#a.ndZddlmZmZmZddlZddlZddlZddlm Z m Z ddl m Z m Z mZmZmZmZ ddlZn #e$rdZYnwxYwejdGd d eZd Zd Zd ZdZejddGddeZejdGddeZejddGddeZejddGddeZejddGddeZejdGddeZ ejddGddeZ!ejddGdd eZ"d!Z#d"Z$e d#d$Z%dS)%z Common verification code. )absolute_importdivisionprint_functionN) maketrans text_type)CertificateError DNSMismatchIPAddressMismatch SRVMismatch URIMismatchVerificationErrorT)slotscNeZdZdZejZejZdS) ServiceMatchz< A match of a service id and a certificate pattern. N)__name__ __module__ __qualname____doc__attrib service_id cert_pattern8lib/python3.11/site-packages/service_identity/_common.pyrrs4J4799LLLrrczg}t||t||z}d|D}|D]/}||vr)|||0|D]D}||vr>t||jr)|||E|rt ||S)z Verify whether *cert_patterns* are valid for *obligatory_ids* and *optional_ids*. *obligatory_ids* must be both present and match. *optional_ids* must match if a pattern of the respective type is present. cg|] }|j Sr)r).0matchs r z+verify_service_identity..4s9995#999r) mismatched_id)errors) _find_matchesappenderror_on_mismatch_contains_instance_of pattern_classr) cert_patternsobligatory_ids optional_idsr#matches matched_idsis rverify_service_identityr/'sFM>::]|>>G:9999K @@ K   MM!--A->> ? ? ? @@ K  $9 1?% %  MM!--A->> ? ? ? /v.... Nrcg}|D]@}|D];}||r$|t|| TypeErrorstriprHr format translate_TRANS_TO_LOWERrG_validate_patternselfrGs r__init__zDNSPattern.__init__s'5)) GEFF F--// c>>^G44>8H8H",33G<< ((99 4<   dl + + + + + rN) rrrrrrrGrecompile_RE_LEGAL_CHARSrYrrrrKrKsNdgiiG bj!455O,,,,,rrKcFeZdZdZejZedZdS)IPAddressPatternz? An IP address pattern as extracted from certificates. c |tj|S#t$r#td|wxYw)NrFz Invalid IP address pattern {!r}.)rCrDrBr rS)clsbss r from_byteszIPAddressPattern.from_bytessc 3y3B77888 8   "299"==  s  -A N) rrrrrrrG classmethodrbrrrr^r^sFdgiiG[rr^cTeZdZdZejZejZdZdS) URIPatternz8 An URI pattern as extracted from certificates. czt|tstd|t }d|vsd|vst |r"td|| d\|_ }t||_ dS)rNz'The URI pattern must be a bytes string.:rPzInvalid URI pattern {0!r}.N) r6r>rQrRrTrUrHr rSsplitprotocol_patternrK dns_pattern)rXrGhostnames rrYzURIPattern.__init__s'5)) GEFF F--//++O<< w  $'//^G5L5L/",33G<< +2--*=*='x%h//rN) rrrrrrrirjrYrrrreresJtwyy$'))K00000rrecTeZdZdZejZejZdZdS) SRVPatternz8 An SRV pattern as extracted from certificates. ct|tstd|t }|ddksd|vsd|vst |r"td|| dd\}}|dd|_ t||_ dS) rNz'The SRV pattern must be a bytes string.r_.rPzInvalid SRV pattern {0!r}.rN) r6r>rQrRrTrUrHr rSrh name_patternrKrj)rXrGnamerks rrYzSRVPattern.__init__s'5)) GEFF F--//++O<< AJ' ! !7""wg&&#,33G<< !tQ//h H%h//rN) rrrrrrrqrjrYrrrrmrmsI4799L$'))K00000rrmcdeZdZdZejZejdZ e Z e Z dZdZdS)DNS_IDz) A DNS service ID, aka hostname. rLc t|tstd|}|dkst |rt dt d|Dr+trtj|}n$td|d}| t|_ |j |j t ddS)z+ :type hostname: `unicode` z DNS-ID must be a unicode string.zInvalid DNS-ID.c3<K|]}t|dkVdS)N)ord)rcs r z"DNS_ID.__init__.. s,..s1vv|......rz+idna library is required for non-ASCII IDs.r;N)r6rrQrRrHrBanyidnaencode ImportErrorrTrUrkr\r )rXrkascii_ids rrYzDNS_ID.__init__s(I.. @>?? ?>>## s??nX66?.// / ..X... . . 0 ;x00!A w//H **?;;   % %dm 4 4 <.// / = ?? ?iikk s??nS11?.// /4h G,,66GG X^^D1122 rct||jr/|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.2 F)r6r(rirrr1rjrWs rr1z URI_ID.verifyOsM gt1 2 2 (DM9<K&&w':;;  5rN)rrrrrrrrrer(r r&rYr1rrrrr3sctwyyH TWYYFM#333     rrcbeZdZdZejZejZeZ e Z dZ dZ dS)SRV_IDz An SRV service ID. ct|tstd|}d|vst |s |ddkrt d|dd\}}|dddt|_ t||_ dS) z& :type srv: `unicode` z SRV-ID must be a unicode string..r_zInvalid SRV-ID.rNr;) r6rrQrRrHrBrhr~rTrUrrrtr)rXsrvrrrks rrYzSRV_ID.__init__hs#y)) @>?? ?iikk s??nS11?SVt^^.// /4++hHOOG,,66GG X&& rct||jr/|j|jko|j|jSdS)zE https://tools.ietf.org/search/rfc6125#section-6.5.1 F)r6r(rrrqrr1rjrWs rr1z SRV_ID.verifyxsQ gt1 2 2 9 449K9K#:: 5rN)rrrrrrrrrrmr(r r&rYr1rrrrr\sc 4799D TWYYFM#'''     rrcd|vr]|dd\}}|dd\}}||krdS|drdS|dkp||kS||kS)z :type cert_pattern: `bytes` :type actual_hostname: `bytes` :return: `True` if *cert_pattern* matches *actual_hostname*, else `False`. :rtype: `bool` rPrprFsxn--)rh startswith)ractual_hostname cert_head cert_tail actual_head actual_tails rrrs |+11$:: 9#2#8#8q#A#A [  # #5  ! !' * * 5D .s* % %!s1vv: % % % % % %rz0Certificate's DNS-ID {0!r} contains empty parts.N)countr rSrhrr|)rcntpartss rrVrVs   T " "C Qww E L L       t $ $E 5zzA~~ $f\22    58 F<((    % %u % % %%%  > E E       rsABCDEFGHIJKLMNOPQRSTUVWXYZsabcdefghijklmnopqrstuvwxyz)&r __future__rrrrCrZr_compatrr exceptionsr r r r r rr}rsobjectrr/r$r'rHrKr^rermrtrrrrrVrUrrrrsA@@@@@@@@@ ))))))))KKKK DDDd6D(   <U$,,,,,,, ,8dv"U$0000000 02U$0000000 0>U$,,,,,V,, ,^d*****6***"U$%%%%%V%% %PU$$$$$$V$$ $N///,! ! ! J)!#@s7AA