o ]@sdZddlZddlZddlZddlZddlZddlZddlZddl Zddl Zddl Zddl Zddl ZddlZddlZddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*ej+,rddlm-Z-nddl.m-Z-dZ/dZ0ej1j23dd d d d Z4ej56d Z7ej58dZ9dZ:ddZ;dmddZddZ?ddZ@ddZAdd ZBd!d"ZCd#d$ZDd%d&ZEd'd(ZFd)d*ZGed+d,ZHed+d-ZIe!d.d.ZJe"d/d/ZKeLeEd0d1d2d3ZMeLeEd4d5d6d7ZNed8d9d:d;d<ZOe d=d>ZPe d?d@ZQe$dAdBZRe dCdDZSe dEdFZTedGdHZUedIdIdJd;d<ZVedKdKdLd;d<ZWe%dMdNdOZXe%dPdQdRZYe%dSdTdOZZe%dUdVdWZ[edXdYZ\e%dZd[d\d]Z]ed^d_Z^ed`daZ_e#dbdcZ`edddddedfZaGdgdhdheZbGdidjdjebZcGdkdldlebZddS)na Parsing for Tor server descriptors, which contains the infrequently changing information about a Tor relay (contact information, exit policy, public keys, etc). This information is provided from a few sources... * The control port via 'GETINFO desc/\*' queries. * The 'cached-descriptors' file in Tor's data directory. * Archived descriptors provided by `CollecTor `_. * Directory authorities and mirrors via their DirPort. **Module Overview:** :: ServerDescriptor - Tor server descriptor. |- RelayDescriptor - Server descriptor for a relay. | +- make_router_status_entry - Creates a router status entry for this descriptor. | |- BridgeDescriptor - Scrubbed server descriptor for a bridge. | |- is_scrubbed - checks if our content has been properly scrubbed | +- get_scrubbing_issues - description of issues with our scrubbing | |- digest - calculates the upper-case hex digest value for our content |- get_annotations - dictionary of content prior to the descriptor entry +- get_annotation_lines - lines that provided the annotations .. data:: BridgeDistribution (enum) Preferred method of distributing this relay if a bridge. .. versionadded:: 1.6.0 ===================== =========== BridgeDistribution Description ===================== =========== **ANY** No proference, BridgeDB will pick how the bridge is distributed. **HTTPS** Provided via the `web interface `_. **EMAIL** Provided in response to emails to bridges@torproject.org. **MOAT** Provided in interactive menus within Tor Browser. **HYPHAE** Provided via a cryptographic invitation-based system. ===================== =========== N)RouterStatusEntryV3) PGP_BLOCK_END Descriptor DigestHashDigestEncodingcreate_signing_key_descriptor_content_descriptor_components_read_until_keywords_bytes_for_block_value_values_parse_simple_line_parse_int_line_parse_if_present_parse_bytes_line_parse_timestamp_line_parse_forty_character_hex_parse_protocol_line_parse_key_block_append_router_signature_random_nickname_random_ipv4_address _random_date_random_crypto_blob) lru_cache)router bandwidth published onion-key signing-keyrouter-signature)identity-ed25519master-key-ed25519platform fingerprint hibernatinguptimecontact read-history write-historyeventdnsbridge-distribution-requestfamilycaches-extra-infoextra-info-digesthidden-service-dir protocolsallow-single-hop-exitstunnelled-dir-serverprotoonion-key-crosscertntor-onion-keyntor-onion-key-crosscertrouter-sig-ed25519)ANYany)ZHTTPSZhttps)ZEMAILZemail)ZMOATZmoat)ZHYPHAEZhyphaezreject 1-65535 reject *:*r:cCstjjt|dS)N=)stemutil str_tools _to_unicodebase64Z b64encoderstripcontentrEC/usr/lib/python3/dist-packages/stem/descriptor/server_descriptor.py_truncated_b64encodesrGFcks td|}ttj|}ttjjj|}tt dd|}|s6td|}t ddd}|t||d7}ntd |d}|rk|d d rK|dd }t d |}|r_t|||fi|Vnt|||fi|Vn|rx|rxtd d |d Sq)a8 Iterates over the server descriptors in a file. :param file descriptor_file: file with descriptor content :param bool is_bridge: parses the file as being a bridge descriptor :param bool validate: checks the validity of the descriptor's content if **True**, skips