hE"ddlZddlZddlZddlmZddlmZddlmZmZmZm Z m Z m Z m Z m Z mZmZddlmZmZmZmZmZmZmZmZmZmZddlmZmZddlmZeZeZ eZ!Gd d eZ"ee"Z#ee#Z$Gd d eZ%ee%Z&Gd deZ'GddeZ(eree(Z)nee(Z)GddeZ*GddeZ+ee+Z,GddeZ-ee-Z.GddeZ/ee/Z0ee0Z1GddeZ2GddeZ3ee3Z4GddeZ5ee5Z6Gdd eZ7ee7Z8eeZ9dZ:d!Z;d"Zed$Z?d%Z@d&ZAd'ZBd(ZCd)ZDd*ZEd+ZFd,ZGd-ZHd.ZId/ZJd#ZKd0ZLd1ZMd2ZNeBeCzeDzeEzeFzeGzeHzeIzeJzZOed3ZPed4ZQd5eRd6ed7ed8efd9ZSePjZTe8e9feT_UeSeT_VePjZWeee!ee feW_Ue eW_XeSeW_VePjZYe eeeee$feY_UeeY_XePjZZeeefeZ_Ue#eZ_XeSeZ_VePjZ[ee#ee e)ee e1fe[_Uee[_XeSe[_VePjZ\e e0e4e6fe\_Uee\_XePjZ]e efe]_Uee]_XeSe]_VePjZ^e0fe^_UePjZ_e#fe__UePjZ`efe`_UeQjZaeeeeeee fea_Ueea_X dHd:ejd;eceddedzd?e d@e dAe)dKK#  '&' D -q1  &| 4 5++  3>2J2J 3K3O &1#'.$"'$/33&%& 2 -q1  &| 4 sHDG6E##G6F> FF>F55F>9G>GGG" hChainEnginerpPeerCertContextrrc .d} tt}t||d|||d||j}t } t | | _t| _d| _ |rt|| _ t} tt| t| _|j t"j$k(r| xj&t(zc_|j*s| xj&t,zc_t | | _t| } t/} t | | _t| } t1t2|| | | j4}|rt7d}t9t:t<zd|d|t |d}|dkrd|dd| j>d}n|j@jC}t#jD|}||_#||_$|d |rtK|jyy#|rtK|jwwxYw)NrizCertificate chain policy error z#xz [])&rPCERT_CHAIN_CONTEXTCertGetCertificateChaincontentsr]rr7AUTHTYPE_SERVERr^r_r r`rbr r rd verify_moder CERT_NONErc(CERT_CHAIN_POLICY_VERIFY_MODE_NONE_FLAGScheck_hostname*CERT_CHAIN_POLICY_IGNORE_INVALID_NAME_FLAGrf CertVerifyCertificateChainPolicyCERT_CHAIN_POLICY_SSLrgr FormatMessageWFORMAT_MESSAGE_FROM_SYSTEMFORMAT_MESSAGE_IGNORE_INSERTSrivaluestriprverify_message verify_codeCertFreeCertificateChain)rrrrrrrppChainContext pChainContext ssl_extra_cert_chain_policy_para chain_policy pPolicyPara policy_status pPolicyStatus error_codeerror_message_buferror_message_chars error_messageerrs r,rrsNK> !4!67    "     '// ,L+M(28 ,3 (/7F(356(2 >G>X , ;-/ )- 4 5x* &  " "cmm 3  $L L ))  $N N $\2 l+ 02 %m4  . ( !     #**  5d ; "0*-JJ!()# #a'"A*RPRS`SnSnRoop q 1 7 7 = = ? ..}=C!.C (CO4 1 4  $^%<%< = > $^%<%< = s GG::Hrc d}ttdddd} |D]*} t|ttz| t | t d,t} t| | _ || _ t| } tt} t| | | j}t||||||||r t!|t#|dy#|r t!|t#|dwxYw)Nr)rrrrrrrrlrr7rtrHCERTCHAINENGINE CertCreateCertificateChainEnginerrCertFreeCertificateChainEnginer) rrrrrrrrhRootCertStorercert_chain_engine_configpConfig phChainEngines r,rrsL"#91dAtLN&*)J ,!$77J+  *$<#= *01I*J '2@ /23 0 23 (   %--  #   "       *< 8~q)  *< 8~q)s BCC#ctxc#K|j}|j}d|_t|tj d||_t||y#||_t||wxYww)NF)rrrrr)rrrs r,_configure_contextr*s_''N//KC cmm47 +$S+6,$S+6s:A-AA-A**A-r)m contextlibrtypingctypesrrrrrr r r r r rrctypes.wintypesrrrrrrrrrrrr_ssl_constantsrrr(HCRYPTPROV_LEGACYrrLPCCERT_CONTEXTr.rMr2r6PCERT_CHAIN_PARArArErTrOr[rVrPCCERT_CHAIN_CONTEXTr]rbPCERT_CHAIN_POLICY_PARArfPCERT_CHAIN_POLICY_STATUSrlPCERT_CHAIN_ENGINE_CONFIGPHCERTCHAINENGINErrrrUSAGE_MATCH_TYPE_ORrrr1CERT_CHAIN_POLICY_IGNORE_ALL_NOT_TIME_VALID_FLAGS7CERT_CHAIN_POLICY_IGNORE_INVALID_BASIC_CONSTRAINTS_FLAG'CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAGr)CERT_CHAIN_POLICY_IGNORE_WRONG_USAGE_FLAG,CERT_CHAIN_POLICY_IGNORE_INVALID_POLICY_FLAG.CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGS%CERT_CHAIN_POLICY_ALLOW_TESTROOT_FLAG%CERT_CHAIN_POLICY_TRUST_TESTROOT_FLAGrrrrrwincryptkernel32boolrrargtypeserrcheckrrestyperrrrrrrrr SSLContextlistbytesstrrintrrcontextmanagerIteratorrr*r+r,rs       &8  9 % ' ./y i //   01  ./  0123yY""89y$$<=y$$$<=,- ""#78'1$$.!4>1:D7*4'-7*,6)/9,1;.(2%(2%' *6=>-.110 0 3 3 5 5,,,,) -  . !ds##$,#L#L - )-> )&&  %):E8L " * #+#L#L      - ),0 ('DD).%(@%'4$(9%"::   $ #'#4 #+#L#L   - ) ,0 (((%u-+#<<%8$:!%@@'4&6#!)!H!H+;*='((        #'Y5Y5U Y54ZY5 Y5xU>U>"T)U>'U> U> ! U> 4Z U>U> U>p1*1*%[1*'1* 1* ! 1* 4Z 1*1* 1*h  7CNN 7vt/D 7 7r+