a Ch'@sLddlZddlZddlmZmZddlmZddlmZGdddeZ dS)N)CalledProcessErrorcall)mkstemp)ConfigGeneratorc%@s|eZdZdZhdZdddddddZdddd d d dd d ddddd Zddddddddddd Zddd d!d"d#d$Zd%d&d'Z d(gd)gd*gd+gd,gd-gd.gd/gd0gd1d2gd3gd4gd5d6gd7gd8gd9d:gd;gdgd?gd@gdAgdBgdCgdDgdEgdFgdGgdHgdIgdJgdKgdLgdMgdNgdO$Z dPdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^Z d_d`dadbdcZ dddedfdgdhdidjdkdlZ edmdnZedodpZdS)qGnuTLSGeneratorgnutls>ZsslZtlsrAEADSHA1MD5NZSHA512)r z HMAC-SHA1zHMAC-MD5z HMAC-SHA2-256z HMAC-SHA2-384z HMAC-SHA2-512ZSHA224ZSHA256ZSHA384SHA3-224SHA3-256SHA3-384SHA3-512 SHAKE-128 SHAKE-256) r r r zSHA2-224zSHA2-256zSHA2-384zSHA2-512r r rrrrz GROUP-X448z GROUP-X25519zGROUP-SECP256R1zGROUP-SECP384R1zGROUP-SECP521R1zGROUP-FFDHE6144zGROUP-FFDHE2048zGROUP-FFDHE3072zGROUP-FFDHE4096zGROUP-FFDHE8192) X448X25519 SECP256R1 SECP384R1 SECP521R1z FFDHE-6144z FFDHE-2048z FFDHE-3072z FFDHE-4096z FFDHE-8192rr SECP224R1rrr)rrrrrrZEd448ZEd25519) EDDSA-ED448 EDDSA-ED25519RSA-MD5RSA-SHA1DSA-SHA1 ECDSA-SHA1z RSA-SHA224z DSA-SHA224z ECDSA-SHA224z RSA-SHA256z DSA-SHA256z ECDSA-SHA256zECDSA-SECP256R1-SHA256z RSA-SHA384z DSA-SHA384z ECDSA-SHA384zECDSA-SECP384R1-SHA384z RSA-SHA512z DSA-SHA512z ECDSA-SHA512zECDSA-SECP521R1-SHA512zRSA-PSS-SHA256zRSA-PSS-SHA384zRSA-PSS-SHA512zRSA-PSS-RSAE-SHA256zRSA-PSS-RSAE-SHA384zRSA-PSS-RSAE-SHA512 RSA-SHA3-224 DSA-SHA3-224ECDSA-SHA3-224 RSA-SHA3-256 DSA-SHA3-256ECDSA-SHA3-256 RSA-SHA3-384 DSA-SHA3-384ECDSA-SHA3-384 RSA-SHA3-512 DSA-SHA3-512ECDSA-SHA3-512z EdDSA-Ed448z EdDSA-Ed25519)$rrrrz RSA-SHA2-224z DSA-SHA2-224zECDSA-SHA2-224z RSA-SHA2-256z DSA-SHA2-256zECDSA-SHA2-256z RSA-SHA2-384z DSA-SHA2-384zECDSA-SHA2-384z RSA-SHA2-512z DSA-SHA2-512zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512zRSA-PSS-RSAE-SHA2-256zRSA-PSS-RSAE-SHA2-384zRSA-PSS-RSAE-SHA2-512rrr r!r"r#r$r%r&r'r(r)rr AES-256-GCM AES-128-GCM AES-256-CCM AES-128-CCM AES-256-CBC AES-128-CBCCAMELLIA-256-GCMCAMELLIA-128-GCMCAMELLIA-256-CBCCAMELLIA-128-CBCCHACHA20-POLY13053DES-CBCz ARCFOUR-128)z AES-256-CTRz AES-128-CTRr+r,r-r.r/r0r1r2r3r4r5r6zRC4-128)z ECDHE-RSAz ECDHE-ECDSA)RSA)DHE-RSA)DHE-DSS)ZECDHEr7r8r9SSL3.0TLS1.0TLS1.1TLS1.2TLS1.3DTLS0.9DTLS1.0DTLS1.2)r:r;r<r=r>r?r@rAc s|j}td}|drj|dD]D}z,j|rR|d7}|j|7}|d7}Wq$tyfYq$0q$|dr|dD]D}z,j|r|d7}|j|7}|d7}WqztyYqz0qz|dD]$}|jvr|dj|d7}qȇfd