a

�*�^MF�@s4
dZd
dl
mZ
d
dlZd
dlmZ
ee�d�
ddlmZ
ddl	m
Z

d
ZdZd	Z
d
ZdZd
ZdZd	ZGdd
�d
ej�ZGdd�dej�ZGdd�dej�Zd0dd�
ZGdd�de�ZGdd�de�Zdd�ZGdd�de�Zdd�Zdd�Zd d!�Z d"d#�Z!d$d%�Z"d&d'�Z#d(d)�Z$d*d+�Z%d,d-�Z&d.d/�Z'dS)1zGPG signing and checking logic.�)
�absolute_importN)
�lazy_importzv
from breezy import (
    config,
    trace,
    ui,
    )
from breezy.i18n import (
    gettext,
    ngettext,
    )
�
)
�errors)
�	text_type���c@seZ
dZd
Zdd�ZdS)�GpgNotInstalledzSpython-gpg is not installed, it is needed to create or verify signatures. %(error)scCstj
�|d
|
�
dS)N�gpg)r�DependencyNotPresent�__init__��self�error�r�,/usr/lib/python3/dist-packages/breezy/gpg.pyr
=s
zGpgNotInstalled.__init__N��__name__�
__module__�__qualname__Z_fmtr
rrrrr
8sr
c@seZ
dZd
Zdd�ZdS)�
SigningFailedz$Failed to GPG sign data: "%(error)s"cCstj
j||
d
�
dS�N)
r�r�BzrErrorr
rrrrr
Es
zSigningFailed.__init__NrrrrrrAsrc@seZ
dZd
Zdd�ZdS)�SignatureVerificationFailedz:Failed to verify GPG signature data with error "%(error)s"cCstj
j||
d
�
dSrrrrrrr
Ms
z$SignatureVerificationFailed.__init__NrrrrrrIsrc

Cs�td
t
d
td
td
td
i}g}d}t|
�
}tj���x}t	|�
|
|��
D]V\}	\}
}}|�d|	|�
|�|
||g�

||d7<|tkr�d}|du
rD|�
qDWd�
n1s�0


Y
|||fS)a�
Do verifications on a set of revisions

    :param repository: repository object
    :param revids: list of revision ids to verify
    :param strategy: GPG strategy to use
    :param process_events_callback: method to call for GUI frontends that
        want to keep their UI refreshed

    :return: count dictionary of results of each type,
             result list for each revision,
             boolean True if all results are verified successfully
    r
Tzverifying signaturesrFN)
�SIGNATURE_VALID�SIGNATURE_KEY_MISSING�SIGNATURE_NOT_VALID�SIGNATURE_NOT_SIGNED�SIGNATURE_EXPIRED�lenZuiZ
ui_factoryZnested_progress_bar�	enumerateZverify_revision_signatures�update�append)
Z
repositoryZrevidsZstrategyZprocess_events_callback�count�resultZall_verifiable�totalZpb�
i�rev_idZverification_result�uidrrr�bulk_verify_signaturesQs.



�





��





&
r+c@s>eZ
dZd
Zedd��
Zdd�Zdd�Zd
d	d
�
Zdd�Z	dS)�DisabledGPGStrategyz*A GPG Strategy that makes everything fail.c
Csd
S�NTrrrrr�verify_signatures_availablexsz/DisabledGPGStrategy.verify_signatures_availablec
Csd
S�z%Real strategies take a configuration.Nr�rZignoredrrrr
|s
zDisabledGPGStrategy.__init__cCstd
�
�
dS)NzSigning is disabled.)
r�r�content�moderrr�signs
zDisabledGPGStrategy.signNcCstd
�
�
dS)Nz#Signature verification is disabled.)
r)r�signed_data�	signaturerrr�verify�s
zDisabledGPGStrategy.verifyc
CsdS)
Nr)r�command_line_inputrrr�set_acceptable_keys�s
z'DisabledGPGStrategy.set_acceptable_keys)
N�
rrr�__doc__�staticmethodr.r
r4r7r9rrrrr,us



r,c@s>eZ
dZd
Zedd��
Zdd�Zdd�Zd
d	d
�
Zdd�Z	dS)�LoopbackGPGStrategyzZA GPG Strategy that acts like 'cat' - data is just passed through.
    Used in tests.
    c
Csd
Sr-rrrrrr.�sz/LoopbackGPGStrategy.verify_signatures_availablec
Csd
Sr/rr0rrrr
�s
zLoopbackGPGStrategy.__init__cCsd
|
dS)N�&-----BEGIN PSEUDO-SIGNED CONTENT-----
�$-----END PSEUDO-SIGNED CONTENT-----
rr1rrrr4�s

