U 8hP @sPddlZddlZddlZddlZddlZddlmZmZmZmZm Z m Z m Z m Z m Z ddlmZddlmZedZeeeedZedkrededdeded kZeeed d d Zed dZeddZeZe Z e Z!e Z"e Z#e Z$e Z%e Z&e Z'e Z(ee'Z)e Z*e Z+ee&Z,ee"Z-ee#Z.ee$Z/ee%Z0e Z1e Z2ee Z3ee Z4ee Z5e Z6e Z7zTe*e-gej8_9e3ej8_:e3gej;_9e-ej;_:e+e gej<_9e.ej<_:e5e/gej=_9e+ej=_:e5egej>_9e+ej>_:e2gej?_9e4ej?_:ee.gej@_9e4ej@_:e)e)ee5gejA_9e+ejA_:e5ee6gejB_9e+ejB_:e5ee6gejC_9e+ejC_:e5e_5e6e_6e+e_+dZDdZEe)gejF_9dejF_:e)gejG_9e(ejG_:e*ee!gejH_9e.ejH_:e.e!gejI_9eejI_:e.ee e!gejJ_9eejJ_:e*ee gejK_9e-ejK_:e-gejL_9e ejL_:e-gejM_9e ejM_:e*ee)e e1gejN_9e/ejN_:e*e e1gejO_9e0ejO_:e0e gejP_9dejP_:e/gejQ_9e ejQ_:e/e gejR_9e ejR_:e,gejS_9e ejS_:e,gejT_9e.ejT_:e*Uede_Ve Uede_We)e_)e/e_/e.e_.e,e_,Wn4eXk rZYzedeYdW5dZY[YXYnXerJze5ee,gejZ_9eejZ_:Wn4eXk rHZYzedeYdW5dZY[YXYnXe+ej[ej[ej[dddZ\e\ejA_]e\ej=_]e\ej>_]e\ejB_]e\ejC_]GdddZ^e_e-dddZ`e_e#dddZae.edBd d!d"Zbece_e0d#d$d%Zdejeejfejgdd&d'd(Zhd1ejfece_edBdd)d*d+Ziejfej[dd,d-d.Zjejfej[dd,d/d0ZkdS)2N) CDLLPOINTERc_boolc_char_pc_int32c_longc_uint32c_ulongc_void_p) find_library)_set_ssl_context_verify_mode.) z,Only OS X 10.8 and newer are supported, not )r)namemacos10_16_pathreturncCsXz,tdkr|}nt|}|s tt|ddWStk rRtd|ddYnXdS)z:Loads a CDLL by name, falling back to known path on 10.16+)rT) use_errnoz The library z failed to loadN)_mac_version_infor OSErrorr ImportError)rrpathr:\Users\jeffr\AppData\Local\Temp\pip-install-hfyjq797\pip\pip\_vendor\truststore\_macos.py _load_cdllsrSecurityz6/System/Library/Frameworks/Security.framework/SecurityCoreFoundationzB/System/Library/Frameworks/CoreFoundation.framework/CoreFoundationrkCFAllocatorDefaultkCFTypeArrayCallBackszError initializing ctypes: )result_argsrc Cst|dkr|Sd}zht|d}t|ttj}t |t j }|dkrzt d}t ||dt j }|sttd|j}W5|dk rt|X|dks|dkrd|}t|dS)z< Raises an error if the OSStatus value is non-zero. rN'Error copying C string from CFStringRefz8SecureTransport operation returned a non-zero OSStatus: )intr CFReleaserSecCopyErrorMessageStringctypescastrr CFStringGetCStringPtrCFConstkCFStringEncodingUTF8create_string_bufferCFStringGetCStringrvaluesslSSLError)r#r$r%Zerror_message_cfstringZerror_message_cfstring_c_void_pmessagebufferrrr_handle_osstatuss:        r8c@s(eZdZdZedZdZdZdZdZ dS)r/zCoreFoundation constantsiiiiiN) __name__ __module__ __qualname____doc__CFStringEncodingr0Z#errSecIncompleteCertRevocationCheckZerrSecHostNameMismatcherrSecCertificateExpirederrSecNotTrustedrrrrr/s r/)r3rcCsttj|t|S)N)r CFDataCreater!len)r3rrr_bytes_to_cf_data_ref&s rBcCs t|}ttj|tj}|S)zi Given a Python binary data, create a CFString. The string must be CFReleased by the caller. )r,rrCFStringCreateWithCStringr!r/r0)r3Zc_strZcf_strrrr_bytes_to_cf_string,s rD) cf_string_refrcCsZt|tj}|dkrDtd}t||dtj}|s>td|j}|dk rV| d}|S)z Creates a Unicode string from a CFString object. Used entirely for error reporting. Yes, it annoys me quite a lot that this function is this complex. Nr&r'zutf-8) rr.r/r0r,r1r2rr3decode)rEstringr7r#rrr_cf_string_ref_to_str:s$  rH)certsrc Csttjdttj}|s$td|D]R}d}d}z&t|}t tj|}t ||W5|rjt||rxt|Xq(|S)zBuilds a CFArray of SecCertificateRefs from a list of DER-encoded certificates. Responsibility of the caller to call CoreFoundation.CFRelease