Anons79 Mini Shell

Directory : /usr/lib/python2.7/site-packages/dnf/
Current File : //usr/lib/python2.7/site-packages/dnf/dnssec.pyc
�
�[/\c@@sMddlmZddlmZddlmZddlmZddlZddlZddlZddl	Z	ddl
mZddlZ
ddlZ
ejd�ZdZd	e
jjfd
��YZdd�Zd
efd��YZddd��YZddd��YZddd��YZd�Zd�Zddd��YZdS(i(tprint_function(tabsolute_import(tunicode_literals(tEnumN(t_udnfi=tDnssecErrorcB@seZdZRS(u-
    Exception used in the dnssec module
    (t__name__t
__module__t__doc__(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyR)su_openpgpkeycC@s�|jd�}t|�dkr-t��n|d}|d}tj�}|j|jd��tj|j	�dd!�j
d�j�}|d|d|S(u�
    Implements RFC 7929, section 3
    https://tools.ietf.org/html/rfc7929#section-3
    :param email_address:
    :param tag:
    :return:
    u@iiiuutf-8iu.(tsplittlenRthashlibtsha256tupdatetencodetbase64t	b16encodetdigesttdecodetlower(t
email_addressttagR	tlocaltdomainthashR((s./usr/lib/python2.7/site-packages/dnf/dnssec.pytemail2location0s	

tValiditycB@s2eZdZdZdZdZdZdZdZRS(u�
    Output of the verification algorithm.
    TODO: this type might be simplified in order to less reflect the underlying DNS layer.
    TODO: more specifically the variants from 3 to 5 should have more understandable names
    iiiiii	(	RRRtVALIDtREVOKEDtPROVEN_NONEXISTENCEtRESULT_NOT_SECUREtBOGUS_RESULTtERROR(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyRGstNoKeycB@seZdZRS(u�
    This class represents an absence of a key in the cache. It is an expression of non-existence
    using the Python's type system.
    (RRR(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyR!UstKeyInfocB@s,eZdZddd�Zed��ZRS(uv
    Wrapper class for email and associated verification key, where both are represented in
    form of a string.
    cC@s||_||_dS(N(temailtkey(tselfR#R$((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt__init__bs	c	C@s�tjd|�}|d
kr't�n|jd�}|jd�jd�}d}d}xOtdt|��D]8}||dkr�|}n||dkrp|}qpqpWdj	||d	|d!�j
d�}t||�S(u�
        Since dnf uses different format of the key than the one used in DNS RR, I need to convert
        the former one into the new one.
        u	<(.*@.*)>iuasciiu
iu$-----BEGIN PGP PUBLIC KEY BLOCK-----u"-----END PGP PUBLIC KEY BLOCK-----uiN(tretsearchtNoneRtgroupRR	trangeR
tjoinRR"(	tuseridtraw_keytinput_emailR#R$tstarttstoptitcat_key((s./usr/lib/python2.7/site-packages/dnf/dnssec.pytfrom_rpm_key_objectfs		
'N(RRRR)R&tstaticmethodR4(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyR"]stDNSSECKeyVerificationcB@sAeZdZiZed��Zed��Zed��ZRS(u�
    The main class when it comes to verification itself. It wraps Unbound context and a cache with
    already obtained results.
    cC@s1||krtjS|tkr&tjStjSdS(uD
        Compare the key in case it was found in the cache.
        N(RRR!RR(t	key_uniontinput_key_string((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt
_cache_hit�s
cC@s�yddl}Wn(tk
r:}tdj|���nX|j�}|jdd�dkrotjd�n|jdd�dkr�tjd	�n|j�dkr�tjd
�n|j	d�dkr�tjd�n|j
t|j�t
|j�\}}|dkrtjS|jr(tjS|js8tjS|jrHtjS|jsXtjS|jj�d}tj|�}||jkr�tjStjSdS(
uz
        In case the key was not found in the cache, create an Unbound context and contact the DNS
        system
        iNuRConfiguration option 'gpgkey_dns_verification' requires            libunbound ({})u
verbosity:u0u(Unbound context: Failed to set verbosityuqname-minimisation:uyesu1Unbound context: Failed to set qname minimisationu+Unbound context: Failed to read resolv.confu/var/lib/unbound/root.keyu0Unbound context: Failed to add trust anchor file(tunboundtImportErrortRuntimeErrortformattub_ctxt
set_optiontloggertdebugt
resolvconftadd_ta_filetresolveRR#tRR_TYPE_OPENPGPKEYtRR_CLASS_INRR tbogusRtsecureRtnxdomainRthavedatatdatatas_raw_dataRt	b64encodeR$RR(t	input_keyR:tetctxtstatustresultRKtdns_data_b64((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt_cache_miss�s>				cC@s�tjj|j�}|dk	r4tj||j�Stj|�}|tj	krh|jtj|j<n%|tj
kr�t�tj|j<n|SdS(uI
        Public API. Use this method to verify a KeyInfo object.
        N(R6t_cachetgetR#R)R9R$RTRRRR!(RNR7RR((s./usr/lib/python2.7/site-packages/dnf/dnssec.pytverify�s(RRRRUR5R9RTRW(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyR6�s

