o 9BiO@sdZddlmZddlZddlZddlmZmZm Z ddl m Z ddl m Z ddlmZmZmZmZddlmZdd lmZmZmZdd lmZdd lmZmZmZdd lm Z dd l!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,e$Z-d,ddZ.d-ddZ/GdddZ0eeGddde0Z1eeGd d!d!Z2d.d$d%Z3eeGd&d'd'e0e,Z4Gd(d)d)Z5Gd*d+d+Z6dS)/zE An implementation of the OpenSSH known_hosts database. @since: 8.2 ) annotationsN)Error a2b_base64 b2a_base64)closing)sha1)IOCallableIterableLiteral) implementer)HostKeyChanged InvalidEntryUserRejectedKey)IKnownHostEntry) BadKeyErrorFingerprintFormatsKey)defer)Deferred)Logger) nativeString)FilePath) secureRandom) FancyEqMixinsbytesreturncCs t|S)z Encode a binary string as base64 with no trailing newline. @param s: The string to encode. @return: The base64-encoded string. )rstrip)rr_/var/www/html/Trade-python/venv/lib/python3.10/site-packages/twisted/conch/client/knownhosts.py _b64encode$ r!string&tuple[bytes, bytes, Key, bytes | None]c Csz|dd}t|dkrt|\}}}|dd}t|dkr*|\}}|d}n|d}d}tt|}||||fS)a Extract common elements of base64 keys from an entry in a hosts file. @param string: A known hosts file entry (a single line). @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key (L{Key}), and comment (L{bytes} or L{None}). The hostname data is simply the beginning of the line up to the first occurrence of whitespace. N r)splitlenrrstripr fromStringr) r#elements hostnameskeyType keyAndCommentsplitkey keyStringcommentkeyrrr _extractCommon/s      r5c@s$eZdZdZdd d ZdddZdS) _BaseEntrya Abstract base of both hashed and non-hashed entry objects, since they represent keys and key types the same way. @ivar keyType: The type of the key; either ssh-dss or ssh-rsa. @type keyType: L{bytes} @ivar publicKey: The server public key indicated by this line. @type publicKey: L{twisted.conch.ssh.keys.Key} @ivar comment: Trailing garbage after the key line. @type comment: L{bytes} or C{None} r/r publicKeyrr3 bytes | NonerNonecCs||_||_||_dSN)r/r7r3)selfr/r7r3rrr __init__Xs z_BaseEntry.__init__ keyObjectboolcCs|j|k}|S)z Check to see if this entry matches a given key object. @param keyObject: A public key object to check. @return: C{True} if this entry's key matches C{keyObject}, C{False} otherwise. )r7)r;r=resultrrr matchesKey]s z_BaseEntry.matchesKeyN)r/rr7rr3r8rr9)r=rrr>)__name__ __module__ __qualname____doc__r<r@rrrr r6Is r6csDeZdZdZdfd d ZedddZdddZdddZZ S) PlainEntryz A L{PlainEntry} is a representation of a plain-text entry in a known_hosts file. @ivar _hostnames: the list of all host-names associated with this entry. r. list[bytes]r/rr7rr3r8cs||_t|||dSr:) _hostnamessuperr<)r;r.r/r7r3 __class__rr r<sszPlainEntry.__init__r#rcCs(t|\}}}}||d|||}|S)a Parse a plain-text entry in a known_hosts file, and return a corresponding L{PlainEntry}. @param string: a space-separated string formatted like "hostname key-type base64-key-data comment". @raise DecodeError: if the key is not valid encoded as valid base64. @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: an IKnownHostEntry representing the hostname and key in the input line. @rtype: L{PlainEntry} ,)r5r))clsr#r.r/r4r3r;rrr r,}szPlainEntry.fromStringhostname bytes | strr>cCst|tr |d}||jvS)a Check to see if this entry matches a given hostname. @param hostname: A hostname or IP address literal to check against this entry. @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. utf-8) isinstancestrencoderGr;rMrrr