Ñò ìÿÒXc@s]ddkZddkZddkZddkZddkTddklZddkiZddk i Z ddk i Z ddki Z dad„Zd„Zheiei6eiei6eiei6Zdefd„ƒYZdeiefd „ƒYZd eifd „ƒYZed jo6e d de!ddƒe"i#dƒe$oueddddƒZ%e%i&dƒe%i'ƒe%i(ddƒe%i)ƒZ*e*i+GHe*i,ƒGHe*i-ƒZ.e%i/ƒne!oŒeddddƒZ0e0i'ƒe0i1ddƒe0i2ƒe0i3ƒ\Z4Z5Z6de4e5fGHde6GHe0i7ƒZ8e8i-ƒZ.e8i/ƒqYndS(iÿÿÿÿN(t*(t NSPRErrorc Cs²t}|iƒ}tid||t|ƒƒ|iƒ}|djo d}n|o ti}n ti }y|i ||||Œ}Wn5t j o)} ti d|i | iƒt}|SXtidditi|ƒƒditi|ƒƒƒ||@o t}nt}|p| otid||i ƒ|S|iƒ} y|i| ƒ}Wn8t j o,} ti d| |i | iƒt}|SXtid||i ƒ|S(Ns7auth_certificate_callback: check_sig=%s is_server=%s %ss$cert validation failed for "%s" (%s)s'approved_usage = %s intended_usage = %ss, scert valid %s for "%s"sDfailed verifying socket hostname "%s" matches cert subject "%s" (%s)((tFalsetget_peer_certificatet root_loggertdebugtstrtget_pkcs11_pin_argtNonetnsstcertificateUsageSSLClienttcertificateUsageSSLServert verify_nowt Exceptionterrortsubjecttstrerrortjointcert_usage_flagstTruet get_hostnametverify_hostname( tsockt check_sigt is_servertcertdbt cert_is_validtcerttpin_argstintended_usagetapproved_usagetethostname((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pytauth_certificate_callback$sF            cCsód}|oMy2ti||ƒ}ti||ƒ}||fSWqïtj otSXn–ti|tiƒ}xy|D]q}yTti||ƒ}|iƒo1|i |ƒoti||ƒ}||fSnWqvtj otSXqvWtSdS(N( RR tfind_cert_from_nicknametfind_key_by_any_certRRtget_cert_nicknamestSEC_CERT_NICKNAMES_USERtcheck_valid_timesthas_signer_in_ca_names(tca_namestchosen_nicknametpasswordRRtpriv_keyt nicknamestnickname((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pytclient_auth_data_callbackcs(   tNSSAddressFamilyFallbackcBs,eZd„Zd„Zd„Zd„ZRS(cCs"||_|i|iƒ|_dS(N(t sock_familyt_get_nss_familytfamily(tselfR2((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyt__init__€s cCs5y t|SWn"tj otd|ƒ‚nXdS(sM Translate a family from python socket module to nss family. sUknown socket family %d N(t_af_dicttKeyErrort ValueError(R3R0((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR1„s cCstid|iƒ|_dS(NR2(tiotSocketR2R(R3((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyt_create_socketsc Cs yti|d|iƒ}Wn;tj o/ttid|ti|iƒfƒ‚nXx–|D]Ž}ti d|ƒ||_ |i|_y"|i ƒ|i i |ƒdSWqatj o2}ti d|t|ƒƒti dƒqaqaXqaWttid|ƒ‚dS(NR2s!Cannot resolve %s using family %ssConnecting: %ss)Could not connect socket to %s, error: %ss#Try to continue with next family...s)Could not connect to %s using any address(R8tAddrInfoR2R RRtPR_ADDRESS_NOT_SUPPORTED_ERRORtaddr_family_nameRRtportR:RtconnectR(R3thostR>t addr_infotnet_addrR((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pytconnect_sockets,        (t__name__t __module__R4R1R:RC(((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR/s  t NSSConnectioncBseeZeiiZdddeieddd„Z d„Z d„Z d„Z d„Z dd„ZRS( stls1.1stls1.2c Cstii||||ƒti||ƒtid|ii|ƒ|pŒti ƒoQt i ƒyti ƒWq§t j o&} | itijo | ‚q£q§Xn|ptdƒ‚nti|ƒ|ant iƒti|iƒt|ƒ|_t|ƒ|_dS(s? :param host: the server to connect to :param port: the port to use (default is set in HTTPConnection) :param dbdir: the NSS database directory :param family: network family to use (default AF_UNSPEC) :param no_init: do not initialize the NSS database. This requires that the database has already been initialized or the request will fail. :param tls_min_version: mininum version of SSL/TLS supported :param tls_max_version: maximum version of SSL/TLS