3 ."d@sDddlmZmZddlmZddlZddlmZGdddeZdS))callCalledProcessError)mkstempN)ConfigGeneratorc@seZdZdZdddhZdddddd d Zd d d dddddddd Zddddddddddd d!d"d#d$d%d&d'd(d)d*d+Zd,d-d.Zddd/d0d1d2d3d4d5d6d7d8d9d:d;d<Z d=d>d?Z d@dAdBdCddddDZ dEdFdGdHdIdJdKdLZ e dMdNZe dOdPZdQS)RGnuTLSGeneratorZgnutlsZtlsZsslz-AEADz-SHA1z-MD5z-SHA256z-SHA384z-SHA512)ZAEADz HMAC-SHA1zHMAC-MD5z HMAC-SHA2-256z HMAC-SHA2-384z HMAC-SHA2-512z -GROUP-X448z -GROUP-X25519z-GROUP-SECP256R1z-GROUP-SECP384R1z-GROUP-SECP521R1z-GROUP-FFDHE2048z-GROUP-FFDHE3072z-GROUP-FFDHE4096z-GROUP-FFDHE8192) ZX448ZX25519Z SECP256R1Z SECP384R1Z SECP521R1z FFDHE-6144z FFDHE-2048z FFDHE-3072z FFDHE-4096z FFDHE-8192z -SIGN-RSA-MD5z-SIGN-RSA-SHA1z-SIGN-DSA-SHA1z-SIGN-ECDSA-SHA1z-SIGN-RSA-SHA224z-SIGN-DSA-SHA224z-SIGN-ECDSA-SHA224z-SIGN-RSA-SHA256z-SIGN-DSA-SHA256z-SIGN-ECDSA-SHA256z-SIGN-RSA-SHA384z-SIGN-DSA-SHA384z-SIGN-ECDSA-SHA384z-SIGN-RSA-SHA512z-SIGN-DSA-SHA512z-SIGN-ECDSA-SHA512z.-SIGN-RSA-PSS-SHA256:-SIGN-RSA-PSS-RSAE-SHA256z.-SIGN-RSA-PSS-SHA384:-SIGN-RSA-PSS-RSAE-SHA384z.-SIGN-RSA-PSS-SHA512:-SIGN-RSA-PSS-RSAE-SHA512z-SIGN-EDDSA-ED448z-SIGN-EDDSA-ED25519)zRSA-MD5zRSA-SHA1zDSA-SHA1z ECDSA-SHA1z RSA-SHA2-224z DSA-SHA2-224zECDSA-SHA2-224z RSA-SHA2-256z DSA-SHA2-256zECDSA-SHA2-256z RSA-SHA2-384z DSA-SHA2-384zECDSA-SHA2-384z RSA-SHA2-512z DSA-SHA2-512zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512z EDDSA-ED448z EDDSA-ED25519z+SIGN-DSA-SHA1z+SIGN-RSA-SHA1)zDSA-SHA1zRSA-SHA1z -AES-256-GCMz -AES-128-GCMz -AES-256-CCMz -AES-128-CCMz -AES-256-CBCz -AES-128-CBCz-CAMELLIA-256-GCMz-CAMELLIA-128-GCMz-CAMELLIA-256-CBCz-CAMELLIA-128-CBCz-CHACHA20-POLY1305z -3DES-CBCz -ARCFOUR-128)z AES-256-CTRz AES-128-CTRz AES-256-GCMz AES-128-GCMz AES-256-CCMz AES-128-CCMz AES-256-CBCz AES-128-CBCzCAMELLIA-256-GCMzCAMELLIA-128-GCMzCAMELLIA-256-CBCzCAMELLIA-128-CBCzCHACHA20-POLY1305z3DES-CBCzRC4-128z +3DES-CBCz +ARCFOUR-128)z3DES-CBCzRC4-128z+RSAz+ECDHE-RSA:+ECDHE-ECDSAz+DHE-RSAz+DHE-DSS)ZRSAZECDHEzDHE-RSAzDHE-DSSZPSKzDHE-PSKz ECDHE-PSKz -VERS-SSL3.0z -VERS-TLS1.0z -VERS-TLS1.1z -VERS-TLS1.2z -VERS-TLS1.3z -VERS-DTLS1.0z -VERS-DTLS1.2)zSSL3.0zTLS1.0zTLS1.1zTLS1.2zTLS1.3zDTLS1.0zDTLS1.2c Cszd}|j}|j}|drb|j|d}x<|dD]0}y|j||j|}Wq.tk r\Yq.Xq.W|dr|j|d}x<|dD]0}y|j||j|}Wqtk rYqXqW|drL|j|d}x>|dD]2}y|j||j|}Wqtk rYqXqWx@|dD]4}y|j||j|}Wntk rDYnXqW|jdrd|j|d }|d r|j|d }x@|d D]4}y|j||j |}Wntk rYnXqWx@|d D]4}y|j||j |}Wntk rYnXqWx@|d D]4}y|j||j |}Wntk r8YnXqW|d r|j|d}x@|d D]4}y|j||j |}Wntk rYnXq`W|j|d}|jd}|jd}|dks|dkr|j|d}n|dks|dkr|j|d}nr|dks|dkr|j|d}nP|dks2|dkr@|j|d}n.|dksT|dkrb|j|d}n |j|d}|d7}|S)Nz SYSTEM=NONEZmacz+MAC-ALLgroupz +GROUP-ALLZsignz +SIGN-ALLZ sha1_in_certsz%VERIFY_ALLOW_SIGN_WITH_SHA1Zcipherz +CIPHER-ALLZ key_exchangeZprotocolz+VERS-ALL:-VERS-DTLS0.9z +COMP-NULL min_rsa_size min_dh_sizeiz%PROFILE_VERY_WEAKiz %PROFILE_LOWiz%PROFILE_MEDIUMi z %PROFILE_HIGHi z%PROFILE_ULTRAz%PROFILE_FUTURE ) ZenabledZdisabledappend mac_not_mapKeyError group_not_map sign_not_maplegacy_sign_mapZintegerscipher_not_mapcipher_force_mapkey_exchange_mapprotocol_not_map)clsZpolicyspZipir r r=./usr/share/crypto-policies/python/policygenerators/gnutls.pygenerate_configqs                      zGnuTLSGenerator.generate_configcCstjdtjsdSt\}}d}z^tj|d}|j|WdQRXytd|ddd}Wntk rz|jdYnXWdtj |X|r|jd |jd |d SdS) Nz/usr/bin/gnutls-cliTwz(/usr/bin/gnutls-cli -l --priority $(cat z3 | sed 's/SYSTEM=//g' | tr --delete ' ') >/dev/null)shellz%/usr/bin/gnutls-cli: Execution failedz,There is an error in gnutls generated policyz Policy: %sF) osaccessX_OKrfdopenwriterrZeprintunlink)rconfigfdpathZretfrrr test_configs&    zGnuTLSGenerator.test_configN)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESrrrrrrrr classmethodrr+rrrrrs  Vr) subprocessrrZtempfilerr!Zconfiggeneratorrrrrrrs