ï»¿
Your IP : 172.28.240.42

Current Path : /usr/lib/python2.7/dist-packages/twisted/internet/
Current File : //usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyc
�
[�XMc@s�ddlZddlmZmZddlmZmZddlmZddl	m
Z
ddlmZm
Z
ej�jZi
dd6dd6d	d
6d	d	6dd6dd6d
d6d
d
6dd6dd6dd6dd6dd6Zdefd��YZeZdd%d��YZd�Zdefd��YZdefd��YZdefd��YZdd&d ��YZd!efd"��YZd#efd$��YZdS('i����N(tSSLtcrypto(treflecttutil(tmd5(tDeferred(tVerifyErrortCertificateErrort
commonNametCNtorganizationNametOtorganizationalUnitNametOUtlocalityNametLtstateOrProvinceNametSTtcountryNametCtemailAddresstDistinguishedNamecBsSeZdZdZd�Zd�Zd�Zd�Zd�Zd�Z	d�Z
RS(	s�
    Identify and describe an entity.

    Distinguished names are used to provide a minimal amount of identifying
    information about a certificate issuer or subject.  They are commonly
    created with one or more of the following fields::

        commonName (CN)
        organizationName (O)
        organizationalUnitName (OU)
        localityName (L)
        stateOrProvinceName (ST)
        countryName (C)
        emailAddress
    cKs1x*|j�D]\}}t|||�q
WdS(N(t	iteritemstsetattr(tselftkwtktv((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__init__;scCsLi}x?tD]7}t||d�}|dk	r
t|||�q
q
WdS(N(t
_x509namestgetattrtNoneR(Rtx509nametdtnametvalue((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	_copyFrom@s

cCs1x*|j�D]\}}t|||�q
WdS(N(RR(RR RR((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	_copyIntoHscCsdtj|�dd!S(Ns<DN %s>ii����(tdictt__repr__(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'MscCs4y|t|SWntk
r/t|��nXdS(N(RtKeyErrortAttributeError(Rtattr((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__getattr__Qs
cCsyt|�tkst�|tkr:td|f��nt|}|jd�}t|�tkskt�|||<dS(Ns)%s is not a valid OpenSSL X509 name fieldtascii(ttypetstrtAssertionErrorRR)tencode(RR*R#trealAttr((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__setattr__Xs
c	Cs�g}d}d�}xl|t�D]^}tj|�}tt|�|�}t||d�}|dk	r"|j||f�q"q"W|d7}x;t|�D]-\}\}}|j	|�d|||<q�Wdj
|�S(sP
        Return a multi-line, human-readable representation of this DN.
        icSstj|j��j�S(N(R&tfromkeyst
itervaluestkeys(tmapping((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytuniqueValueshsis: s
N(RRtnameToLabeltmaxtlenRRtappendt	enumeratetrjusttjoin(	RtltlablenR7RtlabelRtnR*((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytinspectbs	
((t__name__t
__module__t__doc__t	__slots__RR$R%R'R+R2RC(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR)s						
tCertBasecBs#eZd�Zd�Zd�ZRS(cCs
||_dS(N(toriginal(RRI((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRyscCs-t�}|jt|jd|���|S(Ntget_(RR$RRI(Rtsuffixtdn((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	_copyName|s	 cCs
|jd�S(s�
        Retrieve the subject of this certificate.

        @rtype: L{DistinguishedName}
        @return: A copy of the subject of this certificate.
        tsubject(RM(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt
getSubject�s(RDRERRMRO(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRHxs		cCs|t|j�d|fd�}|dkrDtd||f��n|�}|dkrrtd||f��n||�S(s
    (private) Helper for L{Certificate.peerFromTransport} and
    L{Certificate.hostFromTransport} which checks for incompatible handle types
    and null certificates and raises the appropriate exception or returns the
    appropriate certificate object.
    sget_%s_certificates0non-TLS transport %r did not have %s certificates,TLS transport %r did not have %s certificateN(Rt	getHandleRR(tClasst	transportt
methodNametmethodtcert((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt_handleattrhelper�s	tCertificatecBs�eZdZd�Zd�Zd�Zejdd�Ze	e�ZeZ
d�Zd�Ze	e�Zd�Z
e	e
�Z
d�Ze	e�Zd	�Zejd
�Zd�Zdd
�Zd�Zd�Zd�Zd�ZRS(s
    An x509 certificate.
    cCs)d|jj|j�j|j�jfS(Ns<%s Subject=%s Issuer=%s>(t	__class__RDRORt	getIssuer(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'�scCs)t|t�r%|j�|j�kStS(N(t
isinstanceRWtdumptFalse(Rtother((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__eq__�scCs|j|�S(N(R^(RR]((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__ne__�scCs|tj||�|�S(sc
        Load a certificate from an ASN.1- or PEM-format string.