supported. s %s init %ssdbdir is requiredN(thttplibtHTTPConnectionR4R/RRt __class__RDR tnss_is_initializedtssltclear_session_cachet nss_shutdownRterrnoRtSEC_ERROR_NOT_INITIALIZEDt RuntimeErrortnss_initt current_dbdirtset_domestic_policytset_password_callbacktpassword_callbackRttls_version_minttls_version_max( R3R@R>tstricttdbdirR2tno_initRVRWR((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR4­s&     c Cs4yt}t}t}Wnd}d}d}nXtid|iƒ|_|iitit ƒ|iiti t ƒy|ii |i |i ƒWn5tj o)}tid|i |i fƒ‚nX|ii|tƒ|ii||ƒ|ii|iƒ|iittiƒƒ|ii|iƒdS(NiiiR2s!Failed to set TLS range to %s, %s(tSSL_ENABLE_RENEGOTIATIONtSSL_REQUIRE_SAFE_NEGOTIATIONtSSL_RENEGOTIATE_REQUIRES_XTNRKt SSLSocketR2Rtset_ssl_optiont SSL_SECURITYRtSSL_HANDSHAKE_AS_CLIENTtset_ssl_version_rangeRVRWRRRRtset_handshake_callbackthandshake_callbacktset_auth_certificate_callbackR!R tget_default_certdbt set_hostnameR@(R3tssl_enable_renegotiationtssl_require_safe_negotiationtssl_renegotiate_requires_xtnR((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR:Øs,    cCs(| o |o|Stid|iƒS(NsEnter password for %s: (tgetpasst token_name(R3tslottretryR*((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyRUøscCsf|iƒ}ti|iƒ}tid|iƒƒtid|iiƒƒtid|i ƒdS(sM Verify callback. If we get here then the certificate is ok. shandshake complete, peer = %ss Protocol: %ss Cipher: %sN( tget_ssl_channel_infoRKtget_cipher_suite_infot cipher_suiteRRt get_peer_nametprotocol_version_strtuppertcipher_suite_name(R3Rtchanneltsuite((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyRdüs  cCs|i|i|iƒdS(N(RCR@R>(R3((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR?scCs‰y]ti\}}}}}|djo!|djotii|ƒntii||ƒWn%tj o}|iƒ|‚nXdS(s' Explicitly close the connection if an error is returned after the headers are sent. This will likely mean the initial SSL handshake failed. If this isn't done then the connection is never closed and subsequent NSS activities will fail with a BUSY error. iiN(tsyst version_infoRGRHt endheadersRtclose(R3tmessagetmajortminortmicrot releaseleveltserialR((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyRz s N(RDRERGtHTTPSConnectiont default_portRtsockett AF_UNSPECRR4R:RURdR?Rz(((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyRFªs  )  tNSSHTTPScBs5eZeZddddeddd„Zd„ZRS(tstls1.1stls1.2c CsO|djo d}n|i|i|||d|d|d|d|ƒƒdS(NiRYRZRVRW(Rt_setupt_connection_class(R3R@R>RXRYRZRVRW((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR4-s    cCsFtii|ƒ\}}}|djo|iiƒn|||fS(s¦ Override so we can close duplicated file connection on non-200 responses. This was causing nss_shutdown() to fail with a busy error. iÈ(RGtHTTPtgetreplytfileR{(R3tstatustreasontmsg((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR‹8s N(RDRERFR‰RRR4R‹(((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pyR†s t__main__s nsslib.logRtfilemodetatStartswww.verisign.comi»RYs/etc/pki/nssdbitGETt/sstatus = %s %ss headers: %s(9RxRGRkR„tipapython.ipa_log_managert nss.errorRtnss.ioR8tnss.nssR tnss.sslRKRRRRR!R.t PR_AF_INETtAF_INETt PR_AF_INET6tAF_INET6t PR_AF_UNSPECR…R5tobjectR/RHRFRŠR†RDtstandard_logging_setupRRtinfoRtconntset_debuglevelR?trequestt getresponsetresponseRt getheaderstreadtdataR{tht putrequestRzR‹t http_statust http_reasontheaderstgetfiletf(((s4/usr/lib/python2.6/site-packages/ipapython/nsslib.pytsV      ?   +s(