3 ."d$@sTddlmZmZddlmZddlZddlZddlZddlm Z Gddde Z dS))callCalledProcessError)mkstempN)ConfigGeneratorc@seZdZdZdddhZdddddd d Zd d d dddddddd ZddddddZdddddddddddddddd d!Zdddd"d#d$d%d&d'd( Z d)d*d+d,d-d.d/d0Z d1d2d3d4d5Z e d6d7Z e d8d9Zd:S); NSSGeneratorZnssZtlsZsslz HMAC-SHA1zHMAC-MD5z HMAC-SHA256z HMAC-SHA384z HMAC-SHA512)ZAEADz HMAC-SHA1zHMAC-MD5z HMAC-SHA2-256z HMAC-SHA2-384z HMAC-SHA2-512SHA1MD5ZSHA224ZSHA256ZSHA384ZSHA512) r r zSHA2-224zSHA2-256zSHA2-384zSHA2-512zSHA3-256zSHA3-384zSHA3-512ZGOSTZ CURVE25519 SECP256R1 SECP384R1 SECP521R1)ZX25519ZX448r r r Zrc2Zrc4z aes256-gcmz aes128-gcmz aes256-cbcz aes128-cbczcamellia256-cbczcamellia128-cbczchacha20-poly1305z des-ede3-cbc)z AES-256-CTRz AES-128-CTRzRC2-CBCzRC4-128z AES-256-GCMz AES-128-GCMz AES-256-CBCz AES-128-CBCzCAMELLIA-256-CBCzCAMELLIA-128-CBCzCAMELLIA-256-GCMzCAMELLIA-128-GCMz AES-256-CCMz AES-128-CCMzCHACHA20-POLY1305z3DES-CBCRSAzDHE-RSAzDHE-DSSzECDHE-RSA:ECDHE-ECDSAzECDH-RSA:ECDH-ECDSAz DH-RSA:DH-DSS) ZPSKzDHE-PSKz ECDHE-PSKrzDHE-RSAzDHE-DSSZECDHEZECDHZDHzssl3.0ztls1.0ztls1.1ztls1.2ztls1.3zdtls1.0zdtls1.2)zSSL3.0zTLS1.0zTLS1.1zTLS1.2zTLS1.3zDTLS1.0zDTLS1.2zRSA-PSSzRSA-PKCSZECDSADSA)zRSA-PSS-zRSA-zECDSA-zDSA-c Cs|j}d}|d7}|d7}|d7}d}x<|dD]0}y|j||j|}Wq0tk r^Yq0Xq0Wx<|dD]0}y|j||j|}Wqntk rYqnXqnWx<|dD]0}y|j||j|}Wqtk rYqXqWx>|d D]2}y|j||j|}Wqtk rYqXqWx@|d D]4}y|j||j|}Wntk rZYnXq*Wd d |d D}|r|j|d}t}xZ|d D]N}xF|j j D]8\}} |j |r| |kr|j | |j|| }PqWqW|j r|j|j } |j|d| }n |j|d}|jr@|j|j} |j|d| }n |j|d}|j|dt|jd}|j|dt|jd}|j|dt|jd}||d7}|S)Nz library= z name=Policy zNSS=flags=policyOnly,moduleDB zconfig="disallow=ALL allow=rZmacgroupZcipherhashZ key_exchangecSsg|]}|jddkr|qS)zDSA-r)find).0ir:./usr/share/crypto-policies/python/policygenerators/nss.py sz0NSSGenerator.generate_config..Zsignrztls-version-min=ztls-version-min=0zdtls-version-min=zdtls-version-min=0zDH-MIN=Z min_dh_sizezDSA-MIN=Z min_dsa_sizezRSA-MIN=Z min_rsa_sizez" )Zenabledappendmac_mapKeyError curve_map cipher_maphash_mapkey_exchange_mapsetsign_prefix_ordmapitems startswithaddZmin_tls_version protocol_mapZmin_dtls_versionstrZintegers) clsZpolicypZcfgsrZdsaZenabled_sigalgsprefixZsigalgZminverrrrgenerate_configdsn               zNSSGenerator.generate_configc Csy2tjjd}tj|}|jds0|jddSWntk rP|jdYnXtjdtj sddSt \}}d}z^tj |d}|j |WdQRXyt d |d dd }Wntk r|jd YnXWdtj|X|r|jd |jd|dSdS)NZnss3s3.66z:Skipping nss-policy-check due to nss being older than 3.66Tz(Cannot determine nss version with ctypesz/usr/bin/nss-policy-checkwz/usr/bin/nss-policy-check z >/dev/null)shellz+/usr/bin/nss-policy-check: Execution failedz)There is an error in NSS generated policyz Policy: %sF)ctypesutilZ find_libraryZCDLLZNSS_VersionCheckZeprintAttributeErrorosaccessX_OKrfdopenwriterrunlink)r&configZnss_pathZnss_libfdpathZretfrrr test_configs6        zNSSGenerator.test_configN)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESrrrrrr$r classmethodr*r;rrrrrsz  Hr) subprocessrrZtempfilerr.Z ctypes.utilr1Zconfiggeneratorrrrrrrs