a
    PҚh                     @   s   d dl Z d dlZd dlmZ d dlZd dlZd dlZd dlZd dl	Zd dl
ZejdZG dd dZdd Zdd	 Zd
d ZdS )    N)urlparsez_dns.resolver.arpac                   @   s6   e Zd Zdd Zdd Zdd Zdd Zdd
dZd	S )	_SVCBInfoc                 C   s   || _ || _|| _|| _d S N)bootstrap_addressporthostnamenameservers)selfr   r   r   r    r
   C/wd/webapps/venvs/v2025_4um/lib/python3.9/site-packages/dns/_ddr.py__init__   s    z_SVCBInfo.__init__c                 C   s.   |d D ] \}}|dkr|| j kr dS qdS )zIVerify that the _SVCBInfo's address is in the cert's subjectAltName (SAN)subjectAltNamez
IP AddressTF)r   )r	   certnamevaluer
   r
   r   ddr_check_certificate!   s    z_SVCBInfo.ddr_check_certificatec                 C   s   t jj}| }|jj|_|S r   )dnsquerysslcreate_default_context
TLSVersionTLSv1_2minimum_version)r	   r   ctxr
   r
   r   make_tls_context(   s    
z_SVCBInfo.make_tls_contextc              	   C   s   |   }t | }t| j| jf|z}|j|| jdJ}|t	j
| |  | }| |W  d    W  d    S 1 s0    Y  W d    n1 s0    Y  d S )N)server_hostname)r   timesocketcreate_connectionr   r   wrap_socketr   
settimeoutr   r   
_remainingdo_handshakegetpeercertr   )r	   lifetimer   
expirationstsr   r
   r
   r   ddr_tls_check_sync.   s    z_SVCBInfo.ddr_tls_check_syncNc              
      s   |d u rt j }|  }t | }|t j| jt	j
dd | j| jf||| jI d H 4 I d H 8}|t j|I d H }| |W  d   I d H  S 1 I d H s0    Y  d S )Nr   )r   ZasyncbackendZget_default_backendr   r   Zmake_socketinetZaf_for_addressr   r   SOCK_STREAMr   r   r#   r   r!   r   )r	   r$   backendr   r%   r'   r   r
   r
   r   ddr_tls_check_async:   s"    

	z_SVCBInfo.ddr_tls_check_async)N)__name__
__module____qualname__r   r   r   r(   r,   r
   r
   r
   r   r      s
   r   c              	   C   s  | j }tj|sg S g }| j D ]}g }|jtjj	j
j}|d u rLq$t|j}|jjdd}d }|jtjj	j
j}|d ur|j}d|v r8|jtjj	j
j}|d u s$|jdsq$|jd d  }	|	dsd|	 }	|d u rd}d| d	| |	 }
z t|
 |tj |
| W n ty6   Y n0 d
|v rf|d u rPd}|tj ||| d|v r|d u r~d}|tj ||d| t|dkr$|t|||| q$|S )NT)Zomit_final_dots   h2s   {?dns}i/i  zhttps://:s   dotiU  s   doqr   )Z
nameserverr   r)   Z
is_addressZrrsetZprocessing_orderparamsgetZrdtypesZsvcbbaseZParamKeyZALPNsetZidstargetZto_textZPORTr   ZDOHPATHr   endswithdecode
startswithr   appendZDoHNameserver	ExceptionZDoTNameserverZDoQNameserverlenr   )answerr   infosZrrr   paramZalpnshostr   pathurlr
   r
   r   _extract_nameservers_from_svcbM   sZ    






rB   c              	   C   sH   g }t | }|D ]2}z||r,||j W q ty@   Y q0 q|S )VReturn a list of TLS-validated resolver nameservers extracted from an SVCB
    answer.)rB   r(   extendr   r:   r<   r$   r   r=   infor
   r
   r   _get_nameservers_sync   s    
rG   c              	      sN   g }t | }|D ]8}z ||I dH r2||j W q tyF   Y q0 q|S )rC   N)rB   r,   rD   r   r:   rE   r
   r
   r   _get_nameservers_async   s    rH   )r   r   urllib.parser   Zdns.asyncbackendr   Zdns.inetZdns.nameZdns.nameserverZ	dns.queryZdns.rdtypes.svcbbaser   Z	from_textZ_local_resolver_namer   rB   rG   rH   r
   r
   r
   r   <module>   s   	34