o zqfE @sddlZddlZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z m Z ddlmZddlmZedZeeeedZedkrXededdedd ed ed efd d ZeddZeddZeZe Ze Z e Z!e Z"e Z#e Z$e Z%e Z&e Z'ee&Z(e Z)e Z*ee%Z+ee!Z,ee"Z-ee#Z.ee$Z/e Z0e Z1ee Z2ee Z3ee Z4e Z5e Z6z*e)e,gej7_8e2ej7_9e2gej:_8e,ej:_9e*e gej;_8e-ej;_9e4e.gej<_8e*ej<_9e4egej=_8e*ej=_9e4ee5gej>_8e*ej>_9e1gej?_8e3ej?_9ee-gej@_8e3ej@_9e(e(ee4gejA_8e*ejA_9e4ee5gejB_8e*ejB_9e4e_4e5e_5e*e_*dZCdZDe(gejE_8dejE_9e(gejF_8e'ejF_9e)ee gejG_8e-ejG_9e-e gejH_8eejH_9e-eee gejI_8eejI_9e)eegejJ_8e,ejJ_9e,gejK_8eejK_9e,gejL_8e ejL_9e)ee(ee0gejM_8e.ejM_9e)ee0gejN_8e/ejN_9e/e gejO_8dejO_9e.gejP_8eejP_9e.egejQ_8e ejQ_9e+gejR_8eejR_9e+gejS_8e-ejS_9e)Tede_Ue Tede_Ve(e_(e.e_.e-e_-e+e_+Wn eWyeddwde*dejXdejXd ejXfddZYeYejA_ZeYej<_ZeYejB_ZGdddZ[de\d e,fdd Z]de\d e"fd!d"Z^d#e-d edBfd$d%Z_d&e`e\d e/fd'd(Zaejbd)ejcd ejddfd*d+Ze d1d,ejcd-e`e\d.edBd dfd/d0ZfdS)2N) CDLLPOINTERc_boolc_char_pc_int32c_longc_uint32c_ulongc_void_p) find_library)_set_ssl_context_verify_mode.) z,Only OS X 10.8 and newer are supported, not namemacos10_16_pathreturncCsNztdkr|}nt|}|stt|ddWSty&td|ddw)z:Loads a CDLL by name, falling back to known path on 10.16+)rT) use_errnoz The library z failed to loadN)_mac_version_infor OSErrorr ImportError)rrpathr\/root/parts/websockify/install/lib/python3.10/site-packages/pip/_vendor/truststore/_macos.py _load_cdlls rSecurityz6/System/Library/Frameworks/Security.framework/SecurityCoreFoundationzB/System/Library/Frameworks/CoreFoundation.framework/CoreFoundationrkCFAllocatorDefaultkCFTypeArrayCallBackszError initializing ctypesresult_argsc Cst|dkr|Sd}z=t|d}t|ttj}t|t j }|dur=t d}t ||dt j }|s:t d|j}W|durGt|n |durRt|ww|dus[|dkr`d|}t|)z< Raises an error if the OSStatus value is non-zero. rN'Error copying C string from CFStringRefz8SecureTransport operation returned a non-zero OSStatus: )intrSecCopyErrorMessageStringctypescastrr rCFStringGetCStringPtrCFConstkCFStringEncodingUTF8create_string_bufferCFStringGetCStringrvalue CFReleasesslSSLError)r"r#r$error_message_cfstringerror_message_cfstring_c_void_pmessagebufferrrr_handle_osstatuss@        r9c@s(eZdZdZedZdZdZdZdZ dS)r-zCoreFoundation constantsiiiiiN) __name__ __module__ __qualname____doc__CFStringEncodingr.#errSecIncompleteCertRevocationCheckerrSecHostNameMismatcherrSecCertificateExpirederrSecNotTrustedrrrrr- sr-r1cCsttj|t|SN)r CFDataCreater len)r1rrr_bytes_to_cf_data_refs rFcCs t|}ttj|tj}|S)zi Given a Python binary data, create a CFString. The string must be CFReleased by the caller. )r*rrCFStringCreateWithCStringr r-r.)r1c_strcf_strrrr_bytes_to_cf_strings rJ cf_string_refcCsZt|tj}|dur"td}t||dtj}|std|j}|dur+| d}|S)z Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. Nr%r&zutf-8) rr,r-r.r*r/r0rr1decode)rKstringr8r"rrr_cf_string_ref_to_str(s   rNcertsc Csttjdttj}|std|D]7}d}d}z!t|}t tj|}t ||W|r4t ||r;t |q|rCt ||rKt |ww|S)zBuilds a CFArray of SecCertificateRefs from a list of DER-encoded certificates. Responsibility of the caller to call CoreFoundation.CFRelease on the CFArray. rzUnable to allocate memory!N) rCFArrayCreateMutabler r*byrefr! MemoryErrorrFrSecCertificateCreateWithDataCFArrayAppendValuer2)rOcf_array cert_datacf_data sec_cert_refrrr_der_certs_to_cf_cert_array?s6     rYctxc csP|j}|j}d|_t|tjzdVW||_t||dS||_t||w)NF)check_hostname verify_moder r3 CERT_NONE)rZr[r\rrr_configure_context]s  r^ ssl_context cert_chainserver_hostnamec Csd}d}d}d}zV|dur0d}zt|d}td|}W|r&t|n|r/t|wwtdd}|}|jtj@rht tj dt tj }t||t|tttB} t|| t| n |jtj@rrtdd}zt|}t}t||t |W|rt|n |rt|ww|jdd} | rd} zt|} t|| W| rt| n| rt| wwt|dt}t|t |} | dkrd} n| dkrd} ntd| d}| st|}|jtjkr |tj ks|tj!kr d} n |j"s|tj#krd} | sKd}z&t$|}t%|p&d }t&}t'|t |t(|}||_)||_*||rJt|wwW|rTt||r^t|dSdS|rht||rqt|ww) NasciiTrz/VERIFY_CRL_CHECK_LEAF not implemented for macOS) binary_formr Fz8Unknown result from Security.SecTrustEvaluateWithError: zCertificate verification failed)+rJencoderSecPolicyCreateSSLrr2 verify_flagsr3VERIFY_CRL_CHECK_CHAINrPr r*rQr!rTSecPolicyCreateRevocation#kSecRevocationUseAnyAvailableMethod%kSecRevocationRequirePositiveResponseVERIFY_CRL_CHECK_LEAFNotImplementedErrorrY SecTrustRefSecTrustCreateWithCertificates get_ca_certsSecTrustSetAnchorCertificates CFErrorRefSecTrustEvaluateWithErrorr4CFErrorGetCoder\ CERT_REQUIREDr-rBrAr[r@CFErrorCopyDescriptionrNSecTrustResultTypeSecTrustGetTrustResultSSLCertVerificationErrorverify_message verify_code)r_r`rarOpoliciestrustcf_errorcf_str_hostname ssl_policyrevocation_policyctx_ca_certs_der ctx_ca_certssec_trust_eval_result is_trusted cf_error_codecf_error_string_refcf_error_messagesec_trust_result_typeerrrrr_verify_peercerts_impljs                             rrC)g contextlibr*platformr3typingrrrrrrrr r ctypes.utilr _ssl_constantsr mac_ver _mac_versiontuplemapr(splitrrstrrrrBooleanCFIndexr>CFDataCFStringCFArrayCFMutableArrayCFErrorCFTypeCFTypeID CFTypeRefCFAllocatorRefOSStatusrq CFDataRef CFStringRef CFArrayRefCFMutableArrayRefCFArrayCallBacks CFOptionFlagsSecCertificateRef SecPolicyRefrmrvSecTrustOptionFlagsrSargtypesrestypeSecCertificateCopyDatar)rp!SecTrustSetAnchorCertificatesOnlySecTrustEvaluaterhrernrwrirjr2 CFGetTypeIDrGr,r0rDCFDataGetLengthCFDataGetBytePtr CFArrayCreaterPrTCFArrayGetCountCFArrayGetValueAtIndexrsruin_dllr r!AttributeErrorAnyr9errcheckr-bytesrFrJrNlistrYcontextmanager SSLContextIteratorr^rrrrrs8,                      5