§
    #™a"  ã                   óÀ   — d Z ddlmZmZmZ ddlZddlZddlmZ ddl	m
Z
 ddlmZ ddlmZ dd	lmZmZmZmZmZmZmZmZ dd
lmZ dgZd„ Zd„ Z ed¦  «        Zd„ ZdS )zA
`pyOpenSSL <https://github.com/pyca/pyopenssl>`_-specific code.
é    )Úabsolute_importÚdivisionÚprint_functionN)Údecode)Ú	IA5String)ÚObjectIdentifier)ÚGeneralNamesé   )ÚDNS_IDÚCertificateErrorÚ
DNSPatternÚIPAddress_IDÚIPAddressPatternÚ
SRVPatternÚ
URIPatternÚverify_service_identity)ÚSubjectAltNameWarningÚverify_hostnamec                 ó„   — t          t          |                      ¦   «         ¦  «        t          |¦  «        gg ¬¦  «         dS )a?  
    Verify whether the certificate of *connection* is valid for *hostname*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode hostname: The hostname that *connection* should be connected
        to.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *hostname*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``
    ©Úcert_patternsÚobligatory_idsÚoptional_idsN)r   Úextract_idsÚget_peer_certificater   )Ú
connectionÚhostnames     ú:lib/python3.11/site-packages/service_identity/pyopenssl.pyr   r       sM   € õ  Ý! *×"AÒ"AÑ"CÔ"CÑDÔDÝ˜xÑ(Ô(Ð)Øðñ ô ð ð ð ó    c                 ó„   — t          t          |                      ¦   «         ¦  «        t          |¦  «        gg ¬¦  «         dS )a†  
    Verify whether the certificate of *connection* is valid for *ip_address*.

    :param OpenSSL.SSL.Connection connection: A pyOpenSSL connection object.
    :param unicode ip_address: The IP address that *connection* should be
        connected to.  Can be an IPv4 or IPv6 address.

    :raises service_identity.VerificationError: If *connection* does not
        provide a certificate that is valid for *ip_address*.
    :raises service_identity.CertificateError: If the certificate chain of
        *connection* contains a certificate that contains invalid/unexpected
        data.

    :returns: ``None``

    .. versionadded:: 18.1.0
    r   N)r   r   r   r   )r   Ú
ip_addresss     r   Úverify_ip_addressr"   7   sM   € õ$ Ý! *×"AÒ"AÑ"CÔ"CÑDÔDÝ$ ZÑ0Ô0Ð1Øðñ ô ð ð ð r   z1.3.6.1.5.5.7.8.7c                 óØ  — g }t           j                             |                      ¦   «         ¦  «        D ]&}|                      |¦  «        }|                     ¦   «         dk    rõt          |                     ¦   «         t          ¦   «         ¬¦  «        \  }}|D ]¿}| 	                    ¦   «         }|dk    rG| 
                    t          |                     ¦   «                              ¦   «         ¦  «        ¦  «         Œd|dk    rL| 
                    t          j        |                     ¦   «                              ¦   «         ¦  «        ¦  «         Œ¶|dk    rH| 
                    t!          |                     ¦   «                              ¦   «         ¦  «        ¦  «         Œ|dk    rµ|                     ¦   «         }|                     d¦  «        }	|	t$          k    rt          |                     d¦  «        ¦  «        \  }
}t'          |
t(          ¦  «        r6| 
                    t+          |
                     ¦   «         ¦  «        ¦  «         Œ®t-          d	¦  «        ‚Œ¿ŒÁŒ(|sŒd
„ |                      ¦   «                              ¦   «         D ¦   «         }t3          t5          |¦  «        d¦  «        }d„ |D ¦   «         }t7          j        d|                     d¦  «        ›dt:          d¬¦  «         |S )a  
    Extract all valid IDs from a certificate for service verification.

    If *cert* doesn't contain any identifiers, the ``CN``s are used as DNS-IDs
    as fallback.

    :param OpenSSL.SSL.X509 cert: The certificate to be dissected.

