dZddlZddlZddlZddlZddlZddlZddlm Z m Z m Z GddejjZGddejjZGd d ejjZGd d eZGd deZGddeZGddeZej*j-dZej*j-dZej*j-dZej*j-dZej*j-dZej*j-dZeej:eej<eej>eej@eejBeejDiZ#eZ$dZ%dZ&dZ'dZ(ddde$fdZ)ddde$fd Z* d$d!Z+d"Z,d#Z-y)%zDNS TSIG support.N)long string_types text_typeceZdZdZy)BadTimez8The current time is not within the TSIG's validity time.N__name__ __module__ __qualname____doc__lib/third_party/dns/tsig.pyrrsBrrceZdZdZy) BadSignaturez#The TSIG signature fails to verify.Nr rrrrr"s-rrceZdZdZy) PeerErrorz;Base class for all TSIG errors generated by the remote peerNr rrrrr'sErrceZdZdZy) PeerBadKeyz$The peer didn't know the key we usedNr rrrrr,s.rrceZdZdZy)PeerBadSignaturez*The peer didn't like the signature we sentNr rrrrr1s4rrceZdZdZy) PeerBadTimez%The peer didn't like the time we sentNr rrrrr6s/rrceZdZdZy)PeerBadTruncationz=The peer didn't like amount of truncation in the TSIG we sentNr rrrrr;sGrrzHMAC-MD5.SIG-ALG.REG.INTz hmac-sha1z hmac-sha224z hmac-sha256z hmac-sha384z hmac-sha512FTc @t|tr|j}t| \} }| r]t j ||} t |}|dkDr6| jtjd|| j|tjd|}| j|| j|dd| r| j|j| jtjdtjj| jtjdd|tdz}|dz tdz}|td z}tjd |||}| |z}t |}|dkDr td tjd |||z}| r#| j|| j|n| j|| j!}tjdt |}||z|z|z|z}| rYt j ||} t |}| jtjd|| j|nd} ||| fS) ajReturn a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @rtype: (string, string, hmac.HMAC object) @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported ) digestmodr!HNz!I ilz!HIHz TSIG Other Data is > 65535 bytesz!HH) isinstancerencode get_algorithmhmacnewlenupdatestructpack to_digestabledns rdataclassANYr ValueErrordigest)wirekeynamesecrettimefudge original_iderror other_data request_macctxmultifirst algorithmalgorithm_namer"mlid long_time upper_time lower_timetime_macpre_macolpost_macmacmpack tsig_rdatas rsignrOYs*i(&&( "/ ":^Y hhv3   6 JJv{{4, - JJ{ # T; 'BJJrNJJtABx  7((*+ 6;;tS^^%7%789 6;;tQ'(tAwIr/T&\1JT*--J{{6:z5AHx'G ZB Ez;<<{{5%,z9H  7 8 8 **,C KKc#h 'E53&+h6J hhv3 X 6;;tR() 3 S !!rc 0t|||||||||| | | | S)N)rO) r5r6r7r8r9r:r;r<r=r>r?r@rAs rhmac_md5rQs. gvtUKKeUI GGrc tjd|dd\} | dk(rtjj| dz} |ddtj d| z|d|z} |} tj j|| \}}| |z} tjd|| | dz\}}}}|tdzdz|tdzz}| dz } || | |z}| |z } tjd|| | d z\}}}| d z } || | |z}| |z } | ||zk7rtjj|dk7rJ|tk(rt|tk(rt|tk(rt|tk(rt t#d |z||z }||z}||ks||kDrt$t'| |||||||||| | | \}}}||k7rt(|S) a*Validate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @raises BadTime: There is too much time skew between the client and the server. @raises BadSignature: The TSIG signature did not validate @rtype: hmac.HMAC objectr# rr!HIHHr%z!HHHzunknown TSIG error code %d)r-unpackr0 exception FormErrorr.name from_wirerBADSIGrBADKEYrBADTIMErBADTRUNCrrrrOr)r5r6r7nowr= tsig_startrN tsig_rdlenr>r?r@adcountnew_wirecurrentanameusedrFrGr9mac_sizer8rLr:r; other_sizer<time_low time_highjunkour_macs rvalidaternstT"R[1JW!|mm%%% qLGAbzFKKg66b9LLHGHH&&tW5MUDnG gtGGbL9:.ZUH $q' !b (Z$q'-A BD rMG ww) *C xG fd77Q;78%[% qLGgg 23J zG*z))mm%%% z F?" " f_  g   h # #85@A Ae|Hu I X~y '64 +UJ +S%GT7C#~ Jrct|trtjj |} |j t |fS#t$rtdt|zdzwxYw)zReturns the wire format string and the hash module to use for the specified TSIG algorithm @rtype: (string, hash constructor) @raises NotImplementedError: I{algorithm} is not supported zTSIG algorithm z is not supported) r&rr0rZ from_textr/_hashesKeyErrorNotImplementedErrorstr)rAs rr(r(sp)\*HH&&y1 7'')79+=>> 7!"3c)n"D"5#67 77s A $A.c|}tjj||\}}||z}tjd|||dz\}}}} |dz }|||| z} || z }|||zkDrtj j || fS)zlReturn the tsig algorithm for the specified tsig_rdata @raises FormError: The TSIG is badly formed. rUrS)r0rZr[r-rWrXrY) r5rNrbrerfrgrFrGr9rhrLs rget_algorithm_and_macrvsGHH&&tW5MUDnG gtGGbL9:.ZUH rMG ww) *C xGj((mm%%% 3<r)NFT).r hashlibr)r- dns.exceptionr0dns.rdataclassdns.name_compatrrrrX DNSExceptionrrrrrrrrZrpHMAC_MD5 HMAC_SHA1 HMAC_SHA224 HMAC_SHA256 HMAC_SHA384 HMAC_SHA512sha224sha256sha384sha512sha1md5rqdefault_algorithmr\r]r^r_rOrQrnr(rvrrrrs$ 22Ccmm((C .3==--. F **F // 5y5 0)0 H H 88  8 9 HH  { + hh  / hh  / hh  / hh  /  w|| gkk      '+%t$3"n+/e4(G7;3l7$r