U mf,@sdZddlZddlZddlZddlZddlZddlZddlZddl ZGdddej j Z Gdddej j Z Gdddej j ZGd d d ej j ZGd d d ej j ZGd ddeZGdddeZGdddeZGdddeZejdZejdZejdZejdZejdZejdZejdZejdZejdZejdZ eZ!eded ed!ed"ed#ed$ed%ed!ed"e d&i Z"Gd'd(d(Z#Gd)d*d*Z$Gd+d,d,Z%d:d-d.Z&d/d0Z'd;d2d3Z(d|j|}t|tr:|jtkr:|r:t||||SdSdSr")r* isinstanceKey algorithmGSS_TSIGr)parse_tkey_and_step)r messagekeynamekeyrrr __call__s  zGSSTSigAdapter.__call__cCsXz>||j|tjjtjj}|r<|dj}|j}| |WSWnt k rRYnXdS)Nr) Z find_rrsetZanswerdns rdataclassANYZ rdatatypeZTKEYr2secretstepKeyError)clsr2r0r1Zrrsettokenrrrr r/s z"GSSTSigAdapter.parse_tkey_and_stepN)rrrr!r3 classmethodr/rrrr r)s r)c@sveZdZdZeejeeje ej e ej dfe ej eej dfeejeejdfeeji ZddZddZd d Zd d Zd S)HMACTSigzo HMAC TSIG implementation. This uses the HMAC python module to handle the sign/verify operations. rcCsz|j|}Wn$tk r2td|dYnXt|tr^tj||dd|_|d|_ntj||d|_d|_|jj |_ |jr|j d|j7_ dS)NzTSIG algorithm z is not supportedr) digestmod-) _hashesr9NotImplementedErrorr+tuplehmacnew hmac_contextsizer)r r2r-Zhashinforrr r!s   zHMACTSig.__init__cCs |j|Sr")rHr$r#rrr r$szHMACTSig.updatecCs&|j}|jr"|d|jd}|S)N)rHdigestrI)r rKrrr r%s z HMACTSig.signcCs|}t||stdSr")r%rFcompare_digestr )r r'macrrr r(s zHMACTSig.verifyN)rrrr HMAC_SHA1hashlibsha1 HMAC_SHA224sha224 HMAC_SHA256sha256HMAC_SHA256_128 HMAC_SHA384sha384HMAC_SHA384_192 HMAC_SHA512sha512HMAC_SHA512_256HMAC_MD5md5rCr!r$r%r(rrrr r=s0 r=c Cs0|o| }|r:t|}|r:|tdt||||td|j||dd|r||j|tdtj j |tdd|dkr|j }|d?d@}|d@} td || |j } t|j } | dkrtd |r"||j| |td |j| |j n || |S) zReturn a context containing the TSIG rdata for the input parameters @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported !HNz!Irrilz!HIHz TSIG Other Data is > 65535 bytesz!HH) get_contextr$structpacklenZ original_idrZ to_digestabler4r5r6 time_signedfudgeother ValueErrorr-error) wirer2rdatatime request_macctxmultifirstZ upper_timeZ lower_timeZ time_encodedZ other_lenrrr _digests2     rpcCs8|r0t|}|tdt||||SdSdS)zIf this is the first message in a multi-message sequence, start a new context. @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig object r^N)r`r$rarbrc)r2rMrnrmrrr _maybe_start_digests  rqFc Cs:t|||||||}|}|j||d}|t|||fS)a~Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata for the input parameters, the HMAC MAC calculated by applying the TSIG signature algorithm, and the TSIG digest context. @rtype: (string, dns.tsig.HMACTSig or dns.tsig.GSSTSig object) @raises ValueError: I{other_data} is too long @raises NotImplementedError: I{algorithm} is not supported )rdrM)rpr%replacerq) rir2rjrkrlrmrnrMZtsigrrr r%s r%c Cstd|dd\} | dkr&tjj| d8} |ddtd| |d|} |jdkr|jtjjkrpt nJ|jtjj krt n6|jtjj krt n"|jtjjkrtntd|jt|j||jkrt|j|krt|j|jkrtt| ||d|||}||jt||j|S)aFValidate the specified TSIG rdata against the other input parameters. @raises FormError: The TSIG is badly formed. @raises BadTime: There is too much time skew between the client and the server. @raises BadSignature: The TSIG signature did not validate @rtype: dns.tsig.HMACTSig or dns.tsig.GSSTSig objectr^ rrAzunknown TSIG error code %dN)raunpackr4 exceptionZ FormErrorrbrhZrcodeZBADSIGrZBADKEYrZBADTIMErZBADTRUNCrr absrdrerrr r-r rpr(rMrq) rir2ownerrjnowrlZ tsig_startrmrnZadcountZnew_wirerrr validates0 $    rzcCs&|jtkrt|jSt|j|jSdS)zReturns an HMAC context for the specified key. @rtype: HMAC context @raises NotImplementedError: I{algorithm} is not supported N)r-r.rr7r=)r2rrr r`:s  r`c@s(eZdZefddZddZddZdS)r,cCsZt|trtj|}||_t|tr4t|}||_t|trPtj|}||_ dSr") r+strr4r from_textbase64 decodebytesencoder7r-)r rr7r-rrr r!Hs     z Key.__init__cCs.t|to,|j|jko,|j|jko,|j|jkSr")r+r,rr7r-)r rfrrr __eq__Ss    z Key.__eq__cCsNd|jdd|jd}|jtkrB|dt|jd7}|d7}|S)Nz