Your IP : 3.147.86.104


Current Path : /usr/lib/python3.6/site-packages/dns/__pycache__/
Upload File :
Current File : //usr/lib/python3.6/site-packages/dns/__pycache__/dnssec.cpython-36.pyc

3

�b�W�9�@sHdZddlmZddlZddlZddlZddlZddlZddl	Zddl
ZddlZddlZddl
ZddlmZGdd�dejj�ZGdd	�d	ejj�ZdZd
ZdZdZd
ZdZdZdZdZdZdZdZdZ dZ!eeeeeeeeeeeee e!d�Z"e#dd�e"j$�D��Z%dd�Z&dd�Z'dd�Z(dDd d!�Z)dEd"d#�Z*d$d%�Z+d&d'�Z,d(d)�Z-d*d+�Z.d,d-�Z/d.d/�Z0d0d1�Z1d2d3�Z2d4d5�Z3d6d7�Z4d8d9�Z5dFd:d;�Z6dGd<d=�Z7d>d?�Z8y(ddl9Z:ddl;Z:ddl<Z:e7Z=e6Z>d@Z?Wn"e@k
�r�e8Z=e8Z>dAZ?YnXy8ddlAZAddlBZAddlCZAddlDZAd@ZEGdBdC�dCeF�ZGWne@k
�rBdAZEYnXdS)Hz.Common DNSSEC-related functions and constants.�)�BytesION�)�string_typesc@seZdZdZdS)�UnsupportedAlgorithmz&The DNSSEC algorithm is not supported.N)�__name__�
__module__�__qualname__�__doc__�r
r
�/usr/lib/python3.6/dnssec.pyr!src@seZdZdZdS)�ValidationFailurez The DNSSEC signature is invalid.N)rrrr	r
r
r
rr&sr��������
�
����)�RSAMD5�DH�DSA�ECC�RSASHA1�DSANSEC3SHA1�RSASHA1NSEC3SHA1�	RSASHA256�	RSASHA512�INDIRECT�ECDSAP256SHA256�ECDSAP384SHA384�
PRIVATEDNS�
PRIVATEOIDccs|]\}}||fVqdS)Nr
)�.0�x�yr
r
r�	<genexpr>Nsr+cCs"tj|j��}|dkrt|�}|S)z:Convert text into a DNSSEC algorithm value
    @rtype: intN)�_algorithm_by_text�get�upper�int)�text�valuer
r
r�algorithm_from_textQsr2cCstj|�}|dkrt|�}|S)z;Convert a DNSSEC algorithm value to text
    @rtype: stringN)�_algorithm_by_valuer-�str)r1r0r
r
r�algorithm_to_text[s
r5cCst�}|j||d�|j�S)N)�origin)r�to_wire�getvalue)�recordr6�sr
r
r�	_to_rdataesr;cCs�t||�}t|�}|jtkr0|dd>|d	Sd}x<tt|�d�D](}||d|d>|d|d7}qFWt|�ddkr�||t|�dd>7}||d?d@7}|d@SdS)
Nrrr
rr�i��������)r;�	bytearray�	algorithmr�range�len)�keyr6�rdataZtotal�ir
r
r�key_idks

rFcCs�|j�dkr d}tjjd�}n,|j�dkr@d}tjjd�}ntd|��t|t�rdtjj||�}|j	|j
�j��|j	t||��|j
�}tjdt|�|j|�|}tjjtjjtjj|dt|��S)N�SHA1r�SHA256r
zunsupported algorithm "%s"z!HBBr)r.�dns�hash�hashesr�
isinstancer�name�	from_text�updateZcanonicalizer7r;�digest�struct�packrFr@rDZ	from_wire�
rdataclass�IN�	rdatatypeZDSrB)rMrCr@r6ZdsalgrJrPZdsrdatar
r
r�make_ds{s
rVcCs�g}|j|j�}|dkrdSt|tjj�rZy|jtjjtj	j
�}Wq^tk
rVdSXn|}x0|D](}|j|jkrdt
|�|jkrd|j|�qdW|S)N)r-�signerrLrIZnodeZNodeZ
find_rdatasetrSrTrUZDNSKEY�KeyErrorr@rFZkey_tag�append)�keys�rrsigZcandidate_keysr1�rdatasetrDr
r
r�_find_candidate_keys�s 