    :return: List of IDs.
    s   subjectAltName)Úasn1SpecÚdNSNameÚ	iPAddressÚuniformResourceIdentifierÚ	otherNamer   r
   zUnexpected certificate content.c                 ó6   — g | ]}|d          dk    ¯|d         ‘ŒS )r   s   CNr
   © ©Ú.0Úcs     r   ú
<listcomp>zextract_ids.<locals>.<listcomp>„   s,   € ð 
ð 
ð 
ØÀÀ1ÄÈÂÀˆAˆaŒDÀÀÀr   s   <not given>c                 ó,   — g | ]}t          |¦  «        ‘ŒS r*   )r   r+   s     r   r.   zextract_ids.<locals>.<listcomp>ˆ   s   € Ð1Ð1Ð1 z˜!‰}Œ}Ð1Ð1Ð1r   zCertificate with CN 'zutf-8z×' has no `subjectAltName`, falling back to check for a `commonName` for now.  This feature is being removed by major browsers and deprecated by RFC 2818.  service_identity will remove the support for it in mid-2018.é   )Ú
stacklevel)ÚsixÚmovesÚrangeÚget_extension_countÚget_extensionÚget_short_namer   Úget_datar	   ÚgetNameÚappendr   ÚgetComponentÚasOctetsr   Ú
from_bytesr   ÚgetComponentByPositionÚID_ON_DNS_SRVÚ
isinstancer   r   r   Úget_subjectÚget_componentsÚnextÚiterÚwarningsÚwarnr   )ÚcertÚidsÚiÚextÚnamesÚ_ÚnÚname_stringÚcompÚoidÚsrvÚ
componentsÚcns                r   r   r   S   sÅ  € ð €CÝŒY_Š_˜T×5Ò5Ñ7Ô7Ñ8Ô8ð ñ ˆØ× Ò  Ñ#Ô#ˆØ×ÒÑÔÐ#4Ò4Ñ4Ý˜cŸlšl™nœnµ|±~´~ÐFÑFÔF‰HˆE1Øð ñ ØŸiši™kœkØ )Ò+Ð+Ø—J’Jz¨!¯.ª.Ñ*:Ô*:×*CÒ*CÑ*EÔ*EÑFÔFÑGÔGÐGÐGØ  KÒ/Ð/Ø—J’JÝ(Ô3ØŸNšNÑ,Ô,×5Ò5Ñ7Ô7ñô ñô ð ð ð
 !Ð$?Ò?Ð?Ø—J’Jz¨!¯.ª.Ñ*:Ô*:×*CÒ*CÑ*EÔ*EÑFÔFÑGÔGÐGÑGØ  KÒ/Ð/ØŸ>š>Ñ+Ô+DØ×5Ò5°aÑ8Ô8CØmÒ+Ð+Ý!'¨×(CÒ(CÀAÑ(FÔ(FÑ!GÔ!G™˜˜QÝ% c­9Ñ5Ô5ð ØŸJšJ¥z°#·,²,±.´.Ñ'AÔ'AÑBÔBÐBÑBå"2Ø Añ#ô #ð ñ áùàð 
ð

ð 
Ø×*Ò*Ñ,Ô,×;Ò;Ñ=Ô=ð
ñ 
ô 
ˆ
õ •$zÑ"Ô" NÑ3Ô3ˆØ1Ð1 jÐ1Ñ1Ô1ˆÝŒˆð
 yŠy˜Ñ!Ô!Ð!Ð!ð	$õ
 "Øð	
ñ 	
ô 	
ð 	
ð €Jr   )Ú__doc__Ú
__future__r   r   r   rE   r2   Úpyasn1.codec.der.decoderr   Úpyasn1.type.charr   Úpyasn1.type.univr   Úpyasn1_modules.rfc2459r	   Ú_commonr   r   r   r   r   r   r   r   Ú
exceptionsr   Ú__all__r   r"   r?   r   r*   r   r   ú<module>r]      sV  ððð ð AÐ @Ð @Ð @Ð @Ð @Ð @Ð @Ð @Ð @à €€€à 
€
€
€
à +Ð +Ð +Ð +Ð +Ð +Ø &Ð &Ð &Ð &Ð &Ð &Ø -Ð -Ð -Ð -Ð -Ð -Ø /Ð /Ð /Ð /Ð /Ð /ð	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð 	ð .Ð -Ð -Ð -Ð -Ð -ð Ð
€ðð ð ð.ð ð ð2 !Ð Ð!4Ñ5Ô5€ð?ð ?ð ?ð ?ð ?r   