
    h8-                        d Z ddlZddlZddlZddlZddlZddlZddlZddl	Zddl
Z G d dej                  j                        Z G d dej                  j                        Z G d dej                  j                        Z G d	 d
ej                  j                        Z G d dej                  j                        Z G d de      Z G d de      Z G d de      Z G d de      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Zej,                  j/                  d      Z ej,                  j/                  d      Z!eZ"eded ed!ed"ed#ed$ed%e d!ed"e!d&i
Z# G d' d(      Z$ G d) d*      Z% G d+ d,      Z&d4d-Z'd. Z(d5d/Z)	 d6d0Z*d1 Z+ G d2 d3      Z,y)7zDNS TSIG support.    Nc                       e Zd ZdZy)BadTimez8The current time is not within the TSIG's validity time.N__name__
__module____qualname____doc__     F/var/www/html/eduruby.in/venv/lib/python3.12/site-packages/dns/tsig.pyr   r       s    Br   r   c                       e Zd ZdZy)BadSignaturez#The TSIG signature fails to verify.Nr   r
   r   r   r   r   $   s    -r   r   c                       e Zd ZdZy)BadKeyz2The TSIG record owner name does not match the key.Nr   r
   r   r   r   r   (   s    <r   r   c                       e Zd ZdZy)BadAlgorithmz*The TSIG algorithm does not match the key.Nr   r
   r   r   r   r   ,       4r   r   c                       e Zd ZdZy)	PeerErrorz;Base class for all TSIG errors generated by the remote peerNr   r
   r   r   r   r   0   s    Er   r   c                       e Zd ZdZy)
PeerBadKeyz$The peer didn't know the key we usedNr   r
   r   r   r   r   4   s    .r   r   c                       e Zd ZdZy)PeerBadSignaturez*The peer didn't like the signature we sentNr   r
   r   r   r   r   8   r   r   r   c                       e Zd ZdZy)PeerBadTimez%The peer didn't like the time we sentNr   r
   r   r   r   r   <   s    /r   r   c                       e Zd ZdZy)PeerBadTruncationz=The peer didn't like amount of truncation in the TSIG we sentNr   r
   r   r   r   r   @   s    Gr   r   zHMAC-MD5.SIG-ALG.REG.INTz	hmac-sha1zhmac-sha224zhmac-sha256zhmac-sha256-128zhmac-sha384zhmac-sha384-192zhmac-sha512zhmac-sha512-256gss-tsig             0      @      c                   (    e Zd ZdZd Zd Zd Zd Zy)GSSTSigaG  
    GSS-TSIG TSIG implementation.  This uses the GSS-API context established
    in the TKEY message handshake to sign messages using GSS-API message
    integrity codes, per the RFC.