these checks otherwise :param dict kwargs: additional arguments for the descriptor constructor :returns: iterator for ServerDescriptor instances in the file :raises: * **ValueError** if the contents is malformed and validate is True * **IOError** if the file can't be read TrcSs|dkS)NrE)xrErErFz_parse_file..r! r router-digests@typeNz0Content conform to being a server descriptor: %s )r mapbytesstripr=r>r?r@listfilterrsplit startswithjoinBridgeDescriptorRelayDescriptor ValueError)Zdescriptor_fileZ is_bridgevalidatekwargs annotationsZdescriptor_contentZblock_end_prefixZdescriptor_textrErErF _parse_files,+      r_cCsHtd|}|}t|dkrtd|tjj|ds&td|dtjj |ds7td|dtjjj |dd d sJtd |dtjjj |d d d s]td |d tjjj |dd d sptd|d|d|_ |d|_ t |d|_|d dkrdnt |d |_|ddkrd|_dSt |d|_dS)Nrz,Router line must have five values: router %srz,Router line entry isn't a valid nickname: %srMz0Router line entry isn't a valid IPv4 address: %sT)Z allow_zeroz#Router line's ORPort is invalid: %sz&Router line's SocksPort is invalid: %sz$Router line's DirPort is invalid: %s0)r rVlenr[r=r> tor_toolsZis_valid_nickname connectionis_valid_ipv4_address is_valid_portnicknameaddressintor_port socks_portdir_port) descriptorentriesvalueZ router_comprErErF_parse_router_lines&     (rscCstd|}|}t|dkrtd||ds#td|d|ds1td|d|ds?td |dt|d|_t|d|_t|d|_dS) Nrrbz3Bandwidth line must have three values: bandwidth %srz/Bandwidth line's average rate isn't numeric: %srMz-Bandwidth line's burst rate isn't numeric: %sraz0Bandwidth line's observed rate isn't numeric: %s) r rVrer[isdigitrlaverage_bandwidthburst_bandwidthobserved_bandwidth)rprqrrZbandwidth_comprErErF_parse_bandwidth_lines      rxcCsftdd||td|}td|}|r1|\}|_z tj||_ WdSt y0YdSwdS)Nr$z^(?:node-)?Tor (\S*).* on (.*)$) rr rematchgroupsoperating_systemr=versionZ _get_version tor_versionr[)rprqrrZplatform_matchZ version_strrErErF_parse_platform_lines  rcCsbtd|}|dd}|dD]}t|dkrtd|qtjj|s,td|||_ dS)Nr%rLrHrcz=Fingerprint line should have groupings of four hex digits: %sz6Tor relay fingerprints consist of forty hex digits: %s) r replacerVrer[r=r>rfZis_valid_fingerprintr%)rprqrrr%groupingrErErF_parse_fingerprint_line.s      rcCsftd|}|d}tjj|ddstd|d|d|_t|dkr.|d|_ dSd|_ dS)Nr/rLr(z1extra-info-digest should be 40 hex characters: %srarM) r rVr=r>rfZ is_hex_digitsr[extra_info_digestreextra_info_sha256_digest)rprqrrZ digest_comprErErF_parse_extrainfo_digest_line?s   $rcCs,td|}|dvrtd||dk|_dS)Nr&)rd1z>Hibernating line had an invalid value, must be zero or one: %sr)r r[r&)rprqrrrErErF_parse_hibernating_lineJs  rcCsNtd|}td|}|std||\}}|d|_|d|_dS)Nr1z^Link (.*) Circuit (.*)$z?Protocols line did not match the expected pattern: protocols %srL)r ryrzr[r{rVlink_protocolscircuit_protocols)rprqrrZprotocols_matchZ link_versionsZcircuit_versionsrErErF_parse_protocols_lineUs     rc Cstd|}g}|D]R}d|}d|vrtd||dd\}}tjj|s7tjjj|dds7td|tjj|sDtd || | d  d t |tjjj|ddfq ||_ dS) N or-addressz or-address %s:z#or-address line missing a colon: %srMT)Zallow_bracketsz+or-address line has a malformed address: %sz(or-address line has a malformed port: %s[])r r[rsplitr=r>rgrhZis_valid_ipv6_addressriappendlstriprBrl or_addresses)rprqZ all_valuesrentrylinerkportrErErF_parse_or_address_lineas     0 rc Cst||}tjj||\}}} z| rdd| dD} ng} Wnty1td|||fwt|||t|||t||| dS)NcSsg|]}t|qSrE)rl).0rrErErF ~sz'_parse_history_line..,z%%s line has non-numeric values: %s %s)r r=rpZextrainfo_descriptorZ_parse_timestamp_and_intervalrVr[setattr) keywordZhistory_end_attributeZhistory_interval_attributeZhistory_values_attributerprqrrZ timestampintervalZ remainderZhistory_valuesrErErF_parse_history_linexs    