DIeJ#PdZddlZddlZddlmZddlmZddlmZddlm Z ddl m Z m Z m Z mZ ddlmZmZdd lmZmZmZdd lmZn#e$rGd d eZYnwxYwd dlmZd dlmZd dlmZm Z d dl!m"Z"ddl#m$Z$m%Z%ee&Z'GddZ(e(Z)dS)z0Interface between conda-content-trust and conda.N) lru_cache)glob) getLogger)makedirs)basenameexistsisdirjoin)verify_delegation verify_root)SignatureErrorload_metadata_from_filewrite_metadata_to_file)wrap_as_signableceZdZdS)r N)__name__ __module__ __qualname__Blib/python3.11/site-packages/conda/trust/signature_verification.pyr r s rr )context)join_url) HTTPErrorInsecureRequestWarning) get_session)INITIAL_TRUST_ROOT KEY_MGR_FILEceZdZeeddZeeddZeeddZ ddZdZ dS) _SignatureVerificationN)maxsizectjsdStjstddS ddl}n+#t $rtdYdSwxYwttjs3t dttj|j tddS|j tddSdS) NFz[metadata signature verification requested, but no metadata URL base has not been specified.rzVmetadata signature verification requested, but `conda-content-trust` is not installed.z5creating directory for artifact verification metadatazDcould not find trusted_root data for metadata signature verificationz?could not find key_mgr data for metadata signature verificationT) rextra_safety_checkssigning_metadata_url_baselogwarnconda_content_trust ImportErrorr av_data_dirinfor trusted_rootkey_mgr)selfr)s renabledz_SignatureVerification.enabled%s$* 50  HHC   5  & & & & &    HH>   55  W()) * HHL M M M W( ) ) )   $ HHV   5 <  HHV W W W5ts=$A%$A%ct}ttttjddD]v} t t|ddt d|dt|}n8#t$rYswxYwt dtjdd}|r|d d d zd }ttj|} |tj|}t!|||}t#||nq#t$$r6}|jjd krt|d}Yd}~n6d}~wt,$r&}t|d}Yd}~nd}~wwxYw||S)Nz[0-9]*.root.jsonT)reverse.rzLoading root metadata from zNo root metadata in z. Using built-in root metadata.signedversionrz .root.jsoniF)rsortedrr rr+intrsplitr'r,r ValueErrordebug_fetch_channel_signing_datar&r rrresponse status_codeerror Exception)r/trustedpathmore_signaturesfname untrustederrs rr-z#_SignatureVerification.trusted_rootSs% g)+=>> ? ?     D HTNN((--a0111 >t>>>???1$77      II0w':000     6x(3a7CCCE+U33D 6 <<5 GY///$&w5555 ( ( (<+s22IIcNNN"' ( ( ( #"' (' 68s65B%% B21B20E G,F GF<<Gcd}t}ttj|} |tjt}t d||j|}t||nF#ttf$r$}t |Yd}~nd}~wt$r}d}~wwxYw|st|rt!|}|S)Nr.)r r rr+r;r&r r-rConnectionErrorrr'r(r?r>rr)r/r@rCrArDrEs rr.z_SignatureVerification.key_mgrsG'// 2881I iD4E F F F G "7D 1 1 1 1 +    HHSMMMMMMMM      46$<< 4-d33Gs#;A33B6B## B60B11B6c:t|}tjstjdt ddd}|r||d<|r||d<tj} dt_|t||||j dtj tj f}| |t_n#|t_wxYw | S#tjj$r} t!d |d |d} ~ wwxYw) Nignorez!gzip, deflate, compress, identityzapplication/json)zAccept-Encodingz Content-Typez If-None-MatchzIf-Modified-SinceF)headersproxiesauthtimeoutzInvalid JSON returned from /)rr ssl_verifywarnings simplefilterradd_anaconda_tokengetrrKremote_connect_timeout_secsremote_read_timeout_secsraise_for_statusjsondecoderJSONDecodeErrorr9) r/signing_data_urlfilenameetag mod_stampsessionrJsaved_token_settingresprEs rr;z2_SignatureVerification._fetch_channel_signing_datasY.//! D  !(,B C C C C.    ,'+GO $  5+4G' (%8 =*/G &;;)84474   D  ! ! # # #)KKKK  s%A#CCC,,DDDc|jr||vrdSt|}|||d< td||jd}n/#t$r"t d|d}YnwxYw||d<dS)N signaturespkg_mgrz:(INFO: package metadata is signed by Anaconda and trusted)zinvalid signature for z1(WARNING: metadata signature verification failed)metadata_signature_status)r0rr r.r r'r()r/r,fnrbenvelopestatuss r__call__z_SignatureVerification.__call__s| r33 F$D))!+B R i4< @ @ @ RFF  I I I HH2b22 3 3 3HFFF I -3 ()))sA)A.-A.)NN) rrrpropertyrr0r-r.r;rhrrrr"r"#s Yt))X)XYt55X5pYtX@@D6666p33333rr")*__doc__rWrP functoolsrrloggingrosros.pathrrr r "conda_content_trust.authenticationr r conda_content_trust.commonr rrconda_content_trust.signingrr*r? base.contextr common.urlrgateways.connectionrrgateways.connection.sessionr constantsrr rr'r"signature_verificationrrrrxs76 111111111111  QQQQQQQQ =<<<<<<              #"""""!!!!!!CCCCCCCC55555577777777iS3S3S3S3S3S3S3S3n0/11sA AA