o "gP @s`ddlZddlZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z m Z ddlmZddlmZedZeeeedZedkrXededdeded kZd ed ed efd dZeddZeddZeZe Z e Z!e Z"e Z#e Z$e Z%e Z&e Z'e Z(ee'Z)e Z*e Z+ee&Z,ee"Z-ee#Z.ee$Z/ee%Z0e Z1e Z2ee Z3ee Z4ee Z5e Z6e Z7z*e*e-gej8_9e3ej8_:e3gej;_9e-ej;_:e+e gej<_9e.ej<_:e5e/gej=_9e+ej=_:e5egej>_9e+ej>_:e2gej?_9e4ej?_:ee.gej@_9e4ej@_:e)e)ee5gejA_9e+ejA_:e5ee6gejB_9e+ejB_:e5ee6gejC_9e+ejC_:e5e_5e6e_6e+e_+dZDdZEe)gejF_9dejF_:e)gejG_9e(ejG_:e*ee!gejH_9e.ejH_:e.e!gejI_9eejI_:e.ee e!gejJ_9eejJ_:e*ee gejK_9e-ejK_:e-gejL_9e ejL_:e-gejM_9e ejM_:e*ee)e e1gejN_9e/ejN_:e*e e1gejO_9e0ejO_:e0e gejP_9dejP_:e/gejQ_9e ejQ_:e/e gejR_9e ejR_:e,gejS_9e ejS_:e,gejT_9e.ejT_:e*Uede_Ve Uede_We)e_)e/e_/e.e_.e,e_,WneXyZYzedeYddZY[Ywwerze5ee,gejZ_9eejZ_:WneXyZYzedeYddZY[Ywwde+dej[dej[d ej[fddZ\e\ejA_]e\ej=_]e\ej>_]e\ejB_]e\ejC_]GdddZ^de_d e-fd d!Z`de_d e#fd"d#Zad$e.d edBfd%d&Zbd'ece_d e0fd(d)Zdejed*ejfd ejgdfd+d,Zh d7d-ejfd.ece_d/edBd dfd0d1Zid-ejfd2ej[d dfd3d4Zjd-ejfd2ej[d dfd5d6ZkdS)8N) CDLLPOINTERc_boolc_char_pc_int32c_longc_uint32c_ulongc_void_p) find_library)_set_ssl_context_verify_mode.) z,Only OS X 10.8 and newer are supported, not )rnamemacos10_16_pathreturncCsNztdkr|}nt|}|stt|ddWSty&td|ddw)z:Loads a CDLL by name, falling back to known path on 10.16+)rT) use_errnoz The library z failed to loadN)_mac_version_infor OSErrorr ImportError)rrpathr\/root/parts/websockify/install/lib/python3.10/site-packages/pip/_vendor/truststore/_macos.py _load_cdlls rSecurityz6/System/Library/Frameworks/Security.framework/SecurityCoreFoundationzB/System/Library/Frameworks/CoreFoundation.framework/CoreFoundationrkCFAllocatorDefaultkCFTypeArrayCallBackszError initializing ctypes: result_argsc Cst|dkr|Sd}z=t|d}t|ttj}t|t j }|dur=t d}t ||dt j }|s:t d|j}W|durGt|n |durRt|ww|dus[|dkr`d|}t|)z< Raises an error if the OSStatus value is non-zero. rN'Error copying C string from CFStringRefz8SecureTransport operation returned a non-zero OSStatus: )intrSecCopyErrorMessageStringctypescastrr rCFStringGetCStringPtrCFConstkCFStringEncodingUTF8create_string_bufferCFStringGetCStringrvalue CFReleasesslSSLError)r#r$r%error_message_cfstringerror_message_cfstring_c_void_pmessagebufferrrr_handle_osstatuss@        r:c@s(eZdZdZedZdZdZdZdZ dS)r.zCoreFoundation constantsiiiiiN) __name__ __module__ __qualname____doc__CFStringEncodingr/#errSecIncompleteCertRevocationCheckerrSecHostNameMismatcherrSecCertificateExpirederrSecNotTrustedrrrrr.sr.r2cCsttj|t|SN)r CFDataCreater!len)r2rrr_bytes_to_cf_data_ref&s rGcCs t|}ttj|tj}|S)zi Given a Python binary data, create a CFString. The string must be CFReleased by the caller. )r+rrCFStringCreateWithCStringr!r.r/)r2c_strcf_strrrr_bytes_to_cf_string,s rK cf_string_refcCsZt|tj}|dur"td}t||dtj}|std|j}|dur+| d}|S)z Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. Nr&r'zutf-8) rr-r.r/r+r0r1rr2decode)rLstringr9r#rrr_cf_string_ref_to_str:s   rOcertsc Csttjdttj}|std|D]7}d}d}z!t|}t tj|}t ||W|r4t ||r;t |q|rCt ||rKt |ww|S)zBuilds a CFArray of SecCertificateRefs from a list of DER-encoded certificates. Responsibility of the caller to call CoreFoundation.CFRelease on the