wBf,dZddlmZddlZddlZddlZddlZddlmZddl m Z ddl m Z  ddl mZmZddlmZmZmZdd lmZdd lmZd dlmZmZd dlmZd dlm Z d dl!m"Z"d dl#m$Z$m%Z%d dl&m'Z'ddl(m)Z)m*Z*erd dl+m,Z,e e-Z.ej^dZ0GddZ1e1Z2y#e$rGd d eZY|wxYw)z0Interface between conda-content-trust and conda.) annotationsN) lru_cache) getLogger)Path)verify_delegation verify_root)SignatureErrorload_metadata_from_filewrite_metadata_to_file)wrap_as_signablec eZdZy)r N)__name__ __module__ __qualname__Blib/python3.12/site-packages/conda/trust/signature_verification.pyr r s rr ) TYPE_CHECKING)CONDA_PACKAGE_EXTENSION_V1CONDA_PACKAGE_EXTENSION_V2)context)join_url) SubdirData) HTTPErrorInsecureRequestWarning) get_session)INITIAL_TRUST_ROOT KEY_MGR_FILE) PackageRecordz(?P\d+)\.root\.jsonceZdZeedd dZeedd dZeedd dZ d ddZddZ ddZ e dd Z y)_SignatureVerificationN)maxsizectjsytjstj dy ddl}ttjjdd|jtj dy|jtj dyy#t $rtj dYywxYw) NFz[metadata signature verification requested, but no metadata URL base has not been specified.rzVmetadata signature verification requested, but `conda-content-trust` is not installed.T)parentsexist_okzDcould not find trusted_root data for metadata signature verificationz?could not find key_mgr data for metadata signature verification) rextra_safety_checkssigning_metadata_url_baselogwarnconda_content_trust ImportErrorr av_data_dirmkdir trusted_rootkey_mgr)selfr,s renabledz_SignatureVerification.enabled2s**00 HHC   & W !''t'D    $ HHV  <<  HHV W/  HH>   sB,,C  C cd} tjtjDcic]>}tj |j x}rt|jd|@}}t|jdD]+\}}tjd|d t|}n |s-tj%dtjdt&} |dd d zd }t)tj|} |j+tj,|}t/||t1|x}|dcc}w#ttt f$rYwxYw#tt"t f$rYwxYw#t2$r9} | j4j6d k7rtj9| Yd} ~ |Sd} ~ wt:$r } tj9| Yd} ~ |Sd} ~ wwxYw) NnumberT)reversezLoading root metadata from .zNo root metadata in z. Using built-in root metadata.signedversionrz .root.jsoni)osscandirrr.RE_ROOT_METADATAmatchnameintgroupsorteditemsr*infor IsADirectoryErrorFileNotFoundErrorPermissionErrorNotADirectoryErrordebugrr_fetch_channel_signing_datar)rr rresponse status_codeerror Exception) r2trustedentrympaths_fnamepath untrustederrs rr0z#_SignatureVerification.trusted_root^s $  ZZ(;(;<)// ;;A;AGGH%&-E#5;;=$? 56ugQ?@5e4;;=-d3G!  HHSMM  HHCTs}}556b9Q9Q8RRST   s$7B DB++ D7AD  Dc>t|}tjstjdt ddd}|r||d<|r||d<tj } dt_|jt||||jdtjtjf}|j|t_ |jS#|t_wxYw#tjj$r} t!d |d |d} ~ wwxYw) Nignorez!gzip, deflate, compress, identityzapplication/json)zAccept-Encodingz Content-Typez If-None-MatchzIf-Modified-SinceF)headersproxiesauthtimeoutzInvalid JSON returned from /)rr ssl_verifywarnings simplefilterradd_anaconda_tokengetrr`remote_connect_timeout_secsremote_read_timeout_secsraise_for_statusjsondecoderJSONDecodeError ValueError) r2signing_data_urlfilenameetag mod_stampsessionr_saved_token_settingresprVs rrIz2_SignatureVerification._fetch_channel_signing_datas ./!!  ! !(,B C C.  '+GO $ +4G' (%88 =*/G &;;)847744  D  ! ! #)-?q K  s%A#C C) C&)DDDct|j|jj\}}d|vr4|jj d|jj dy|d}|j|vr*|jj d|jdy||j}|jjtr|d|j}n=|jjtr|d|j}n tdt|}||d< td||jtj!d |j|jj d y#t"$r@tj%d |j|jj d YywxYw) N) repodata_fn signaturesz(no signatures found for rXpackageszpackages.condazunknown package extensionpkg_mgrzvalid signature for z(package metadata is TRUSTED)zinvalid signature for z(package metadata is UNTRUSTED))rchannel repo_fetchfetch_latest_parsedmetadataaddcanonical_namefnendswithrrror rr1r*rCr warning) r2rxrecordrepodatarRry signaturerCenvelopes rverifyz_SignatureVerification.verifys NN#  *((* ! x ' OO  +FNN,I,I+J!L  l+  99J & OO  ";FII;a H I vyy)  99  8 9J' 2D YY   : ;,-fii8D89 9$D)!* A i4<< @ HH+FII;7 8 OO   ? @  C KK0 < = OO   A B Cs7F AGGcP|jsy|D]}|j||yN)r3r)r2rx unlink_precs link_precsprecs r__call__z_SignatureVerification.__call__'s+ ||  +D KK T * +rc|jjj|jjj|jjjyr)r3fget cache_clearr0r1)clss rrz"_SignatureVerification.cache_clear3sF $$& ))+ $$&r)returnbool)rdict)rz dict | None)NN)rprZrqrZrr)rxrZrr!)rxrZrtuple[PackageRecord, ...]rrrNone)rr) rrrpropertyrr3r0r1rIrr classmethodrrrrr#r#0s t''TtAAHtBJN6 #6/26 6p'AR + +0 +. +  +''rr#)3__doc__ __future__rrlr:rere functoolsrloggingrpathlibr"conda_content_trust.authenticationrrconda_content_trust.commonr r r conda_content_trust.signingr r-rMtypingrbase.constantsrr base.contextr common.urlrcore.subdir_datargateways.connectionrrgateways.connection.sessionr constantsrr models.recordsr!rr*compiler<r#signature_verificationrrrrs7"   Q =!S"!)C57.2::<=G'G'V01I     sB..CC