Ohb6dZddlZddlZddlZddlZddlZddlZddlZddlZddl m Z m Z m Z ejdejZdZdZdZd Zd Zdd Zd Zd ZdZdZdZdZddddddZdZy)a Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code. N)CFConstCoreFoundationSecuritys;-----BEGIN CERTIFICATE----- (.*?) -----END CERTIFICATE-----c^tjtj|t|S)zv Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller. )r CFDataCreatekCFAllocatorDefaultlen) bytestrings /mnt/c/Users/Administrator/Desktop/help_/test_env/lib/python3.12/site-packages/pip/_vendor/urllib3/contrib/_securetransport/low_level.py_cf_data_from_bytesr s(  & &**JJ ct|}d|D}d|D}tj|z|}tj|z|}tjtj|||tj tj S)zK Given a list of Python tuples, create an associated CFDictionary. c3&K|] }|d yw)rN.0ts r z-_cf_dictionary_from_tuples..,s !QAaD !c3&K|] }|d yw)rNrrs r rz-_cf_dictionary_from_tuples..-s #qad #r)r r CFTypeRefCFDictionaryCreater kCFTypeDictionaryKeyCallBackskCFTypeDictionaryValueCallBacks)tuplesdictionary_sizekeysvaluescf_keys cf_valuess r _cf_dictionary_from_tuplesr"%s&kO "& !D #F #F''/9DAG))O;fEI  , ,**4466  rctj|}tjtj|t j }|S)zi Given a Python binary data, create a CFString. The string must be CFReleased by the caller. )ctypesc_char_prCFStringCreateWithCStringr rkCFStringEncodingUTF8)py_bstrc_strcf_strs r _cfstrr+;s> OOG $E  5 5** %%F Mrcd} tjtjdtjtj }|s t d|D]F}t|}|s t d tj||tj|H |S#tj|wxYw#t$r4}|rtj|tjd|d}~wwxYw)z Given a list of Python binary data, create an associated CFMutableArray. The array must be CFReleased by the caller. Raises an ssl.SSLError on failure. NrUnable to allocate memory!zUnable to allocate array: ) rCFArrayCreateMutabler r$byrefkCFTypeArrayCallBacks MemoryErrorr+CFArrayAppendValue CFRelease BaseExceptionsslSSLError)lstcf_arritemr*es r _create_cfstring_arrayr;IsFB44  . . LL== >  :; ; 1DD\F!">?? 111&&A((0 1 M ((0 B   $ $V ,llQ@AABs0A0B?5B% B?%B<<B?? C</C77C<ctj|tjtj}t j |t j}|Ttjd}t j||dt j}|s td|j}||jd}|S)z Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. iz'Error copying C string from CFStringRefutf-8) r$castPOINTERc_void_prCFStringGetCStringPtrrr'create_string_bufferCFStringGetCStringOSErrorvaluedecode)rEvalue_as_void_pstringbufferresults r _cf_string_to_unicoderKhskk%)HIO  1 166F~,,T222 VT7+H+H CD D w' Mrc|dk(rytj|d}t|}tj|||dk(rd|z}|t j }||)z[ Checks the return code and throws an exception if there is an error to report rNz OSStatus %s)rSecCopyErrorMessageStringrKrr3r5r6)errorexception_classcf_error_stringoutputs r _assert_no_errorrSsg  z88EO "? 