U af@sddlmZmZmZmZddlZddlZddlZddlm Z ddl m Z m Z m Z mZmZmZmZmZmZmZddlmZmZmZmZddlmZd d gZd d Zdd d ZddZdS))unicode_literalsdivisionabsolute_importprint_functionN) Certificate) array_from_pointerbuffer_from_bytesbytes_from_buffercastderefis_nullnewnullstruct_from_bufferunwrap)crypt32 Crypt32Const get_error handle_error)str_clsextract_from_system system_pathcCsdS)NrrrI/opt/nydus/tmp/pip-target-53d1vnqk/lib/python/oscrypto/_win/trust_list.pyrsFc! Cs:i}i}tj}dD]}tt|}t|t}t||}t|rPqt|}d} d} d} |j t j krrq8t |j t|j} t| } | |krq8d|| <t|j} t| j} z0tj| }||kr|r|t| dWq8Wnttfk rYnXt| j}z4tj|}||kr@|r<|t| dWq8Wnbttfk r}z>|dkr|jddt|}|f|jd d|_|W5d}~XYnXt}t}ttd d}t |t j!t|}t"\}}|s|t j#krt||t j#krd} nt$t%|}t |t j!t&td ||}t|t'td |}t|}|j(dkrl|r8|t| d q8t)td|j*|j(}|D]}|+|,dqd}| st| }|j-r|j-D] }|j.}||kr|+|q|r|s|dkrt| }||d| ||f|| <q8t/|d} t| d}q|0S)a Extracts trusted CA certificates from the Windows certificate store :param cert_callback: A callback that is called once for each certificate in the trust store. It should accept two parameters: an asn1crypto.x509.Certificate object, and a reason. The reason will be None if the certificate is being exported, otherwise it will be a unicode string of the reason it won't. :param callback_only_on_failure: A boolean - if the callback should only be called when a certificate is not exported. :raises: OSError - when an error is returned by the OS crypto library :return: A list of 3-element tuples: - 0: a byte string of a DER-encoded certificate - 1: a set of unicode strings that are OIDs of purposes to trust the certificate for - 2: a set of unicode strings that are OIDs of purposes to reject the certificate for )ROOTCAFNTz not yet validzno longer validrz - rzDWORD *zCERT_ENHKEY_USAGE *ZCERT_ENHKEY_USAGEzexplicitly distrustedZLPCSTRascii)1datetimeutcnowrZCertOpenSystemStoreWrrZCertEnumCertificatesInStorer rZdwCertEncodingTyperZX509_ASN_ENCODINGr Z pbCertEncodedintZ cbCertEncodedhashlibsha1digestZ pCertInfo_convert_filetime_to_timestampZ NotBefore fromtimestamprload ValueErrorOSErrorZNotAfterargsrsetrZCertGetEnhancedKeyUsageZ%CERT_FIND_PROP_ONLY_ENHKEY_USAGE_FLAGrZCRYPT_E_NOT_FOUNDr r r rZcUsageIdentifierrZrgpszUsageIdentifieradddecodeZextended_key_usage_valueZdottedZCertCloseStorevalues)!Z cert_callbackZcallback_only_on_failureZ certificates processednowstoreZ store_handleZcontext_pointercontextZ trust_alldatar$Z cert_infoZnot_before_secondsZ not_beforeZnot_after_secondsZ not_afteremessageZ trust_oidsZ reject_oidsZto_readresZ error_code_Z usage_bufferZkey_usage_pointerZ key_usageZoidsoidcertZcert_oidresultrrrr#s                          cCs.tdtd|j|jd}|d}|dS)a Windows returns times as 64-bit unsigned longs that are the number of hundreds of nanoseconds since Jan 1 1601. This converts it to a datetime object. :param filetime: A FILETIME struct object :return: An integer unix timestamp s>Qs>LLril!l )structunpackpackZdwHighDateTimeZ dwLowDateTime)ZfiletimeZhundreds_nano_secondsZseconds_since_1601rrrr%s r%)NF) __future__rrrrrr"r;Z_asn1rZ_ffirr r r r r rrrrZ_crypt32rrrr_typesr__all__rrr%rrrrs 0   *