on the CFArray. rzUnable to allocate memory!N) rCFArrayCreateMutabler!r,byrefr" MemoryErrorr*rBrSecCertificateCreateWithDataCFArrayAppendValue)rIZcf_arrayZ cert_dataZcf_dataZ sec_cert_refrrr_der_certs_to_cf_cert_arrayQs,  rO)ctxrc cs@|j}|j}d|_t|tjz dVW5||_t||XdS)NF)check_hostname verify_moder r4 CERT_NONE)rPrQrRrrr_configure_contextos  rT) ssl_context cert_chainserver_hostnamerc Csd}d}d}zv|dk rT|jrTd}zt|d}td|}W5|rPt|Xn tdd}|}|jtj @rt tj dt tj}t||t|tttB}t||t|n|jtj@rtdd}z(t|}t}t||t |W5|rt|X|jdd} | rZd} zt| } t|| W5| rXt| Xt|dtrxt||n t||W5|rt||rt|XdS)NasciiTrz/VERIFY_CRL_CHECK_LEAF not implemented for macOS) binary_formF)rr*rQrDencoderSecPolicyCreateSSL verify_flagsr4VERIFY_CRL_CHECK_CHAINrJr!r,rKr"rNSecPolicyCreateRevocation#kSecRevocationUseAnyAvailableMethod%kSecRevocationRequirePositiveResponseVERIFY_CRL_CHECK_LEAFNotImplementedErrorrO SecTrustRefSecTrustCreateWithCertificates get_ca_certsSecTrustSetAnchorCertificates!SecTrustSetAnchorCertificatesOnly _is_macos_version_10_14_or_later"_verify_peercerts_impl_macos_10_14"_verify_peercerts_impl_macos_10_13) rUrVrWrIZpoliciestrustZcf_str_hostnameZ ssl_policyZrevocation_policyZctx_ca_certs_derZ ctx_ca_certsrrr_verify_peercerts_impl|sv             rl)rU sec_trust_refrc Cst}t|t|zt|j}Wnttfk rDd}YnX|j t j kr|dkrddddddd }| |d |}t |}||_||_|d S) zVerify using 'SecTrustEvaluate' API for macOS 10.13 and earlier. macOS 10.14 added the 'SecTrustEvaluateWithError' API. )r zInvalid trust result typezUser confirmation requiredz.User specified that certificate is not trustedz"Recoverable trust failure occurredzFatal trust failure occurredz0Other error occurred, certificate may be revoked)rr zUnknown trust result: N)rSecTrustResultTypeSecTrustEvaluater,rKr)r3 ValueError TypeErrorrRr4 CERT_REQUIREDgetSSLCertVerificationErrorverify_message verify_code)rUrmsec_trust_result_typeZsec_trust_result_type_as_intZ sec_trust_result_type_to_message error_messageerrrrrrjs2    rjc Cst}t|t|}|dkr(d}n|dkr6d}ntd|d}|s|t|}|j tj kr||t j ksx|t j kr|d}|sd}zNt|}t|pd}t}t|t|t|} || _|| _| W5|rt|XdS)z>Verify using 'SecTrustEvaluateWithError' API for macOS 10.14+.r TrFz8Unknown result from Security.SecTrustEvaluateWithError: NzCertificate verification failed)r CFErrorRefrSecTrustEvaluateWithErrorr,rKr4r5CFErrorGetCoderRrxr/r?r>r*CFErrorCopyDescriptionrHrtSecTrustGetTrustResultrzr{r|) rUrmZcf_errorZsec_trust_eval_resultZ is_trustedZ cf_error_codeZcf_error_string_refZcf_error_messager}rrrrrisN    ri)N)l contextlibr,platformr4typingrrrrrrrr r Z ctypes.utilr Z_ssl_constantsr mac_verZ _mac_versiontuplemapr)splitrrrhstrrrrBooleanZCFIndexr=ZCFDataZCFStringZCFArrayZCFMutableArrayZCFErrorZCFTypeZCFTypeIDZ CFTypeRefZCFAllocatorRefZOSStatusrZ CFDataRefZ CFStringRefZ CFArrayRefZCFMutableArrayRefZCFArrayCallBacksZ CFOptionFlagsZSecCertificateRefZ SecPolicyRefrcrtZSecTrustOptionFlagsrMargtypesrestypeZSecCertificateCopyDatar+rfrgr^r[rdrrur_r`r*Z CFGetTypeIDrCr.r2r@ZCFDataGetLengthZCFDataGetBytePtrZ CFArrayCreaterJrNZCFArrayGetCountZCFArrayGetValueAtIndexrrin_dllr!r"AttributeErrorerZAnyr8errcheckr/bytesrBrDrHlistrOcontextmanager SSLContextIteratorrTrlrjrirrrrs^,                     " "5  Z -