3F_- ~3%',, & !!rc6|jdd}tj|Dcgc]&}tj|j d(}}|st jdtjtjdtjtj}|st jd |D]}t|}|st jdtj tj|}tj"||st jdtj$||tj"| |Scc}w#t&$rtj"|wxYw)z Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain. s  rzNo root certificates specifiedrr-zUnable to build cert object!)replace _PEM_CERTS_REfinditerbase64 b64decodegroupr5r6rr.r r$r/r0r rSecCertificateCreateWithDatar3r2 Exception) pem_bundlematch der_certs cert_array der_bytescertdatacerts r _cert_array_from_pemresh ##GU3J7D6L6LZ6X-2Q(I ll;<<44**  ^99:J ll788" +I*95Hll#?@@8822HD  $ $X .ll#ABB  - -j$ ?  $ $T * +( G8    , s+E3 B$E88 FcZtj}tj||k(S)z= Returns True if a given CFTypeRef is a certificate. )rSecCertificateGetTypeIDr CFGetTypeIDr9expecteds r _is_certrks(//1H  % %d +x 77rcZtj}tj||k(S)z; Returns True if a given CFTypeRef is an identity. )rSecIdentityGetTypeIDrrhris r _is_identityrns(,,.H  % %d +x 77rc tjd}tj|ddj d}tj|dd}t j }tjj||jd}tj}tj|t||ddtj|}t!|||fS)a This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it. (Nr=F)osurandomrY b16encoderFtempfilemkdtemppathjoinencoderSecKeychainRefSecKeychainCreater r$r/rS) random_bytesfilenamepassword tempdirectory keychain_pathkeychainstatuss r _temporary_keychainrs"::b>L Ra 0188AH QR 01H$$&MGGLL9@@IM&&(H  ' 's8}htV\\(=SFV ] ""rc g}g}d}t|d5}|j}ddd tjtjt |}tj }tj|ddddd|tj|}t|tj|} t| D]} tj|| } tj| tj } t#| r'tj$| |j'| ot)| s{tj$| |j'|  |rtj*|tj*|||fS#1swY{xYw#|rtj*|tj*wxYw)z Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs. Nrbr)openreadrrr r CFArrayRefr SecItemImportr$r/rSCFArrayGetCountrangeCFArrayGetValueAtIndexr>rrkCFRetainappendrnr3) rrw certificates identities result_arrayf raw_filedatafiledatarJ result_countindexr9s r _load_items_from_filersLJL dD  Qvvx  $+!..  . . c,>O &002 ''       LL &    &55lC <( (E!88uMD;;t^%=%=>D~''-##D)d#''-!!$' (   $ $\ 2  *  %%S  H   $ $\ 2  *sFDF*(F*F'*.GcPg}g}d|D} |D]3}t||\}}|j||j|5|stj}tj||dt j |}t||j|tj|jdtjtjdt j tj} tj ||D]} tj"| | | tj ||D]} tj| S#tj ||D]} tj| wxYw)z Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain. c3&K|] }|s| ywNr)rrws r rz*_load_client_cert_chain..Rs ,dtT ,sr)rextendrSecIdentityRef SecIdentityCreateWithCertificater$r/rSrrr3popr.r r0 itertoolschainr2) rpathsrr file_pathnew_identities new_certs new_identityr trust_chainr9objs r _load_client_cert_chainr.s|@LJ -e ,E"* +I(=h (R %NI   n -    * +#224L>>,q/6<< +EF V $   l +  $ $\%5%5a%8 9%99  . . LL== > OOJ = AD  - -k4 @ A ??:|< *C  $ $S ) *9??:|< *C  $ $S ) *s D3E332F%)r)r)rr)rr)rr)SSLv2SSLv3TLSv1zTLSv1.1zTLSv1.2ct|\}}d}d}tjd||}t|}d}tjd|||||z}|S)z6 Builds a TLS alert record for an unknown CA. r0z>BBz>BBBH)TLS_PROTOCOL_VERSIONSstructpackr ) versionver_majver_minseverity_fataldescription_unknown_camsgmsg_lenrecord_type_alertrecords r _build_tls_unknown_ca_alertrsb-W5GWN! ++e^-C DC#hG [["3Wgw ORU UF Mrr)__doc__rYr$rrrrer5rrubindingsrrrcompileDOTALLrWr r"r+r;rKrSrerkrnrrrrrrrr rs  77 Dbii , >2"*+\88 #F4&nH*X    r