%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /opt/plesk/python/2.7/lib/python2.7/site-packages/dns/
Upload File :
Create Path :
Current File : //opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyc

�
�ac@s�dZddlmZddlZddlZddlZddlZddlZddl	Zddl
ZddlZddlZddl
mZdejjfd��YZdejjfd	��YZdZd
ZdZdZd
ZdZdZdZdZdZdZdZdZdZ ied6ed6ed6ed6ed6ed6ed6ed6ed6ed 6ed!6ed"6ed#6e d$6Z!d%�e!j"�D�Z#d&�Z$d'�Z%d(�Z&dd)�Z(dd*�Z)d+�Z*d,�Z+d-�Z,d.�Z-d/�Z.d0�Z/d1�Z0d2�Z1d3�Z2d4�Z3d5�Z4ddd6�Z5ddd7�Z6d8�Z7y�yhdd9l8m9Z9m:Z:m;Z;m<Z<m=Z=dd:l>m?Z@mZAdd;lBmCZCmDZDdd<lEmFZFWnueGk
r;dd9lHm9Z9m:Z:m;Z;m<Z<m=Z=dd:lIm?Z@mZAdd;lJmCZCmDZDdd<lKmFZFnXWn)eGk
rhe7ZLe7ZMeNZOeNZPn}Xe6ZLe5ZMeQZOy4ddlRZRddlSZRddlTZRddlUZRWneGk
r�eNZPnXeQZPd=eVfd>��YZWdS(?s.Common DNSSEC-related functions and constants.i����(tBytesIONi(tstring_typestUnsupportedAlgorithmcBseZdZRS(s&The DNSSEC algorithm is not supported.(t__name__t
__module__t__doc__(((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyR"stValidationFailurecBseZdZRS(s The DNSSEC signature is invalid.(RRR(((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyR&siiiiiiii
i
ii�i�i�tRSAMD5tDHtDSAtECCtRSASHA1tDSANSEC3SHA1tRSASHA1NSEC3SHA1t	RSASHA256t	RSASHA512tINDIRECTtECDSAP256SHA256tECDSAP384SHA384t
PRIVATEDNSt
PRIVATEOIDcCsi|]\}}||�qS(((t.0txty((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pys
<dictcomp>\s	cCs4tj|j��}|dkr0t|�}n|S(sIConvert text into a DNSSEC algorithm value.

    Returns an ``int``.
    N(t_algorithm_by_texttgettuppertNonetint(ttexttvalue((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pytalgorithm_from_text_scCs.tj|�}|dkr*t|�}n|S(sEConvert a DNSSEC algorithm value to text

    Returns a ``str``.
    N(t_algorithm_by_valueRRtstr(RR((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pytalgorithm_to_textkscCs&t�}|j|d|�|j�S(Ntorigin(Rtto_wiretgetvalue(trecordR#ts((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt	_to_rdataws	cCs�t||�}t|�}|jtkr>|dd>|dSd}xDtt|�d�D],}||d|d>|d|d7}q[Wt|�ddkr�||t|�dd>7}n||d?d@7}|d@Sd	S(
s�Return the key id (a 16-bit number) for the specified key.

    Note the *origin* parameter of this function is historical and
    is not needed.

    Returns an ``int`` between 0 and 65535.
    i����ii����iiiii��N(R(t	bytearrayt	algorithmRtrangetlen(tkeyR#trdatattotalti((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pytkey_id}s	cCs|j�dkr'd}tj�}n7|j�dkrNd}tj�}ntd|��t|t�r�tjj	||�}n|j
|j�j��|j
t
||��|j�}tjdt|�|j|�|}tjjtjjtjj|dt|��S(s�Create a DS record for a DNSSEC key.

    *name* is the owner name of the DS record.

    *key* is a ``dns.rdtypes.ANY.DNSKEY``.

    *algorithm* is a string describing which hash algorithm to use.  The
    currently supported hashes are "SHA1" and "SHA256".  Case does not
    matter for these strings.

    *origin* is a ``dns.name.Name`` and will be used as the origin
    if *key* is a relative name.

