Spade

Mini Shell

Directory:~$ /proc/self/root/usr/lib64/python2.7/site-packages/M2Crypto/SSL/
Upload File
[Home] [System Details] [Kill Me]
Current File:~$ //proc/self/root/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyc

�
z\Vc@s�dZdddddgZddlmZmZmZddlZddlZdefd	��YZ	de	fd
��YZ
de	fd��YZde	fd��YZddd
��YZ
edkr�ddlZej�ndS(s�
SSL peer certificate checking routines

Copyright (c) 2004-2007 Open Source Applications Foundation.
All rights reserved.

Copyright 2008 Heikki Toivonen. All rights reserved.
tSSLVerificationErrort
NoCertificatetWrongCertificatet	WrongHosttCheckeri����(tutiltEVPtm2NcBseZRS((t__name__t
__module__(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyRscBseZRS((RR	(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyRscBseZRS((RR	(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyRscBseZdd�Zd�ZRS(t
commonNamecCsG|dkrtd��ntj|�||_||_||_dS(sz
        This exception will be raised if the certificate returned by the
        peer was issued for a different host than we tried to connect to.
        This could be due to a server misconfiguration or an active attack.
        
        @param expectedHost: The name of the host we expected to find in
the
                             certificate.
        @param actualHost:   The name of the host we actually found in the
                             certificate.
        @param fieldName:    The field name where we noticed the error.
This
                             should be either 'commonName' or
'subjectAltName'.
        R
tsubjectAltNames@Unknown fieldName, should be either commonName or
subjectAltNameN(s
commonNamessubjectAltName(t
ValueErrorRt__init__texpectedHostt
actualHostt	fieldName(tselfRRR((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyR
s

		cCsAd|j|j|jf}t|t�r=|jd�}n|S(Ns<Peer
certificate %s does not match host, expected %s, got %stutf8(RRRt
isinstancetunicodetencode(Rts((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyt__str__0s
(RR	R
R(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyRscBsPeZejd�Zdddd�Zdd�Zd�Zd�Z	d�Z
RS(s^[0-9]+(\.[0-9]+)*$tsha1cCs||_||_||_dS(N(thosttfingerprinttdigest(RRtpeerCertHashtpeerCertDigest((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyR
<s		c
Cs~|dkrtd��n|dk	r3||_n|jr"|jdkratd|j��n|jdkr�t|j�dks�|jdkr�t|j�dkr�td��n|j�}t	j
|j�}|j|�|j�}t
j|�t|jd�kr"td	��q"n|jrzt}t|_ya|jd
�j�}|j|j|�rpt}n*|jr�td|jd|d
d
��nWntk
r�nX|szt}d}	xt|j�jtj�D]Z}
t}|
j�j�}|	s|}	n|	d|7}	|j|j|�r�t}Pq�q�W|sMtd��n|swtd|jd|	d
d��qwqzntS(Nspeer
did not return certificateRtmd5sunsupported digest "%s"i(i
s2peer certificate fingerprint length does not matchis+peer certificate
fingerprint does not matchRRRRtt,s!no commonName in peer certificateR
(RR(tNoneRRRRRtlenRtas_derRt
MessageDigesttupdatetfinalRtoctx_to_numtinttFalsetuseSubjectAltNameOnlytget_extt	get_valuet_splitSubjectAltNametTrueRtLookupErrortget_subjecttget_entries_by_nidRtNID_commonNametget_datatas_textt_match(RtpeerCertRtdertmdRthostValidationPassedRt
hasCommonNametcommonNamestentryR
((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyt__call__As`	$$
!				
	cCs�t|_x�|jd�D]�}|j�j�}|d
dkrgt|_|j||d�r�tSq|d
dkrt|_|j||d�r�tSqqWtS(sg
        >>> check = Checker()
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:my.example.com')
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:*.example.com')
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:m*.example.com')
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:m*ample.com')
        False
        >>> check.useSubjectAltNameOnly
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:m*ample.com, othername:<unsupported>')
        False
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:m*ample.com, DNS:my.example.org')
        False
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:m*ample.com, DNS:my.example.com')
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='DNS:my.example.com, DNS:my.example.org')
        True
        >>> check.useSubjectAltNameOnly
        True
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='')
        False
        >>>
check._splitSubjectAltName(host='my.example.com',
subjectAltName='othername:<unsupported>')
        False
        >>> check.useSubjectAltNameOnly
        False
        R isdns:isip
address:(R)R*tsplittlowertstripR.R5t_matchIPAddress(RRRtcertHost((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyR-�s			cCs�|j�}|j�}||kr(tS|jd�dkrAtS|jj|�sq|jj|jdd��rutS|jd�dkr�tS|jdd�}|jdd�}tj	d	|�j|�r�tStS(
s
        >>> check = Checker()
        >>> check._match(host='my.example.com',
certHost='my.example.com')
        True
        >>> check._match(host='my.example.com',
certHost='*.example.com')
        True
        >>> check._match(host='my.example.com',
certHost='m*.example.com')
        True
        >>> check._match(host='my.example.com',
certHost='m*.EXAMPLE.com')
        True
        >>> check._match(host='my.example.com',
certHost='m*ample.com')
        False
        >>> check._match(host='my.example.com',
certHost='*.*.com')
        False
        >>> check._match(host='1.2.3.4',
certHost='1.2.3.4')
        True
        >>> check._match(host='1.2.3.4',
certHost='*.2.3.4')
        False
        >>> check._match(host='1234',
certHost='1234')
        True
        t*iRs\i����t.s\.s[^\.]*s^%s$(
R?R.tcountR)tnumericIpMatchtmatchtreplacetfindtretcompile(RRRB((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyR5�s
cCsayLtj|ddtjdtj�}tj|ddtjdtj�}WntSX||kS(ss
        >>> check = Checker()
        >>> check._matchIPAddress(host='my.example.com',
certHost='my.example.com')
        False
        >>> check._matchIPAddress(host='1.2.3.4',
certHost='1.2.3.4')
        True
        >>> check._matchIPAddress(host='1.2.3.4',
certHost='*.2.3.4')
        False
        >>> check._matchIPAddress(host='1.2.3.4',
certHost='1.2.3.40')
        False
        >>> check._matchIPAddress(host='::1',
certHost='::1')
        True
        >>> check._matchIPAddress(host='::1',
certHost='0:0:0:0:0:0:0:1')
        True
        >>> check._matchIPAddress(host='::1',
certHost='::2')
        False
       
i(tsockettgetaddrinfotSOCK_STREAMtAI_NUMERICHOSTR)(RRRBt	canonicalt
certCanonical((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyRA�s	N(RR	RJRKRFR!R
R=R-R5RA(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyR8s?	,	6t__main__((t__doc__t__all__tM2CryptoRRRRLRJt	ExceptionRRRRRRtdoctestttestmod(((s:/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.pyt<module>s	