Your IP : 18.116.50.45

Current Path : /lib64/python2.7/site-packages/dns/
Upload File :
Current File : //lib64/python2.7/site-packages/dns/dnssec.pyc

�
��Sc@s:dZddlZddlZddlZddlZddlZddlZddlZddl	Zddl
ZddlZddlZdej
jfd��YZdej
jfd��YZdZdZd	Zd
ZdZdZd
ZdZdZdZdZdZdZdZied6ed6ed6ed6ed6ed6ed6ed6ed6ed6ed6ed 6ed!6ed"6Ze gej!�D]\Z"Z#e#e"f^q��Z$d#�Z%d$�Z&d%�Z'dd&�Z)dd'�Z*d(�Z+d)�Z,d*�Z-d+�Z.d,�Z/d-�Z0d.�Z1d/�Z2d0�Z3d1�Z4d2�Z5ddd3�Z6ddd4�Z7d5�Z8y:ddl9Z:ddl;Z:ddl<Z:e7Z=e6Z>e?Z@Wn#eAk
r�e8Z=e8Z>eBZ@nXyPddlCZCddlDZCddlEZCddlFZCe?ZGd6eHfd7��YZIWneAk
r5eBZGnXdS(8s.Common DNSSEC-related functions and constants.i����NtUnsupportedAlgorithmcBseZdZRS(s(Raised if an algorithm is not supported.(t__name__t
__module__t__doc__(((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyRstValidationFailurecBseZdZRS(s The DNSSEC signature is invalid.(RRR(((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyR#siiiiiiiii
i
ii�i�i�tRSAMD5tDHtDSAtECCtRSASHA1tDSANSEC3SHA1tRSASHA1NSEC3SHA1t	RSASHA256t	RSASHA512tINDIRECTtECDSAP256SHA256tECDSAP384SHA384t
PRIVATEDNSt
PRIVATEOIDcCs4tj|j��}|dkr0t|�}n|S(s:Convert text into a DNSSEC algorithm value
    @rtype: intN(t_algorithm_by_texttgettuppertNonetint(ttexttvalue((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pytalgorithm_from_textMscCs.tj|�}|dkr*t|�}n|S(s;Convert a DNSSEC algorithm value to text
    @rtype: stringN(t_algorithm_by_valueRRtstr(RR((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pytalgorithm_to_textVscCs)tj�}|j|d|�|j�S(Ntorigin(t	cStringIOtStringIOtto_wiretgetvalue(trecordRts((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt	_to_rdata_scCs�t||�}|jtkr>t|d�d>t|d�Sd}xPtt|�d�D]8}|t|d|�d>t|d|d�7}q[Wt|�ddkr�|t|t|�d�d>7}n||d?d@7}|d@SdS(	Ni����ii����iiiii��(R%t	algorithmRtordtrangetlen(tkeyRtrdatattotalti((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pytkey_idds 6%cCs(|j�dkr0d}tjjd��}n=|j�dkr`d}tjjd��}n
td|�t|ttf�r�tjj	||�}n|j
|j�j��|j
t
||��|j�}tjdt|�|j|�|}tjjtjjtjj|dt|��S(NtSHA1itSHA256isunsupported algorithm "%s"s!HBBi(RtdnsthashRRt
isinstanceRtunicodetnamet	from_texttupdatetcanonicalizeR!R%tdigesttstructtpackR.R&R+t	from_wiret
rdataclasstINt	rdatatypetDSR)(R5R*R&RtdsalgR2R9tdsrdata((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pytmake_dsqs
%!cCs�g}|j|j�}|dkr(dSt|tjj�rwy"|jtjj	tj
j�}Wq}tk
rsdSXn|}xE|D]=}|j
|j
kr�t|�|jkr�|j|�q�q�W|S(N(RtsignerRR3R1tnodetNodet
find_rdatasetR=R>R?tDNSKEYtKeyErrorR&R.tkey_tagtappend(tkeystrrsigtcandidate_keysRtrdatasetR+((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_find_candidate_keys�s 

cCs|tttttfkS(N(RR	RRR
(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_is_rsa�s	cCs|ttfkS(N(RR
(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_is_dsa�scCsto|ttfkS(N(t_have_ecdsaRR(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt	_is_ecdsa�scCs
|tkS(N(R(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_is_md5�scCs|ttttfkS(N(RR	R
R(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_is_sha1�s	cCs|ttfkS(N(RR(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt
_is_sha256�scCs
|tkS(N(R(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt
_is_sha384�scCs
|tkS(N(R
(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt
_is_sha512�scCs�t|�rtjjd��St|�r>tjjd��St|�r]tjjd��St|�r|tjjd��St|�r�tjjd��Std|�dS(NtMD5R/R0tSHA384tSHA512sunknown hash for algorithm %u(	RUR1R2RRVRWRXRYR(R&((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt
_make_hash�sc	Cs7t|�r-ddddddddg}n�t|�rQdd	d
ddg}nmt|�r�dddd
dd
ddd
g	}n=t|�r�dddd
dd
ddd
g	}n
td|�t|�}t|�j}dgd||gd|dgd|g|ddgd|g}djt	t
|��S(Ni*i�iHi�i
iii+iiii`iieisunknown algorithm %ui0iiit(RURVRWRYRR)R]tdigest_sizetjointmaptchr(R&toidtolentdlentidbytes((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_make_algorithm_id�s!$$
Hc*Cs�t|ttf�r3tjj|tjj�}nxXt||�D]G}|s[td�nt|t	�r�|d}|d}n|j}|}|dkr�tj�}n|j|kr�td�n|j
|kr�td�nt|j�}t|j�r�|j}	tjd|	dd!�\}
|	d}	|
dkrctjd|	dd!�\}
|	d}	n|	d|
!}|	|
}t|�d	}
tjjjtjjj|�tjjj|�f�}tjjj|j�f}n�t|j�r(|j}	tjd|	dd!�\}|	d}	d
|d	}|	dd!}|	d}	|	d|!}|	|}	|	d|!}|	|}	|	d|!}tjjjtjjj|�tjjj|�tjjj|�tjjj|�f�}tjd|jd�\}}tjjj|�tjjj|�f}nzt|j�r�|jt krat!j"j#}d
}d
}n3|jt$kr�t!j"j%}d}d}n	td�|j}	tjjj|	d|!�}tjjj|	||d!�}t!j!j&|j'||�s�t(�t!j)j*|j+|||j,�}t!j-j.j/||�}t0||�}|j| }|j|} t!j!j1tjjj|�tjjj| ��}ntd|j�|j2t3||�d �|j2|j4j5|��|j6t|�dkr |j7|j6d�d}!tjjd|!�}n|j5|�}"tj8d|j9|j:|j;�}#t<|�}$xi|$D]a}%|j2|"�|j2|#�|%j5|�}&tj8dt|&��}'|j2|'�|j2|&�qcW|j=�}(t|j�rCt>|j�|(}(|
d	t|(�d})t?d�t?d�t?d�|)t?d�|(}(n1t|j�stt|j�rdntd|j�|j@|(|�rCdSqCWtd�dS(s�Validate an RRset against a single signature rdata