    Returns a ``dns.rdtypes.ANY.DS``.
    tSHA1itSHA256isunsupported algorithm "%s"s!HBBi(RR2tnewR3Rt
isinstanceRtdnstnamet	from_texttupdatetcanonicalizeR$R(tdigesttstructtpackR1R*R.t	from_wiret
rdataclasstINt	rdatatypetDSR,(R7R-R*R#tdsalgthashR;tdsrdata((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pytmake_ds�s%!cCs�g}|j|j�}|dkr(dSt|tjj�rwy"|jtjj	tj
j�}Wq}tk
rsdSXn|}xE|D]=}|j
|j
kr�t|�|jkr�|j|�q�q�W|S(N(RtsignerRR5R6tnodetNodet
find_rdatasetR?R@RAtDNSKEYtKeyErrorR*R1tkey_tagtappend(tkeystrrsigtcandidate_keysRtrdatasetR.((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_find_candidate_keys�s 

cCs|tttttfkS(N(RRR
RR(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_is_rsa�s	cCs|ttfkS(N(R	R(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_is_dsa�scCsto|ttfkS(N(t_have_ecdsaRR(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt	_is_ecdsa�scCs
|tkS(N(R(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_is_md5�scCs|ttttfkS(N(R	RRR
(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_is_sha1�s	cCs|ttfkS(N(RR(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt
_is_sha256�scCs
|tkS(N(R(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt
_is_sha384�scCs
|tkS(N(R(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt
_is_sha512�scCs�t|�rtj�St|�r,tj�St|�rBtj�St|�rXtj�St	|�rnt
j�Std|��dS(Nsunknown hash for algorithm %u(RXtMD5R4RYR2RZR3R[tSHA384R\tSHA512R(R*((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt
_make_hash�s




c	Cs>t|�r-ddddddddg}n�t|�rQdd	d
ddg}npt|�r�dddd
dd
ddd
g	}n@t|�r�dddd
dd
ddd
g	}ntd|��t|�}t|�j}dgd||gd|dgd|g|ddgd|g}tj	dt|�|�S(Ni*i�iHi�i
iii+iiii`iieisunknown algorithm %ui0iiis!%dB(
RXRYRZR\RR,R`tdigest_sizeR<R=(R*toidtolentdlentidbytes((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_make_algorithm_id�s!$$Hc'Cs0t|t�r-tjj|tjj�}nt||�}|dkrWtd��nx�|D]�}t|t	�r�|d}|d}n|j}|}|dkr�t
j
�}n|j|kr�td��n|j|kr�td��nt
|j�}	t|j�r�|j}
tjd|
dd!�\}|
d}
|dkrrtjd|
dd!�\}|
d}
n|
d|!}|
|}
y+tjtj|
�tj|�f�}Wntk
r�td	��nX|j}nFt|j�r�|j}
tjd|
dd!�\}|
d}
d
|d}|
dd!}|
d}
|
d|!}|
|}
|
d|!}|
|}
|
d|!}tjtj|�tj|�tj|�tj|�f�}|jd}nYt|j�r|j}
|jtkr	tjj}d
}n$|jt kr-tjj!}d}ntj|
d|!�}tj|
||d!�}tjj"|j#||�s�td��ntj$j%|j&|||j'�}tj(j)j*||�}t+||�}|j| }|j|}tjj,tj|�tj|��}ntd|j��|	j-t.||�d �|	j-|j/j0|��|j1t2|�dkr�|j3|j1d�d}tjjd|�}n|j0|�}tj4d|j5|j6|j7�} t8|�}!xi|!D]a}"|	j-|�|	j-| �|"j0|�}#tj4dt2|#��}$|	j-|$�|	j-|#�q�Wy�t|j�r�t9j:|�}%|%j;|	|�n�t|j�r�t<j:|d�}%|%j;|	|�nLt|j�r�|	j=�}&|j;|&|�st�qntd|j��dSWq^tk
rq^q^Xq^Wtd��dS(sValidate an RRset against a single signature rdata

    The owner name of *rrsig* is assumed to be the same as the owner name
    of *rrset*.

    *rrset* is the RRset to validate.  It can be a ``dns.rrset.RRset`` or
    a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

    *rrsig* is a ``dns.rdata.Rdata``, the signature to validate.