r]cCs|tttttfkS)N)rrr r!r")r@r
r
r�_is_rsa�sr^cCs|ttfkS)N)rr)r@r
r
r�_is_dsa�sr_cCsto|ttfkS)N)�_have_ecdsar$r%)r@r
r
r�	_is_ecdsa�sracCs|tkS)N)r)r@r
r
r�_is_md5�srbcCs|ttttfkS)N)rrrr )r@r
r
r�_is_sha1�srccCs|ttfkS)N)r!r$)r@r
r
r�
_is_sha256�srdcCs|tkS)N)r%)r@r
r
r�
_is_sha384�srecCs|tkS)N)r")r@r
r
r�
_is_sha512�srfcCs~t|�rtjjd�St|�r,tjjd�St|�rBtjjd�St|�rXtjjd�St|�rntjjd�Std|��dS)NZMD5rGrHZSHA384ZSHA512zunknown hash for algorithm %u)	rbrIrJrKrcrdrerfr)r@r
r
r�
_make_hash�srgc	Cs�t|�rddddddddg}ndt|�r6dd	d
ddg}nLt|�rVdddd
dd
ddd
g	}n,t|�rvdddd
dd
ddd
g	}ntd|��t|�}t|�j}dgd||gd|dgd|g|ddgd|g}tj	dt|�f|��S)N�*��H�rr
r�+rr��`r�erzunknown algorithm %u�0rrrz!%dB)
rbrcrdrfrrBrgZdigest_sizerQrR)r@ZoidZolenZdlenZidbytesr
r
r�_make_algorithm_id�s
<rqc)Cst|t�rtjj|tjj�}�x�t||�D�]�}|s<td��t|t�rX|d}|d}n
|j}|}|dkrrt	j	�}|j
|kr�td��|j|kr�td��t|j
�}t|j
��r`|j}	tjd|	dd��\}
|	dd�}	|
dk�rtjd|	dd	��\}
|	d	d�}	|	d|
�}|	|
d�}t|�d
}
tjjjtjjj|�tjjj|�f�}tjjj|j�f}�n t|j
��rl|j}	tjd|	dd��\}|	dd�}	d|d
}|	dd�}|	dd�}	|	d|�}|	|d�}	|	d|�}|	|d�}	|	d|�}tjjjtjjj|�tjjj|�tjjj|�tjjj|�f�}tjd
|jdd��\}}tjjj|�tjjj|�f}�nt|j
��rr|j
tk�r�tj j!}d}n"|j
t"k�r�tj j#}d}ntd��|j}	tjjj|	d|��}tjjj|	||d	��}tjj$|j%||��st&�tj'j(|j)|||j*�}tj+j,j-||�}t.||�}|jd|�}|j|d�}tjj/tjjj|�tjjj|��}ntd|j
��|j0t1||�dd��|j0|j2j3|��|j4t|�dk�r�|j5|j4d�d} tjjd| �}|j3|�}!tj6d|j7|j8|j9�}"t:|�}#xP|#D]H}$|j0|!�|j0|"�|$j3|�}%tj6dt|%��}&|j0|&�|j0|%��qW|j;�}'t|j
��r�t<|j
�|'}'|
d
t|'�d}(tj6dd	|(dfddgdg|(dg��|'}'n(t|j
��s�t|j
��r�ntd|j
��|j=|'|�r*dSq*Wtd��dS)a�Validate an RRset against a single signature rdata

    The owner name of the rrsig is assumed to be the same as the owner name
    of the rrset.

