ó â¬_Zc@sìdZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z ej dej ƒZd„Zd„Zd„Zdd „Zd „Zd „Zd „Zd „Zd„Zd„ZdS(s¦ Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code. iÿÿÿÿNi(tSecuritytCoreFoundationtCFConsts;-----BEGIN CERTIFICATE----- (.*?) -----END CERTIFICATE-----cCstjtj|t|ƒƒS(sv Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller. (Rt CFDataCreatetkCFAllocatorDefaulttlen(t bytestring((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_cf_data_from_bytesscCswt|ƒ}d„|Dƒ}d„|Dƒ}tj||Œ}tj||Œ}tjtj|||tjtjƒS(sK Given a list of Python tuples, create an associated CFDictionary. css|]}|dVqdS(iN((t.0tt((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pys ,scss|]}|dVqdS(iN((RR ((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pys -s(RRt CFTypeReftCFDictionaryCreateRtkCFTypeDictionaryKeyCallBackstkCFTypeDictionaryValueCallBacks(ttuplestdictionary_sizetkeystvaluestcf_keyst cf_values((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_cf_dictionary_from_tuples%s cCs¬tj|tjtjƒƒ}tj|tjƒ}|dkrŠtj dƒ}tj ||dtjƒ}|s~t dƒ‚n|j }n|dk r¨|j dƒ}n|S(s¨ Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. is'Error copying C string from CFStringRefsutf-8N(tctypestcasttPOINTERtc_void_pRtCFStringGetCStringPtrRtkCFStringEncodingUTF8tNonetcreate_string_buffertCFStringGetCStringtOSErrortvaluetdecode(Rtvalue_as_void_ptstringtbuffertresult((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_cf_string_to_unicode;s"     cCsˆ|dkrdStj|dƒ}t|ƒ}tj|ƒ|dksS|dkr`d|}n|dkrxtj}n||ƒ‚dS(s[ Checks the return code and throws an exception if there is an error to report iNuu OSStatus %s(RtSecCopyErrorMessageStringRR%Rt CFReleasetssltSSLError(terrortexception_classtcf_error_stringtoutput((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_assert_no_errorXs      cCs=gtj|ƒD]}tj|jdƒƒ^q}|sLtjdƒ‚ntjtj dt j tj ƒƒ}|sˆtjdƒ‚nyx‰|D]}t |ƒ}|s¼tjdƒ‚ntjtj |ƒ}tj|ƒ|sötjdƒ‚ntj||ƒtj|ƒq’WWntk r8tj|ƒnX|S(s‚ Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain. isNo root certificates specifiedisUnable to allocate memory!sUnable to build cert object!(t _PEM_CERTS_REtfinditertbase64t b64decodetgroupR(R)RtCFArrayCreateMutableRRtbyreftkCFTypeArrayCallBacksRRtSecCertificateCreateWithDataR'tCFArrayAppendValuet Exception(t pem_bundletmatcht der_certst cert_arrayt der_bytestcertdatatcert((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_cert_array_from_pemms21    cCstjƒ}tj|ƒ|kS(s= Returns True if a given CFTypeRef is a certificate. (RtSecCertificateGetTypeIDRt CFGetTypeID(titemtexpected((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_is_cert˜s cCstjƒ}tj|ƒ|kS(s; Returns True if a given CFTypeRef is an identity. (RtSecIdentityGetTypeIDRRC(RDRE((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt _is_identity s cCsµtjdƒ}tj|d ƒjdƒ}tj|dƒ}tjƒ}tjj||ƒj dƒ}t j ƒ}t j |t |ƒ|tdtj|ƒƒ}t|ƒ||fS(s³ This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it. i(isutf-8N(tosturandomR1t b64encodeR ttempfiletmkdtemptpathtjointencodeRtSecKeychainReftSecKeychainCreateRtFalseRRR5R.(t random_bytestfilenametpasswordt tempdirectoryt keychain_pathtkeychaintstatus((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_temporary_keychain¨s    c Cskg}g}d}t|dƒ}|jƒ}WdQXztjtj|t|ƒƒ}tjƒ}tj |ddddd|t j |ƒƒ}t |ƒtj |ƒ} xt| ƒD]} tj|| ƒ} t j| tjƒ} t| ƒr tj| ƒ|j| ƒq¶t| ƒr¶tj| ƒ|j| ƒq¶q¶WWd|rStj|ƒntj|ƒX||fS(sÊ Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs. trbNi(RtopentreadRRRRt CFArrayRefRt SecItemImportRR5R.tCFArrayGetCounttrangetCFArrayGetValueAtIndexRR RFtCFRetaintappendRHR'( RYRNt certificatest identitiest result_arraytft raw_filedatatfiledataR$t result_counttindexRD((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_load_items_from_fileÐsH       c GsKg}g}d„|Dƒ}zýx=|D]5}t||ƒ\}}|j|ƒ|j|ƒq&W|sÃtjƒ}tj||dtj|ƒƒ}t|ƒ|j|ƒt j |j dƒƒnt j t j dtjt jƒƒ} x*tj||ƒD]} t j| | ƒqúW| SWdx'tj||ƒD]} t j | ƒq/WXdS(sü Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain. css|]}|r|VqdS(N((RRN((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pys /siN(RntextendRtSecIdentityReft SecIdentityCreateWithCertificateRR5R.ReRR'tpopR4RR6t itertoolstchainR8( RYtpathsRfRgt file_pathtnew_identitiest new_certst new_identityRZt trust_chainRDtobj((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt_load_client_cert_chain s6      (t__doc__R1RRstreRIR(RLtbindingsRRRtcompiletDOTALLR/RRR%RR.RARFRHR[RnR|(((s/private/var/folders/cc/xm4nqn811x9b50x1q_zpkmvdjlphkp/T/pip-build-W9yz6j/urllib3/urllib3/contrib/_securetransport/low_level.pyt s(           +   ( ;