a àMÒeã@s‚ddlZddlZddlmZddlZddlZddlZddlZddl Zddl Zej   d¡Z Gdd„dƒZdd„Zdd „Zd d „ZdS) éN)Úurlparsez_dns.resolver.arpac@s6eZdZdd„Zdd„Zdd„Zdd„Zd d d „Zd S) Ú _SVCBInfocCs||_||_||_||_dS©N)Úbootstrap_addressÚportÚhostnameÚ nameservers)Úselfrrrr©r ú,/usr/lib/python3.9/site-packages/dns/_ddr.pyÚ__init__sz_SVCBInfo.__init__cCs.|dD] \}}|dkr||jkrdSqdS)zIVerify that the _SVCBInfo's address is in the cert's subjectAltName (SAN)ZsubjectAltNamez IP AddressTF)r)r ÚcertÚnameÚvaluer r r Úddr_check_certificate!sz_SVCBInfo.ddr_check_certificatecCstjj}| ¡}|jj|_|Sr)ÚdnsÚqueryÚsslZcreate_default_contextZ TLSVersionZTLSv1_2Zminimum_version)r rÚctxr r r Úmake_tls_context(s z_SVCBInfo.make_tls_contextc Cs¶| ¡}t ¡|}t |j|jf|¡z}|j||jdJ}| t j   |¡¡|  ¡|  ¡}| |¡WdƒWdƒS1sŠ0YWdƒn1s¨0YdS)N)Zserver_hostname)rÚtimeÚsocketZcreate_connectionrrZ wrap_socketrZ settimeoutrrÚ _remainingZ do_handshakeÚ getpeercertr)r ÚlifetimerÚ expirationÚsÚtsr r r r Úddr_tls_check_sync.s  ÿz_SVCBInfo.ddr_tls_check_syncNc Ãs´|durtj ¡}| ¡}t ¡|}| tj |j¡t j dd|j|j f|||j ¡IdH4IdHš8}|  tj |¡¡IdH}| |¡WdƒIdHS1IdHs¦0YdS)Nr)rZ asyncbackendZget_default_backendrrZ make_socketÚinetZaf_for_addressrrZ SOCK_STREAMrrrrrr)r rZbackendrrrr r r r Úddr_tls_check_async:s"    ø z_SVCBInfo.ddr_tls_check_async)N)Ú__name__Ú __module__Ú __qualname__r rrrr r r r r rs  rc Cs¼|j}tj |¡sgSg}|j ¡D]}g}|j tjj j j ¡}|durLq$t |j ƒ}|jjdd}d}|j tjj j j¡}|durŠ|j}d|vr8|j tjj j j¡}|dus$|j d¡s¾q$|jdd… ¡} |  d¡sâd| } |durîd}d|›d |›| ›} z t| ƒ| tj | |¡¡Wnty6Yn0d |vrf|durPd }| tj |||¡¡d |vr–|dur~d }| tj ||d|¡¡t|ƒd kr$| t||||ƒ¡q$|S)NT)Zomit_final_dotsh2s{?dns}iúÿÿÿú/i»zhttps://ú:sdotiUsdoqr)Z nameserverrrZ is_addressZrrsetZprocessing_orderÚparamsÚgetZrdtypesZsvcbbaseZParamKeyZALPNÚsetZidsÚtargetZto_textZPORTrZDOHPATHrÚendswithÚdecodeÚ startswithrÚappendZ DoHNameserverÚ ExceptionZ DoTNameserverZ DoQNameserverÚlenr) ÚanswerrÚinfosZrrrZparamZalpnsÚhostrÚpathÚurlr r r Ú_extract_nameservers_from_svcbMsZ      ÿ  ÿ r5c CsHg}t|ƒ}|D]2}z| |¡r,| |j¡Wqty@Yq0q|S)úVReturn a list of TLS-validated resolver nameservers extracted from an SVCB answer.)r5rÚextendrr.©r0rrr1Úinfor r r Ú_get_nameservers_syncs  r:c ÃsNg}t|ƒ}|D]8}z | |¡IdHr2| |j¡WqtyFYq0q|S)r6N)r5r r7rr.r8r r r Ú_get_nameservers_asyncs r;)rrÚ urllib.parserZdns.asyncbackendrZdns.inetZdns.nameZdns.nameserverZ dns.queryZdns.rdtypes.svcbbaserZ from_textZ_local_resolver_namerr5r:r;r r r r Ús  34