3 ."d@sDddlmZmZddlmZddlZddlmZGdddeZdS))callCalledProcessError)mkstempN)ConfigGeneratorc@seZdZdZdddhZdZddddddd d d d d d ZddddddddZdddddddddddddd Zddddddddddddd Z ddddd Z ddddd!Z e d"d#Z e d$d%Ze d&d'Ze d(d)Zd*S)+LibreswanGeneratorZ libreswanZipsecZikez5systemctl try-restart ipsec.service 2>/dev/null || : Zdh19Zdh20Zdh21Zdh5Zdh14Zdh15Zdh16Zdh18) ZX448ZX25519Z SECP256R1Z SECP384R1Z SECP521R1z FFDHE-6144z FFDHE-1536z FFDHE-2048z FFDHE-3072z FFDHE-4096z FFDHE-8192Zaes256Zaes192Zaes128Z aes_gcm256Z aes_gcm192Z aes_gcm128Zchacha20_poly1305)z AES-256-CBCz AES-192-CBCz AES-128-CBCz AES-256-GCMz AES-192-GCMz AES-128-GCMzCHACHA20-POLY1305Zsha2_512Zsha2_256) zAES-256-CBC-HMAC-SHA2-512zAES-256-CBC-HMAC-SHA2-256zAES-192-CBC-HMAC-SHA2-512zAES-192-CBC-HMAC-SHA2-256zAES-128-CBC-HMAC-SHA2-256zAES-256-GCM-HMAC-SHA2-512zAES-256-GCM-HMAC-SHA2-256zAES-192-GCM-HMAC-SHA2-512zAES-192-GCM-HMAC-SHA2-256zAES-128-GCM-HMAC-SHA2-512zAES-128-GCM-HMAC-SHA2-256zCHACHA20-POLY1305-HMAC-SHA2-512zCHACHA20-POLY1305-HMAC-SHA2-256Zsha1) zAES-256-CBC-HMAC-SHA2-512zAES-192-CBC-HMAC-SHA2-512zAES-256-CBC-HMAC-SHA2-256zAES-192-CBC-HMAC-SHA2-256zAES-128-CBC-HMAC-SHA2-256zAES-256-CBC-HMAC-SHA1zAES-192-CBC-HMAC-SHA1zAES-128-CBC-HMAC-SHA1zAES-256-GCM-AEADzAES-192-GCM-AEADzAES-128-GCM-AEADzCHACHA20-POLY1305-AEADrr)AEADz HMAC-SHA2-512z HMAC-SHA2-256z HMAC-SHA1)r z HMAC-SHA2-512z HMAC-SHA1z HMAC-SHA2-256cCs||jkrdS|j|S)Nc)mac_ike_prio_map)clskeyr@./usr/share/crypto-policies/python/policygenerators/libreswan.pyZ__get_ike_priobs z!LibreswanGenerator.__get_ike_priocCs||jkrdS|j|S)Nr )mac_esp_prio_map)rrrrrZ__get_esp_priohs z!LibreswanGenerator.__get_esp_priocCsd}d}|j}d}|d}d|kr(d}n d|kr4d}|rH|d |d 7}|d 7}t|d |jd }d}x|dD]} y|j| } Wntk rwrYnX| d} d}xH|D]@} y|j| d| } Wntk rwYnX|j|| d}qW|sqr| |7} d}xJ|dD]>}y|j|}Wntk r:wYnX|j||d}qW|j| |d} |j|| |}qrW|r|d|d 7}t|d |jd }d}x|dD]} y|j| } Wntk rwYnX| d} d}xZ|D]R} y|j | d| } Wntk rwYnX| s(| } P|j|| d}qW| |7} | dddkrZq|j|| |}qW|r|d|d 7}|S)Nzconn %default ,rZprotocolZIKEv2z ikev2=insistZIKEv1z ikev2=never  z pfs=yes mac)rcipher-+groupz ike=rz esp=) Zenabledsorted!_LibreswanGenerator__get_ike_prio cipher_mapKeyErrorcipher_prf_mapappend group_map!_LibreswanGenerator__get_esp_priocipher_mac_map)rZpolicyZcfgseppsprotoZ sorted_macsZtmprcmZcomborZmmirrrrgenerate_configns      z"LibreswanGenerator.generate_configcCstjdtjsdSt\}}d}z^tj|d}|j|WdQRXytd|ddd}Wntk rz|jdYnXWdtj |X|r|jd |jd |d SdS) Nz/usr/sbin/ipsecTwz'/usr/sbin/ipsec readwriteconf --config z >/dev/null)shellz!/usr/sbin/ipsec: Execution failedz/There is an error in libreswan generated policyz Policy: %sF) osaccessX_OKrfdopenwriterrZeprintunlink)rconfigfdpathZretfrrr test_configs&    zLibreswanGenerator.test_configN)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESZ RELOAD_CMDr"rr r$r r classmethodrr#r+r9rrrrrst    Pr) subprocessrrZtempfilerr/Zconfiggeneratorrrrrrrs