ó h#ñ]c@sìdZddlZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z ej dej ƒZd„Zd„Zd„Zdd „Zd „Zd „Zd „Zd „Zd„Zd„ZdS(s¦ Low-level helpers for the SecureTransport bindings. These are Python functions that are not directly related to the high-level APIs but are necessary to get them to work. They include a whole bunch of low-level CoreFoundation messing about and memory management. The concerns in this module are almost entirely about trying to avoid memory leaks and providing appropriate and useful assistance to the higher-level code. iÿÿÿÿNi(tSecuritytCoreFoundationtCFConsts;-----BEGIN CERTIFICATE----- (.*?) -----END CERTIFICATE-----cCstjtj|t|ƒƒS(sv Given a bytestring, create a CFData object from it. This CFData object must be CFReleased by the caller. (Rt CFDataCreatetkCFAllocatorDefaulttlen(t bytestring((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_cf_data_from_bytesscCswt|ƒ}d„|Dƒ}d„|Dƒ}tj||Œ}tj||Œ}tjtj|||tjtjƒS(sK Given a list of Python tuples, create an associated CFDictionary. css|]}|dVqdS(iN((t.0tt((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pys ,scss|]}|dVqdS(iN((RR ((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pys -s(RRt CFTypeReftCFDictionaryCreateRtkCFTypeDictionaryKeyCallBackstkCFTypeDictionaryValueCallBacks(ttuplestdictionary_sizetkeystvaluestcf_keyst cf_values((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_cf_dictionary_from_tuples%s cCs¬tj|tjtjƒƒ}tj|tjƒ}|dkrŠtj dƒ}tj ||dtjƒ}|s~t dƒ‚n|j }n|dk r¨|j dƒ}n|S(s¨ Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. is'Error copying C string from CFStringRefsutf-8N(tctypestcasttPOINTERtc_void_pRtCFStringGetCStringPtrRtkCFStringEncodingUTF8tNonetcreate_string_buffertCFStringGetCStringtOSErrortvaluetdecode(Rtvalue_as_void_ptstringtbuffertresult((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_cf_string_to_unicode;s"     cCsˆ|dkrdStj|dƒ}t|ƒ}tj|ƒ|dksS|dkr`d|}n|dkrxtj}n||ƒ‚dS(s[ Checks the return code and throws an exception if there is an error to report iNuu OSStatus %s(RtSecCopyErrorMessageStringRR%Rt CFReleasetssltSSLError(terrortexception_classtcf_error_stringtoutput((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_assert_no_errorXs      cCsO|jddƒ}gtj|ƒD]}tj|jdƒƒ^q"}|s^tjdƒ‚ntj tj dt j tj ƒƒ}|sštjdƒ‚nyx‰|D]}t|ƒ}|sÎtjdƒ‚ntjtj |ƒ}tj|ƒ|stjdƒ‚ntj||ƒtj|ƒq¤WWntk rJtj|ƒnX|S(s‚ Given a bundle of certs in PEM format, turns them into a CFArray of certs that can be used to validate a cert chain. s s isNo root certificates specifiedisUnable to allocate memory!sUnable to build cert object!(treplacet _PEM_CERTS_REtfinditertbase64t b64decodetgroupR(R)RtCFArrayCreateMutableRRtbyreftkCFTypeArrayCallBacksRRtSecCertificateCreateWithDataR'tCFArrayAppendValuet Exception(t pem_bundletmatcht der_certst cert_arrayt der_bytestcertdatatcert((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_cert_array_from_pemms41    cCstjƒ}tj|ƒ|kS(s= Returns True if a given CFTypeRef is a certificate. (RtSecCertificateGetTypeIDRt CFGetTypeID(titemtexpected((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_is_cert›s cCstjƒ}tj|ƒ|kS(s; Returns True if a given CFTypeRef is an identity. (RtSecIdentityGetTypeIDRRD(RERF((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt _is_identity£s cCsµtjdƒ}tj|d ƒjdƒ}tj|dƒ}tjƒ}tjj||ƒj dƒ}t j ƒ}t j |t |ƒ|tdtj|ƒƒ}t|ƒ||fS(s³ This function creates a temporary Mac keychain that we can use to work with credentials. This keychain uses a one-time password and a temporary file to store the data. We expect to have one keychain per socket. The returned SecKeychainRef must be freed by the caller, including calling SecKeychainDelete. Returns a tuple of the SecKeychainRef and the path to the temporary directory that contains it. i(isutf-8N(tosturandomR2t b16encodeR ttempfiletmkdtemptpathtjointencodeRtSecKeychainReftSecKeychainCreateRtFalseRRR6R.(t random_bytestfilenametpasswordt tempdirectoryt keychain_pathtkeychaintstatus((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_temporary_keychain«s    c Cskg}g}d}t|dƒ}|jƒ}WdQXztjtj|t|ƒƒ}tjƒ}tj |ddddd|t j |ƒƒ}t |ƒtj |ƒ} xt| ƒD]} tj|| ƒ} t j| tjƒ} t| ƒr tj| ƒ|j| ƒq¶t| ƒr¶tj| ƒ|j| ƒq¶q¶WWd|rStj|ƒntj|ƒX||fS(sÊ Given a single file, loads all the trust objects from it into arrays and the keychain. Returns a tuple of lists: the first list is a list of identities, the second a list of certs. trbNi(RtopentreadRRRRt CFArrayRefRt SecItemImportRR6R.tCFArrayGetCounttrangetCFArrayGetValueAtIndexRR RGtCFRetaintappendRIR'( RZROt certificatest identitiest result_arraytft raw_filedatatfiledataR$t result_counttindexRE((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_load_items_from_fileÓsH       c GsKg}g}d„|Dƒ}zýx=|D]5}t||ƒ\}}|j|ƒ|j|ƒq&W|sÃtjƒ}tj||dtj|ƒƒ}t|ƒ|j|ƒt j |j dƒƒnt j t j dtjt jƒƒ} x*tj||ƒD]} t j| | ƒqúW| SWdx'tj||ƒD]} t j | ƒq/WXdS(sü Load certificates and maybe keys from a number of files. Has the end goal of returning a CFArray containing one SecIdentityRef, and then zero or more SecCertificateRef objects, suitable for use as a client certificate trust chain. css|]}|r|VqdS(N((RRO((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pys 2siN(RotextendRtSecIdentityReft SecIdentityCreateWithCertificateRR6R.RfRR'tpopR5RR7t itertoolstchainR9( RZtpathsRgRht file_pathtnew_identitiest new_certst new_identityR[t trust_chainREtobj((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt_load_client_cert_chains6      (t__doc__R2RRttreRJR(RMtbindingsRRRtcompiletDOTALLR0RRR%RR.RBRGRIR\RoR}(((s_/data/av2000/b2b/venv/lib/python2.7/site-packages/urllib3/contrib/_securetransport/low_level.pyt s(           .   ( ;