        @rtype: C{Class}
        (Rtload_certificate(RQtrequestDatatformattargs((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytload�scCs|jtj�S(s\
        Dump this certificate to a PEM-format data string.

        @rtype: C{str}
        (R[RtFILETYPE_PEM(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytdumpPEM�scCs|j|tj�S(s]
        Load a certificate from a PEM-format data string.

        @rtype: C{Class}
        (RdRRe(RQtdata((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytloadPEM�scCst||d�S(s�
        Get the certificate for the remote end of the given transport.

        @type: L{ISystemHandle}
        @rtype: C{Class}

        @raise: L{CertificateError}, if the given transport does not have a peer
        certificate.
        tpeer(RV(RQRR((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytpeerFromTransport�s
cCst||d�S(s
        Get the certificate for the local end of the given transport.

        @param transport: an L{ISystemHandle} provider; the transport we will

        @rtype: C{Class}

        @raise: L{CertificateError}, if the given transport does not have a host
        certificate.
        thost(RV(RQRR((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pythostFromTransport�scCst|jj��S(sX
        Get the public key for this certificate.

        @rtype: L{PublicKey}
        (t	PublicKeyRIt
get_pubkey(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytgetPublicKey�scCstj||j�S(N(Rtdump_certificateRI(RRb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[�scCs
|jj�S(sY
        Retrieve the serial number of this certificate.

        @rtype: C{int}
        (RItget_serial_number(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytserialNumber�sRcCs|jj|�S(s�
        Return a digest hash of this certificate using the specified hash
        algorithm.

        @param method: One of C{'md5'} or C{'sha'}.
        @rtype: C{str}
        (RItdigest(RRT((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRsscCsKdjd|j�j�d|j�j�d|j�d|j�g�S(Ns
sCertificate For Subject:s
Issuer:s
Serial Number: %ds
Digest: %s(R>RORCRYRrRs(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt_inspects	
cCs%dj|j�|j�j�f�S(s�
        Return a multi-line, human-readable representation of this
        Certificate, including information about the subject, issuer, and
        public key.
        s
(R>RtRoRC(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRCscCs
|jd�S(s�
        Retrieve the issuer of this certificate.

        @rtype: L{DistinguishedName}
        @return: A copy of the issuer of this certificate.
        tissuer(RM(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRY scGstd��dS(Ns'Possible, but doubtful we need this yet(tNotImplementedError(Rtauthorities((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytoptions*s((RDRERFR'R^R_Rt
FILETYPE_ASN1Rdtclassmethodt_loadRfRhRjRlRoR[RrRsRtRCRYRx(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRW�s,																	
tCertificateRequestcBs8eZdZejd�Zee�Zejd�ZRS(s�
    An x509 certificate request.

