Ñò >ìˆUc @s¡ddkZddkZddkZddkZddkZddkiiZ ddk i Z ddk i Z ddkZdZd Zdeifd„ƒYZdS( iÿÿÿÿNtsha256tsha384tsha512trsatSignatureActioncBs#eZdZdddddgZdZdZeieZd„Z e d „ƒZ d „Z e d „ƒZd „Zd „Zd„Zd„Zd„Zd„Zd„Zd„Zed„Zed„Zd„Ze d„ƒZdd„Zdeidd„Z d„Z!d„Z"dd„Z#RS(s7Class representing the signature-type packaging object.thashthash_algtsig_algt cert_identtchain_cert_openerst signaturetvaluecKs×tii|||d|_g|_y&|i|idƒ\|_|_ Wn4t j o(t i i t|ƒtdƒƒ‚nXd|ijod|idti D]/} || odi(|| ƒ|i| R?R@RR1tDEFAULT_HASH_ATTRSt HASH_ALGStupdateRRCR4R)tbasenametshutiltrmtreeRER2R3R]t enumerateR RAR8RDRItsig_str(RtaRttmp_atsizettmp_dirRSRTthashesRRWRXRPtcsizest chain_hashest chain_chashestsizestiRdRU((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pyRuÉsŒ   #                      cs0ditd„‡‡fd†|DƒDƒƒƒS(sdTransforms a collection of actions into a string that is used to sign those actions.s css*x#|]}|dj o |VqqWdS(N(R(t.0Rv((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pys 7s c3s%x|]}|iˆˆƒVqWdS(N(Ru(R€tb(RR(s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pys 8s (RItsorted(RtactsR((RRs;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pytactions_to_str0s cCsati|dtiƒ\}}}|pdSx-|iƒD]}|i|dtd|ƒq:WdS(sRRetrieve the chain certificates needed to validate this signature.t hash_typeNt only_retrievet hash_func(R1tget_least_preferred_hashtCHAINR]tget_cert_by_hashR(Rtpubt chain_attrRVR‡Rd((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pytretrieve_chain_certs;s  cCsc|o%ti|dtiƒ\}}}n"ti|dtiƒ\}}}|pgS|iƒS(s<Return a list of the chain certificates needed to validate this signature. When retrieving the content from the repository, we use the "least preferred" hash for backwards compatibility, but when verifying the content, we use the "most preferred" hash.R…(R1RˆR‰tget_preferred_hashR](Rtleast_preferredRŒRVR‡((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pytget_chain_certsIs  cCsc|o%ti|dtiƒ\}}}n"ti|dtiƒ\}}}|pgS|iƒS(sZReturn a list of the chain certificates needed to validate this signature.R…(R1Rˆt CHAIN_CHASHRŽR](RRtchain_chash_attrtchain_chash_valR‡((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pytget_chain_certs_chashes\s  cCs|idj o |iƒ S(sãReturns True if this action is signed using a key, instead of simply being a hash. Since variant tagged signature actions are not handled yet, it also returns False in that case.N(RRtget_variant_template(R((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pyt is_signedlscCswxGtD]?}x6tD].}d||f}||jo ||fSqWqWx&tD]}||jo d|fSqQWdS(s6Split the sig_alg attribute up in to something useful.s%s-%sN(NN(tvalid_sig_algstvalid_hash_algsR(tvalR`thtt((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pyRts  c CsCt|idƒ}|iƒp|tiijp |i odSt|ƒ}|i djo°|i djpt ‚t i i|iƒ}|i|i||ƒƒ}|djpt d|‚|iƒ} ti|idƒ| jo ti|tdƒ|ƒ‚ntS|i djodSti|ƒ\} } } |i| dtd| ƒ} |i|ƒy6dd kl}|i| |d |d |d |ƒWn$tij o}||_ ‚nX| i!d |iƒ}|i"ƒ|i#|i||ƒƒ|i$ti|idƒƒ}|p ti|tdƒ|ƒ‚ntS(sTry to verify this signature. It can return True or None. None means we didn't know how to verify this signature. If we do know how to verify the signature but it doesn't verify, then an exception is raised. The 'acts' parameter is the iterable of actions against which to verify the signature. The 'pub' parameter is the publisher that published the package this action signed. The 'trust_anchors' parameter contains the trust anchors to use when verifying the signature. The 'required_names' parameter is a set of strings that must be seen as a CN in the chain of trust for the certificate.Ris$Res was expected to be 1, but was %sR s@The signature value did not match the expected value. action: %st verify_hashR‡iÿÿÿÿ(tCODE_SIGNING_USEitrequired_namestusagestmds=The signature value did not match the expected value. Res: %sN(%R^RR•RRRRRRFRRtAssertionErrortm2tEVPt MessageDigestRpR„tfinalR?t hex_to_binaryRitUnverifiedSignatureRRR1RˆRŠRtpkg.client.publisherRt verify_chaintSigningExceptiontactt get_pubkeyt verify_initt verify_updatet verify_final(RRƒR‹t trust_anchorstuse_crlsRžtvertdgstR_t computed_hashRPthash_valR‡tcertRRRtpub_key((s;/usr/lib/python2.6/vendor-packages/pkg/actions/signature.pyt verify_sig‚sT              c Cs‡t|ƒ}|djoˆ|idjpt‚tii|iƒ}|i|i |t i i ƒƒ}|djptd|‚t i|iƒƒ|ids