Viewing File: /lib/python3.6/site-packages/urllib3/contrib/_securetransport/__pycache__/low_level.cpython-36.pyc

3

nf�\�/�@s�dZddlZddlZddlZddlZddlZddlZddlZddlm	Z	m
Z
mZejdej
�Zdd�Zdd	�Zd
d�Zddd
�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS)a�
Low-level helpers for the SecureTransport bindings.

These are Python functions that are not directly related to the high-level APIs
but are necessary to get them to work. They include a whole bunch of low-level
CoreFoundation messing about and memory management. The concerns in this module
are almost entirely about trying to avoid memory leaks and providing
appropriate and useful assistance to the higher-level code.
�N�)�Security�CoreFoundation�CFConsts;-----BEGIN CERTIFICATE-----
(.*?)
-----END CERTIFICATE-----cCstjtj|t|��S)zv
    Given a bytestring, create a CFData object from it. This CFData object must
    be CFReleased by the caller.
    )r�CFDataCreate�kCFAllocatorDefault�len)Z
bytestring�r	�/usr/lib/python3.6/low_level.py�_cf_data_from_bytessrcCsZt|�}dd�|D�}dd�|D�}tj||�}tj||�}tjtj|||tjtj�S)zK
    Given a list of Python tuples, create an associated CFDictionary.
    css|]}|dVqdS)rNr	)�.0�tr	r	r
�	<genexpr>,sz-_cf_dictionary_from_tuples.<locals>.<genexpr>css|]}|dVqdS)rNr	)rr
r	r	r
r-s)rr�	CFTypeRefZCFDictionaryCreaterZkCFTypeDictionaryKeyCallBacksZkCFTypeDictionaryValueCallBacks)ZtuplesZdictionary_size�keys�valuesZcf_keysZ	cf_valuesr	r	r
�_cf_dictionary_from_tuples%srcCsntj|tjtj��}tj|tj�}|dkrXtjd�}tj	||dtj�}|sRt
d��|j}|dk	rj|jd�}|S)z�
    Creates a Unicode string from a CFString object. Used entirely for error
    reporting.

    Yes, it annoys me quite a lot that this function is this complex.
    Niz'Error copying C string from CFStringRefzutf-8)
�ctypes�castZPOINTERZc_void_prZCFStringGetCStringPtrrZkCFStringEncodingUTF8Zcreate_string_bufferZCFStringGetCString�OSError�value�decode)rZvalue_as_void_p�string�buffer�resultr	r	r
�_cf_string_to_unicode;s"

rcCs\|dkrdStj|d�}t|�}tj|�|dks:|dkrBd|}|dkrPtj}||��dS)z[
    Checks the return code and throws an exception if there is an error to
    report
    rN�zOSStatus %s)rZSecCopyErrorMessageStringrr�	CFRelease�ssl�SSLError)�errorZexception_classZcf_error_string�outputr	r	r
�_assert_no_errorXs
r"cCs�|jdd�}dd�tj|�D�}|s.tjd��tjtjdtj	tj
��}|sTtjd��ydx^|D]V}t|�}|svtjd��tj
tj|�}tj|�|s�tjd��tj||�tj|�q\WWntk
r�tj|�YnX|S)	z�
    Given a bundle of certs in PEM format, turns them into a CFArray of certs
    that can be used to validate a cert chain.
    s
�
cSsg|]}tj|jd���qS)r)�base64Z	b64decode�group)r�matchr	r	r
�
<listcomp>vsz(_cert_array_from_pem.<locals>.<listcomp>zNo root certificates specifiedrzUnable to allocate memory!zUnable to build cert object!)�replace�
_PEM_CERTS_RE�finditerrrr�CFArrayCreateMutablerr�byref�kCFTypeArrayCallBacksrrZSecCertificateCreateWithDatar�CFArrayAppendValue�	Exception)Z
pem_bundleZ	der_certsZ
cert_arrayZ	der_bytesZcertdataZcertr	r	r
�_cert_array_from_pemms4






r0cCstj�}tj|�|kS)z=
    Returns True if a given CFTypeRef is a certificate.
    )rZSecCertificateGetTypeIDr�CFGetTypeID)�item�expectedr	r	r
�_is_cert�sr4cCstj�}tj|�|kS)z;
    Returns True if a given CFTypeRef is an identity.
    )rZSecIdentityGetTypeIDrr1)r2r3r	r	r
�_is_identity�sr5cCs�tjd�}tj|dd��jd�}tj|dd��}tj�}tjj||�j	d�}t
j�}t
j|t
|�|ddtj|��}t|�||fS)a�
    This function creates a temporary Mac keychain that we can use to work with
    credentials. This keychain uses a one-time password and a temporary file to
    store the data. We expect to have one keychain per socket. The returned
    SecKeychainRef must be freed by the caller, including calling
    SecKeychainDelete.

    Returns a tuple of the SecKeychainRef and the path to the temporary
    directory that contains it.
    �(N�zutf-8F)�os�urandomr$Z	b16encoder�tempfileZmkdtemp�path�join�encoderZSecKeychainRefZSecKeychainCreaterrr,r")Zrandom_bytes�filenameZpasswordZ
tempdirectoryZ
keychain_path�keychain�statusr	r	r
�_temporary_keychain�s
rAcCsg}g}d}t|d��}|j�}WdQRXz�tjtj|t|��}tj�}tj|ddddd|t	j
|��}t|�tj|�}	xdt
|	�D]X}
tj||
�}t	j|tj�}t|�r�tj|�|j|�q�t|�r�tj|�|j|�q�WWd|r�tj|�tj|�X||fS)z�
    Given a single file, loads all the trust objects from it into arrays and
    the keychain.
    Returns a tuple of lists: the first list is a list of identities, the
    second a list of certs.
    N�rbr)�open�readrrrrZ
CFArrayRefrZ
SecItemImportrr,r"ZCFArrayGetCount�rangeZCFArrayGetValueAtIndexrrr4ZCFRetain�appendr5r)r?r;�certificates�
identitiesZresult_array�fZraw_filedataZfiledatarZresult_count�indexr2r	r	r
�_load_items_from_file�sH




rKcGs�g}g}dd�|D�}z�x.|D]&}t||�\}}|j|�|j|�qW|s�tj�}tj||dtj|��}t|�|j|�t	j
|jd��t	jt	j
dtjt	j��}	x tj||�D]}
t	j|	|
�q�W|	Sxtj||�D]}t	j
|�q�WXdS)z�
    Load certificates and maybe keys from a number of files. Has the end goal
    of returning a CFArray containing one SecIdentityRef, and then zero or more
    SecCertificateRef objects, suitable for use as a client certificate trust
    chain.
    css|]}|r|VqdS)Nr	)rr;r	r	r
r2sz*_load_client_cert_chain.<locals>.<genexpr>rN)rK�extendrZSecIdentityRefZ SecIdentityCreateWithCertificaterr,r"rFrr�popr+rr-�	itertools�chainr.)r?�pathsrGrHZ	file_pathZnew_identitiesZ	new_certsZnew_identityr@Ztrust_chainr2�objr	r	r
�_load_client_cert_chains6 


rR)N)�__doc__r$rrN�rer8rr:Zbindingsrrr�compile�DOTALLr)rrrr"r0r4r5rArKrRr	r	r	r
�<module>	s(


.(;
Back to Directory File Manager
<