PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` gibddlmZmZmZmZddlZddlZddlmZddl m Z m Z ddl m Z mZddlmZmZmZej&d kreZd d gZd Zdd ZdZdZy))unicode_literalsdivisionabsolute_importprint_functionN) Certificate)newunwrap)CoreFoundation CFHelpers)Security SecurityConsthandle_sec_error)extract_from_system system_pathcy)NrI/opt/nydus/tmp/pip-target-bkdi07qp/lib/python/oscrypto/_mac/trust_list.pyrrs rcttd}tj|}t |t |}i}i}d}t t f}tj|} td| D]+} tj|| } t| \} } | || <-tj|tjtjfD]P}ttd}tj||}|tj k(r>t |t |}tj|} td| D]} tj|| } ttd}tj"| ||}|tj$k(rU|tj&k(r&t| \} } | |vrt)||| d|| =t |t |}t }t }tj|}td|D]}tj||}t+j,|}|j/dij/d|}|j/dd}|dk7xr|d k7}|r|j1||j1|t| \} } ||vr| |vr+t)||| d || =n||vr t |g}||f|| <tj|tj|Sg}|D]C} |st)||| d |j/| |}|j3|| |d|dfE|S) a Extracts trusted CA certificates from the OS X trusted root keychain. :param cert_callback: A callback that is called once for each certificate in the trust store. It should accept two parameters: an asn1crypto.x509.Certificate object, and a reason. The reason will be None if the certificate is being exported, otherwise it will be a unicode string of the reason it won't. :param callback_only_on_failure: A boolean - if the callback should only be called when a certificate is not exported. :raises: OSError - when an error is returned by the OS crypto library :return: A list of 3-element tuples: - 0: a byte string of a DER-encoded certificate - 1: a set of unicode strings that are OIDs of purposes to trust the certificate for - 2: a set of unicode strings that are OIDs of purposes to reject the certificate for z CFArrayRef *z 2.5.29.37.0rzinvalid trust settingskSecTrustSettingsPolicy SecPolicyOidkSecTrustSettingsResultr rzexplicitly distrustedN)r r rSecTrustCopyAnchorCertificatesrr setCFArrayGetCountrangeCFArrayGetValueAtIndex _cert_details CFReleaserkSecTrustSettingsDomainUserkSecTrustSettingsDomainAdmin SecTrustSettingsCopyCertificateserrSecNoTrustSettings!SecTrustSettingsCopyTrustSettingserrSecItemNotFounderrSecInvalidTrustSettings_cert_callbackr cf_dictionary_to_dictgetaddappend) cert_callbackcallback_only_on_failurecerts_pointer_pointerres certs_pointer certificates trust_info all_purposes default_trustlengthindex cert_pointerder_cert cert_hashdomain#cert_trust_settings_pointer_pointercert_trust_settings_pointertrust_settings_pointer_pointertrust_settings_pointer trust_oids reject_oidssettings_lengthsettings_indexsettings_dict_entry settings_dict policy_oid trust_result should_trustoutputcert_trust_infos rrrs4 ?  1 12G HCS01MLJ LUCENM  + +M :Fq&!+%<<]ER +L9)"* Y+ ]+ <h>hiP>.1...Q+77@cd -55 5 &,-P&Q#//0KL1f%D =E)@@A\^cdL-0-P *<<\6SqrC m666m>>>&3L&A#) ,"%$Y/0 %Y/ S !%+,J%K "J%K,<<=STO"'?"; 0&4&K&KLbdr&s# ) ? ?@S T +../H"MQQR`bno  -001JAN +q0F\Q5F NN:.OOJ/% 0(#0 "= Hi{* ,"%$Y// %Y/:-!$l^!4J)3[(A 9%  $ $%; dF!Y ' =,y*A4 H$..MB |I.0BOTUDVWX Y MrcB|sy|tj||y)aY Constructs an asn1crypto.x509.Certificate object and calls the export callback :param callback: The callback to call :param der_cert: A byte string of the DER-encoded certificate :param reason: None if cert is being exported, or a unicode string of the reason it is not being exported N)rload)callbackr;reasons rr*r*s  [  h '0rcd} tj|}tj|}t j |j }||f|tj|SS#|tj|wwxYw)a Return the certificate and a hash of it :param cert_pointer: A SecCertificateRef :return: A 2-element tuple: - [0]: A byte string of the SHA1 hash of the cert - [1]: A byte string of the DER-encoded contents of the cert N) rSecCertificateCopyDatar cf_data_to_byteshashlibsha1digestr r")r: data_pointerr;r<s rr!r!sL 366|D --l;LL*113 )$  #  $ $\ 2 $< #  $ $\ 2 $s AA--B)NF) __future__rrrrrTsys_asn1r_ffir r _core_foundationr r _securityrrr version_infoxranger__all__rrr*r!rrrrasXRR 7@@d E  FR1*3r