#aqdZddlmZmZmZddlZddlmZmZm Z m Z m Z m Z m Z ddlmZddlmZddlmZdd lmZmZmZmZmZmZmZmZdd lmZd gZd Z d Z!e dZ"dZ#dS)zL `cryptography.x509 `_-specific code. )absolute_importdivisionprint_functionN)DNSName ExtensionOID IPAddressNameOIDObjectIdentifier OtherNameUniformResourceIdentifier)ExtensionNotFound)decode) IA5String)DNS_IDCertificateError DNSPattern IPAddress_IDIPAddressPattern SRVPattern URIPatternverify_service_identity)SubjectAltNameWarningverify_certificate_hostnamec`tt|t|ggdS)a Verify whether *certificate* is valid for *hostname*. .. note:: Nothing is verified about the *authority* of the certificate; the caller must verify that the certificate chains to an appropriate trust root themselves. :param cryptography.x509.Certificate certificate: A cryptography X509 certificate object. :param unicode hostname: The hostname that *certificate* should be valid for. :raises service_identity.VerificationError: If *certificate* is not valid for *hostname*. :raises service_identity.CertificateError: If *certificate* contains invalid/unexpected data. :returns: ``None``  cert_patternsobligatory_ids optional_idsN)r extract_idsr) certificatehostnames =lib/python3.11/site-packages/service_identity/cryptography.pyrr&sA(!+..x(()c`tt|t|ggdS)a Verify whether *certificate* is valid for *ip_address*. .. note:: Nothing is verified about the *authority* of the certificate; the caller must verify that the certificate chains to an appropriate trust root themselves. :param cryptography.x509.Certificate certificate: A cryptography X509 certificate object. :param unicode ip_address: The IP address that *connection* should be valid for. Can be an IPv4 or IPv6 address. :raises service_identity.VerificationError: If *certificate* is not valid for *ip_address*. :raises service_identity.CertificateError: If *certificate* contains invalid/unexpected data. :returns: ``None`` .. versionadded:: 18.1.0 rN)rr r)r! ip_addresss r#verify_certificate_ip_addressr'AsA,!+..$Z001r$z1.3.6.1.5.5.7.8.7c.g} |jtj}|d|jtD|d|jtD|d|jtD|jtD]}|j tkrpt|j\}}t|tr5|t#|st'dn#t($rYnwxYw|sd|jt.jD}t3t5|d}d|D}t7jd|t<|S) a Extract all valid IDs from a certificate for service verification. If *cert* doesn't contain any identifiers, the ``CN``s are used as DNS-IDs as fallback. :param cryptography.x509.Certificate cert: The certificate to be dissected. :return: List of IDs. cRg|]$}t|d%Szutf-8rencode).0names r# zextract_ids..us<   4;;w//00   r$cRg|]$}t|d%Sr*)rr,)r-uris r#r/zextract_ids..{s<   3::g..//   r$c,g|]}t|S)r)r-ips r#r/zextract_ids..s0   !$$   r$zUnexpected certificate content.cg|] }|j Sr3)valuer-ns r#r/zextract_ids..s*    G   r$s cRg|]$}t|d%Sr*r+r7s r#r/zextract_ids..s,:::z!((7++,,:::r$zCertificate with CN {!r} has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818.) extensionsget_extension_for_oidrSUBJECT_ALTERNATIVE_NAMEextendr6get_values_for_typerr rr type_id ID_ON_DNS_SRVr isinstancerappendrasOctetsrr subjectget_attributes_for_oidr COMMON_NAMEnextiterwarningswarnformatr)certidsextothersrv_cnscns r#r r asH C!No33  1     I99'BB        988-         )77 BB      Y229== N NE} -- ,,Qc9--NJJz#,,..99::::*+LMMM . N/      >    \889LMM   $s))^ , ,::c:::  DDJF2JJ !    Js$E?? F  F )$__doc__ __future__rrrrIcryptography.x509rrrr r r r cryptography.x509.extensionsr pyasn1.codec.der.decoderrpyasn1.type.charr_commonrrrrrrrr exceptionsr__all__rr'r@r r3r$r#r]sA@@@@@@@@@;:::::++++++&&&&&&                    .----- ) )6:! !455 @@@@@r$