U 1_ @sdZddlmZmZmZddlmZddlmZddl m Z m Z m Z m Z dZerlddl mZdd lmZmZd d Zd d ZdS)z' Twisted-specific convenience helpers. )absolute_importdivisionprint_function) FILETYPE_PEM)ssl) Certificate DHParametersKey parse_fileF)AbstractPEMObject)ListAnyc Ks:dd|D}t|stdt|dkr2tdtjt|dt}dd|D}t|sftdd d|D}td d|D}||krtd j |d | |}d |krt ddd|D}t|dkrtdn$t|dkr t t|d|d <tj f|j|jdd|Dd|} | S)a Load a CertificateOptions from the given collection of PEM objects (already-loaded private keys and certificates). In those PEM objects, identify one private key and its corresponding certificate to use as the primary certificate. Then use the rest of the certificates found as chain certificates. Raise a ValueError if no certificate matching a private key is found. :return: A TLS context factory using *pemObjects* :rtype: `twisted.internet.ssl.CertificateOptions`_ .. _`twisted.internet.ssl.CertificateOptions`: https://twistedmatrix.com/documents/current/api/ twisted.internet.ssl.CertificateOptions.html cSsg|]}t|tr|qS) isinstancer ).0keyrr//tmp/pip-unpacked-wheel-0co8j_hk/pem/twisted.py (s z.certificateOptionsFromPEMs..z.Supplied PEM file(s) does *not* contain a key.rz2Supplied PEM file(s) contains *more* than one key.rcSsg|]}t|tr|qSr)rr)rcertrrrr0s z'*At least one* certificate is required.cSsg|]}tjt|qSr)rrZloadPEMstr)rZcertPEMrrrr3scSsg|]}||fqSr)Z getPublicKeykeyHash)r certificaterrrr6sz,No certificate matching {fingerprint} found.) fingerprintZ dhParametersz]Passing DH parameters as a keyword argument instead of a PEM object is not supported anymore.cSsg|]}t|tr|qSr)rr )rorrrrKs zESupplied PEM file(s) contain(s) *more* than one set of DH parameters.cSsg|] }|jqSr)original)rchainrrrrWs) privateKeyrZextraCertChain)len ValueErrorrZKeyPairloadrrdictrformatpop TypeErrorZDiffieHellmanParametersZCertificateOptionsrvalues) Z pemObjectskwkeysrcertsZ certificatesZcertificatesByFingerprintZprimaryCertificateZdhparamsZ ctxFactoryrrrcertificateOptionsFromPEMssV    r)cOs&g}|D]}|t|7}qt|f|S)zj Read all files named by *pemFiles*, and parse them using :func:`certificateOptionsFromPEMs`. )r r))ZpemFilesr&ZpemsZpemFilerrrcertificateOptionsFromFiles`sr*N)__doc__ __future__rrrZ OpenSSL.SSLrZtwisted.internetrZ_corerr r r ZMYPYr typingr rr)r*rrrrs   J