matchesHosts  zPlainEntry.matchesHostcCs>d|j|jt|jg}|jdur||jd|S)z Implement L{IKnownHostEntry.toString} by recording the comma-separated hostnames, key type, and base-64 encoded key. @return: The string representation of this entry, with unhashed hostname information. rKN )joinrGr/r!r7blobr3appendr;fieldsrrr toStrings     zPlainEntry.toString)r.rFr/rr7rr3r8)r#rrrE)rMrNrr>rr) rArBrCrDr< classmethodr,rTr[ __classcell__rrrIr rEjs  rEc@sFeZdZUdZdZded<ddd Zdd d ZdddZdddZ dS) UnparsedEntryz L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be parsed; therefore it matches no keys and no hosts. Nr9r/r#rrcC ||_dS)zv Create an unparsed entry from a line in a known_hosts file which cannot otherwise be parsed. N)_string)r;r#rrr r<s zUnparsedEntry.__init__rMr>cCdSz' Always returns False. FrrSrrr rTzUnparsedEntry.matchesHostr4rcCrbrcr)r;r4rrr r@rdzUnparsedEntry.matchesKeycCs |jdS)a Returns the input line, without its newline if one was given. @return: The string representation of this entry, almost exactly as was used to initialize this entry but without a trailing newline. @rtype: L{bytes} r()rar+r;rrr r[r"zUnparsedEntry.toString)r#rrr9rMrrr>)r4rrr>r\) rArBrCrDr/__annotations__r<rTr@r[rrrr r_s     r_r4rNcCs4tj|td}t|tr|d}|||S)z Return the SHA-1 HMAC hash of the given key and string. @param key: The HMAC key. @param string: The string to be hashed. @return: The keyed hash value. ) digestmodrO)hmacHMACrrPrQrRupdatedigest)r4r#hashrrr _hmacedStrings    rncsLeZdZdZdZdZdfdd ZedddZdddZ dddZ Z S) HashedEntrya A L{HashedEntry} is a representation of an entry in a known_hosts file where the hostname has been hashed and salted. @ivar _hostSalt: the salt to combine with a hostname for hashing. @ivar _hostHash: the hashed representation of the hostname. @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a known_hosts file as opposed to a plaintext one. s|1|) _hostSalt _hostHashr/r7r3hostSaltrhostHashr/r7rr3r8rr9cs ||_||_t|||dSr:)rprqrHr<)r;rrrsr/r7r3rIrr r<szHashedEntry.__init__r#c Cs^t|\}}}}|t|jdd}t|dkrt|\}}|t|t||||} | S)a Load a hashed entry from a string representing a line in a known_hosts file. @param string: A complete single line from a I{known_hosts} file, formatted as defined by OpenSSH. @raise DecodeError: if the key, the hostname, or the is not valid encoded as valid base64 @raise InvalidEntry: if the entry does not have the right number of elements and is therefore invalid, or the host/hash portion contains more items than just the host and hash. @raise BadKeyError: if the key, once decoded from base64, is not actually an SSH key. @return: The newly created L{HashedEntry} instance, initialized with the information from C{string}. N|r%)r5r*MAGICr)rr) rLr#stuffr/r4r3 saltAndHashrrrsr;rrr r, s zHashedEntry.fromStringrMr>cCstt|j||jS)a Implement L{IKnownHostEntry.matchesHost} to compare the hash of the input to the stored hash. @param hostname: A hostname or IP address literal to check against this entry. @type hostname: L{bytes} @return: C{True} if this entry is for the given hostname or IP address, C{False} otherwise. @rtype: L{bool} )ricompare_digestrnrprqrSrrr rT+s zHashedEntry.matchesHostcCsR|jdt|jt|jg|jt|jg}|jdur$| |jd|S)z Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host hash, and key. @return: The string representation of this entry, with the hostname part hashed. @rtype: L{bytes} rtNrU) rurVr!rprqr/r7rWr3rXrYrrr r[<s     zHashedEntry.toString) rrrrsrr/rr7rr3r8rr9)r#rrrorfr\) rArBrCrDrucompareAttributesr<r]r,rTr[r^rrrIr ros   roc@sheZdZdZd#ddZed$dd Zd%d d Zd&ddZd'ddZ d(ddZ d)ddZ e d*d d!Z d"S)+KnownHostsFileaz A structured representation of an OpenSSH-format ~/.ssh/known_hosts file. @ivar _added: A list of L{IKnownHostEntry} providers which have been added to this instance in memory but not yet saved. @ivar _clobber: A flag indicating whether the current contents of the save path will be disregarded and potentially overwritten or not. If C{True}, this will be done. If C{False}, entries in the save path will be read and new entries will be saved by appending rather than overwriting. @type _clobber: L{bool} @ivar _savePath: See C{savePath} parameter of L{__init__}. savePath FilePath[str]rr9cCsg|_||_d|_dS)a$ Create a new, empty KnownHostsFile. Unless you want to erase the current contents of C{savePath}, you want to use L{KnownHostsFile.fromPath} instead. @param savePath: The L{FilePath} to which to save new entries. @type savePath: L{FilePath} TN)_added _savePath_clobber)r;r{rrr r<as  zKnownHostsFile.__init__cCs|jS)z< @see: C{savePath} parameter of L{__init__} )r~rerrr r{oszKnownHostsFile.savePathIterable[IKnownHostEntry]c cs|jD]}|Vq|jrdSz|j}Wn ty YdSw|5|D])}z|tjr5t|}nt |}Wnt t t fyKt |}Ynw|Vq&WddS1s[wYdS)aK Iterate over the host entries in this file. @return: An iterable the elements of which provide L{IKnownHostEntry}. There is an element for each entry in the file as well as an element for each added but not yet saved entry. @rtype: iterable of L{IKnownHostEntry} providers N)r}rr~openOSError startswithrorur,rE DecodeErrorrrr_)r;entryfplinerrr iterentriesvs.      "zKnownHostsFile.iterentriesrMrr4rr>cCsxt|t|j D].\}}|j|kr9||r9||r#dS|dkr,d}d}n|d}|j}t |||q dS)a Check for an entry with matching hostname and key. @param hostname: A hostname or IP address literal to check for. @param key: The public key to check for. @return: C{True} if the given hostname and key are present in this file, C{False} if they are not. @raise HostKeyChanged: if the host key found for the given hostname does not match the given key. TrNr'F) enumeraterr*r}r/sshTyperTr@r~r )r;rMr4lineidxrrpathrrr hasHostKeys  zKnownHostsFile.hasHostKeyui ConsoleUIipDeferred[bool]cs0tj}dfdd }||S) a Verify the given host key for the given IP and host, asking for confirmation from, and notifying, the given UI about changes to this file. @param ui: The user interface to request an IP address from. @param hostname: The hostname that the user requested to connect to. @param ip: The string representation of the IP address that is actually being connected to. @param key: The public key of the server. @return: a L{Deferred} that fires with True when the key has been verified, or fires with an errback when the key either cannot be verified or has changed. @rtype: L{Deferred} r?r>rbool | Deferred[bool]cs|r)s'ddd}|d|Sdfdd }}|d kr=d }d tt|jt j d f} |t }||S)NzWarning: Permanently added the z host key for IP address 'z' to the list of known hosts. rOresponser>rcs.|r|Str:) addHostKeysaver)r)rMrr4r;rr promptResponses   zGKnownHostsFile.verifyHostKey..gotHasKey..promptResponseECECDSAzThe authenticity of host '%s (%s)' can't be established. %s key fingerprint is SHA256:%s. Are you sure you want to continue connecting (yes/no)? )format)rr>rr>)rtypedecodewarnrRrrr fingerprintr SHA256_BASE64promptsysgetdefaultencoding addCallback)r? addMessagerkeytyperproceedrMrr4r;rrr gotHasKeys0      z/KnownHostsFile.verifyHostKey..gotHasKeyN)r?r>rr)rexecuterr)r;rrMrr4hhkrrrr verifyHostKeys +zKnownHostsFile.verifyHostKeyrocCs6td}|}t|t||||d}|j||S)a Add a new L{HashedEntry} to the key database. Note that you still need to call L{KnownHostsFile.save} if you wish these changes to be persisted. @param hostname: A hostname or IP address literal to associate with the new entry. @type hostname: L{bytes} @param key: The public key to associate with the new entry. @type key: L{Key} @return: The L{HashedEntry} that was added. @rtype: L{HashedEntry} N)rrrornr}rX)r;rMr4saltr/rrrr rs  zKnownHostsFile.addHostKeycCs|j}|s ||jrdnd}|j|}|jr1|ddd|jDdg|_Wdn1s;wYd|_dS)zM Save this L{KnownHostsFile} to the path it was loaded from. war(cSsg|]}|qSr)r[).0rrrr sz'KnownHostsFile.save..NF) r~parentisdirmakedirsrrr}writerV)r;pmode hostsFileObjrrr rs  zKnownHostsFile.savercCs||}d|_|S)a Create a new L{KnownHostsFile}, potentially reading existing known hosts information from the given file. @param path: A path object to use for both reading contents from and later saving to. If no file exists at this path, it is not an error; a L{KnownHostsFile} with no entries is returned. @return: A L{KnownHostsFile} initialized with entries from C{path}. F)r)rLr knownHostsrrr fromPath s zKnownHostsFile.fromPathN)r{r|rr9)rr|)rr)rMrr4rrr>) rrrMrrrr4rrr)rMrr4rrro)rr9)rr|rrz)rArBrCrDr<propertyr{rrrrrr]rrrrr rzPs      E rzc@s.eZdZdZdddZdd d Zdd dZdS)rz A UI object that can ask true/false questions and post notifications on the console, to be used during key verification. openerCallable[[], IO[bytes]]rr9cCr`)aA @param opener: A no-argument callable which should open a console binary-mode file-like object to be used for reading and writing. This initializes the C{opener} attribute. @type opener: callable taking no arguments and returning a read/write file-like object N)r)r;rrrr r<7s zConsoleUI.__init__textrrcs"td}fdd}||S)a Write the given text as a prompt to the console output, then read a result from the console input. @param text: Something to present to a user to solicit a yes or no response. @type text: L{bytes} @return: a L{Deferred} which fires with L{True} when the user answers 'yes' and L{False} when the user answers 'no'. It may errback if there were any I/O errors. Ncs~t/}| |}|dkr" WddS|dvr/ WddS|dq 1s8wYdS)NTsyes>noFsPlease type 'yes' or 'no': )rrrreadlinerlower)ignoredfanswerr;rrr bodyPs  zConsoleUI.prompt..body)rsucceedr)r;rdrrrr rAs  zConsoleUI.promptcCs`z t|}||WdWdS1swYWdSty/tdYdSw)z Notify the user (non-interactively) of the provided text, by writing it to the console. @param text: Some information the user is to be made aware of. NzFailed to write to console)rrr Exceptionlogfailure)r;rrrrr r^s & zConsoleUI.warnN)rrrr9)rrrr)rrrr9)rArBrCrDr<rrrrrr r1s   r)rrrr)r#rrr$)r4rr#rNrr)7rD __future__rrirbinasciirrrr contextlibrhashlibrtypingrr r r zope.interfacer twisted.conch.errorr rrtwisted.conch.interfacesrtwisted.conch.ssh.keysrrrtwisted.internetrtwisted.internet.deferrtwisted.loggerrtwisted.python.compatrtwisted.python.filepathrtwisted.python.randbytesrtwisted.python.utilrrr!r5r6rEr_rnrorzrrrrr sB              !L &`b