U N9a(@slddlZddlZddlZddlZddlmZejddkZerLddlm Z n ddl m Z Gddde Z dS)N) WinRMError2)urlsplitc@steZdZdZdZddZddZddZd d Zd d Z d dZ ddZ ddZ ddZ ddZddZddZdS) Encryptioni@s--Encrypted BoundarycCs|||_||_|dkr,d|_|j|_|j|_nL|dkrLd|_|j|_|j|_n,|dkrld|_|j |_|j |_n t d|dS)a [MS-WSMV] v30.0 2016-07-14 2.2.9.1 Encrypted Message Types When using Encryption, there are three options available 1. Negotiate/SPNEGO 2. Kerberos 3. CredSSP Details for each implementation can be found in this document under this section This init sets the following values to use to encrypt and decrypt. This is to help generify the methods used in the body of the class. wrap: A method that will return the encrypted message and a signature unwrap: A method that will return an unencrypted message and verify the signature protocol_string: The protocol string used for the particular auth protocol :param session: The handle of the session to get GSS-API wrap and unwrap methods :param protocol: The auth protocol used, will determine the wrapping and unwrapping method plus the protocol string to use. Currently only NTLM and CredSSP is supported Zntlms)application/HTTP-SPNEGO-session-encryptedcredssps*application/HTTP-CredSSP-session-encryptedZkerberosz5Encryption for protocol '%s' not supported in pywinrmN) protocolsessionprotocol_string_build_ntlm_message_build_message_decrypt_ntlm_message_decrypt_message_build_credssp_message_decrypt_credssp_message_build_kerberos_message_decrypt_kerberos_messager)selfrrrC:\Users\Justin\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\Python38\site-packages\winrm/encryption.py__init__s   zEncryption.__init__c st|j}jdkrltjkrld}d}fddtdtjD}|D]}||} || 7}qPnd}|}|jd7}tj d ||d } | | } t t| j | j d <d |j| j d <| S)a Creates a prepared request to send to the server with an encrypted message and correct headers :param session: The handle of the session to prepare requests with :param endpoint: The endpoint/server to prepare requests to :param message: The unencrypted message to send to the server :return: A prepared request that has an encrypted message rzmultipart/x-multi-encryptedcsg|]}||jqSr) SIXTEN_KB).0imessagerrr Jsz8Encryption.prepare_encrypted_request..rzmultipart/encrypted-- POST)datazContent-Lengthz0{0};protocol="{1}";boundary="Encrypted Boundary" Content-Type)rhostnamerlenrrange_encrypt_message MIME_BOUNDARYrequestsRequestprepare_requeststrbodyheadersformatr decode) rrZendpointrhost content_typeencrypted_messageZmessage_chunksZ message_chunkZencrypted_chunkrequestprepared_requestrrrprepare_encrypted_request;s& "     z$Encryption.prepare_encrypted_requestcCsD|jd}d|j|kr:t|jjj}|||}n|j }|S)z Takes in the encrypted response from the server and decrypts it :param response: The response that needs to be decrytped :return: The unencrypted message from the server r zprotocol="{0}") r+r,r r-rr1urlr!_decrypt_responsetext)rresponser/r.msgrrrparse_encrypted_response[s  z#Encryption.parse_encrypted_responsecCsJtt|}|||}|jd|jd|d|jd|}|S)Ns Content-Type: sC OriginalContent: type=application/soap+xml;charset=UTF-8;Length= s+ Content-Type: application/octet-stream )r)r"encoder r%r )rrr.message_lengthZencrypted_streamZmessage_payloadrrrr$ks$ zEncryption._encrypt_messagec Cs|j|jd}ttd|}d}tdt|D]}|ddkrDq2||}||d}t|dd}| |jdr|dt|d}| d d} | | |} t| } | |krt d || 7}q2|S) Nr:rrsLength=rs) Content-Type: application/octet-stream z]Encrypted length from server does not match the expected size, message has been tampered with) contentsplitr%listfilterr#r"stripintendswithreplacer r) rr7r.partsrrheaderpayloadZexpected_lengthencrypted_dataZdecrypted_messageZ actual_lengthrrrr5xs$      zEncryption._decrypt_responsecCsNtd|ddd}|d|d}||dd}|jjj||}|SNs