�zLoopbackGPGStrategy.signNcCs"|
�d
d�}|�dd�}t
d|fS)Nr>�r?)�replacer)rr5r6�
plain_textrrrr7�s

�
�zLoopbackGPGStrategy.verifycCs<|
du
r8|
�d
�
}g|_
|D]}|dkr*q|j
�|�

qdS)N�
,�unknown)�split�acceptable_keysr$)rr8�patterns�patternrrrr9�s






z'LoopbackGPGStrategy.set_acceptable_keys)
Nr:rrrrr=�s



r=c
Cs:tj
�d
�
}|du
r,|tj
d<t�d|�
n
t�d�

dS)NZTTYZGPG_TTYzsetting GPG_TTY=%sz;** Env var TTY empty, cannot set GPG_TTY.  Is TTY exported?)�os�environ�get�trace�mutter)
Zttyrrr�_set_gpg_tty�s





rNc@sJeZ
dZd
ZdZdd�Zdd�Zedd��
Zd	d
�Z	ddd�
Z
d
d�ZdS)�GPGStrategyz$GPG Signing and checking facilities.NcCsH|
|_z*d
dl
}|��|_d|j_|��|j_WntyB


Yn0dS)Nr
T)�
_config_stackrZContext�contextZarmor�_get_signing_keys�signers�ImportError)rZconfig_stackrrrrr
�s








zGPGStrategy.__init__c
Cs�d
dl}
|j
�d�
}|dkr gS|rLz|j�|�
g
WS|
jjyJ


Yn0|durft�|j
�d�
�
}|dkrrgS|jj	|dd�}zt
|�
g
WSty�


gYS0dS)Nr
Zgpg_signing_key�default�emailT)
Zsecret)rrPrKrQ�get_keyrZKeyNotFoundZconfigZextract_email_address�keylist�next�
StopIteration)rrZkeynameZ
possible_keysrrrrR�s(








�





zGPGStrategy._get_signing_keysc
Cs(zd
dl}WdSt
y"


YdS0dS)z
        check if this strategy can verify signatures

        :return: boolean if this strategy can verify signatures
        r
NTF)rrT)
rrrrr.�s




z'GPGStrategy.verify_signatures_availablec
Cs�zd
dl}Wn,t
y8
}
ztd�
�
WYd}~n
d}~00t|
t�rNt�d�
�
|�|
�
}z@|jj	|t
|jjj
jt|jjj
jt|jjj
ji|d�\}}Wn4|jjy�
}
ztt|�
�
�
WYd}~n
d}~00|S)Nr
z8Set create_signatures=no to disable creating signatures.r2)
r3)rrTr
�
isinstancerrZBzrBadParameterUnicode�DatarQr4�MODE_DETACH�	constantsZsigr3ZDETACH�
MODE_CLEARZCLEAR�MODE_NORMALZNORMAL�
GPGMEErrorr�str)rr2r3rrrB�outputr&rrrr4�s,




�









���
"zGPGStrategy.signc
Cs�zd
dl}Wn,t
y8
}
ztd�
�
WYd}~n
d}~00|�|
�
}
|rR|�|�
}z|j�|
|�\}}W�
n$|jj�
y^
}
z�|jj	d
j
}|jj	d
j|jj
@�
r
|j�|jj	d
j
�
jd
j}||jj	d
jkr�t|dd�dfWYd}~StddfWYd}~S|jj	d
j|jj@�
r@t|dd�dfWYd}~StddfWYd}~Sd}~0|jj�
y�
}
zt|�
�
WYd}~n
d}~00t|j	�
d
k�
r�td|fS|j	d
j
}|jdu
�
r�||jv
�
r�t|dd�|fS|j	d
j|jj@�r\|j�|�
}	|	jd
j}
t|
t��r$|
�d�
}
|	jd
j }t|t��rF|�d�
}t!|
d|d|fS|j	d
j|jj"@�r|td|fS|j	d
jd
k�r�|jdu
�r�||jv�r�t!d|fS|j	d
jd
k�r�|jdu�r�td|fStd�
�
dS)	z�Check content has a valid signature.

