_f:dZddlmZddlZddlZddlmZddlmZddl m Z ddl m Z ddl mZd d lmZd d lmZmZmZmZmZmZmZmZeje5dd lmZdd lmZdddn #1swxYwYdgZ ddZ!ddZ"e dZ#d dZ$d dZ%dS)!zA `pyOpenSSL `_-specific code. ) annotationsN)Sequence)decode) IA5String)ObjectIdentifier) GeneralNames)CertificateError)DNS_IDCertificatePattern DNSPattern IPAddress_IDIPAddressPattern SRVPattern URIPatternverify_service_identity)X509) Connectionverify_hostname connectionrhostnamestrreturnNonectt|t|ggdS)a; Verify whether the certificate of *connection* is valid for *hostname*. Args: connection: A pyOpenSSL connection object. hostname: The hostname that *connection* should be connected to. Raises: service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *hostname*. service_identity.CertificateError: If certificate provided by *connection* contains invalid / unexpected data. This includes the case where the certificate contains no ``subjectAltName``\ s. .. versionchanged:: 24.1.0 :exc:`~service_identity.CertificateError` is raised if the certificate contains no ``subjectAltName``\ s instead of :exc:`~service_identity.VerificationError`.  cert_patternsobligatory_ids optional_idsN)rextract_patternsget_peer_certificater )rrs L/var/www/html/env/lib/python3.11/site-packages/service_identity/pyopenssl.pyrr'sT0&  + + - -  x(()  ip_addressctt|t|ggdS)aX Verify whether the certificate of *connection* is valid for *ip_address*. Args: connection: A pyOpenSSL connection object. ip_address: The IP address that *connection* should be connected to. Can be an IPv4 or IPv6 address. Raises: service_identity.VerificationError: If *connection* does not provide a certificate that is valid for *ip_address*. service_identity.CertificateError: If the certificate chain of *connection* contains a certificate that contains invalid/unexpected data. .. versionadded:: 18.1.0 .. versionchanged:: 24.1.0 :exc:`~service_identity.CertificateError` is raised if the certificate contains no ``subjectAltName``\ s instead of :exc:`~service_identity.VerificationError`. rN)rr r!r)rr$s r"verify_ip_addressr&HsT6&  + + - -  %Z001 r#z1.3.6.1.5.5.7.8.7certrSequence[CertificatePattern]cg}t|D]5}||}|dkrt |t \}}|D]}|}|dkrL|tj | i|dkrL|tj | |dkrM|tj | |dkr| }|d} | t krt |d\} }t#| t$r;|t'j | t)d ΐА7|S) a  Extract all valid ID patterns from a certificate for service verification. Args: cert: The certificate to be dissected. Returns: List of IDs. .. versionchanged:: 23.1.0 ``commonName`` is not used as a fallback anymore. ssubjectAltName)asn1SpecdNSName iPAddressuniformResourceIdentifier otherNamerr zUnexpected certificate content.)rangeget_extension_count get_extensionget_short_namerget_datargetNameappendr from_bytes getComponentasOctetsrrgetComponentByPosition ID_ON_DNS_SRV isinstancerrr ) r'idsiextnames_n name_stringcompoidsrvs r"r r os3%'C 4++-- . .""  ##     #4 4 4cllnn|~~FFFHE1  iikk )++JJ"-ann.>.>.G.G.I.IJJ!K//JJ(3NN,,5577 !$???JJ"-ann.>.>.G.G.I.IJJ!K//>>++D55a88Cm++!'(C(CA(F(F!G!GQ%c955JJz'r_s#"""""++++++&&&&&&------//////((((((                    Z%%''######&&&&&&'''''''''''''''  B!!!!H! !455 2222j " " " " " "s A22A69A6