    Certificate requests are given to certificate authorities to be signed and
    returned resulting in an actual certificate.
    cCsctj||�}t�}|j|j��|j|j��sYtd|f��n||�S(Ns0Can't verify that request for %r is self-signed.(Rtload_certificate_requestRR$tget_subjecttverifyRnR(RQRat
requestFormattreqRL((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd6s	cCstj||j�S(N(Rtdump_certificate_requestRI(RRb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[@s(RDRERFRRyRdRzR[(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR|/stPrivateCertificatecBs�eZdZd�Zd�Zejd�Zejd�Ze	e�Zd�Z
d�Zd�Ze	e�Zd�Z
e	e
�Z
d	�Zejd
d�Zejejd�Zdd
d�ZRS(s.
    An x509 certificate and private key.
    cCstj|�dt|j�S(Ns with (RWR'treprt
privateKey(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'IscCs1|j|j��s$td��n||_|S(Ns1Certificate public and private keys do not match.(tmatchesRoRR�(RR�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt_setPrivateKeyMs
	cCs|j||j|�S(s}
        Create a new L{PrivateCertificate} from the given certificate data and
        this instance's private key.
        (RdR�(RtnewCertDataRb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytnewCertificateUscCs|j||�j|�S(N(R{R�(RQRgR�Rb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd]scCs%djtj|�|jj�g�S(Ns
(R>RWRtR�RC(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRCbscCs#|jtj�|jjtj�S(si
        Dump both public and private parts of a private certificate to
        PEM-format data.
        (R[RReR�(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRfgscCs%|j|tj|tj�tj�S(sv
        Load both private and public parts of a private certificate from a
        chunk of PEM-format data.
        (RdtKeyPairRRe(RQRg((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRhoscCs||j�}|j|�S(N(RIR�(RQtcertificateInstanceR�tprivcert((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytfromCertificateAndKeyPairysc
Gsitd|jjd|j�}|r_|jtdtdtdg|D]}|j^qC��nt|�S(NR�tcertificateRtrequireCertificatetcaCerts(R&R�RItupdatetTruetOpenSSLCertificateOptions(RRwRxtauth((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRxs#RcCs|jj|j�||�S(N(R�tcertificateRequestRO(RRbtdigestAlgorithm((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s		cCs+|j�}|jj||||||�S(N(ROR�tsignCertificateRequest(RRatverifyDNCallbackRrR�tcertificateFormatRu((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s	i<iimcCs"|jj|j�||||�S(N(R�tsignRequestObjectRO(RR�RrtsecondsToExpiryR�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s
ii�Qi�3�(RDRERFR'R�RRyR�RdRzRCRfRhR�RxR�R�R�(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�Es&							
RmcBs5eZd�Zd�Zd�Zd�Zd�ZRS(cCs>||_tj�}|j|�tjtj|�|_dS(N(RIRtX509Reqt
set_pubkeyR�Ryt	_emptyReq(Rtosslpkeytreq1((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�s	
cCs|j|jkS(N(R�(RtotherKey((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��scCsd|jj|j�fS(Ns<%s %s>(RXRDtkeyHash(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'�scCst|j�j�S(sd
        MD5 hex digest of signature on an empty certificate request with this
        key.
        (RR�t	hexdigest(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��scCsd|j�fS(NsPublic Key with Hash: %s(R�(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC�s(RDRERR�R'R�RC(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRm�s
				R�cBs�eZejd�Zee�Zejd�Zd�Zd�Zd�Z	ej
dd�Zejd�Zee�Zdd	�Z
ejdd
�Zejejddd�Zddd�Zd�ZRS(cCs|tj||��S(N(Rtload_privatekey(RQRgRb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd�scCstj||j�S(N(Rtdump_privatekeyRI(RRb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[�scCs
|j�S(N(R[(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__getstate__�scCs |jtjtj|��dS(N(RRR�Ry(Rtstate((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt__setstate__�scCsk|jj�}|tjkr'd}n|tjkr?d}nd}|jj�||j�f}d|S(NtRSAtDSAs(Unknown Type!)s %s-bit %s Key Pair with Hash: %s(RIR-RtTYPE_RSAtTYPE_DSAtbitsR�(RttttsR((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC�s		icCs&tj�}|j||�||�S(N(RtPKeytgenerate_key(RQtkindtsizetpkey((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytgenerate�scCstj|||�S(N(R�Rd(RR�Rb((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��sRcCsLtj�}|j|j�|j|j��|j|j|�t|�S(N(RR�R�RIR%R~tsignR|(RtdistinguishedNameR�R�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt
requestObject�s
cCs|j||�j|�S(s�Create a certificate request signed with this key.

        @return: a string, formatted according to the 'format' argument.
        (R�R[(RR�RbR�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�si<iimc		s{tj||���j�����}	���������f	d�}
t|	t�rm|	j|
�S|
|	�SdS(s&
        Given a blob of certificate request data and a certificate authority's
        DistinguishedName, return a blob of signed certificate data.

        If verifyDNCallback returns a Deferred, I will return a Deferred which
        fires the data when that Deferred has completed.
        csA|std��f��n�j������j��S(Ns%DN callback %r rejected request DN %r(RR�R[(R#(	RLtissuerDistinguishedNameR�R�RRrR�thlreqR�(s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytverified#sN(R|RdRORZRtaddCallback(RR�RaR�RrR�R�R�R�tvvalR�((	R�R�R�RRrRLR�R�R�s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�s'
c	Cs�|j}|j�}tj�}|j|j��|j|j��|j|j	��|j
d�|j|�|j|�|j
|j|�t|�S(sW
        Sign a CertificateRequest instance, returning a Certificate instance.
        i(RIRORtX509R%t
get_issuertset_subjectR~R�Rntgmtime_adj_notBeforetgmtime_adj_notAftertset_serial_numberR�RW(	RR�R�RrR�R�R�RLRU((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�/s		


cKs4t|�}tj|j||j|�|�|�S(N(tDNR�R�R�R�(RRrRRL((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pytselfSignedCertEsii�Qi�3�ii�Qi�3�(RDRERRyRdRzR[R�R�RCR�R�R�R�R�R�R�R�(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s&				
R�c
Bs�eZdZd
Zeedd�ZdZej	Z
d
d
d
ed
deeeeeed�Z
d�Zd�Zd�Zd	�ZRS(sM
    A factory for SSL context objects for both SSL servers and clients.
    tOP_ALLi��i@i	c

Cs�|dk|dkks$td��||_||_|dk	rN||_n||_|rc|sv|svtd��||_||_||_||_	|	|_
|
|_||_||_
dS(s�
        Create an OpenSSL context SSL connection context factory.

