a if@sDddlZddlmZmZddlmZddlmZGdddeZdS)N)CalledProcessErrorcall)mkstemp)ConfigGeneratorc@seZdZdZhdZdZddddddd d d d d d ZddddddddZdddddddddddddd Zddddddddddddd Z ddddd d!d"d d!d"d# Z d$d%d&d'd(Z d$d%d&d'd)Z d$d%d*Z ed+d,Zed-d.Zed/d0Zed1d2Zed3d4Zd5S)6LibreswanGenerator libreswan>ZipsecZikerz5systemctl try-restart ipsec.service 2>/dev/null || : Zdh31Zdh19Zdh20Zdh21Zdh5Zdh14Zdh15Zdh16Zdh18) ZX448ZX25519 SECP256R1Z SECP384R1Z SECP521R1z FFDHE-6144z FFDHE-1536 FFDHE-2048z FFDHE-3072z FFDHE-4096z FFDHE-8192Zaes256Zaes192Zaes128Z aes_gcm256Z aes_gcm192Z aes_gcm128Zchacha20_poly1305)z AES-256-CBCz AES-192-CBCz AES-128-CBCz AES-256-GCMz AES-192-GCMz AES-128-GCMzCHACHA20-POLY1305Zsha2_512Zsha2_256) AES-256-CBC-HMAC-SHA2-512AES-256-CBC-HMAC-SHA2-256AES-192-CBC-HMAC-SHA2-512AES-192-CBC-HMAC-SHA2-256AES-128-CBC-HMAC-SHA2-256zAES-256-GCM-HMAC-SHA2-512zAES-256-GCM-HMAC-SHA2-256zAES-192-GCM-HMAC-SHA2-512zAES-192-GCM-HMAC-SHA2-256zAES-128-GCM-HMAC-SHA2-512zAES-128-GCM-HMAC-SHA2-256zCHACHA20-POLY1305-HMAC-SHA2-512zCHACHA20-POLY1305-HMAC-SHA2-256Zsha1) r rr rrzAES-256-CBC-HMAC-SHA1zAES-192-CBC-HMAC-SHA1zAES-128-CBC-HMAC-SHA1zAES-256-GCM-AEADzAES-192-GCM-AEADzAES-128-GCM-AEADzCHACHA20-POLY1305-AEADzrsa-sha1zecdsa-sha2_256zecdsa-sha2_384zecdsa-sha2_512z rsa-sha2_256z rsa-sha2_384z rsa-sha2_512) zRSA-SHA1zECDSA-SHA2-256zECDSA-SHA2-384zECDSA-SHA2-512zRSA-PSS-SHA2-256zRSA-PSS-SHA2-384zRSA-PSS-SHA2-512zRSA-PSS-RSAE-SHA2-256zRSA-PSS-RSAE-SHA2-384zRSA-PSS-RSAE-SHA2-512rr)AEAD HMAC-SHA2-512 HMAC-SHA2-256 HMAC-SHA1)rrrr)r r cCs||jvrdS|j|SNc)mac_ike_prio_mapclskeyr?/usr/share/crypto-policies/python/policygenerators/libreswan.pyZ__get_ike_prioss z!LibreswanGenerator.__get_ike_priocCs||jvrdS|j|Sr)mac_esp_prio_maprrrrZ__get_esp_priozs z!LibreswanGenerator.__get_esp_priocCs||jvrdS|j|Sr)group_prio_maprrrrZ__get_group_prios z#LibreswanGenerator.__get_group_prioc Cs d}d}|j}d}dd|dD}d|vr2d}n d |vr>d }|rR|d |d 7}|d 7}t|d|jd}t|d|jd}d} |dD]} z|j| } WntyYqYn0| d} d}|D]@} z|j| d| }WntyYqYn0|||d}q|sq| |7} d}|D]>}z|j|}WntyJYqYn0|||d}q|| |d} || | |} q| r|d| d 7}t|d|j d}d} |dD]} z|j| } WntyYqYn0| d} d}|D]V} z|j | d| }Wnty"YqYn0|s4| } qF|||d}q| |7} | dddkrdq|| | |} q| r|d| d 7}d} t }|dD]R}z|j |}WntyYqYn0||vr| ||| ||} q| r|d| d 7}|S)Nzconn %default ,r cSsg|]}|dr|qS)ZIKE) startswith).0xrrr z6LibreswanGenerator.generate_config..ZprotocolZIKEv2z ikev2=insistZIKEv1z ikev2=never  z pfs=yes mac)rgroupcipher-+z ike=z esp=signz authby=)Zenabledsorted!_LibreswanGenerator__get_ike_prio#_LibreswanGenerator__get_group_prio cipher_mapKeyErrorcipher_prf_mapappend group_map!_LibreswanGenerator__get_esp_priocipher_mac_mapsetsign_mapadd)rZpolicyZcfgseppsprotoZ sorted_macsZ sorted_groupstmpr+cmZcombor)Zmmir*Zsigalgsr/Zsmrrrgenerate_configs             z"LibreswanGenerator.generate_configc CstdtjsdSt\}}d}zzt|d}||Wdn1sN0Yztd|ddd}Wnty|dYn0Wt |n t |0|r|d |d |d SdS) Nz/usr/sbin/ipsecTwz'/usr/sbin/ipsec readwriteconf --config z >/dev/null)shellz!/usr/sbin/ipsec: Execution failedz/There is an error in libreswan generated policyzPolicy: F) osaccessX_OKrfdopenwriterrZeprintunlink)rZconfigfdpathretfrrr test_configs& (    zLibreswanGenerator.test_configN)__name__ __module__ __qualname__Z CONFIG_NAMEZSCOPESZ RELOAD_CMDr7r3r5r9r;rrr classmethodr1r8r2rDrRrrrrr s      _r) rH subprocessrrZtempfilerZconfiggeneratorrrrrrrs