관리-도구

편집 파일: nss.cpython-39.pyc

�����
�g�����������������������@���sT���d�dl�Z�d�dlZ�d�dlZd�dlmZmZ�d�dlmZ�ddlm	Z	�G�dd��de	�Z
dS�)�����N)�CalledProcessError�call)�mkstemp����)�ConfigGeneratorc�������������������@���s����e�Zd�ZdZh�d�Zddddddd	�Zd
ddd
ddddddddd�Zdddddd�Zddddddddddddddddd �Zddddd!d"d#d$d%d&d'�
Z	d(d)d*d+d,d-d.d/�Z
d0d1d2d3d4�Zed5d6���Z
ed7d8���Zd9S�):�NSSGenerator�nss>���r���ZsslZtls���	HMAC-SHA1�HMAC-MD5zHMAC-SHA256zHMAC-SHA384zHMAC-SHA512)ZAEADr
���r���z
HMAC-SHA2-256z
HMAC-SHA2-384z
HMAC-SHA2-512�SHA1�MD5ZSHA224ZSHA256ZSHA384ZSHA512)r���r
���zSHA2-224zSHA2-256zSHA2-384zSHA2-512zSHA3-256zSHA3-384zSHA3-512z	SHAKE-128z	SHAKE-256ZGOSTR94Z
CURVE25519�	SECP256R1�	SECP384R1�	SECP521R1)ZX25519ZX448r���r���r���Zrc2Zrc4z
aes256-gcmz
aes128-gcmz
aes256-cbcz
aes128-cbczcamellia256-cbczcamellia128-cbczchacha20-poly1305zdes-ede3-cbc)zAES-256-CTRzAES-128-CTRzRC2-CBCzRC4-128zAES-256-GCMzAES-128-GCMzAES-256-CBCzAES-128-CBCzCAMELLIA-256-CBCzCAMELLIA-128-CBCzCAMELLIA-256-GCMzCAMELLIA-128-GCMzAES-256-CCMzAES-128-CCMzCHACHA20-POLY1305z3DES-CBC�RSA�DHE-RSA�DHE-DSSzECDHE-RSA:ECDHE-ECDSAzECDH-RSA:ECDH-ECDSAz
DH-RSA:DH-DSS)
ZPSKzDHE-PSKz	ECDHE-PSKzRSA-PSKr���r���r���ZECDHEZECDHZDHzssl3.0ztls1.0ztls1.1ztls1.2ztls1.3zdtls1.0zdtls1.2)zSSL3.0zTLS1.0zTLS1.1zTLS1.2zTLS1.3zDTLS1.0zDTLS1.2zRSA-PSSzRSA-PKCSZECDSAZDSA)zRSA-PSS-zRSA-zECDSA-zDSA-c��������������	���C���s���|j�}d}|d7�}|d7�}|d7�}d}|d�D�].}z|��||�j|��}W�q.�tyZ���Y�q.0�q.|d�D�].}z|��||�j|��}W�qf�ty����Y�qf0�qf|d�D�].}z|��||�j|��}W�q��ty����Y�q�0�q�|d	�D�]0}z|��||�j|��}W�q��t�y���Y�q�0�q�|d
�D�]2}z|��||�j|��}W�n�t�y>���Y�n0��qt�	dd�d
k}|j
d�dk�rv|�sv|��|d�}t��}|d�D�]N}|�j�
��D�]<\}}	|�|��r�|	|v�r�|�|	��|��||	�}��q��q��q�|j�r�|�j|j�}
|��|d|
��}n|��|d�}|j�r,|�j|j�}
|��|d|
��}n|��|d�}|��|dt|jd����}|��|dt|jd����}|��|dt|jd����}||d�7�}|S�)Nz	library=
zname=Policy
zNSS=flags=policyOnly,moduleDB
zconfig="disallow=ALL allow=r	���Zmac�groupZcipher�hashZkey_exchangeZNSS_NO_TLS_REQUIRE_EMS�0�1Z__emsZENFORCEzTLS-REQUIRE-EMS�signztls-version-min=ztls-version-min=0zdtls-version-min=zdtls-version-min=0zDH-MIN=Zmin_dh_sizezDSA-MIN=Zmin_dsa_sizezRSA-MIN=Zmin_rsa_sizez"

)Zenabled�append�mac_map�KeyError�	curve_map�
cipher_map�hash_map�key_exchange_map�os�getenvZenums�set�sign_prefix_ordmap�items�
startswith�addZmin_tls_version�protocol_mapZmin_dtls_version�strZintegers)�clsZpolicy�pZcfg�s�iZno_tls_require_emsZenabled_sigalgs�prefixZsigalgZminver��r.����9/usr/share/crypto-policies/python/policygenerators/nss.py�generate_configf���sn����

zNSSGenerator.generate_configc��������������	���C���sV��t�j�d�}t��|�}t�dd�dk}d}z|�d�s:d}W�n�tyX���|��d��Y�n0�|rf|sfd	nd
}t	��\}}d}	z�t�
|d��}
|
�|��W�d�����n1�s�0����Y��ztd
|��d|��d�dd�}	W�n�t
y����|��d��Y�n0�W�t�|��nt�|��0�|	dk�r.|��d��|��d|�����dS�|	�rR|��d��|��d|�����dS�dS�)NZnss3ZNSS_LAXr���r���Ts���3.80Fz9Cannot determine nss version with ctypes, assuming >=3.80z-f value -f identifierr	��������wz/usr/bin/nss-policy-check � z
>/dev/null)�shellz+/usr/bin/nss-policy-check: Execution failed����z*There is a warning in NSS generated policyzPolicy:
z)There is an error in NSS generated policy)�ctypes�utilZfind_libraryZCDLLr ���r!���ZNSS_VersionCheck�AttributeErrorZeprintr����fdopen�writer���r����unlink)r)���ZconfigZnss_pathZnss_libZnss_laxZnss_is_lax_by_default�options�fd�path�ret�fr.���r.���r/����test_config����sH����

���
(�

zNSSGenerator.test_configN)�__name__�
__module__�__qualname__ZCONFIG_NAMEZSCOPESr���r���r���r���r���r'���r#����classmethodr0���rA���r.���r.���r.���r/���r������s�����
��	���
�
Gr���)r6���Zctypes.utilr ����
subprocessr���r���Ztempfiler���Zconfiggeneratorr���r���r.���r.���r.���r/����<module>���s���