0cC@sFtd�|jd}|tjkr4|td�S|td�SdS(uE
    Inform the user about key validity in a human readable way.
    uDNSSEC extension: Key for user u u	is valid.uhas unknown status.N(RR#RR(tkitvtprefix((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt
nice_user_msg�scC@std�|S(u;
    Label any given message with DNSSEC extension tag
    uDNSSEC extension: (R(tm((s./usr/lib/python2.7/site-packages/dnf/dnssec.pytany_msg�stRpmImportedKeyscB@s,eZdZed��Zed��ZRS(uQ
    Wrapper around keys, that are imported in the RPM database.

    The keys are stored in packages with name gpg-pubkey, where the version and
    release is different for each of them. The key content itself is stored as
    an ASCII armored string in the package description, so it needs to be parsed
    before it can be used.
    c	C@s�tjjj�}|jdd�}g}x�|D]�}|djd�}tjd|�jd�}|d}|jd�j	d�d	d
!}dj
|�}|t||jd��g7}q1W|S(Nunameu
gpg-pubkeyupackageruasciiu	<(.*@.*)>iudescriptionu
ii����u(
tdnftrpmttransactiontTransactionWrappertdbMatchRR'R(R*R	R,R"R(	ttransaction_settpackagestreturn_listtpkgtpackagerR#tdescriptiont	key_linestkey_str((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt_query_db_for_gpg_keys�s

#cC@s,tj�}tjttd���x|D]�}tj|�}|tj	krrtjtdj
|j���q,|tjkr�tjtdj
|j���q,|tj
kr�tjtdj
|j���q,|tjkrtjtdj
|j���q,tjtdj
|j���q,WdS(Nu1Testing already imported keys for their validity.uGPG Key {} is validu,GPG Key {} does not support DNS verificationu�GPG Key {} could not be verified, because DNSSEC signatures are bogus. Possible causes: wrong configuration of the DNS server, MITM attacku=GPG Key {} has been revoked and should be removed immediatelyuGPG Key {} could not be tested(R^RlR@tinfoR]RR6RWRRR=R#RRR(tkeysR$RR((s./usr/lib/python2.7/site-packages/dnf/dnssec.pytcheck_imported_keys_validitys 
"(RRRR5RlRo(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyR^�s(((((t
__future__RRRtenumRRRtloggingR'tdnf.i18nRtdnf.rpm.transactionR_tdnf.exceptionst	getLoggerR@REt
exceptionstErrorRRRR!R"R6R[R]R^(((s./usr/lib/python2.7/site-packages/dnf/dnssec.pyt<module>s*#Y
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]