rcCsLt|dr$|jrtjj|jddkrt|_ntjj|j|_|`dSdS)N_unparsed_exit_policyrr;) hasattrrr=r>r?r@REJECT_ALL_POLICY exit_policy ExitPolicyrprqrErErF_parse_exit_policys rcCs4tddd|||jrtjjj|j|_dSdS)Nr"ed25519_certificate ED25519 CERT)rrr=rp certificateZEd25519CertificateZ from_base64rrErErF_parse_identity_ed25519_linesrr#ed25519_master_keyed25519_certificate_hashr(rr)read_history_endread_history_intervalread_history_valuesr*write_history_endwrite_history_intervalwrite_history_values ipv6-policyexit_policy_v6cCs tj|SN)r=rMicroExitPolicyvrErErFrJs rJ)funcr2allow_single_hop_exitsr3allow_tunneled_dir_requestsr4r1r0is_hidden_service_dirr.extra_info_cacher,bridge_distributionr-cCst|dS)NrL)setrVrrErErFrJsr+cCs|dkS)NrrErrErErFrJrKr onion_keyRSA PUBLIC KEYr5onion_key_crosscertZ CROSSCERTr signing_keyr! signature SIGNATUREr6ntor_onion_keyr7ntor_onion_key_crosscertrntor_onion_key_crosscert_signr8ed25519_signaturerouter-digest-sha256router_digest_sha256rN_digestr'T)Zallow_negativecsjeZdZdZiddefddefddefddefddefddefd defd defd defd de fd de fdde fdde fde e fde efdeefddefiddefddefddefddefddefddefddefddefdiefddefddefd defd!defd"defd#gefd$defd%defdefdefdefdefd&Zid'ed(ed e dedededed)ed*ede ded+ed,ed-ed.ed/e d0eeeeeeed1Z dDfd2d3 Z!e"j#e$j%fd4d5Z&e'd6d7Z(d8d9Z)d:d;Z*dd?Z,d@dAZ-dBdCZ.Z/S)EServerDescriptora Common parent for server descriptors. :var str nickname: **\*** relay's nickname :var str fingerprint: identity key fingerprint :var datetime published: **\*** time in UTC when this descriptor was made :var str address: **\*** IPv4 address of the relay :var int or_port: **\*** port used for relaying :var int socks_port: **\*** port used as client (**deprecated**, always **None**) :var int dir_port: **\*** port used for descriptor mirroring :var bytes platform: line with operating system and tor version :var stem.version.Version tor_version: version of tor :var str operating_system: operating system :var int uptime: uptime when published in seconds :var bytes contact: contact information :var stem.exit_policy.ExitPolicy exit_policy: **\*** stated exit policy :var stem.exit_policy.MicroExitPolicy exit_policy_v6: **\*** exit policy for IPv6 :var BridgeDistribution bridge_distribution: **\*** preferred method of providing this relay's address if a bridge :var set family: **\*** nicknames or fingerprints of declared family :var int average_bandwidth: **\*** average rate it's willing to relay in bytes/s :var int burst_bandwidth: **\*** burst rate it's willing to relay in bytes/s :var int observed_bandwidth: **\*** estimated capacity based on usage in bytes/s :var list link_protocols: link protocols supported by the relay :var list circuit_protocols: circuit protocols supported by the relay :var bool is_hidden_service_dir: **\*** indicates if the relay serves hidden service descriptors :var bool hibernating: **\*** hibernating when published :var bool allow_single_hop_exits: **\*** flag if single hop exiting is allowed :var bool allow_tunneled_dir_requests: **\*** flag if tunneled directory requests are accepted :var bool extra_info_cache: **\*** flag if a mirror for extra-info documents :var str extra_info_digest: upper-case hex encoded digest of our extra-info document :var str extra_info_sha256_digest: base64 encoded sha256 digest of our extra-info document :var bool eventdns: flag for evdns backend (**deprecated**, always unset) :var str ntor_onion_key: base64 key used to encrypt EXTEND in the ntor protocol :var list or_addresses: **\*** alternative for our address/or_port attributes, each entry is a tuple of the form (address (**str**), port (**int**), is_ipv6 (**bool**)) :var dict protocols: mapping of protocols to their supported versions **Deprecated**, moved to extra-info descriptor... :var datetime read_history_end: end of the sampling interval :var int read_history_interval: seconds per interval :var list read_history_values: bytes read during each interval :var datetime write_history_end: end of the sampling interval :var int write_history_interval: seconds per interval :var list write_history_values: bytes written during each interval **\*** attribute is either required when we're parsed with validation or has a default value, others are left as **None** if undefined .. versionchanged:: 1.5.0 Added the allow_tunneled_dir_requests attribute. .. versionchanged:: 1.6.0 Added the extra_info_sha256_digest, protocols, and bridge_distribution attributes. .. versionchanged:: 1.7.0 Added the is_hidden_service_dir attribute. .. versionchanged:: 1.7.0 Deprecated the hidden_service_dir field, it's never been populated (:spec:`43c2f78`). This field will be removed in Stem 2.0. rjNr%r(rrrkrmrnror$r~r|r'rrr-rurvrwrrrFr&rrr1rrrr+rrrr)rrrrrrr/r0r6rr)r*rr2)r3r4r.r,r-r+cstt|j|| d|r|ng|_ttjj||ddd\}|_ dg|_ |rZ| ||t |||rS|j rS|jrS|j dkrS|jtjdkrStd|j|j f||d S||_d S) a Server descriptor constructor, created from an individual relay's descriptor content (as provided by 'GETINFO desc/*', cached descriptors, and metrics). By default this validates the descriptor's content as it's parsed. This validation can be disables to either improve performance or be accepting of malformed data. :param str raw_contents: descriptor content provided by the relay :param bool validate: checks the validity of the descriptor's content if **True**, skips these checks otherwise :param list annotations: lines that appeared prior to the descriptor :raises: **ValueError** if the contents is malformed and validate is True )Z lazy_load)Zacceptreject)r(r$)Zextra_keywordsZnon_ascii_fields2rz0.1.2.7z;Descriptor for version '%s' had a negative uptime value: %iN)superr__init___annotation_linesr r=r>r?r@rZhidden_service_dir_parserr'r~r}ZVersionr[_check_constraintsZ_entries)self raw_contentsr\r^rq __class__rErFrVs    zServerDescriptor.__init__cCstd)a Digest of this descriptor's content. These are referenced by... * **Consensus** * Referer: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` **digest** attribute * Format: **SHA1/BASE64** .. versionchanged:: 1.8.0 Added the hash_type and encoding arguments. :param stem.descriptor.DigestHash hash_type: digest hashing algorithm :param stem.descriptor.DigestEncoding encoding: digest encoding :returns: **hashlib.HASH** or **str** based on our encoding argument zRUnsupported Operation: this should be implemented by the ServerDescriptor subclass)NotImplementedErrorr hash_typeencodingrErErFdigestszServerDescriptor.digestcCs>i}|jD]}d|vr|dd\}}|||<qd||<q|S)aT Provides content that appeared prior to the descriptor. If this comes from the cached-descriptors file then this commonly contains content like... :: @downloaded-at 2012-03-18 21:18:29 @source "173.254.216.66" .. deprecated:: 1.8.0 Users very rarely read from cached descriptor files any longer. This method will be removed in Stem 2.x. If you have some need for us to keep this please `let me know `_. :returns: **dict** with the key/value pairs in our annotations rLrMN)rrV)rZannotation_dictrkeyrrrErErFget_annotationss   z ServerDescriptor.get_annotationscCs|jS)ao Provides the lines of content that appeared prior to the descriptor. This is the same as the :func:`~stem.descriptor.server_descriptor.ServerDescriptor.get_annotations` results, but