File: //lib64/python3.9/site-packages/gssapi/__pycache__/sec_contexts.cpython-39.opt-1.pyc
a
�������_�J�����������������������@���s����d�d�l�Z�d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���d�d�l�m Z m
Z
��d�d�l�m�Z
��d�d�l�m�Z���d�d�l�m�Z���d�d�l�m�Z���e���e�j���G�d d
��d
e�j�����Z�d�S�)������N)���sec_contexts)���message)���named_tuples)���RequirementFlag��IntEnumFlagSet)���_utils)���Name)���Credentialsc���������������� �������s����e�Z�d�Z�d�Z�d5��f�d�d�� Z�d6d�d���Z�d�d���Z�d d
��Z�d�d���Z�d
d���Z d�d���Z
d�d���Z�d7d�d���Z�d�d���Z
d�d���Z�d�Z�e�j�d�d�����Z�e�d�d�����Z�e�d�d ����Z�e���d!d"��Z�e���d#d$��Z�e���d%d&��Z�e���d'd(��Z�e���d)d*��Z�e�e�j�d+d,������Z�e�j�d8d-d.����Z�d/d0��Z�d9d1d2��Z d3d4��Z!����Z"S�):��SecurityContexta����A GSSAPI Security Context
This class represents a GSSAPI security context that may be used
with and/or returned by other GSSAPI methods.
It inherits from the low-level GSSAPI
:class:`~gssapi.raw.sec_contexts.SecurityContext` class,
and thus may used with both low-level and high-level API methods.
This class may be pickled and unpickled (the attached delegated
credentials object will not be preserved, however).
Nc
�����������
�����������s$���|�d�u�r�t���|���}�t�t�|�����|�|���S���N)��
rsec_contextsZ�import_sec_context��superr
�����__new__)
��cls��base��token��name��creds��lifetime��flags��mech��channel_bindings��usage��� __class__���9/usr/lib64/python3.9/site-packages/gssapi/sec_contexts.pyr��������s��������
�z�SecurityContext.__new__c
�������������������C���s4���d�|�_�|�d�u�r�|�d�u�r�| d�u�r@| d�v�r8d�}
t�j�|
d�d�����| |�_�n2|�d�u�r\|�j�d�k�r\|�j�|�_�n�|�d�u�rld�|�_�n�d�|�_�|�j�d�k�r�|�d�u�r�t�d ����|�|�_�|�|�_�t�t�|���|�_ |�|�_
n(|�d�u�s�|�d�u�s�|�d�u�s�|�d�u�r�t�d
����|�|�_�|�|�_�d�|�_
nBz�|�j�r�d�|�_�n�d�|�_�W�n(��t�j���y(������d�}
t�j�|
d�d�����Y�n�0�d�|�_�d�S�)�a����
The constructor creates a new security context, but does not begin
the initiate or accept process.
If the `base` argument is used, an existing
:class:`~gssapi.raw.sec_contexts.SecurityContext` object from
the low-level API is converted into a high-level object.
If the `token` argument is passed, the security context is imported
using the token.
Otherwise, a new security context is created.
If the `usage` argument is not passed, the constructor will attempt
to detect what the appropriate usage is based on either the existing
security context (if `base` or `token` are used) or the argument set.
For a security context of the `initiate` usage, the `name` argument
must be used, and the `creds`, `mech`, `flags`,
`lifetime`, and `channel_bindings` arguments may be
used as well.
For a security context of the `accept` usage, the `creds` and
`channel_bindings` arguments may optionally be used.
N)���initiate��acceptz+Usage must be either 'initiate' or 'accept'z�security context)���objZ�bothr����r����zNYou must pass the 'name' argument when creating an initiating security contextzVYou must pass at most the 'creds' argument when creating an accepting security contextz7Cannot extract usage from a partially completed context)�Z _last_err��excsZ�UnknownUsageErrorr����� TypeError��_target_name��_mechr����r������_desired_flags��_desired_lifetime��_channel_bindings��_creds��_delegated_creds��locally_initiated��MissingContextError� _complete)���selfr����r����r����r����r����r����r����r����r������msgr����r����r������__init__&���sH���������������������
�������
�������������������������������������
�������z�SecurityContext.__init__c��������������������C���s����t���|�|���S�)�aB���Calculate the signature for a message.
This method calculates the signature (called a MIC) for
the given message, which may be then used with
:meth:`verify_signature` to confirm the validity of the
signature. This is useful if you wish to transmit the
message signature and message in your own format.
Args:
message (bytes): the input message
Returns:
bytes: the message signature
Raises:
ExpiredContextError
MissingContextError
BadQoPError
)���rmessageZ�get_mic��r,���r����r����r����r�����
get_signature����s������z�SecurityContext.get_signaturec��������������������C���s����t���|�|�|���S�)�a����Verify the signature for a message.
This method verifies that a signature (generated by
:meth:`get_signature` is valid for the given message.
If the signature is valid, the method will return.
Otherwise, it will raise an error.
