iSSKrSSKrSSKrSSKrSSKrSSKJr SSKJr SSK J r J r SSK J r \R"SS55rSS\S \4S jjrS \R$\\\44S jrS \S \4S jrg)N)x509)default_backend)hashes serialization)rsac`\rSrSr%Sr\R \S'Sr\ R\ \S'Sr g)CredSSPTLSContextaA TLS context generated for CredSSP. This is the SSLContext object used by both an initiator and acceptor of CredSSP authentication. It allows the caller to finely control the SSL/TLS options used during the CredSSP authentication phase, e.g. selecting min/max protocol versions, specific cipher suites, etc. The public_key attribute is used for acceptor CredSSP contexts as the DER encoded public key loaded in the SSLContext. Here is an example of generating and loading a X509 certificate for an acceptor context: ctx = spnego.tls.default_tls_context() cert_pem, key_Pem, pub_key = spnego.tls.generate_tls_certificate() # Cannot use tempfile.NamedTemporaryFile due to sharing violations on # Windows. Use a tempdir as a workaround. temp_dir = tempfile.mkdtemp() try: cert_path = os.path.join(tmpe_dir, 'ca.pem') with open(cert_path, mode'wb') as fd: fd.write(cert_pem) fd.write(key_pem) ctx.context.load_cert_chain(cert_path) ctx.public_key = pub_key finally: shutil.rmtree(temp_dir) This context is then passed in through the `credssp_tls_context` kwarg of :meth:`spnego.client` or :meth:`spnego.server`. Attributes: context (ssl.SSLContext): The TLS context generated for CredSSP. public_key (Optional[bytes]): When generating the TLS context for an acceptor this is the public key bytes for the generated cert in the TLS context. contextN public_key) __name__ __module__ __qualname____firstlineno____doc__ssl SSLContext__annotations__r typingOptionalbytes__static_attributes__r D/home/james-whalen/.local/lib/python3.13/site-packages/spnego/tls.pyr r s'%N^^)-J&-rr usagereturncUS:XaA[R"[R5nSUl[RUlO$[R"[R 5nU=R[RS-S--sl[[SS5n[US5(aU(a[USUR5 O~U=R[RR[RR-[RR -[RR"--sl[%US9$) aCredSSP TLSContext with sane defaults. Creates the TLS context used to generate the SSL object for CredSSP authentication. By default the TLS context will set the minimum protocol to TLSv1.2. Certificate verification is also disabled for both the initiator and acceptor as per the `MS-CSSP Events and Sequencing Rules`_ in step 1. This can be used as a base context where the caller applies further changes based on their requirements such as cert validation and so forth. This context is then passed in through the `credssp_tls_context` kwarg of :meth:`spnego.client` or :meth:`spnego.server`. Args: usage: Either `initiate` for a client context or `accept` for a server context. Returns: TLSContext: The TLS context that can be used with CredSSP auth. .. _MS-CSSP Events and Sequencing Rules: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cssp/385a7489-d46b-464c-b224-f7340e308a5c initiateFi TLSVersionNminimum_version)r )rrPROTOCOL_TLS_CLIENTcheck_hostname CERT_NONE verify_modePROTOCOL_TLS_SERVERoptionsOP_NO_COMPRESSIONgetattrhasattrsetattrTLSv1_2Options OP_NO_SSLv2 OP_NO_SSLv3 OP_NO_TLSv1 OP_NO_TLSv1_1r )rctx tls_versions rdefault_tls_contextr5=s0 nnS445"--nnS445KK3((:5 BBK #|T2Ks%&&;& (;(;< KK # #ckk&=&= = @W@W WZ]ZeZeZsZs s  S ))rc[R"SS[5S9nS[R"53SSn[ R "[ R"[ RRU5/5n[RR[RR5n[ R"5RU5R!U5R#UR#55R%[ R&"55R)U5R+U[R,"SS9-5R/U[0R2"5[55nUR5[6R8R:S 9nUR=[6R8R:[6R>R@[6RB"5S 9nUR#5R5[6R8RD[6RFRH5nXVU4$) aoGenerates X509 cert and key for CredSSP acceptor. Generates a TLS X509 certificate and key that can be used by a CredSSP acceptor for authentication. This certificate is modelled after the one that the WSMan CredSSP service uses on Windows. Returns: Tuple[bytes, bytes, bytes]: The X509 PEM encoded certificate, PEM encoded key, and DER encoded public key. ir )public_exponentkey_sizebackendzCREDSSP-N@im)days)encoding)r<formatencryption_algorithm)%rgenerate_private_keyrplatformnoderName NameAttributeNameOID COMMON_NAMEdatetimenowtimezoneutcCertificateBuilder subject_name issuer_namer serial_numberrandom_serial_numbernot_valid_beforenot_valid_after timedeltasignrSHA256 public_bytesrEncodingPEM private_bytes PrivateFormatTraditionalOpenSSL NoEncryptionDER PublicFormatPKCS1)keycn_namenamerGcertcert_pemkey_pemr s rgenerate_tls_certificaterdqs  " "54Q`Qb cC)*3B/G 99d(()A)A7KL MD      1 1 5 5 6C ! d  T  CNN$ % t002 3  #  x11s;; < c6==?O$5 6   -*@*@*D*D EH''++**==*779 G "// 0F0F0J0JMLfLfLlLlmJ j ((rdatac[R"U[55nUR5nUR [ R R[ RR5$)ayPublic key bytes of an X.509 Certificate. Gets the public key bytes used by CredSSP of the provided X.509 certificate. Use this for the `public_key` attribute of class:`CredSSPTLSContext` for an acceptor context when providing your own certificate. Args: data: The DER encoded bytes of the X.509 certificate. Returns: bytes: The public key bytes of the certificate. ) rload_der_x509_certificaterr rTrrUr[r\r])rerar s rget_certificate_public_keyrhsP  ) )$0A BD"J  " "=#9#9#=#=}?Y?Y?_?_ ``r)r) dataclassesrFr@rr cryptographyrcryptography.hazmat.backendsrcryptography.hazmat.primitivesrr)cryptography.hazmat.primitives.asymmetricr dataclassr strr5Tuplerrdrhr rrrqs 8@9 ).).).Z1* 1*1*h%)&,,ueU/B"C%)Pa a ar