PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB`  Vc@sddlZddlmZddlmZddlmZddlm Z m Z ddl j Z ddlmZddlmZddlmZejejd ejfd YZdS( iN(t sec_contexts(tmessage(t named_tuples(tRequirementFlagtIntEnumFlagSet(t_utils(tName(t CredentialstSecurityContextc BseZdZd d d d d d d d d d Zd d d d d d d d d d ZdZdZdZdZ dZ dZ e d Z d Zd Zd!ZejdZedZedZejd dZejd dZejddZejddZejddZeejdZejd dZdZ d dZ!dZ"RS("sA GSSAPI Security Context This class represents a GSSAPI security context that may be used with and/or returned by other GSSAPI methods. It inherits from the low-level GSSAPI :class:`~gssapi.raw.sec_contexts.SecurityContext` class, and thus may used with both low-level and high-level API methods. This class may be pickled and unpickled (the attached delegated credentials object will not be preserved, however). c Cs7|dk rtj|}ntt|j||S(N(tNonet rsec_contextstimport_sec_contexttsuperRt__new__( tclstbasettokentnametcredstlifetimetflagstmechtchannel_bindingstusage((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyR s c Csd |_|d kre|d kre| d k rc| d krWd} tj| ddn| |_nK|d k r|jdkr|j|_n!|d k rd|_n d|_|jdkr|d krtdn||_||_tt ||_ ||_ n?|d k s8|d k s8|d k s8|d k rGtdn||_ ||_ d |_nTy"|jr}d|_n d|_Wn/tjk rd } tj| ddnXd |_d S( s The constructor creates a new security context, but does not begin the initiate or accept process. If the `base` argument is used, an existing :class:`~gssapi.raw.sec_contexts.SecurityContext` object from the low-level API is converted into a high-level object. If the `token` argument is passed, the security context is imported using the token. Otherwise, a new security context is created. If the `usage` argument is not passed, the constructor will attempt to detect what the appropriate usage is based on either the existing security context (if `base` or `token` are used) or the argument set. For a security context of the `initiate` usage, the `name` argument must be used, and the `creds`, `mech`, `flags`, `lifetime`, and `channel_bindings` arguments may be used as well. For a security context of the `accept` usage, the `creds` and `channel_bindings` arguments may optionally be used. tinitiatetaccepts+Usage must be either 'initiate' or 'accept'tobjssecurity contexttbothsNYou must pass the 'name' argument when creating an initiating security contextsVYou must pass at most the 'creds' argument when creating an accepting security contexts7Cannot extract usage from a partially completed contextN(RR(R t _last_errtexcstUnknownUsageErrorRt TypeErrort _target_namet_mechRRt_desired_flagst_desired_lifetimet_channel_bindingst_credst_delegated_credstlocally_initiatedtMissingContextErrort _complete( tselfRRRRRRRRRtmsg((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyt__init__&sB                 cCstj||S(sBCalculate the signature for a message. This method calculates the signature (called a MIC) for the given message, which may be then used with :meth:`verify_signature` to confirm the validity of the signature. This is useful if you wish to transmit the message signature and message in your own format. Args: message (bytes): the input message Returns: bytes: the message signature Raises: ExpiredContextError MissingContextError BadQoPError (trmessagetget_mic(R*R((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyt get_signaturescCstj|||S(sVerify the signature for a message. This method verifies that a signature (generated by :meth:`get_signature` is valid for the given message. If the signature is valid, the method will return. Otherwise, it will raise an error. Args: message (bytes): the message mic (bytes): the signature to verify Raises: BadMICError: the signature was not valid InvalidTokenError DuplicateTokenError ExpiredTokenError TokenTooLateError TokenTooEarlyError ExpiredContextError MissingContextError (R-t verify_mic(R*Rtmic((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pytverify_signaturescCstj|||S(sWrap a message, optionally with encryption This wraps a message, signing it and optionally encrypting it. Args: message (bytes): the message to wrap encrypt (bool): whether or not to encrypt the message Returns: WrapResult: the wrapped message and details about it (e.g. whether encryption was used succesfully) Raises: ExpiredContextError MissingContextError BadQoPError (R-twrap(R*Rtencrypt((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyR3scCstj||S(saUnwrap a wrapped message. This method unwraps/unencrypts a wrapped message, verifying the signature along the way. Args: message (bytes): the message to unwrap/decrypt Returns: UnwrapResult: the unwrapped message and details about it (e.g. wheter encryption was used) Raises: InvalidTokenError BadMICError DuplicateTokenError ExpiredTokenError TokenTooLateError TokenTooEarlyError ExpiredContextError MissingContextError (R-tunwrap(R*R((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyR5scCs7|j|dt}|js0tjdn|jS(smEncrypt a message. This method wraps and encrypts a message, similarly to :meth:`wrap`. The difference is that encryption is always used, and the method will raise an exception if this is not possible. Additionally, this method simply returns the encrypted message directly. Args: message (bytes): the message to encrypt Returns: bytes: the encrypted message Raises: EncryptionNotUsed: the encryption could not be used ExpiredContextError MissingContextError BadQoPError R4s!Wrapped message was not encrypted(R3tTruet encryptedRtEncryptionNotUsedR(R*Rtres((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyR4s cCsK|j|}|j rD|jtj@rDtjdd|jn|jS(s"Decrypt a message. This method decrypts and unwraps a message, verifying the signature along the way, similarly to :meth:`unwrap`. The difference is that this method will raise an exception if encryption was established by the context and not used, and simply returns the decrypted message directly. Args: message (bytes): the encrypted message Returns: bytes: the decrypted message Raises: EncryptionNotUsed: encryption was expected, but not used InvalidTokenError BadMICError DuplicateTokenError ExpiredTokenError TokenTooLateError TokenTooEarlyError ExpiredContextError MissingContextError sTThe context was established with encryption, but unwrapped message was not encryptedtunwrapped_message(R5R7t actual_flagsRtconfidentialityRR8R(R*RR9((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pytdecrypts   cCstj|||S(s.Calculate the maximum message size for a given wrapped message size. This method calculates the maximum input message size for a given maximum wrapped/encrypted message size. Args: desired_output_size (int): the maximum output message size encrypted (bool): whether or not encryption should be taken into account Returns: int: the maximum input message size Raises: MissingContextError ExpiredContextError BadQoPError (R-twrap_size_limit(R*tdesired_output_sizeR7((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pytget_wrap_size_limit,s cCstj||dS(scProcess an output token asynchronously. This method processes an output token even when the security context was not expecting it. Warning: This method is deprecated. Args: token (bytes): the token to process Raises: InvalidTokenError MissingContextError N(R tprocess_context_token(R*R((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pyt process_tokenDscCs tj|S(sBExport a security context. This method exports a security context, allowing it to be passed between processes. Returns: bytes: the exported security context Raises: ExpiredContextError MissingContextError OperationUnavailableError (R texport_sec_context(R*((s9/usr/lib64/python2.7/site-packages/gssapi/sec_contexts.pytexportWstinitiator_namet target_nameRRRt locally_inittcompletec Ks|st}nt}x'|jD]}|j||||s