CFArray. rzUnable to allocate memory!N) rCFArrayCreateMutabler!r+byrefr" MemoryErrorrGrSecCertificateCreateWithDataCFArrayAppendValuer3)rPcf_array cert_datacf_data sec_cert_refrrr_der_certs_to_cf_cert_arrayQs6     rZctxc csP|j}|j}d|_t|tjzdVW||_t||dS||_t||w)NF)check_hostname verify_moder r4 CERT_NONE)r[r\r]rrr_configure_contextos  r_ ssl_context cert_chainserver_hostnamec Csd}d}d}z|dur0|jr0d}zt|d}td|}W|r&t|n|r/t|wwtdd}|}|jtj @rht tj dt tj}t||t|tttB}t||t|n |jtj@rrtdd}zt|}t}t||t |W|rt|n |rt|ww|jdd} | rd} zt| } t|| W| rt| n | rt| wwt|dtrt||nt||W|rt||rt|dSdS|rt||rt|ww)NasciiTrz/VERIFY_CRL_CHECK_LEAF not implemented for macOS) binary_formF)r\rKencoderSecPolicyCreateSSLrr3 verify_flagsr4VERIFY_CRL_CHECK_CHAINrQr!r+rRr"rUSecPolicyCreateRevocation#kSecRevocationUseAnyAvailableMethod%kSecRevocationRequirePositiveResponseVERIFY_CRL_CHECK_LEAFNotImplementedErrorrZ SecTrustRefSecTrustCreateWithCertificates get_ca_certsSecTrustSetAnchorCertificates!SecTrustSetAnchorCertificatesOnly _is_macos_version_10_14_or_later"_verify_peercerts_impl_macos_10_14"_verify_peercerts_impl_macos_10_13) r`rarbrPpoliciestrustcf_str_hostname ssl_policyrevocation_policyctx_ca_certs_der ctx_ca_certsrrr_verify_peercerts_impl|s                     r} sec_trust_refc Cst}t|t|zt|j}Wn ttfy!d}Ynw|j t j krK|dvrMddddddd }| |d |}t |}||_||_|d Sd S) zVerify using 'SecTrustEvaluate' API for macOS 10.13 and earlier. macOS 10.14 added the 'SecTrustEvaluateWithError' API. )r zInvalid trust result typezUser confirmation requiredz.User specified that certificate is not trustedz"Recoverable trust failure occurredzFatal trust failure occurredz0Other error occurred, certificate may be revoked)rr zUnknown trust result: N)rSecTrustResultTypeSecTrustEvaluater+rRr)r2 ValueError TypeErrorr]r4 CERT_REQUIREDgetSSLCertVerificationErrorverify_message verify_code)r`r~sec_trust_result_typesec_trust_result_type_as_int sec_trust_result_type_to_message error_messageerrrrrrus4   ruc Cst}t|t|}|dkrd}n|dkrd}ntd|d}|s>t|}|j tj kr>|t j ks<|t j kr>d}|sqd}z%t|}t|pMd}t}t|t|t|} || _|| _| |rpt|wwdS)z>Verify using 'SecTrustEvaluateWithError' API for macOS 10.14+.r TrFz8Unknown result from Security.SecTrustEvaluateWithError: NzCertificate verification failed)r CFErrorRefrSecTrustEvaluateWithErrorr+rRr4r5CFErrorGetCoder]rr.rCrBCFErrorCopyDescriptionrOrSecTrustGetTrustResultrrrr3) r`r~cf_errorsec_trust_eval_result is_trusted cf_error_codecf_error_string_refcf_error_messagerrrrrrtsJ         rtrD)l contextlibr+platformr4typingrrrrrrrr r ctypes.utilr _ssl_constantsr mac_ver _mac_versiontuplemapr)splitrrrsstrrrrBooleanCFIndexr?CFDataCFStringCFArrayCFMutableArrayCFErrorCFTypeCFTypeID CFTypeRefCFAllocatorRefOSStatusr CFDataRef CFStringRef CFArrayRefCFMutableArrayRefCFArrayCallBacks CFOptionFlagsSecCertificateRef SecPolicyRefrnrSecTrustOptionFlagsrTargtypesrestypeSecCertificateCopyDatar*rqrrrirfrorrrjrkr3 CFGetTypeIDrHr-r1rECFDataGetLengthCFDataGetBytePtr CFArrayCreaterQrUCFArrayGetCountCFArrayGetValueAtIndexrrin_dllr!r"AttributeErrorerAnyr:errcheckr.bytesrGrKrOlistrZcontextmanager SSLContextIteratorr_r}rurtrrrrst,                      5  Y ,