored, and therefore must be empty.
cCs{||_||_||_|
r8|
r8td��n|rS|rStd��n|dkrnt|�}n||_dS(Ns*Neither
cert_selection or certs specified.s(Both cert_selection and certs
specified.(tsocktalpn_selectiontmethodt
ValueErrorR
Rtcert_selection(RRRRRR((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR 4s
cCst|j|�S(N(tgetattrR(Rtname((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt
__getattr__BscCs�|j|�}|dkr5tjd|j��dS|\}}tj|j�}|jtj �|jtj
�|j
|�|j
|�|j
dk r�|j|j
�n|j|�dS(s�SNI
certificate callback.
This method will set a new OpenSSL context object for this
connection when an incoming connection provides an SNI name
(in order to serve the appropriate certificate, if any).
:param connection: The TLS connection object on which the SNI
extension was received.
:type connection: :class:`OpenSSL.Connection`
s=Certificate selection for server name %s failed, dropping
SSLN(RR
tloggertdebugR
RtContextRt
set_optionst
OP_NO_SSLv2t
OP_NO_SSLv3tuse_privatekeytuse_certificateRtset_alpn_select_callbackt
set_context(RR
tpairtkeytcertt
new_context((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt_pick_certificate_cbEs
tFakeConnectioncBs)eZdZd�Zd�Zd�ZRS(s
Fake
OpenSSL.SSL.Connection.cCs
||_dS(N(t_wrapped(RR
((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR escCst|j|�S(N(RR+(RR((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyRhscGs
|jj�S(N(R+tshutdown(Rt
unused_args((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR,ks(RRt__doc__R RR,(((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR*`s cCs�|jj�\}}tj|j�}|jtj�|jtj�|j|j �|j
dk ry|j
|j
�n|j
tj||��}|j�tjd|�y|j�Wn%tjk
r�}tj|��nX||fS(Ns
Performing handshake with
%s(RtacceptRR
RR
R R t
set_tlsext_servername_callbackR)RR
R#R*t
Connectiontset_accept_stateRR
t
do_handshaketErrortsocketterror(RRtaddrtcontexttssl_sockR6((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR/os
N(
RRR.R
t_DEFAULT_SSL_METHODR RR)tobjectR*R/(((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyR's
i�i,tic CsPtj|�}|j|�i|d6}yXtjd|||r[dj|d|d�nd�||f} tj| |�}
Wn%tjk
r�}
t j
|
��nXt
j
|
���}
tj
||
�}
|
j�|
j|�|dk r|
j|�ny|
j�|
j�Wn%tj
k
r?}
t j
|
��nXWdQX|
j�S(sProbe SNI server for SSL certificate.
:param bytes name: Byte string to send as the server name in the
client hello message.
:param bytes host: Host to connect to.
:param int port: Port to connect to.
:param int timeout: Timeout in seconds.
:param method: See `OpenSSL.SSL.Context` for allowed values.
:param tuple source_address: Enables multi-path probing (selection
of source interface). See `socket.creation_connection` for more
info. Available only in Python 2.7+.
:param alpn_protocols: Protocols to request using ALPN.
:type alpn_protocols: `list` of `bytes`
:raises acme.errors.Error: In case of any problems.
:returns: SSL certificate presented by the server.
:rtype: OpenSSL.crypto.X509
tsource_addresss!Attempting to connect to %s:%d%s.s
from
{0}:{1}iiR<N(RR
t
set_timeoutRR
tformatR5tcreate_connectionR6RR4t
contextlibtclosingR1tset_connect_statetset_tlsext_host_nameR
tset_alpn_protosR3R,tget_peer_certificate(RthosttportttimeoutRR=talpn_protocolsR8t
socket_kwargst
socket_tupleRR6tclientt
client_ssl((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt probe_sni�s.
'
cCs�tjtj|�}tj�}tjddtddjd�|D��jd��g}|r�|jtjddtdd��n|j |�|j
|�|j
d �|j
|d
�tj
tj|�S(
s�Generate a CSR containing a list of domains as
subjectAltNames.
:param buffer private_key_pem: Private key, in PEM PKCS#8 format.
:param list domains: List of DNS names to include in subjectAltNames of
CSR.
:param bool must_staple: Whether to include the TLS Feature extension
(aka
OCSP Must Staple: https://tools.ietf.org/html/rfc7633).