        @param privateKey: A PKey object holding the private key.

        @param certificate: An X509 object holding the certificate.

        @param method: The SSL protocol to use, one of SSLv23_METHOD,
        SSLv2_METHOD, SSLv3_METHOD, TLSv1_METHOD.  Defaults to TLSv1_METHOD.

        @param verify: If True, verify certificates received from the peer and
        fail the handshake if verification fails.  Otherwise, allow anonymous
        sessions and sessions with certificates which fail validation.  By
        default this is False.

        @param caCerts: List of certificate authority certificate objects to
            use to verify the peer's certificate.  Only used if verify is
            C{True}, and if verify is C{True}, this must be specified.  Since
            verify is C{False} by default, this is C{None} by default.

        @type caCerts: C{list} of L{OpenSSL.crypto.X509}

        @param verifyDepth: Depth in certificate chain down to which to verify.
        If unspecified, use the underlying default (9).

        @param requireCertificate: If True, do not allow anonymous sessions.

        @param verifyOnce: If True, do not re-verify the certificate
        on session resumption.

        @param enableSingleUseKeys: If True, generate a new key whenever
        ephemeral DH parameters are used to prevent small subgroup attacks.

        @param enableSessions: If True, set a session ID on each context.  This
        allows a shortened handshake to be used when a known client reconnects.

        @param fixBrokenPeers: If True, enable various non-spec protocol fixes
        for broken SSL implementations.  This should be entirely safe,
        according to the OpenSSL documentation, but YMMV.  This option is now
        off by default, because it causes problems with connections between
        peers using OpenSSL 0.9.8a.

        @param enableSessionTickets: If True, enable session ticket extension
        for session resumption per RFC 5077. Note there is no support for
        controlling session tickets. This option is off by default, as some
        server implementations don't correctly process incoming empty session
        ticket extensions in the hello.
        s5Specify neither or both of privateKey and certificatesZSpecify client CA certificate information if and only if enabling certificate verificationN(RR/R�R�RTRR�tverifyDepthR�t
verifyOncetenableSingleUseKeystenableSessionstfixBrokenPeerstenableSessionTickets(
RR�R�RTRR�R�R�R�R�R�R�R�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRZs >$										cCs2|jj�}y|d=Wntk
r-nX|S(Nt_context(t__dict__tcopyR((RR!((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s
cCs
||_dS(N(R�(RR�((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��scCs(|jdkr!|j�|_n|jS(s%Return a SSL.Context object.
        N(R�Rt_makeContext(R((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt
getContext�scCs�tj|j�}|jdk	r]|jdk	r]|j|j�|j|j�|j�ntj	}|j
r�tj}|jr�|tj
O}n|jr�|tjO}n|jr�|j�}x!|jD]}|j|�q�Wq�nd�}|j||�|jdk	r!|j|j�n|jr=|jtj�n|jrY|j|j�n|jr�tdtj|j�t �f�j!�}|j"|�n|j#s�|j|j$�n|S(NcSs|S(N((tconnRUterrnotdepthtpreverify_ok((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt_verifyCallback�ss%s-%d(%RtContextRTR�RR�tuse_certificatetuse_privatekeytcheck_privatekeytVERIFY_NONERtVERIFY_PEERR�tVERIFY_FAIL_IF_NO_PEER_CERTR�tVERIFY_CLIENT_ONCER�tget_cert_storetadd_certt
set_verifyR�tset_verify_depthR�tset_optionstOP_SINGLE_DH_USER�t_OP_ALLR�RRtqualRXt_sessionCounterR�tset_session_idR�t
_OP_NO_TICKET(RtctxtverifyFlagststoreRUR�tsessionName((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR��s<
										+	N(RDRERFRR�RRR�R�tTLSv1_METHODRTR\R�RR�R�R�R�(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR�Ms*	F				(((t	itertoolstOpenSSLRRttwisted.pythonRRttwisted.python.hashlibRttwisted.internet.deferRttwisted.internet.errorRRtcounttnextR�RR&RR�RHRVRWR|R�RmR�tobjectR�(((s?/usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt<module>s<
L	�f'{