    *keys* is the key dictionary, used to find the DNSKEY associated with
    a given name.  The dictionary is keyed by a ``dns.name.Name``, and has
    ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

    *origin* is a ``dns.name.Name``, the origin to use for relative names.

    *now* is an ``int``, the time to use when validating the signatures,
    in seconds since the UNIX epoch.  The default is the current time.
    sunknown keyiitexpireds
not yet valids!Bs!Hisinvalid public keyi@iii i0sinvalid ECDSA keysunknown algorithm %uit*s!HHIs
fips-186-3Nsverify failure(>R5RR6R7R8trootRSRRttuplettimet
expirationt	inceptionR`R*RTR-R<tunpackt	CryptoRSAt	constructtnumbert
bytes_to_longt
ValueErrort	signatureRUt	CryptoDSARWRtecdsatcurvestNIST256pRtNIST384ptpoint_is_validt	generatort
ellipticcurvetPointtcurvetorderROtVerifyingKeytfrom_public_pointtECKeyWrappert	SignatureR9R(RGt
to_digestabletlabelsR,tsplitR=trdtypetrdclasstoriginal_ttltsortedtpkcs1_15R4tverifytDSSR;('trrsetRPROR#tnowRQt
candidate_keytrrnameRRRDtkeyptrtbytes_trsa_etrsa_ntpubkeytsigtttoctetstdsa_qtdsa_ptdsa_gtdsa_yR~tkey_lenRRtpointt
verifying_keytrR'tsuffixt	rrnamebuftrrfixedtrrlisttrrtrrdatatrrlentverifierR;((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_validate_rrsigs�


		




	







			!	






c	Cst|t�r-tjj|tjj�}nt|t�rI|d}n	|j}t|t�rx|d}|d}n|j}|}|j|�}|j|�}||kr�td��nx@|D]8}yt	|||||�dSWq�tk
r�q�Xq�Wtd��dS(s�Validate an RRset.

    *rrset* is the RRset to validate.  It can be a ``dns.rrset.RRset`` or
    a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

    *rrsigset* is the signature RRset to be validated.  It can be a
    ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

    *keys* is the key dictionary, used to find the DNSKEY associated with
    a given name.  The dictionary is keyed by a ``dns.name.Name``, and has
    ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

    *origin* is a ``dns.name.Name``, the origin to use for relative names.

    *now* is an ``int``, the time to use when validating the signatures,
    in seconds since the UNIX epoch.  The default is the current time.
    iisowner names do not matchNsno RRSIGs validated(
R5RR6R7R8RiRjtchoose_relativityRR�(	R�trrsigsetROR#R�R�t	rrsignamet
rrsigrdatasetRP((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt	_validate�s*
	

	

cOstd��dS(Ns5DNSSEC validation requires pycryptodome/pycryptodomex(tNotImplementedError(targstkwargs((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt_need_pycrypto�s(R]R2R3R^R_(tRSAR	(R�R�(RqR�cBseZd�Zd�ZRS(cCs||_||_dS(N(R-R�(tselfR-R�((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt__init__s	cCs%tj|�}|jjj||�S(N(RqRrR-R�tverifies(R�R;R�tdiglong((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyR�s(RRR�R�(((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyR��s	(XRtioRR<Rkt
dns.exceptionR6tdns.nametdns.nodetdns.rdatasett	dns.rdatat
dns.rdatatypetdns.rdataclasst_compatRt	exceptiontDNSExceptionRRRRR	R
RRR
RRRRRRRRtitemsR RR"R(RR1RFRSRTRURWRXRYRZR[R\R`RfR�R�R�tCrypto.HashR]R2R3R^R_tCrypto.PublicKeyR�RoRutCrypto.SignatureR�R�tCrypto.UtilRqtImportErrortCryptodome.HashtCryptodome.PublicKeytCryptodome.SignaturetCryptodome.Utiltvalidatetvalidate_rrsigtFalset_have_pycryptoRVtTrueRvtecdsa.ecdsatecdsa.ellipticcurvet
ecdsa.keystobjectR�(((s?/opt/plesk/python/2.7/lib/python2.7/site-packages/dns/dnssec.pyt<module>s�
			%											�0	(
(





Zerion Mini Shell 1.0