:returns: buffer PEM-encoded Certificate Signing Request.
tsubjectAltNametcriticaltvalues,
css|]}d|VqdS(sDNS:N((t.0td((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pys <genexpr>�stasciis1.3.6.1.5.5.7.1.24sDER:30:03:02:01:05itsha256(Rtload_privatekeyt
FILETYPE_PEMtX509Reqt
X509ExtensiontFalsetjointencodetappendtadd_extensionst
set_pubkeyt
set_versiontsigntdump_certificate_request(tprivate_key_pemtdomainst
must_staplet
private_keytcsrt
extensions((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pytmake_csr�s$
(
cCsU|j�j}t|�}|dkr+|S|gg|D]}||kr8|^q8S(N(t
get_subjecttCNt_pyopenssl_cert_or_req_sanR
(tloaded_cert_or_reqt
common_nametsansRT((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt
_pyopenssl_cert_or_req_all_names�s
c Cs�d}d}d|}t|tj�r4tj}n tj}|tj|�jd�}tjd|�}|dkr|gn|j
d�j
|�}g|D](}|j
|�r�|j
|�d^q�S(s�Get
Subject Alternative Names from certificate or CSR using pyOpenSSL.
.. todo:: Implement directly in PyOpenSSL!
.. note:: Although this is `acme` internal API, it is used by
`letsencrypt`.
:param cert_or_req: Certificate or CSR.
:type cert_or_req: `OpenSSL.crypto.X509` or `OpenSSL.crypto.X509Req`.
:returns: A list of Subject Alternative Names.
:rtype: `list` of `unicode`
t:s, tDNSsutf-8s5X509v3 Subject Alternative Name:(?:
critical)?\s*(.*)iN(
t
isinstanceRtX509tdump_certificateRct
FILETYPE_TEXTtdecodetretsearchR
tgrouptsplitt
startswith( t
cert_or_reqtpart_separatortparts_separatortprefixtfuncttexttmatcht
sans_partstpart((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyRm�s
*iii<c
CsT|std��tj�}|jttjtjd��d��|j d�|dkrhg}n|j
tj
dt
d��|d|j�_|j|j��|s�t|�dkr�|j
tj
dd td
d
jd
�|D����n|j|�|j|dkr dn|�|j|�|j|�|j|d
�|S(s*Generate
new self-signed certificate.
:type domains: `list` of `unicode`
:param OpenSSL.crypto.PKey key:
:param bool force_san:
:param extensions: List of additional extensions to include in the
cert.
:type extensions: `list` of `OpenSSL.crypto.X509Extension`
If more than one domain is provided, all of the domains are put into
``subjectAltName`` X.509 extension and first domain is set as the
subject CN. If only one domain is provided no ``subjectAltName``
extension is used, unless `force_san` is ``True``.
s0Must provide one or more hostnames for the
cert.iitbasicConstraintssCA:TRUE, pathlen:0iiRPRQRRs,
css |]}d|j�VqdS(sDNS:N(R](RSRT((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pys <genexpr>7sRVN(tAssertionErrorRRutset_serial_numbertinttbinasciithexlifytosturandomRaR
R^RZtTrueRkRlt
set_issuertlenR[R\R_tgmtime_adj_notBeforetgmtime_adj_notAfterR`Rb(R&Ret
not_beforetvalidityt force_sanRiR'((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt
gen_ss_certs,
(
cs,�fd��dj�fd�|D��S(s�Dump
certificate chain into a bundle.
:param list chain: List of `OpenSSL.crypto.X509` (or wrapped in
:class:`josepy.util.ComparableX509`).
:returns: certificate chain bundle
:rtype: bytes
cs.t|tj�r
|j}ntj�|�S(N(RttjosetComparableX509twrappedRRv(R'(tfiletype(s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt
_dump_certQs
R<c3s|]}�|�VqdS(N((RSR'(R�(s4/usr/lib/python2.7/site-packages/acme/crypto_util.pys <genexpr>Xs(R\(tchainR�((R�R�s4/usr/lib/python2.7/site-packages/acme/crypto_util.pytdump_pyopenssl_chainDs
(R<ii�i`'i�: ($R.R�RAtloggingR�RyR5tjosepyR�tOpenSSLRRtacmeRtacme.magic_typingRRRt getLoggerRRt
SSLv23_METHODR:R;RRR
ROR[RjRqRmR�R�RXR�(((s4/usr/lib/python2.7/site-packages/acme/crypto_util.pyt<module>s4
`
5
+1