a sd_F @sdZddlZddlZddlZddlZddlZddlZddlZddl ZGdddej j Z Gdddej j Z Gdddej j ZGd d d ej j ZGd d d ej j ZGd ddeZGdddeZGdddeZGdddeZejdZejdZejdZejdZejdZejdZeejeejeejeej eej!eej"iZ#eZ$d(ddZ%ddZ&d)d d!Z'd*d"d#Z(d$d%Z)Gd&d'd'Z*dS)+zDNS TSIG support.Nc@seZdZdZdS)BadTimez8The current time is not within the TSIG's validity time.N__name__ __module__ __qualname____doc__rr*/usr/lib/python3/dist-packages/dns/tsig.pyrsrc@seZdZdZdS) BadSignaturez#The TSIG signature fails to verify.Nrrrrr r #sr c@seZdZdZdS)BadKeyz2The TSIG record owner name does not match the key.Nrrrrr r (sr c@seZdZdZdS) BadAlgorithmz*The TSIG algorithm does not match the key.Nrrrrr r -sr c@seZdZdZdS) PeerErrorz;Base class for all TSIG errors generated by the remote peerNrrrrr r 2sr c@seZdZdZdS) PeerBadKeyz$The peer didn't know the key we usedNrrrrr r7src@seZdZdZdS)PeerBadSignaturez*The peer didn't like the signature we sentNrrrrr r<src@seZdZdZdS) PeerBadTimez%The peer didn't like the time we sentNrrrrr rAsrc@seZdZdZdS)PeerBadTruncationz=The peer didn't like amount of truncation in the TSIG we sentNrrrrr rFsrzHMAC-MD5.SIG-ALG.REG.INTz hmac-sha1z hmac-sha224z hmac-sha256z hmac-sha384z hmac-sha512c Cs0|o| }|r:t|}|r:|tdt||||td|j||dd|r||j|tdtj j |tdd|dur|j }|d?d@}|d@} td || |j } t|j } | dkrtd |r"||j| |td |j| |j n || |S) zReturn a context containing the TSIG rdata for the input parameters @rtype: hmac.HMAC object @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported !HNz!Ir ilz!HIHz TSIG Other Data is > 65535 bytesz!HH) get_contextupdatestructpacklen original_idnameZ to_digestabledns rdataclassANY time_signedfudgeother ValueError algorithmerror) wirekeyrdatatime request_macctxmultifirstZ upper_timeZ lower_timeZ time_encodedZ other_lenrrr _digest_s2     r-cCs8|r0t|}|tdt||||SdSdS)ztIf this is the first message in a multi-message sequence, start a new context. @rtype: hmac.HMAC object rN)rrrrr)r&macr+r*rrr _maybe_start_digests  r/Fc Cs^t|||||||}|}tjjjtjjtjj|j||j ||j |j |j }|t |||fS)abReturn a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @rtype: (string, hmac.HMAC object) @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported )r-digestrZrdtypesrZTSIGrZ rdatatyper#r rr$r!r/) r%r&r'r(r)r*r+r.Ztsigrrr signs  r1c Cs,td|dd\} | dkr&tjj| d8} |ddtd| |d|} |jdkr|jtjjkrpt nJ|jtjj krt n6|jtjj krt n"|jtjjkrtntd|jt|j||jkrt|j|krt|j|jkrtt| ||d|||}|} t| |js tt|| |S)a*Validate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @raises BadTime: There is too much time skew between the client and the server. @raises BadSignature: The TSIG signature did not validate @rtype: hmac.HMAC objectr rzunknown TSIG error code %dN) rZunpackr exceptionZ FormErrorrr$ZrcodeZBADSIGrZBADKEYrZBADTIMErZBADTRUNCrr absrr rrr r#r r-r0hmacZcompare_digestr.r r/) r%r&ownerr'Znowr)Z tsig_startr*r+ZadcountZnew_wirer.rrr validates4 $   r9cCsHzt|j}Wn(ty6td|jddYn0tj|j|dS)zReturns an HMAC context foe the specified key. @rtype: HMAC context @raises NotImplementedError: I{algorithm} is not supported zTSIG algorithm  zis not supported) digestmod)_hashesr#KeyErrorNotImplementedErrorr7newsecret)r&r;rrr rs  rc@s eZdZefddZddZdS)KeycCsZt|trtj|}||_t|tr4t|}||_t|trPtj|}||_ dSN) isinstancestrrr from_textbase64Z decodebytesencoder@r#)selfrr@r#rrr __init__s     z Key.__init__cCs.t|to,|j|jko,|j|jko,|j|jkSrB)rCrArr@r#)rHr!rrr __eq__s    z Key.__eq__N)rrrdefault_algorithmrIrJrrrr rAs rA)NNNN)NNNF)NF)+rrFZhashlibr7rZ dns.exceptionrZdns.rdataclassZdns.nameZ dns.rcoder5Z DNSExceptionrr r r r rrrrrrEZHMAC_MD5Z HMAC_SHA1Z HMAC_SHA224Z HMAC_SHA256Z HMAC_SHA384Z HMAC_SHA512Zsha224Zsha256Zsha384Zsha512Zsha1Zmd5r<rKr-r/r1r9rrArrrr sR        $  '