관리-도구

편집 파일: nss.cpython-39.pyc

a ����� �g�����������������������@���sT���d�d
l�Z�d�d
l
Z�d�d
lZd�dlmZmZ
�d�dlmZ
�ddlm Z
�G�dd��de �Z d
S�)�����N)�CalledProcessError�call)
�mkstemp�
���)
�ConfigGeneratorc�������������������@���s����e�Z
d�Zd
Zh�d�
Zddddddd �Zd ddd ddddddddd�Zdddddd�Zddddddddddddddddd �Zddddd!d"d#d$d%d&d'� Z d(d)d*d+d,d-d.d/�Z d0d1d2d3d4�Zed5d6���
Z ed7d8���
Zd9S�):�NSSGenerator�nss>���r���ZsslZtls��� HMAC-SHA1�HMAC-MD5zHMAC-SHA256zHMAC-SHA384zHMAC-SHA512)ZAEADr ���r���z HMAC-SHA2-256z HMAC-SHA2-384z HMAC-SHA2-512�SHA1�MD5ZSHA224ZSHA256ZSHA384ZSHA512)r���r ���zSHA2-224zSHA2-256zSHA2-384zSHA2-512zSHA3-256zSHA3-384zSHA3-512z SHAKE-128z SHAKE-256ZGOSTR94Z CURVE25519� SECP256R1� SECP384R1� SECP521R1)ZX25519ZX448r���r���r���Zrc2Zrc4z aes256-gcmz aes128-gcmz aes256-cbcz aes128-cbczcamellia256-cbczcamellia128-cbczchacha20-poly1305zdes-ede3-cbc)zAES-256-CTRzAES-128-CTRzRC2-CBCzRC4-128zAES-256-GCMzAES-128-GCMzAES-256-CBCzAES-128-CBCzCAMELLIA-256-CBCzCAMELLIA-128-CBCzCAMELLIA-256-GCMzCAMELLIA-128-GCMzAES-256-CCMzAES-128-CCMzCHACHA20-POLY1305z3DES-CBC�RSA�DHE-RSA�DHE-DSSzECDHE-RSA:ECDHE-ECDSAzECDH-RSA:ECDH-ECDSAz DH-RSA:DH-DSS) ZPSKzDHE-PSKz ECDHE-PSKzRSA-PSKr���r���r���ZECDHEZECDHZDHzssl3.0ztls1.0ztls1.1ztls1.2ztls1.3zdtls1.0zdtls1.2)zSSL3.0zTLS1.0zTLS1.1zTLS1.2zTLS1.3zDTLS1.0zDTLS1.2zRSA-PSSzRSA-PKCSZECDSAZDSA)zRSA-PSS-zRSA-zECDSA-zDSA-c�������������� ���C���s���|
j�}d
}|d7�}|d7�}|d7�}d}|d�D�].}z|��
||�j|��}W�q.�tyZ
�
�
�Y�q.0�q.|d�D�].}z|��
||�j|��}W�qf�ty�
�
�
�Y�qf0�qf|d�D�].}z|��
||�j|��}W�q��ty�
�
�
�Y�q�0�q�|d �D�]0}z|��
||�j|��}W�q��t�
y
�
�
�Y�q�0�q�|d �D�]2}z|��
||�j|��}W�n�t�
y>
�
�
�Y�n0��
qt� dd�d k}|
j d�dk�
rv|�
sv|��
|d�}t��}|d�D�]N}|�j� ��D�]<\}} |�|�
�
r�| |v
�
r�|�| �

�|��
|| �}
��
q��
q��
q�|
j�
r�|�j|
j�} |��
|d| ��}n|��
|d�}|
j�r,|�j|
j�} |��
|d| ��}n|��
|d�}|��
|dt|
jd��
��}|��
|dt|
jd��
��}|��
|dt|
jd��
��}||d�7�}|S�)Nz library= zname=Policy zNSS=flags=policyOnly,moduleDB zconfig="disallow=ALL allow=r ���Zmac�groupZcipher�hashZkey_exchangeZNSS_NO_TLS_REQUIRE_EMS�
0�
1Z__emsZENFORCEzTLS-REQUIRE-EMS�signztls-version-min=ztls-version-min=0zdtls-version-min=zdtls-version-min=0zDH-MIN=Zmin_dh_sizezDSA-MIN=Zmin_dsa_sizezRSA-MIN=Zmin_rsa_sizez" )Zenabled�append�mac_map�KeyError� curve_map� cipher_map�hash_map�key_exchange_map�os�getenvZenums�set�sign_prefix_ordmap�items� startswith�addZmin_tls_version�protocol_mapZmin_dtls_version�strZintegers)�clsZpolicy�
pZcfg�
s�
iZno_tls_require_emsZenabled_sigalgs�prefixZsigalgZminver��r.����9/usr/share/crypto-policies/python/policygenerators/nss.py�generate_configf���sn����







































zNSSGenerator.generate_configc�������������� ���C���sV
��t�j
�d
�
}t��|�
}t�dd�dk}d}z|�d�
s:d}W�n�tyX
�
�
�|��d�

�Y�n0�|rf|sfd nd }t ��\}}d} z�t� |d��} | �|
�

�W�d����
�n1�s�0�
�
�
�Y�
�ztd |��d|��d�dd�} W�n�t y�
�
�
�|��d�

�Y�n0�W�t�|�

�nt�|�

�0�| dk�
r.|��d�

�|��d|
����

�dS�| �
rR|��d�

�|��d|
����

�dS�dS�)NZnss3ZNSS_LAXr���r���Ts���3.80Fz9Cannot determine nss version with ctypes, assuming >=3.80z-f value -f identifierr ��������
wz/usr/bin/nss-policy-check �
z >/dev/null)
�shellz+/usr/bin/nss-policy-check: Execution failed����z*There is a warning in NSS generated policyzPolicy: z)There is an error in NSS generated policy)�ctypes�utilZfind_libraryZCDLLr ���r!���ZNSS_VersionCheck�AttributeErrorZeprintr����fdopen�writer���r����unlink)r)���ZconfigZnss_pathZnss_libZnss_laxZnss_is_lax_by_default�options�fd�path�ret�
fr.���r.���r/����test_config����sH����





�
�
� 


(

� 








zNSSGenerator.test_configN)�__name__� __module__�__qualname__ZCONFIG_NAMEZSCOPESr���r���r���r���r���r'���r#����classmethodr0���rA���r.���r.���r.���r/���r������s����






� 










�



� 














�








�





� 


�
G
r���)r6���Zctypes.utilr ���� subprocessr���r���Ztempfiler���Zconfiggeneratorr���r���r.���r.���r.���r/����<module>���s���