    @param rrset: The RRset to validate
    @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param rrsig: The signature rdata
    @type rrsig: dns.rrset.Rdata
    @param keys: The key dictionary.
    @type keys: a dictionary keyed by dns.name.Name with node or rdataset
    values
    @param origin: The origin to use for relative names
    @type origin: dns.name.Name or None
    @param now: The time to use when validating the signatures.  The default
    is the current time.
    @type now: int
    zunknown keyrrNZexpiredz
not yet validz!Bz!Hr
r�@�z!20s20s� rpzunknown ECDSA curvezunknown algorithm %u��*z!HHIrz!%dB�zverify failure)>rLrrIrMrN�rootr]r�tuple�timeZ
expirationZ	inceptionrgr@r^rCrQ�unpackrB�CryptoZ	PublicKeyZRSAZ	construct�Util�number�
bytes_to_longZ	signaturer_rrar$�ecdsaZcurvesZNIST256pr%ZNIST384pZpoint_is_valid�	generator�AssertionErrorZ
ellipticcurveZPoint�curve�orderrZZVerifyingKeyZfrom_public_point�ECKeyWrapperZ	SignaturerOr;rWZ
to_digestableZlabels�splitrRZrdtypeZrdclassZoriginal_ttl�sortedrPrq�verify))�rrsetr[rZr6�nowZ
candidate_key�rrnamer\rJZkeyptrZbytes_Zrsa_eZrsa_nZkeylen�pubkey�sig�tZoctetsZdsa_qZdsa_pZdsa_gZdsa_yZdsa_rZdsa_sr��key_lenr)r*ZpointZ
verifying_key�rr:�suffixZ	rrnamebufZrrfixedZrrlistZrrZrrdataZrrlenrPZpadlenr
r
r�_validate_rrsig�s�














"r�c	
Cs�t|t�rtjj|tjj�}t|t�r0|d}n|j}t|t�rR|d}|d}n
|j}|}|j|�}|j|�}||kr�td��x6|D].}yt	|||||�dStk
r�Yq�Xq�Wtd��dS)ahValidate an RRset

    @param rrset: The RRset to validate
    @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param rrsigset: The signature RRset
    @type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param keys: The key dictionary.
    @type keys: a dictionary keyed by dns.name.Name with node or rdataset
    values
    @param origin: The origin to use for relative names
    @type origin: dns.name.Name or None
    @param now: The time to use when validating the signatures.  The default
    is the current time.
    @type now: int
    rrzowner names do not matchNzno RRSIGs validated)
rLrrIrMrNrxryZchoose_relativityrr�)	r�ZrrsigsetrZr6r�r�Z	rrsignameZ
rrsigrdatasetr[r
r
r�	_validatexs*








r�cOstd��dS)Nz#DNSSEC validation requires pycrypto)�NotImplementedError)�args�kwargsr
r
r�_need_pycrypto�sr�TFc@seZdZdd�Zdd�ZdS)r�cCs||_||_dS)N)rCr�)�selfrCr�r
r
r�__init__�szECKeyWrapper.__init__cCstjjj|�}|jjj||�S)N)r|r}r~rrCr�Zverifies)r�rPr�Zdiglongr
r
rr��szECKeyWrapper.verifyN)rrrr�r�r
r
r
rr��sr�)N)N)NN)NN)Hr	�iorrQrzZ
dns.exceptionrIZdns.hashZdns.nameZdns.nodeZdns.rdatasetZ	dns.rdataZ
dns.rdatatypeZdns.rdataclassZ_compatrZ	exceptionZDNSExceptionrrrrrrrrr r!r"r$r%r#r&r'r,�dict�itemsr3r2r5r;rFrVr]r^r_rarbrcrdrerfrgrqr�r�r�ZCrypto.PublicKey.RSAr|ZCrypto.PublicKey.DSAZCrypto.Util.numberZvalidateZvalidate_rrsigZ_have_pycrypto�ImportErrorr�Zecdsa.ecdsaZecdsa.ellipticcurveZ
ecdsa.keysr`�objectr�r
r
r
r�<module>s�





0



?>