    The owner name of the rrsig is assumed to be the same as the owner name
    of the rrset.

    @param rrset: The RRset to validate
    @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param rrsig: The signature rdata
    @type rrsig: dns.rrset.Rdata
    @param keys: The key dictionary.
    @type keys: a dictionary keyed by dns.name.Name with node or rdataset values
    @param origin: The origin to use for relative names
    @type origin: dns.name.Name or None
    @param now: The time to use when validating the signatures.  The default
    is the current time.
    @type now: int
    sunknown keyiitexpireds
not yet valids!Bs!Hiii@is!20s20si i0sunknown ECDSA curvesunknown algorithm %uit*s!HHIii�Nsverify failure(AR3RR4R1R5R6trootRPRttupleRttimet
expirationt	inceptionR]R&RQR*R:tunpackR)tCryptot	PublicKeytRSAt	constructtUtiltnumbert
bytes_to_longt	signatureRRRRTRtecdsatcurvestNIST256pRtNIST384ptpoint_is_validt	generatortAssertionErrort
ellipticcurvetPointtcurvetorderRLtVerifyingKeytfrom_public_pointtECKeyWrappert	SignatureR7R%RDt
to_digestabletlabelstsplitR;trdtypetrdclasstoriginal_ttltsortedR9RgRbtverify(*trrsetRMRLRtnowt
candidate_keytrrnameROR2tkeyptrtbytestrsa_etrsa_ntkeylentpubkeytsigtttoctetstdsa_qtdsa_ptdsa_gtdsa_ytdsa_rtdsa_sR�tkey_lent
digest_lentxtytpointt
verifying_keytrR$tsuffixt	rrnamebuftrrfixedtrrlisttrrtrrdatatrrlenR9tpadlen((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_validate_rrsig�s�

		



	







				 !!	





5c
Cst|ttf�r3tjj|tjj�}nt|t�rO|d}n	|j}t|t�r~|d}|d}n|j}|}|j|�}|j|�}||kr�t	d�nxB|D]:}yt
|||||�dSWq�t	k
r}	q�Xq�Wt	d�dS(sdValidate an RRset

    @param rrset: The RRset to validate
    @type rrset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param rrsigset: The signature RRset
    @type rrsigset: dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset)
    tuple
    @param keys: The key dictionary.
    @type keys: a dictionary keyed by dns.name.Name with node or rdataset values
    @param origin: The origin to use for relative names
    @type origin: dns.name.Name or None
    @param now: The time to use when validating the signatures.  The default
    is the current time.
    @type now: int
    iisowner names do not matchNsno RRSIGs validated(R3RR4R1R5R6RjRktchoose_relativityRR�(
R�trrsigsetRLRR�R�t	rrsignamet
rrsigrdatasetRMte((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt	_validateas*
	

	
cOs
td�dS(Ns#DNSSEC validation requires pycrypto(tNotImplementedError(targstkwargs((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt_need_pycrypto�sR�cBseZd�Zd�ZRS(cCs||_||_dS(N(R*R�(tselfR*R�((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt__init__�s	cCs+tjjj|�}|jjj||�S(N(RpRtRuRvR*R�tverifies(R�R9R�tdiglong((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyR��s(RRR�R�(((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyR��s	(JRRR:Rlt
dns.exceptionR1tdns.hashtdns.nametdns.nodetdns.rdatasett	dns.rdatat
dns.rdatatypetdns.rdataclasst	exceptiontDNSExceptionRRRRRRR	R
RRR
RRRRRRtdictt	iteritemsR�R�RRRR%RR.RCRPRQRRRTRURVRWRXRYR]RgR�R�R�tCrypto.PublicKey.RSARptCrypto.PublicKey.DSAtCrypto.Util.numbertvalidatetvalidate_rrsigtTruet_have_pycryptotImportErrortFalseRxtecdsa.ecdsatecdsa.ellipticcurvet
ecdsa.keysRStobjectR�(((s0/usr/lib64/python2.7/site-packages/dns/dnssec.pyt<module>s�
1					
										
	�.