d |d D}|D]"}|D]}|d |d7}qq|D]"}|D]}|d |d7}q8q0|jdrx|d7}|d7}|d7}|dD](}|j vr|dj |d7}q|d D](}|j vr|dj |d7}q|dr:|dD]J}z.j |r|d7}|j |7}|d7}Wnty4Yn0q|dD]4}|j vrBj |D]}|d|d7}q\qB|dD](}|j vr|dj |d7}qtdddk}|s|jddkr|d7}n*|jddkr|d 7}n|jdd!kr|jd"} |jd#} | d$ks,| d$kr6|d%7}n| d&ksJ| d&krT|d'7}nb| d(ksh| d(krr|d)7}nD| d*ks| d*kr|d+7}n&| d,ks| d,kr|d-7}n|d.7}|d/7}|S)0Nz] [global] override-mode = allowlist [overrides] hashzsecure-hash =  Zmacztls-enabled-mac = groupztls-enabled-group = cs g|]}|jvrj|qS)sign_map).0iclsrEz3GnuTLSGenerator.generate_config..signz secure-sig = zsecure-sig-for-cert = Z sha1_in_certszsecure-sig-for-cert = rsa-sha1 zsecure-sig-for-cert = dsa-sha1 z!secure-sig-for-cert = ecdsa-sha1 zenabled-curve = Zcipherztls-enabled-cipher = Z key_exchangeztls-enabled-kx = Zprotocolzenabled-version = ZGNUTLS_NO_TLS_SESSION_HASH01Z__emsZENFORCEztls-session-hash = require ZRELAXztls-session-hash = request ZDEFAULT min_dh_size min_rsa_sizeiz$min-verification-profile = very_weakizmin-verification-profile = lowiz!min-verification-profile = mediumi zmin-verification-profile = highi z min-verification-profile = ultraz!min-verification-profile = futurez [priorities] SYSTEM=NONE )Zenabledtextwrapdedentlstriphash_mapKeyErrormac_map group_mapZintegersgroup_curve_mapsign_curve_map cipher_mapkey_exchange_map protocol_maposgetenvZenums) rJZpolicypsrHZsigsjZkxZno_tls_session_hashrQrRrErIrKgenerate_configs                                 zGnuTLSGenerator.generate_configc Cs(tddkrdStdtjs$dSt\}}d}zt|d}||Wdn1s`0Yz.|tjd<dtjd <dtjd <td dd }Wnt y| d Yn0Wtjd=tjd =tjd =t |n$tjd=tjd =tjd =t |0|r$| d| d|dSdS)NZ OLD_GNUTLSrPTz/usr/bin/gnutls-cliwZGNUTLS_SYSTEM_PRIORITY_FILE3ZGNUTLS_DEBUG_LEVELZ&GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALIDz!/usr/bin/gnutls-cli -l >/dev/null)shellz%/usr/bin/gnutls-cli: Execution failedz,There is an error in gnutls generated policyzPolicy: F) r_r`accessX_OKrfdopenwriteenvironrrZeprintunlink)rJZconfigfdpathretfrErErK test_config s> (        zGnuTLSGenerator.test_config)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESrXrVrYrZr[rFr\r]r^ classmethodrdrsrErErErKrs  ,  ir) r_rS subprocessrrZtempfilerZconfiggeneratorrrrErErErKs