Args:
message (bytes): the message
mic (bytes): the signature to verify
Raises:
BadMICError: the signature was not valid
InvalidTokenError
DuplicateTokenError
ExpiredTokenError
TokenTooLateError
TokenTooEarlyError
ExpiredContextError
MissingContextError
)�r/���Z
verify_mic)�r,���r����Z�micr����r����r������verify_signature����s������z SecurityContext.verify_signaturec��������������������C���s����t���|�|�|���S�)�a����Wrap a message, optionally with encryption
This wraps a message, signing it and optionally
encrypting it.
Args:
message (bytes): the message to wrap
encrypt (bool): whether or not to encrypt the message
Returns:
WrapResult: the wrapped message and details about it
(e.g. whether encryption was used succesfully)
Raises:
ExpiredContextError
MissingContextError
BadQoPError
)�r/�����wrap)�r,���r������encryptr����r����r����r3�������s������z�SecurityContext.wrapc��������������������C���s����t���|�|���S�)�aa���Unwrap a wrapped message.
This method unwraps/unencrypts a wrapped message,
verifying the signature along the way.
Args:
message (bytes): the message to unwrap/decrypt
Returns:
UnwrapResult: the unwrapped message and details about it
(e.g. wheter encryption was used)
Raises:
InvalidTokenError
BadMICError
DuplicateTokenError
ExpiredTokenError
TokenTooLateError
TokenTooEarlyError
ExpiredContextError
MissingContextError
)�r/�����unwrapr0���r����r����r����r5�������s������z�SecurityContext.unwrapc��������������������C���s$���|�j�|�d�d���}�|�j�s�t���d�����|�j�S�)�am���Encrypt a message.
This method wraps and encrypts a message, similarly to
:meth:`wrap`. The difference is that encryption is always
used, and the method will raise an exception if this is
not possible. Additionally, this method simply returns
the encrypted message directly.
Args:
message (bytes): the message to encrypt
Returns:
bytes: the encrypted message
Raises:
EncryptionNotUsed: the encryption could not be used
ExpiredContextError
MissingContextError
BadQoPError
T)�r4���z!Wrapped message was not encrypted)�r3���� encryptedr �����EncryptionNotUsedr������r,���r������resr����r����r����r4�������s����������
�z�SecurityContext.encryptc��������������������C���s2���|���|���}�|�j�s,|�j�t�j�@�r,t�j�d�|�j�d�����|�j�S�)�a"���Decrypt a message.
This method decrypts and unwraps a message, verifying the signature
along the way, similarly to :meth:`unwrap`. The difference is that
this method will raise an exception if encryption was established
by the context and not used, and simply returns the decrypted
message directly.
Args:
message (bytes): the encrypted message
Returns:
bytes: the decrypted message
Raises:
EncryptionNotUsed: encryption was expected, but not used
InvalidTokenError
BadMICError
DuplicateTokenError
ExpiredTokenError
TokenTooLateError
TokenTooEarlyError
ExpiredContextError
MissingContextError
zTThe context was established with encryption, but unwrapped message was not encrypted)�Z�unwrapped_message)�r5���r6�����actual_flagsr����Z�confidentialityr ���r7���r����r8���r����r����r������decrypt����s������
���
���������z�SecurityContext.decryptTc��������������������C���s����t���|�|�|���S�)�a.���Calculate the maximum message size for a given wrapped message size.
This method calculates the maximum input message size for a given
maximum wrapped/encrypted message size.
Args:
desired_output_size (int): the maximum output message size
encrypted (bool): whether or not encryption should be taken
into account
Returns:
int: the maximum input message size
Raises:
MissingContextError
ExpiredContextError
BadQoPError
)�r/���Z�wrap_size_limit)�r,���Z�desired_output_sizer6���r����r����r������get_wrap_size_limit,���s����������z#SecurityContext.get_wrap_size_limitc��������������������C���s����t���|�|�����d�S�)�ac���Process an output token asynchronously.
This method processes an output token even when the security context
was not expecting it.
Warning:
This method is deprecated.
Args:
token (bytes): the token to process
Raises:
InvalidTokenError
MissingContextError
N)�r����Z�process_context_token��r,���r����r����r����r�����
process_tokenD���s������z�SecurityContext.process_tokenc��������������������C���s
���t���|���S�)�aB���Export a security context.
This method exports a security context, allowing it to be passed
between processes.
Returns:
bytes: the exported security context
Raises:
ExpiredContextError
MissingContextError
OperationUnavailableError
)�r����Z�export_sec_context��r,���r����r����r������exportW���s������z�SecurityContext.export)���initiator_name��target_namer����r����r������locally_init��completec���������������� ���K���s����|�s
d�}�n�d�}�|�j�D�]�}�|���|�|���|�|�<�q�t�j�|�f�i�|�����}�|���d�d���r^|�j�d�u�r^t�|�j���}�n�d�}�|���d�d���r�|�j�d�u�r�t�|�j���}�n�d�}�t���|�|�|�j |�j
|�j�|�j�|�j
��S�)�a����Inspect the security context for information
This method inspects the security context for information.
If no keyword arguments are passed, all available information
is returned. Otherwise, only the keyword arguments that
are passed and set to `True` are returned.
