a ‘db/ã@s´dZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z e  dej ¡Zdd„Zdd „Zd d „Zdd d „Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„ZdS)a¦ Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code. éNé)ÚSecurityÚCoreFoundationÚCFConsts;-----BEGIN CERTIFICATE----- (.*?) -----END CERTIFICATE-----cCst tj|t|ƒ¡S)zv Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller. )rÚ CFDataCreateÚkCFAllocatorDefaultÚlen)Z bytestring©r ú{/home/tom/ab/renpy-build/tmp/install.linux-x86_64/lib/python3.9/site-packages/urllib3/contrib/_securetransport/low_level.pyÚ_cf_data_from_bytess ÿr cCsZt|ƒ}dd„|Dƒ}dd„|Dƒ}tj||Ž}tj||Ž}t tj|||tjtj¡S)zK Given a list of Python tuples, create an associated CFDictionary. css|]}|dVqdS)rNr ©Ú.0Útr r r Ú ,óz-_cf_dictionary_from_tuples..css|]}|dVqdS)rNr r r r r r-r)rrÚ CFTypeRefZCFDictionaryCreaterZkCFTypeDictionaryKeyCallBacksZkCFTypeDictionaryValueCallBacks)ZtuplesZdictionary_sizeÚkeysÚvaluesZcf_keysZ cf_valuesr r r Ú_cf_dictionary_from_tuples%súrcCsnt |t tj¡¡}t |tj¡}|durXt d¡}t  ||dtj¡}|sRt dƒ‚|j }|durj|  d¡}|S)z¨ Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. Niz'Error copying C string from CFStringRefúutf-8) ÚctypesÚcastÚPOINTERÚc_void_prZCFStringGetCStringPtrrZkCFStringEncodingUTF8Úcreate_string_bufferZCFStringGetCStringÚOSErrorÚvalueÚdecode)rZvalue_as_void_pÚstringÚbufferÚresultr r r Ú_cf_string_to_unicode;s&þ ü r!cCs\|dkr dSt |d¡}t|ƒ}t |¡|dus:|dkrBd|}|durPtj}||ƒ‚dS)z[ Checks the return code and throws an exception if there is an error to report rNÚz OSStatus %s)rZSecCopyErrorMessageStringr!rÚ CFReleaseÚsslÚSSLError)ÚerrorZexception_classZcf_error_stringÚoutputr r r Ú_assert_no_errorXs  r(cCsÊdd„t |¡Dƒ}|s"t d¡‚t tjdt tj ¡¡}|sHt d¡‚z`|D]V}t |ƒ}|sht d¡‚t   tj|¡}t  |¡|sŽt d¡‚t ||¡t  |¡qNWntyÄt  |¡Yn0|S)z‚ Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain. cSsg|]}t | d¡¡‘qS)r)Úbase64Ú b64decodeÚgroup)r Úmatchr r r Ú rsÿz(_cert_array_from_pem..zNo root certificates specifiedrzUnable to allocate memory!zUnable to build cert object!)Ú _PEM_CERTS_REÚfinditerr$r%rÚCFArrayCreateMutablerrÚbyrefÚkCFTypeArrayCallBacksr rZSecCertificateCreateWithDatar#ÚCFArrayAppendValueÚ Exception)Z pem_bundleZ der_certsZ cert_arrayZ der_bytesZcertdataÚcertr r r Ú_cert_array_from_pemms8þ  ý  ÿ    r6cCst ¡}t |¡|kS)z= Returns True if a given CFTypeRef is a certificate. )rZSecCertificateGetTypeIDrÚ CFGetTypeID©ÚitemÚexpectedr r r Ú_is_cert˜sr;cCst ¡}t |¡|kS)z; Returns True if a given CFTypeRef is an identity. )rZSecIdentityGetTypeIDrr7r8r r r Ú _is_identity sr<c Cs†t d¡}t |dd…¡ d¡}t |dd…¡}t ¡}tj ||¡  d¡}t   ¡}t   |t |ƒ|ddt |¡¡}t|ƒ||fS)a³ This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it. é(NérF)ÚosÚurandomr)Ú b64encoderÚtempfileÚmkdtempÚpathÚjoinÚencoderZSecKeychainRefZSecKeychainCreaterrr1r()Z random_bytesÚfilenameÚpasswordZ tempdirectoryZ keychain_pathÚkeychainÚstatusr r r Ú_temporary_keychain¨s  úrKc Cs.g}g}d}t|dƒ}| ¡}Wdƒn1s40YzÊt tj|t|ƒ¡}t ¡}t |ddddd|t   |¡¡}t |ƒt  |¡} t | ƒD]X} t || ¡} t  | tj¡} t| ƒrÐt | ¡| | ¡q”t| ƒr”t | ¡| | ¡q”W|rþt |¡t |¡n|rt |¡t |¡0||fS)zÊ Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs. NÚrbr)ÚopenÚreadrrrrZ CFArrayRefrZ SecItemImportrr1r(ZCFArrayGetCountÚrangeZCFArrayGetValueAtIndexrrr;ZCFRetainÚappendr<r#) rIrDÚ certificatesÚ identitiesZ result_arrayÚfZ raw_filedataZfiledatar Z result_countÚindexr9r r r Ú_load_items_from_fileÐsT &ýø   ÿ     ý  rUc Gsg}g}dd„|Dƒ}zÜ|D]&}t||ƒ\}}| |¡| |¡q|sŠt ¡}t ||dt |¡¡}t|ƒ| |¡t   |  d¡¡t   t j dt t j¡¡} t ||¡D]} t  | | ¡q®| Wt ||¡D]} t   | ¡qÐS]} t   | ¡qân t ||¡D]} t   | ¡q0dS)zü Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain. css|]}|r|VqdS)Nr )r rDr r r r/rz*_load_client_cert_chain..rN)rUÚextendrZSecIdentityRefZ SecIdentityCreateWithCertificaterr1r(rPrr#Úpopr0rr2Ú itertoolsÚchainr3) rIÚpathsrQrRÚ file_pathZnew_identitiesZ new_certsZ new_identityrJZ trust_chainr9Úobjr r r Ú_load_client_cert_chain sF ÿ  ý  ý ýÿr])N)Ú__doc__r)rrXÚrer?r$rBZbindingsrrrÚcompileÚDOTALLr.r rr!r(r6r;r<rKrUr]r r r r Ús* ÿ  +(;