    In order to avoid a direct GSSAPI dependency, the keyring holds a ref
    to the GSSAPI object required, rather than the key itself.
    c                 .    || _         d| _        d| _        y )Nr   r   )gssapi_contextdataname)selfr*   s     r   __init__zGSSTSig.__init__k   s    ,		r   c                 .    | xj                   |z  c_         y N)r+   r-   r+   s     r   updatezGSSTSig.updatep   s    		T	r   c                 L    | j                   j                  | j                        S r0   )r*   get_signaturer+   )r-   s    r   signzGSSTSig.signs   s    ""00;;r   c                 v    	 | j                   j                  | j                  |      S # t        $ r t        w xY wr0   )r*   verify_signaturer+   	Exceptionr   )r-   expecteds     r   verifyzGSSTSig.verifyw   s9    	&&77		8LL 		s   %( 8N)r   r   r   r	   r.   r2   r5   r:   r
   r   r   r(   r(   a   s    
<r   r(   c                   (    e Zd Zd Zd Zed        Zy)GSSTSigAdapterc                     || _         y r0   )keyring)r-   r>   s     r   r.   zGSSTSigAdapter.__init__   s	    r   c                     || j                   v rM| j                   |   }t        |t              r,|j                  t        k(  r|rt
        j                  |||       |S y r0   )r>   
isinstanceKey	algorithmGSS_TSIGr<   parse_tkey_and_step)r-   messagekeynamekeys       r   __call__zGSSTSigAdapter.__call__   sN    dll",,w'C#s#(A"66sGWMJr   c                    	 |j                  |j                  |t        j                  j                  t        j
                  j                        }|r,|d   j                  }|j                  }|j                  |      S y # t        $ r Y y w xY w)Nr   )
find_rrsetanswerdns
rdataclassANY	rdatatypeTKEYrG   secretstepKeyError)clsrG   rE   rF   rrsettokenr*   s          r   rD   z"GSSTSigAdapter.parse_tkey_and_step   s}    		&&););S]]=O=OE a!$%**511   		s   A;A? ?	B
BN)r   r   r   r.   rH   classmethodrD   r
   r   r   r<   r<      s       r   r<   c                      e Zd ZdZeej                  eej                  e	ej                  eej                  dfeej                  eej                  dfeej                   eej                   dfeej&                  i	Zd Zd Zd Zd Zy	)
HMACTSigzo
    HMAC TSIG implementation.  This uses the HMAC python module to handle the
    sign/verify operations.
    r&         c                    	 | j                   |   }t        |t              r*t        j                  ||d         | _        |d   | _        n#t        j                  ||      | _        d | _        | j                  j                  | _	        | j                  r#| xj                  d| j                   z  c_	        y y # t        $ r t        d| d      w xY w)NzTSIG algorithm z is not supportedr   )	digestmod   -)
_hashesrS   NotImplementedErrorr@   tuplehmacnewhmac_contextsizer,   )r-   rG   rB   hashinfos       r   r.   zHMACTSig.__init__   s    	V||I.H
 h& $ DD DI $ ADDI%%**	99II1TYYK(I   	V%	{BS&TUU	Vs   B9 9Cc                 8    | j                   j                  |      S r0   )re   r2   r1   s     r   r2   zHMACTSig.update   s      ''--r   c                 v    | j                   j                         }| j                  r|d | j                  dz   }|S )N   )re   digestrf   )r-   rk   s     r   r5   zHMACTSig.sign   s7    ""))+99.tyyA~/Fr   c                 \    | j                         }t        j                  ||      st        y r0   )r5   rc   compare_digestr   )r-   r9   macs      r   r:   zHMACTSig.verify   s(    iik""31 2r   N)r   r   r   r	   	HMAC_SHA1hashlibsha1HMAC_SHA224sha224HMAC_SHA256sha256HMAC_SHA256_128HMAC_SHA384sha384HMAC_SHA384_192HMAC_SHA512sha512HMAC_SHA512_256HMAC_MD5md5r`   r.   r2   r5   r:   r
   r   r   rY   rY      s     	7<<W^^W^^'..#.W^^'..#.W^^'..#.'++
G)".r   rY   c                    |xr | }|rLt        |      }|r?|j                  t        j                  dt	        |                   |j                  |       |J |j                  t        j                  d|j
                               |j                  | dd        |r|j                  |j                  j                                |j                  t        j                  dt        j                  j                               |j                  t        j                  dd             ||j                  }|dz	  dz  }|dz  }	t        j                  d	||	|j                        }
t	        |j                        }|dkD  rt        d
      |rk|j                  |j                  j                         |
z          |j                  t        j                  d|j                   |      |j                  z          |S |j                  |
       |S )zReturn a context containing the TSIG rdata for the input parameters
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object
    @raises ValueError: I{other_data} is too long
    @raises NotImplementedError: I{algorithm} is not supported
    !HN   z!Ir   r!   i  l    z!HIHz TSIG Other Data is > 65535 bytesz!HH)get_contextr2   structpacklenoriginal_idr,   to_digestablerL   rM   rN   time_signedfudgeother
ValueErrorrB   error)wirerG   rdatatimerequest_macctxmultifirst
upper_time
lower_timetime_encoded	other_lens               r   _digestr      s    E#JJv{{4[)9:;JJ{#??JJv{{4!2!234JJtABx

388))+,

6;;tS^^%7%789

6;;tQ'(|  "*&J
"J;;vz:u{{KLEKK I5;<<

3==..0<?@

6;;uekk9=KL J 	

< Jr   c                     |rLt        |       }|j                  t        j                  dt	        |                   |j                  |       |S y)zIf this is the first message in a multi-message sequence,
    start a new context.
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object
    r   N)r   r2   r   r   r   )rG   rn   r   r   s       r   _maybe_start_digestr      s?    
 #