Args:
initiator_name (bool): get the initiator name for this context
target_name (bool): get the target name for this context
lifetime (bool): get the remaining lifetime for this context
mech (bool): get the :class:`MechType` used by this context
flags (bool): get the flags set on this context
locally_init (bool): get whether this context was locally initiated
complete (bool): get whether negotiation on this context has
been completed
Returns:
InquireContextResult: the results of the inquiry, with unused
fields set to None
Raises:
MissingContextError
TFrA���NrB���)��
_INQUIRE_ARGS��getr����Z�inquire_contextrA���r����rB�����tuplesZ�InquireContextResultr����r����r����rC���rD���)�r,�����kwargsZ�default_val��argr9���Z init_namerB���r����r����r������_inquirek���s*�����������
���������������������������������z�SecurityContext._inquirec��������������������C���s
���t���|���S�)�z7The amount of time for which this context remains valid)�r����Z�context_timer?���r����r����r����r��������s������z�SecurityContext.lifetimec��������������������C���s����|�j�S�)�z�The credentials delegated from the initiator to the acceptor
.. warning::
This value will not be preserved across picklings. These should
be separately exported and transfered.
)�r(���r?���r����r����r������delegated_creds����s�����
z�SecurityContext.delegated_credsrA���z2The :class:`Name` of the initiator of this contextrB���z/The :class:`Name` of the target of this contextr����z8The mechanism (:class:`MechType`) in use by this contextr����z�The flags set on this contextrC���z)Whether this context was locally intiatedc��������������������C���sN���|�j�rF|�j�d�u�r@z�|�j�d�d���j�}�W�n���t�j�y8������Y�d�S�0�|�|�_�|�j�S�d�S�d�S�)�z7Whether negotiation for this context has been completedNT)�rD���F)���_startedr+���rJ���rD���r ���r*���)�r,���r9���r����r����r����rD�������s��������
�������������z�SecurityContext.completec��������������������C���s&���|�j�d�k�r�|�j�|�d���S�|�j�|�d���S�d�S�)�a����Perform a negotation step.
This method performs a negotiation step based on the usage type
of this context. If `__DEFER_STEP_ERRORS__` is set to True on
the class, this method will return a token, even when exceptions
would be thrown. The generated exception will be thrown on the next
method call or property lookup on the context.
**This is the default behavior.**
This method should be used in a while loop, as such:
.. code-block:: python
input_token = None
try:
while not ctx.complete:
output_token = ctx.step(input_token)
input_token = send_and_receive(output_token)
except GSSError as e:
handle_the_issue()
.. tip::
Disabling `__DEFER_STEP_ERRORS__` is rarely necessary.
When this method is used in a loop (as above),
`__DEFER_STEP_ERRORS__` will ensure that you always
send an error token when it's available,
keeping the other end of the security context updated
with the status of the negotiation.
Args:
token (bytes): the input token from the other participant's step
Returns:
bytes: the output token to send to the other participant
Raises:
InvalidTokenError
InvalidCredentialsError
MissingCredentialsError
ExpiredCredentialsError
BadChannelBindingsError
BadMICError
ExpiredTokenError: (initiate only)
DuplicateTokenError
MissingContextError
BadNameTypeError: (initiate only)
BadNameError: (initiate only)
BadMechanismError
r����)�r����N)�r������_acceptor_step��_initiator_stepr=���r����r����r������step����s�����5
���z�SecurityContext.stepc��������������������C���sB���t���|�|�j�|�|�j���}�|�j�d�u�r,t�|�j���|�_�n�d�|�_�|�j���|�_�|�j S�r����)
r����Z�accept_sec_contextr'���r&���rK���r ���r(����
more_stepsr+���r������r,���r����r9���r����r����r����rM�������s������
�����
�����
�z�SecurityContext._acceptor_stepc����������������
���C���s4���t���|�j�|�j�|�|�j�|�j�|�j�|�j�|���}�|�j���|�_ |�j
S�r����)�r����Z�init_sec_contextr"���r'���r#���r$���r%���r&���rP���r+���r����rQ���r����r����r����rN�������s��������������������
�z�SecurityContext._initiator_stepc��������������������C���s����t�|���d�|�����f�f�S�r����)���typer@���r?���r����r����r�����
__reduce__%���s������z�SecurityContext.__reduce__) NNNNNNNNN) NNNNNNNNN)�T)�N)�N)#��__name__�
__module__��__qualname__��__doc__r����r.���r1���r2���r3���r5���r4���r;���r<���r>���r@���rE���r����Z�check_last_errrJ�����propertyr����rK���Z�inquire_propertyrA���rB���r����r:���r)���rD���Z�catch_and_return_tokenrO���rM���rN���rS����
__classcell__r����r����r����r����r
�������sb������
������� ������
a�����������'��
���������
5��
���
����������������������������������������9�
r
���)�Z�sixZ
gssapi.rawr����r����r����r/���r����rG���Z�gssapi.raw.typesr����r����Z�gssapi.exceptions�
exceptionsr ���Z�gssapir����Z�gssapi.namesr����Z�gssapi.credsr ���Z
add_metaclassZ�CheckLastErrorr
���r����r����r����r������<module>����s����������������������
