HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
Upload Files
File: //usr/lib/python3/dist-packages/twisted/conch/client/__pycache__/knownhosts.cpython-312.pyc
�

Ϫ�f�M���dZddlZddlZddlmZmZmZddlm	Z	ddl
mZddlm
Z
ddlmZmZmZddlmZdd	lmZmZmZdd
lmZddlmZddlmZdd
lmZddl m!Z!e�Z"d�Z#d�Z$Gd�d�Z%e
e�Gd�de%��Z&e
e�Gd�d��Z'd�Z(e
e�Gd�de%e!��Z)Gd�d�Z*Gd�d�Z+y)zE
An implementation of the OpenSSH known_hosts database.

@since: 8.2
�N)�Error�
a2b_base64�
b2a_base64)�closing)�sha1)�implementer)�HostKeyChanged�InvalidEntry�UserRejectedKey)�IKnownHostEntry)�BadKeyError�FingerprintFormats�Key)�defer)�Logger)�nativeString)�secureRandom)�FancyEqMixinc�4�t|�j�S)z�
    Encode a binary string as base64 with no trailing newline.

    @param s: The string to encode.
    @type s: L{bytes}

    @return: The base64-encoded string.
    @rtype: L{bytes}
    )r�strip)�ss �A/usr/lib/python3/dist-packages/twisted/conch/client/knownhosts.py�
_b64encoder s���a�=��� � �c�&�|jdd�}t|�dk7r
t��|\}}}|jdd�}t|�dk(r|\}}|jd�}n|d}d}t	j
t
|��}||||fS)a�
    Extract common elements of base64 keys from an entry in a hosts file.

    @param string: A known hosts file entry (a single line).
    @type string: L{bytes}

    @return: a 4-tuple of hostname data (L{bytes}), ssh key type (L{bytes}), key
        (L{Key}), and comment (L{bytes} or L{None}).  The hostname data is
        simply the beginning of the line up to the first occurrence of
        whitespace.
    @rtype: L{tuple}
    N����
r)�split�lenr
�rstripr�
fromStringr)	�string�elements�	hostnames�keyType�
keyAndComment�splitkey�	keyString�comment�keys	         r�_extractCommonr--s����|�|�D�!�$�H�
�8�}����n��(0�%�I�w�
��"�"�4��+�H�
�8�}���%��	�7��.�.��'���Q�K�	���

�.�.��I�.�
/�C��g�s�G�+�+rc��eZdZdZd�Zd�Zy)�
_BaseEntrya�
    Abstract base of both hashed and non-hashed entry objects, since they
    represent keys and key types the same way.

    @ivar keyType: The type of the key; either ssh-dss or ssh-rsa.
    @type keyType: L{bytes}

    @ivar publicKey: The server public key indicated by this line.
    @type publicKey: L{twisted.conch.ssh.keys.Key}

    @ivar comment: Trailing garbage after the key line.
    @type comment: L{bytes}
    c�.�||_||_||_y�N)r'�	publicKeyr+)�selfr'r2r+s    r�__init__z_BaseEntry.__init__Xs�����"�����rc� �|j|k(S)a
        Check to see if this entry matches a given key object.

        @param keyObject: A public key object to check.
        @type keyObject: L{Key}

        @return: C{True} if this entry's key matches C{keyObject}, C{False}
            otherwise.
        @rtype: L{bool}
        )r2)r3�	keyObjects  r�
matchesKeyz_BaseEntry.matchesKey]s���~�~��*�*rN)�__name__�
__module__�__qualname__�__doc__r4r7�rrr/r/Is����
+rr/c�>��eZdZdZ�fd�Zed��Zd�Zd�Z�xZ	S)�
PlainEntryz�
    A L{PlainEntry} is a representation of a plain-text entry in a known_hosts
    file.

    @ivar _hostnames: the list of all host-names associated with this entry.
    @type _hostnames: L{list} of L{bytes}
    c�6��||_t�|�	|||�yr1)�
_hostnames�superr4)r3r&r'r2r+�	__class__s     �rr4zPlainEntry.__init__us���#���
����)�W�5rc�Z�t|�\}}}}||jd�|||�}|S)a�
        Parse a plain-text entry in a known_hosts file, and return a
        corresponding L{PlainEntry}.

        @param string: a space-separated string formatted like "hostname
        key-type base64-key-data comment".

        @type string: L{bytes}

        @raise DecodeError: if the key is not valid encoded as valid base64.

        @raise InvalidEntry: if the entry does not have the right number of
        elements and is therefore invalid.

        @raise BadKeyError: if the key, once decoded from base64, is not
        actually an SSH key.

        @return: an IKnownHostEntry representing the hostname and key in the
        input line.

        @rtype: L{PlainEntry}
        �,)r-r )�clsr$r&r'r,r+r3s       rr#zPlainEntry.fromStringys5��0,:�&�+A�(�	�7�C���9�?�?�4�(�'�3��@���rc�`�t|t�r|jd�}||jvS)aT
        Check to see if this entry matches a given hostname.

        @param hostname: A hostname or IP address literal to check against this
            entry.
        @type hostname: L{bytes}

        @return: C{True} if this entry is for the given hostname or IP address,
            C{False} otherwise.
        @rtype: L{bool}
        �utf-8)�
isinstance�str�encoder@�r3�hostnames  r�matchesHostzPlainEntry.matchesHost�s+���h��$����w�/�H��4�?�?�*�*rc��dj|j�|jt|jj��g}|j�|j|j�dj|�S)a
        Implement L{IKnownHostEntry.toString} by recording the comma-separated
        hostnames, key type, and base-64 encoded key.

        @return: The string representation of this entry, with unhashed hostname
            information.
        @rtype: L{bytes}
        rD� )�joinr@r'rr2�blobr+�append�r3�fieldss  r�toStringzPlainEntry.toString�sb��
�I�I�d�o�o�&��L�L��t�~�~�*�*�,�-�
��
�<�<�#��M�M�$�,�,�'��y�y�� � r)
r8r9r:r;r4�classmethodr#rMrU�
__classcell__�rBs@rr>r>ks+����6�����6+� !rr>c�(�eZdZdZd�Zd�Zd�Zd�Zy)�
UnparsedEntryz�
    L{UnparsedEntry} is an entry in a L{KnownHostsFile} which can't actually be
    parsed; therefore it matches no keys and no hosts.
    c��||_y)zv
        Create an unparsed entry from a line in a known_hosts file which cannot
        otherwise be parsed.
        N)�_string)r3r$s  rr4zUnparsedEntry.__init__�s��
��rc��y�z'
        Always returns False.
        Fr<rKs  rrMzUnparsedEntry.matchesHost����rc��yr^r<)r3r,s  rr7zUnparsedEntry.matchesKey�r_rc�8�|jjd�S)a
        Returns the input line, without its newline if one was given.

        @return: The string representation of this entry, almost exactly as was
            used to initialize this entry but without a trailing newline.
        @rtype: L{bytes}
        r)r\r"�r3s rrUzUnparsedEntry.toString�s���|�|�"�"�5�)�)rN)r8r9r:r;r4rMr7rUr<rrrZrZ�s���
���*rrZc��tj|t��}t|t�r|jd�}|j
|�|j�S)z�
    Return the SHA-1 HMAC hash of the given key and string.

    @param key: The HMAC key.
    @type key: L{bytes}

    @param string: The string to be hashed.
    @type string: L{bytes}

    @return: The keyed hash value.
    @rtype: L{bytes}
    )�	digestmodrG)�hmac�HMACrrHrIrJ�update�digest)r,r$�hashs   r�
_hmacedStringrj�sD���9�9�S�D�)�D��&�#�����w�'���K�K����;�;�=�rc�F��eZdZdZdZdZ�fd�Zed��Zd�Z	d�Z
�xZS)�HashedEntrya�
    A L{HashedEntry} is a representation of an entry in a known_hosts file
    where the hostname has been hashed and salted.

    @ivar _hostSalt: the salt to combine with a hostname for hashing.

    @ivar _hostHash: the hashed representation of the hostname.

    @cvar MAGIC: the 'hash magic' string used to identify a hashed line in a
    known_hosts file as opposed to a plaintext one.
    s|1|)�	_hostSalt�	_hostHashr'r2r+c�D��||_||_t�|�
|||�yr1)rmrnrAr4)r3�hostSalt�hostHashr'r2r+rBs      �rr4zHashedEntry.__init__s"���!���!���
����)�W�5rc���t|�\}}}}|t|j�djd�}t|�dk7r
t	��|\}}|t|�t|�|||�}	|	S)a#
        Load a hashed entry from a string representing a line in a known_hosts
        file.

        @param string: A complete single line from a I{known_hosts} file,
            formatted as defined by OpenSSH.
        @type string: L{bytes}

        @raise DecodeError: if the key, the hostname, or the is not valid
            encoded as valid base64

        @raise InvalidEntry: if the entry does not have the right number of
            elements and is therefore invalid, or the host/hash portion contains
            more items than just the host and hash.

        @raise BadKeyError: if the key, once decoded from base64, is not
            actually an SSH key.

        @return: The newly created L{HashedEntry} instance, initialized with the
            information from C{string}.
        N�|r)r-r!�MAGICr r
r)
rEr$�stuffr'r,r+�saltAndHashrprqr3s
          rr#zHashedEntry.fromStringsw��.(6�f�'=�$��w��W��C��	�	�N�,�-�3�3�D�9���{��q� ��.� �(���(��:�h�'��H�)=�w��W�U���rc�j�tjt|j|�|j�S)a�
        Implement L{IKnownHostEntry.matchesHost} to compare the hash of the
        input to the stored hash.

        @param hostname: A hostname or IP address literal to check against this
            entry.
        @type hostname: L{bytes}

        @return: C{True} if this entry is for the given hostname or IP address,
            C{False} otherwise.
        @rtype: L{bool}
        )re�compare_digestrjrmrnrKs  rrMzHashedEntry.matchesHost's+���"�"��$�.�.�(�3�T�^�^�
�	
rc�Z�|jdjt|j�t|j�g�z|j
t|jj��g}|j�|j|j�dj|�S)z�
        Implement L{IKnownHostEntry.toString} by base64-encoding the salt, host
        hash, and key.

        @return: The string representation of this entry, with the hostname part
            hashed.
        @rtype: L{bytes}
        rsrO)
rtrPrrmrnr'r2rQr+rRrSs  rrUzHashedEntry.toString8s���
�J�J��i�i��D�N�N�3�Z����5O�P�Q�
R��L�L��t�~�~�*�*�,�-�	
���<�<�#��M�M�$�,�,�'��y�y�� � r)r8r9r:r;rt�compareAttributesr4rVr#rMrUrWrXs@rrlrl�s8���
�
�E�U��6�
����<
�"!rrlc�T�eZdZdZd�Zed��Zd�Zd�Zd�Z	d�Z
d�Zed	��Z
y
)�KnownHostsFileaz
    A structured representation of an OpenSSH-format ~/.ssh/known_hosts file.

    @ivar _added: A list of L{IKnownHostEntry} providers which have been added
        to this instance in memory but not yet saved.

    @ivar _clobber: A flag indicating whether the current contents of the save
        path will be disregarded and potentially overwritten or not.  If
        C{True}, this will be done.  If C{False}, entries in the save path will
        be read and new entries will be saved by appending rather than
        overwriting.
    @type _clobber: L{bool}

    @ivar _savePath: See C{savePath} parameter of L{__init__}.
    c�.�g|_||_d|_y)a$
        Create a new, empty KnownHostsFile.

        Unless you want to erase the current contents of C{savePath}, you want
        to use L{KnownHostsFile.fromPath} instead.

        @param savePath: The L{FilePath} to which to save new entries.
        @type savePath: L{FilePath}
        TN)�_added�	_savePath�_clobber)r3�savePaths  rr4zKnownHostsFile.__init__]s�����!�����
rc��|jS)z<
        @see: C{savePath} parameter of L{__init__}
        )rrbs rr�zKnownHostsFile.savePathks��
�~�~�rc#��K�|jD]}|���|jry	|jj�}|5|D]Q}	|jtj�rtj|�}ntj|�}|���S	ddd�y#t$rYywxYw#tttf$rt|�}Y�@wxYw#1swYyxYw�w)aK
        Iterate over the host entries in this file.

        @return: An iterable the elements of which provide L{IKnownHostEntry}.
            There is an element for each entry in the file as well as an element
            for each added but not yet saved entry.
        @rtype: iterable of L{IKnownHostEntry} providers
        N)r~r�r�open�OSError�
startswithrlrtr#r>�DecodeErrorr
r
rZ)r3�entry�fp�lines    r�iterentrieszKnownHostsFile.iterentriesrs������[�[�	�E��K�	��=�=��	����$�$�&�B��		��
��0����{�'8�'8�9� +� 6� 6�t� <�� *� 5� 5�d� ;����
�		�		���	��	��$�\�;�?�0�)�$�/�E�0��		�		�se�#C#�B#�C#�C�	A
B2�C�	C#�#	B/�,C#�.B/�/C#�2C�C�C�C�C �C#c�D�t|j�t|j��D]o\}}|j	|�s�|j
|j
�k(s�6|j|�ry|dkrd}d}n|dz}|j}t|||��y)a
        Check for an entry with matching hostname and key.

        @param hostname: A hostname or IP address literal to check for.
        @type hostname: L{bytes}

        @param key: The public key to check for.
        @type key: L{Key}

        @return: C{True} if the given hostname and key are present in this file,
            C{False} if they are not.
        @rtype: L{bool}

        @raise HostKeyChanged: if the host key found for the given hostname
            does not match the given key.
        TrNrF)
�	enumerater�r!r~rMr'�sshTyper7rr	)r3rLr,�lineidxr�r��paths       r�
hasHostKeyzKnownHostsFile.hasHostKey�s���"(��(8�(8�(:�S����=M�<M�N�
	<�N�G�U�� � ��*�u�}�}����
�/M��#�#�C�(����{�#��#��&��{��#�~�~��(���d�;�;�
	<�rc�������tj�j���}�����fd�}|j|�S)a�
        Verify the given host key for the given IP and host, asking for
        confirmation from, and notifying, the given UI about changes to this
        file.

        @param ui: The user interface to request an IP address from.

        @param hostname: The hostname that the user requested to connect to.

        @param ip: The string representation of the IP address that is actually
        being connected to.

        @param key: The public key of the server.

        @return: a L{Deferred} that fires with True when the key has been
            verified, or fires with an errback when the key either cannot be
            verified or has changed.
        @rtype: L{Deferred}
        c
���|re�j���sQ�	jd�j��dt���d���j	����j�|S����fd�}�j�}|dk(rd}dt���dt���d	|�d
�j
tj���d�	}�	j|jtj���}|j|�S)
NzWarning: Permanently added the z host key for IP address 'z' to the list of known hosts.c���|r6�j����j����j�|St��r1)�
addHostKey�saver)�responserL�ipr,r3s ����r�promptResponsezGKnownHostsFile.verifyHostKey.<locals>.gotHasKey.<locals>.promptResponse�s9��������#�6�����C�0��	�	��'��-�/�/r�EC�ECDSAzThe authenticity of host 'z (z)' can't be established.
z key fingerprint is SHA256:)�formatz9.
Are you sure you want to continue connecting (yes/no)? )r��warn�typerr�r��fingerprintr�
SHA256_BASE64�promptrJ�sys�getdefaultencoding�addCallback)
�resultr��keytyper��proceedrLr�r,r3�uis
     �����r�	gotHasKeyz/KnownHostsFile.verifyHostKey.<locals>.gotHasKey�s��������r�3�/��G�G��8�8�:�|�B�'7�9��
�O�O�B��,��I�I�K��
�0��(�(�*���d�?�%�G��%�X�.�$�R�(�����/A�/O�/O��P�	���)�)�F�M�M�#�2H�2H�2J�$K�L���*�*�>�:�:r)r�executer�r�)r3r�rLr�r,�hhkr�s`````  r�
verifyHostKeyzKnownHostsFile.verifyHostKey�s7���(�m�m�D�O�O�X�s�;��(	;�(	;�T���y�)�)rc��td�}|j�}t|t||�||d�}|jj|�|S)a�
        Add a new L{HashedEntry} to the key database.

        Note that you still need to call L{KnownHostsFile.save} if you wish
        these changes to be persisted.

        @param hostname: A hostname or IP address literal to associate with the
            new entry.
        @type hostname: L{bytes}

        @param key: The public key to associate with the new entry.
        @type key: L{Key}

        @return: The L{HashedEntry} that was added.
        @rtype: L{HashedEntry}
        �N)rr�rlrjr~rR)r3rLr,�saltr'r�s      rr�zKnownHostsFile.addHostKey�sI��"�B����+�+�-���D�-��h�"?��#�t�T�������5�!��rc
���|jj�}|j�s|j�|jrd}nd}|jj|�5}|jrP|jdj|jD�cgc]}|j���c}�dz�g|_ddd�d|_ycc}w#1swYd|_yxYw)zM
        Save this L{KnownHostsFile} to the path it was loaded from.
        �wb�abrNF)
r�parent�isdir�makedirsr�r�r~�writerPrU)r3�p�mode�hostsFileObjr�s     rr�zKnownHostsFile.saves���
�N�N�!�!�#���w�w�y�
�J�J�L��=�=��D��D�
�^�^�
 �
 ��
&�	!�,��{�{��"�"��J�J�d�k�k�J�U���� 0�J�K�e�S��!���	!���
�� K�	!���
�s�'1C�C�/C�C�C)c�$�||�}d|_|S)a�
        Create a new L{KnownHostsFile}, potentially reading existing known
        hosts information from the given file.

        @param path: A path object to use for both reading contents from and
            later saving to.  If no file exists at this path, it is not an
            error; a L{KnownHostsFile} with no entries is returned.
        @type path: L{FilePath}

        @return: A L{KnownHostsFile} initialized with entries from C{path}.
        @rtype: L{KnownHostsFile}
        F)r�)rEr��
knownHostss   r�fromPathzKnownHostsFile.fromPath s����Y�
�#�
���rN)r8r9r:r;r4�propertyr�r�r�r�r�r�rVr�r<rrr|r|LsP��� ������>�B@*�D�.�*���rr|c�"�eZdZdZd�Zd�Zd�Zy)�	ConsoleUIz�
    A UI object that can ask true/false questions and post notifications on the
    console, to be used during key verification.
    c��||_y)aA
        @param opener: A no-argument callable which should open a console
            binary-mode file-like object to be used for reading and writing.
            This initializes the C{opener} attribute.
        @type opener: callable taking no arguments and returning a read/write
            file-like object
        N)�opener)r3r�s  rr4zConsoleUI.__init__9s����rc�^���tjd�}��fd�}|j|�S)a�
        Write the given text as a prompt to the console output, then read a
        result from the console input.

        @param text: Something to present to a user to solicit a yes or no
            response.
        @type text: L{bytes}

        @return: a L{Deferred} which fires with L{True} when the user answers
            'yes' and L{False} when the user answers 'no'.  It may errback if
            there were any I/O errors.
        Nc�,��t�j��5}|j��	|j�j	�j�}|dk(r
	ddd�y|dk(r
	ddd�y|jd��\#1swYyxYw)NTsyessnoFsPlease type 'yes' or 'no': )rr�r��readliner�lower)�ignored�f�answerr3�texts   ��r�bodyzConsoleUI.prompt.<locals>.bodyRs���������'�	
@�1�����
���Z�Z�\�/�/�1�7�7�9�F���'�#�	
@�	
@� �5��$�	
@�	
@���� >�?��	
@�	
@�s�AB
�)B
�8B
�
B)r�succeedr�)r3r��dr�s``  rr�zConsoleUI.promptCs*���
�M�M�$���
	@��}�}�T�"�"rc���	t|j��5}|j|�ddd�y#1swYyxYw#t$rtjd�YywxYw)z�
        Notify the user (non-interactively) of the provided text, by writing it
        to the console.

        @param text: Some information the user is to be made aware of.
        @type text: L{bytes}
        NzFailed to write to console)rr�r��	Exception�log�failure)r3r�r�s   rr�zConsoleUI.warn`sR��	6������'�
�1�����
�
�
�
���	6��K�K�4�5�	6�s(�A�6�A�?�A�A�A#�"A#N)r8r9r:r;r4r�r�r<rrr�r�3s���
�#�:6rr�),r;rer��binasciirr�rr�
contextlibr�hashlibr�zope.interfacer�twisted.conch.errorr	r
r�twisted.conch.interfacesr�twisted.conch.ssh.keysr
rr�twisted.internetr�twisted.loggerr�twisted.python.compatr�twisted.python.randbytesr�twisted.python.utilrr�rr-r/r>rZrjrlr|r�r<rr�<module>r�s���
��
�A�A���&�M�M�4�G�G�"�!�.�1�,��h��
!�,�8+�+�D
�_��I!��I!��I!�X
�_��!*�!*��!*�H�(
�_��W!�*�l�W!��W!�td�d�N96�96r