        :param signed_data; Signed data
        :param signature: optional signature (if detached)

        :return: SIGNATURE_VALID or a failed SIGNATURE_ value, key uid if valid, plain text
        r
Nz<Set check_signatures=ignore to disable verifying signatures.i����zutf-8z <�
>z%Unknown GnuPG key verification result)#rrTr
r\rQr7rZ
BadSignaturesr&Z
signatures�fprZsummaryr^ZSIGSUM_KEY_EXPIREDrW�subkeys�expiresZ	timestampr rZSIGSUM_KEY_MISSINGrrarr!rFZSIGSUM_VALIDZuids�namer[�bytes�decoderVrZ
SIGSUM_RED)rr5r6rrZplain_outputr&�fingerprintrg�keyrhrVrrrr7
sp



�










�
�
�



















�



�zGPGStrategy.verifycCs�d
}|j�
d�
}|d
u
r|}|
d
u
r.|
�d�
}|r�g|_|D]d}|j�|�
}d}|D]2}d}|j�|jdj�

t	�
d|jdj�

qT|s<t	�td�
�
|�
�

q<d
S)	z�Set the acceptable keys for verifying with this GPGStrategy.

        :param command_line_input: comma separated list of patterns from
                                command line
        :return: nothing
        NrFrCFTr
zAdded acceptable key: z%No GnuPG key results for pattern: {0})rPrKrErFrQrXr$rfrerLrMZnote�gettext�format)rr8rGZacceptable_keys_configrHr&Z	found_keyrlrrrr9[
s*
















��zGPGStrategy.set_acceptable_keys)
N)rrrr;rFr
rRr<r.r4r7r9rrrrrO�s




UrOc

Cstd
�
�
|t�
S)�%returns message for number of commitsz!{0} commits with valid signatures)rmrnr�
r%rrr�valid_commits_messagex
s
�rqc

Cstd
d|t
��|t
�
S)roz{0} commit with unknown keyz{0} commits with unknown keys)�ngettextrrnrprrr�unknown_key_message~
s

��rsc

Cstd
d|t
��|t
�
S)roz{0} commit not validz{0} commits not valid)rrrrnrprrr�commit_not_valid_message�
s

��rtc

Cstd
d|t
��|t
�
S)roz{0} commit not signedz{0} commits not signed)rrrrnrprrr�commit_not_signed_message�
s

��ruc

Cstd
d|t
��|t
�
S)roz{0} commit with key now expiredz {0} commits with key now expired)rrr rnrprrr�expired_commit_message�
s

��rvc
Cs�i}i}|D]N\}}}|tkr|
�
|�
}d
�|���
}|�|d�
||d7<|||<qg}|��D](\}}	|�tdd|	��|	|||��

qh|S)z:takes a verify result and returns list of expired key info�, r
rz1{0} commit by author {1} with key {2} now expiredz2{0} commits by author {1} with key {2} now expired)	r �get_revision�join�get_apparent_authors�
setdefault�itemsr$rrrn)
r&�reporSZfingerprint_to_authorsr)�validityrk�revision�authors�numberrrr�verbose_expired_key_message�
s(















�
��r�c
Csli}
|D].\}}}|tkr|
�
|d
�
|
|d7<qg}|
��D]"\}}|�tdd|��||��

qD|S)z@takes a verify result and returns list of signed commits stringsr
rz{0} signed {1} commitz{0} signed {1} commits)rr{r|r$rrrn)r&rSr)r~r*r�rrr�verbose_valid_message�
s








��r�c	Cs�i}|D]F\}}}|tkr|
�
|�
}d
�|���
}|�|d�
||d7<qg}|��D]"\}}|�tdd|��||��

q\|S)z?takes a verify result and returns list of not valid commit inforwr
r�{0} commit by author {1}�{0} commits by author {1})	rrxryrzr{r|r$rrrn�	r&r}rSr)r~�emptyrr�r�rrr�verbose_not_valid_message�
s 











��r�c	Cs�i}|D]F\}}}|tkr|
�
|�
}d
�|���
}|�|d�
||d7<qg}|��D]"\}}|�tdd|��||��

q\|S)z@takes a verify result and returns list of not signed commit inforwr
rr�r�)	rrxryrzr{r|r$rrrnr�rrr�verbose_not_signed_message�
s 











��r�c
Cspi}
|D].\}}}|tkr|
�
|d
�
|
|d7<qg}t|
���
D]"\}}|�tdd|��||��

qH|S)z:takes a verify result and returns list of missing key infor
rz!Unknown key {0} signed {1} commitz"Unknown key {0} signed {1} commits)rr{�listr|r$rrrn)r&rSr)r~rkr�rrr�verbose_missing_key_message�
s








��r�)
N)(r;Z
__future__rrIZbreezy.lazy_importr�globals�rZsixishrrrrrr r`r]r_rr
rrrr+�objectr,r=rNrOrqrsrtrurvr�r�r�r�r�rrrr�<module>sD






		�
$"
@