hIF>ddlZddlZddlZddlmZddlmZddlmZmZmZm Z m Z m Z m Z m Z mZmZddlmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZeZeZ eZ!Gd d eZ"ee"Z#ee#Z$Gd d eZ%ee%Z&Gd deZ'GddeZ(er ee(Z)n ee(Z)GddeZ*GddeZ+ee+Z,GddeZ-ee-Z.GddeZ/ee/Z0ee0Z1GddeZ2GddeZ3ee3Z4GddeZ5ee5Z6Gdd eZ7ee7Z8eeZ9dZ:d!Z;d"Zed$Z?d%Z@d&ZAd'ZBd(ZCd)ZDd*ZEd+ZFd,ZGd-ZHd.ZId/ZJd0ZKd#ZLd1ZMd0ZNd2ZOeBeCzeDzeEzeFzeGzeHzeIzeJzZPed3ZQed4ZRd5eSd6ed7ed8efd9ZTeQjUZUe8e9feU_VeTeU_WeQjXZXeee!ee feX_Ve eX_YeTeX_WeQjZZZe eeeee$feZ_VeeZ_YeQj[Z[eeefe[_Ve#e[_YeTe[_WeQj\Z\ee#ee e)ee e1fe\_Vee\_YeTe\_WeQj]Z]e e0e4e6fe]_Vee]_YeQj^Z^e efe^_Vee^_YeTe^_WeQj_Z_e0fe__VeQj`Z`e#fe`_VeQjaZaefea_VeRjbZbeeeeeee feb_Veeb_Y dHd:ejcd;edeededzd?e d@e dAe)dKKK#  '&'     +    3>2J2J 3K33O  &1#'.$"'$/3&&&%& 2 -q111  5 &| 4 4 4 4 4 5 5 -q111  5 &| 4 4 4 4 5sND+G=E54G=5GGF43G4GG G=GG==$H! hChainEnginerpPeerCertContextrrc pd} tt}t||d|||d||j}t } t | | _t| _d| _ |j dur t| _ |rt|| _ t} tt| t | _|jt&jkr| xjt,zc_t | | _t| } t/} t | | _t| } t1t2|| | | j}|rt7d}t9t:t<zd|d|t |d}|dkrd|dd| jd}n|j !}t'j"|}||_#||_$|d |rtK|jdSdS#|rtK|jwwxYw)NrFizCertificate chain policy error z#xz [])&rPCERT_CHAIN_CONTEXTCertGetCertificateChaincontentsr]rr7AUTHTYPE_SERVERr^r_check_hostname$SECURITY_FLAG_IGNORE_CERT_CN_INVALIDr r`rbr r rd verify_moder CERT_NONErc(CERT_CHAIN_POLICY_VERIFY_MODE_NONE_FLAGSrf CertVerifyCertificateChainPolicyCERT_CHAIN_POLICY_SSLrgr FormatMessageWFORMAT_MESSAGE_FROM_SYSTEMFORMAT_MESSAGE_IGNORE_INSERTSrivaluestriprverify_message verify_codeCertFreeCertificateChain)rrrrrrrppChainContext pChainContext ssl_extra_cert_chain_policy_para chain_policy pPolicyPara policy_status pPolicyStatus error_codeerror_message_buferror_message_chars error_messageerrs r,rrsNM> !4!6!677    "     '/ ,L+M+M(28 ,3 3 (/7F(356(2  % . .4 - 6  Y>G>X>X , ;-// )- 4 5 5x* * &  "cm 3 3  $L L $\22 l++ 022 %m44  .. ( !       #*  5d ; ; "0*-JJ!())## #a'' q* q q qS`Sn q q q 1 7 = = ? ? .}==C!.C (CO4 1 4  > $^%< = = = = = > >> > $^%< = = = = >s G=HH5rc 8d}ttdddd} |D]5} t|ttz| t | t d6t} t| | _ || _ t| } tt} t| | | j}t||||||||rt!|t#|ddS#|rt!|t#|dwxYw)Nr)rrrrrrrrlrr7rtrHCERTCHAINENGINE CertCreateCertificateChainEnginerrCertFreeCertificateChainEnginer) rrrrrrrrhRootCertStorercert_chain_engine_configpConfig phChainEngines r,rrs[L"#91dAtLLN&*)  J ,!$77J+     $<#=#= *01I*J*J '2@ /233 0 2 233 (     %-  #   "         9 *< 8 8 8~q)))))  9 *< 8 8 8~q))))s B7C66#Dctxc#K|j}|j}d|_t|tj dV||_t||dS#||_t||wxYw)NF)rrrrr)rrrs r,_configure_contextr-s|'N/KC cm4447 +$S+66666,$S+6666s AA)r)n contextlibrtypingctypesrrrrrr r r r r rrctypes.wintypesrrrrrrrrrrrr_ssl_constantsrrr(HCRYPTPROV_LEGACYrrLPCCERT_CONTEXTr.rMr2r6PCERT_CHAIN_PARArArErTrOr[rVrPCCERT_CHAIN_CONTEXTr]rbPCERT_CHAIN_POLICY_PARArfPCERT_CHAIN_POLICY_STATUSrlPCERT_CHAIN_ENGINE_CONFIGPHCERTCHAINENGINErrrrUSAGE_MATCH_TYPE_ORrrr1CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS7CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG'CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAG*CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAG)CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG,CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG.CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS%CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG%CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAGrrrrrrwincryptkernel32boolrrargtypeserrcheckrrestyperrrrrrrrr SSLContextlistbytesstrrintrrcontextmanagerIteratorrr*r+r,rs                                                 &%%%%%%%888888  9 %% '' W.//y     i   0/w//         g011        W.//        g011w233yY"'"899y$G$<==y$$G$<==G,-- ""(#788'1$$.!4>1:D7*4'-7*,6)/9,1;.(2%(2%'1$' *6=>-.110 0 3 3 5 5,,,,) 6-  6. ! !ds##$,#L - )-> )&  %):E8L " * #+#L      - ),0 ('D).%(@%'4$(9%":   $ #'#4 #+#L   - ) ,0 ((%u-+#<%8$:!%@'4&6#!)!H+;*='(        #'Y5Y5Y5U Y54ZY5 Y5Y5Y5Y5xW>W>"T)W>'W> W> ! W> 4Z W>W> W>W>W>W>t1*1*%[1*'1* 1* ! 1* 4Z 1*1* 1*1*1*1*h  7CN 7vt/D 7 7 7 7 7 7r+