U 8hIF @s6ddlZddlZddlZddlmZddlmZddlmZmZmZm Z m Z m Z m Z m Z mZmZddlmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZeZeZ eZ!Gd d d eZ"ee"Z#ee#Z$Gd d d eZ%ee%Z&Gd ddeZ'GdddeZ(er ee(Z)nee(Z)GdddeZ*GdddeZ+ee+Z,GdddeZ-ee-Z.GdddeZ/ee/Z0ee0Z1GdddeZ2GdddeZ3ee3Z4GdddeZ5ee5Z6Gdd d eZ7ee7Z8eeZ9dZ:d!Z;d"Zed$Z?d%Z@d&ZAd'ZBd(ZCd)ZDd*ZEd+ZFd,ZGd-ZHd.ZId/ZJd0ZKd#ZLd1ZMd0ZNd2ZOeBeCBeDBeEBeFBeGBeHBeIBeJBZPed3ZQed4ZReSeeed5d6d7ZTeQjUZUe8e9feU_VeTeU_WeQjXZXeee!ee feX_Ve eX_YeTeX_WeQjZZZe eeeee$feZ_VeeZ_YeQj[Z[eeefe[_Ve#e[_YeTe[_WeQj\Z\ee#ee e)ee e1fe\_Vee\_YeTe\_WeQj]Z]e e0e4e6fe]_Vee]_YeQj^Z^e efe^_Vee^_YeTe^_WeQj_Z_e0fe__VeQj`Z`e#fe`_VeQjaZaefea_VeRjbZbeeeeeee feb_Veeb_YdDejcedeeefdBdd8d9d:ZgejcedBe e e)efdBehdd;dd?d@ZjejkejcejlddAdBdCZmdS)EN)WinDLLWinError) POINTER Structurec_char_pc_ulongc_void_p c_wchar_pcastcreate_unicode_bufferpointersizeof) BOOLDWORDHANDLELONGLPCSTRLPCVOIDLPCWSTR LPFILETIMELPSTRLPWSTR) TYPE_CHECKINGAny)_set_ssl_context_verify_modec@s.eZdZdefdefdefdefdeffZdS) CERT_CONTEXTZdwCertEncodingTypeZ pbCertEncodedZ cbCertEncodedZ pCertInfoZ hCertStoreN)__name__ __module__ __qualname__rr HCERTSTORE_fields_r#r#]C:\Users\jeffr\AppData\Local\Temp\pip-install-hfyjq797\pip\pip\_vendor\truststore\_windows.pyr's rc@s eZdZdefdeeffZdS)CERT_ENHKEY_USAGEcUsageIdentifierrgpszUsageIdentifierN)rrr rrrr"r#r#r#r$r%5s r%c@seZdZdefdeffZdS)CERT_USAGE_MATCHZdwTypeUsageN)rrr rr%r"r#r#r#r$r(?sr(c @sFeZdZdefdefdefdefdefdefdefdefd eff Zd S) CERT_CHAIN_PARAcbSizeRequestedUsageZRequestedIssuancePolicydwUrlRetrievalTimeoutZfCheckRevocationFreshnessTimedwRevocationFreshnessTimeZpftCacheResyncZpStrongSignParaZdwStrongSignFlagsN) rrr rr(rrr r"r#r#r#r$r*Fsr*c@seZdZdefdeffZdS)CERT_TRUST_STATUSZ dwErrorStatusZ dwInfoStatusN)rrr rr"r#r#r#r$r/Zsr/c@s:eZdZdefdefdefdefdefdefdeffZ dS) CERT_CHAIN_ELEMENTr+ pCertContext TrustStatusZpRevocationInfoZpIssuanceUsageZpApplicationUsageZpwszExtendedErrorInfoN) rrr r PCERT_CONTEXTr/r PCERT_ENHKEY_USAGErr"r#r#r#r$r0asr0c@s>eZdZdefdefdefdeefdefdefdeffZ dS) CERT_SIMPLE_CHAINr+r2ZcElementZ rgpElementZpTrustListInfofHasRevocationFreshnessTimer.N) rrr rr/rPCERT_CHAIN_ELEMENTr rr"r#r#r#r$r5ps r5c @sDeZdZdefdefdefdeefdefdefdefdeffZ d S) CERT_CHAIN_CONTEXTr+r2ZcChainZrgpChainZcLowerQualityChainContextZrgpLowerQualityChainContextr6r.N) rrr rr/rPCERT_SIMPLE_CHAINr rr"r#r#r#r$r8s r8c@s(eZdZdefdefdefdeffZdS) SSL_EXTRA_CERT_CHAIN_POLICY_PARAr+ dwAuthType fdwCheckspwszServerNameN)rrr rrr"r#r#r#r$r:s r:c@s"eZdZdefdefdeffZdS)CERT_CHAIN_POLICY_PARAr+dwFlagspvExtraPolicyParaN)rrr rr r"r#r#r#r$r>sr>c@s.eZdZdefdefdefdefdeffZdS)CERT_CHAIN_POLICY_STATUSr+dwErrorZ lChainIndex lElementIndexZpvExtraPolicyStatusN)rrr rrr r"r#r#r#r$rAs rAc@s^eZdZdefdefdefdefdefdefdefdefd efd efd efd efd eff ZdS)CERT_CHAIN_ENGINE_CONFIGr+ZhRestrictedRootZhRestrictedTrustZhRestrictedOtherZcAdditionalStoreZrghAdditionalStorer?r-ZMaximumCachedCertificatesZCycleDetectionModulushExclusiveRootZhExclusiveTrustedPeopleZdwExclusiveFlagsN)rrr rr!r r"r#r#r#r$rDsrDisMemorys1.3.6.1.5.5.7.3.1ii @ iii@iiz crypt32.dllz kernel32.dll)result_argsreturncCs|s t|S)Nr)rNrOrPr#r#r$_handle_win_errorsrR) ssl_context cert_chainserver_hostnamerQc Cs|stdd}ttdddd}zJ|ddD]}t|ttB|t |t dq2|d}t ttB|t |}t }d|_ tdt|_t}||_t} || _t| | _t| } |jtj@rt} n|jtj@rt} nd} zt|d||| || dWnvtjk rj} zT|jdd} | rXzt|| ||| || dWntjk rT| dYnXnW5d} ~ XYnXW5t|d|rt|XdS)z9Verify the cert_chain from the server using Windows APIs.z#Peer sent no certificates to verifyNrr) chain_flagsT) binary_form) sslSSLCertVerificationError CertOpenStoreCERT_STORE_PROV_MEMORYCertCloseStoreCertFreeCertificateContext CertAddEncodedCertificateToStoreX509_ASN_ENCODINGPKCS_7_ASN_ENCODINGlenCERT_STORE_ADD_USE_EXISTINGCertCreateCertificateContextr%r&rOID_PKIX_KP_SERVER_AUTHr'r(r)r*r,rr+r verify_flagsVERIFY_CRL_CHECK_CHAIN!CERT_CHAIN_REVOCATION_CHECK_CHAINVERIFY_CRL_CHECK_LEAF$CERT_CHAIN_REVOCATION_CHECK_END_CERT_get_and_verify_cert_chain get_ca_certs_verify_using_custom_ca_certs)rSrTrUr1hIntermediateCertStore cert_bytesZ leaf_certZcert_enhkey_usageZcert_usage_matchZ chain_params pChainPararVecustom_ca_certsr#r#r$_verify_peercerts_implCs         rr)rS hChainEnginermpPeerCertContextrorUrVrQc Csbd}zDtt}t||d|||d||j}t} t| | _t| _ d| _ |j dkrZt | _ |rht || _t} tt| t| _|jtjkr| jtO_t| | _t| } t} t| | _t| } tt|| | | j}|rHtd}tttBd|d|t|d}|dkr"d|dd| j d}n |j!"}t#|}||_$||_%|dW5|r\t|jXdS)NrFizCertificate chain policy error z#xz [])&CertFreeCertificateChaincontentsr PCERT_CHAIN_CONTEXTCertGetCertificateChainr:rr+AUTHTYPE_SERVERr;r<check_hostname$SECURITY_FLAG_IGNORE_CERT_CN_INVALIDr r=r>r r r@ verify_moderX CERT_NONEr?(CERT_CHAIN_POLICY_VERIFY_MODE_NONE_FLAGSrA CertVerifyCertificateChainPolicyCERT_CHAIN_POLICY_SSLrBr FormatMessageWFORMAT_MESSAGE_FROM_SYSTEMFORMAT_MESSAGE_IGNORE_INSERTSrCvaluestriprYZverify_messageZ verify_code)rSrsrmrtrorUrVZppChainContextZ pChainContextZ ssl_extra_cert_chain_policy_paraZ chain_policyZ pPolicyParaZ policy_statusZ pPolicyStatusZ error_codeZerror_message_bufZerror_message_chars error_messageerrr#r#r$rjs            rj)rSrqrmrtrorUrVrQc Csd}ttdddd}zt|D]} t|ttB| t| tdqt } t | | _ || _ t | } t t} t| | | j}t|||||||W5|rt|t|dXdS)Nr)rZr[CertFreeCertificateChainEnginer\r^r_r`rarbrDrr+rEr HCERTCHAINENGINE CertCreateCertificateChainEnginerwrj) rSrqrmrtrorUrVrsZhRootCertStorernZcert_chain_engine_configZpConfigZ phChainEnginer#r#r$rlsD     rl)ctxrQc cs@|j}|j}d|_t|tjz dVW5||_t||XdS)NF)r{r}rrXr~)rr{r}r#r#r$_configure_context-s  r)N)n contextlibrXtypingctypesrrrrrrr r r r r rZctypes.wintypesrrrrrrrrrrrrZ_ssl_constantsrrr!ZHCRYPTPROV_LEGACYrr3ZPCCERT_CONTEXTr%r4r(r*ZPCERT_CHAIN_PARAr/r0r7r5r9r8rxZPCCERT_CHAIN_CONTEXTr:r>ZPCERT_CHAIN_POLICY_PARArAZPCERT_CHAIN_POLICY_STATUSrDZPCERT_CHAIN_ENGINE_CONFIGZPHCERTCHAINENGINEr_r`r[rbZUSAGE_MATCH_TYPE_ORrdrirgZ1CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGSZ7CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAGZ'CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAGZ*CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAGZ)CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAGZ,CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAGZ.CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGSZ%CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAGZ%CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAGr|rzrrrrZwincryptkernel32boolrRrargtypeserrcheckrZrestyper^rcryrr\rvr]rr SSLContextlistbytesstrrrintrjrlcontextmanagerIteratorrr#r#r#r$sP  0 0               ] [ 4