6;;tSX./

3
r   c           	          t        | ||||||      }|j                         }|j                  ||      }|t        |||      fS )a~  Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
    for the input parameters, the HMAC MAC calculated by applying the
    TSIG signature algorithm, and the TSIG digest context.
    @rtype: (string, dns.tsig.HMACTSig or dns.tsig.GSSTSig object)
    @raises ValueError: I{other_data} is too long
    @raises NotImplementedError: I{algorithm} is not supported
    )r   rn   )r   r5   replacer   )	r   rG   r   r   r   r   r   rn   tsigs	            r   r5   r5     sL     $UD+sE
BC
((*C==Ts=3D%c3677r   c	           	         t        j                  d| dd       \  }	|	dk(  rt        j                  j                  |	dz  }	| dd t        j
                  d|	      z   | d| z   }
|j                  dk7  r|j                  t        j                  j                  k(  rt        |j                  t        j                  j                  k(  rt        |j                  t        j                  j                  k(  rt        |j                  t        j                  j                  k(  rt        t!        d|j                         t#        |j$                  |z
        |j&                  kD  rt(        |j*                  |k7  rt,        |j.                  |j.                  k7  rt0        t3        |
||d|||      }|j5                  |j6                         t9        ||j6                  |      S )aF  Validate the specified TSIG rdata against the other input parameters.

    @raises FormError: The TSIG is badly formed.
    @raises BadTime: There is too much time skew between the client and the
    server.
    @raises BadSignature: The TSIG signature did not validate
    @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig objectr   
      r   r^   zunknown TSIG error code N)r   unpackrL   	exception	FormErrorr   r   rcodeBADSIGr   BADKEYr   BADTIMEr   BADTRUNCr   r   absr   r   r   r,   r   rB   r   r   r:   rn   r   )r   rG   ownerr   nowr   
tsig_startr   r   adcountnew_wires              r   validater     sw    tT"R[1JW!|mm%%%qLGAbzFKKg66b9LLH{{a;;#))***""[[CII,,,[[CII---[[CII...##6u{{mDEE
5s"#ekk1
xx5
}}'
(Ck3
FCJJuyysEIIu55r   c                     | j                   t        k(  rt        | j                        S t	        | j                  | j                         S )zReturns an HMAC context for the specified key.

    @rtype: HMAC context
    @raises NotImplementedError: I{algorithm} is not supported
    )rB   rC   r(   rQ   rY   )rG   s    r   r   r   <  s4     }} szz""

CMM22r   c                       e Zd Zefdej
                  j                  ez  deez  dej
                  j                  ez  fdZ	d Z
d Zy)rA   r,   rQ   rB   c                 P   t        |t              rt        j                  j	                  |      }|| _        t        |t              r#t        j                  |j                               }|| _        t        |t              rt        j                  j	                  |      }|| _	        y r0   )
r@   strrL   r,   	from_textbase64decodebytesencoderQ   rB   )r-   r,   rQ   rB   s       r   r.   zKey.__init__J  su     dC 88%%d+D	fc"''8Fi%**95I"r   c                     t        |t              xrO | j                  |j                  k(  xr4 | j                  |j                  k(  xr | j                  |j                  k(  S r0   )r@   rA   r,   rQ   rB   )r-   r   s     r   __eq__z
Key.__eq__Z  sR    uc" 2		UZZ'2u||+2 %//1		
r   c                     d| j                    dd| j                   dz   }| j                  t        k7  r4|dt        j                  | j
                        j                          dz  }|dz  }|S )Nz<DNS key name='z', zalgorithm=''z
, secret='>)r,   rB   rC   r   	b64encoderQ   decode)r-   rs     r   __repr__zKey.__repr__b  sm    dii[,T^^<LA/NN>>X%:f..t{{;BBDEQGGA	Sr   N)r   r   r   default_algorithmrL   r,   Namer   bytesr.   r   r   r
   r   r   rA   rA   I  sP    
 *;	#hhmmc!# # 88==3&	# 
r   rA   )NNNN)NNNF)NF)-r	   r   rp   rc   r   dns.exceptionrL   dns.name	dns.rcodedns.rdataclassdns.rdatatyper   DNSExceptionr   r   r   r   r   r   r   r   r   r,   r   r}   ro   rr   rt   rv   rw   ry   rz   r|   rC   r   	mac_sizesr(   r<   rY   r   r   r5   r   r   rA   r
   r   r   <module>r      s$  $          Ccmm(( C.3==-- .=S]]'' =53==-- 5F** F/ /5y 50) 0H	 H 8889HH{+	hh  /hh  /(($$%67hh  /(($$%67hh  /(($$%6788j)  rRRRbc	 > @1 1h!H8" LQ#6L
3 r   