with the unparsed lines and ordering retained. .. deprecated:: 1.8.0 Users very rarely read from cached descriptor files any longer. This method will be removed in Stem 2.x. If you have some need for us to keep this please `let me know `_. :returns: **list** with the lines of annotation that came before this descriptor )rrrErErFget_annotation_linessz%ServerDescriptor.get_annotation_linescCs|D] }||vrtd|q|D]}||vr)t||dkr)td|q|}|r@|t|dkr@td||}|rV|t|dkrVtd|d|vrvd |vrftd d t|d d vrvtd |js}tdd S)z Does a basic check that the entries conform to this descriptor type's constraints. :param dict entries: keyword => (value, pgp key) entries :raises: **ValueError** if an issue arises in validation z!Descriptor must have a '%s' entryrMz3The '%s' entry can only appear once in a descriptorrz'Descriptor must start with a '%s' entryz%Descriptor must end with a '%s' entryr"r8zKDescriptor must have router-sig-ed25519 entry to accompany identity-ed25519NzCDescriptor must have 'router-sig-ed25519' as the next-to-last entryz`_) :var stem.certificate.Ed25519Certificate certificate: ed25519 certificate :var str ed25519_certificate: base64 encoded ed25519 certificate :var str ed25519_master_key: base64 encoded master key for our ed25519 certificate :var str ed25519_signature: signature of this document using ed25519 :var str onion_key: **\*** key used to encrypt EXTEND cells :var str onion_key_crosscert: signature generated using the onion_key :var str ntor_onion_key_crosscert: signature generated using the ntor-onion-key :var str ntor_onion_key_crosscert_sign: sign of the corresponding ed25519 public key :var str signing_key: **\*** relay's long-term identity key :var str signature: **\*** signature for this descriptor **\*** attribute is required when we're parsed with validation .. versionchanged:: 1.5.0 Added the ed25519_certificate, ed25519_master_key, ed25519_signature, onion_key_crosscert, ntor_onion_key_crosscert, and ntor_onion_key_crosscert_sign attributes. .. versionchanged:: 1.6.0 Moved from the deprecated `pycrypto `_ module to `cryptography `_ for validating signatures. .. versionchanged:: 1.6.0 Added the certificate attribute. .. deprecated:: 1.6.0 Our **ed25519_certificate** is deprecated in favor of our new **certificate** attribute. The base64 encoded certificate is available via the certificate's **encoded** attribute. .. versionchanged:: 1.6.0 Added the **skip_crypto_validation** constructor argument. zserver-descriptorN) rrrrrrrrrr)r"r#r8rr5r7r r!Fcstt|||||r||jr+tt|j}||j kr+t d|j |f|sjt j rj||j|j}||krJt d||f|jrjt j rj||j|j}||krjt d||ft j j ddr~|jr|j|dSdSdSdS)Nz^Fingerprint does not match the hash of our signing key (fingerprint: %s, signing key hash: %s)zHDecrypted digest does not match local digest (calculated: %s, local: %s)z\Decrypted onion-key-crosscert digest does not match local digest (calculated: %s, local: %s)T)Zed25519)rrZrr%hashlibsha1r r hexdigestlowerr[r=prereqZis_crypto_availableZ_digest_for_signaturerrrr_onion_key_crosscert_digestrr\)rrr\r^skip_crypto_validationZkey_hashZ signed_digestZonion_key_crosscert_digestrrErFrGs$  zRelayDescriptor.__init__rEc Cs0|rd}|dur i}|durt}ddttffdtfdgddt|Ddtd fd td fg}|r|rCd |vrCtd |rMd |vrMtd |durTt}d|vrxt t t j j|j}dt j j|d|d<|j|d <t|||d}t||jSt|||dd tdffS)NTr%s %s 9001 0 0r)rz153600 256000 104590cSsg|] }t|ddqS)rLrM)tuplerV)rrrErErFrosz+RelayDescriptor.content..rrr z=Cannot sign the descriptor if a signing-key has been providedr!zBCannot sign the descriptor if a router-signature has been providedr%rLrcs router-signature )r8Nr)rrrrstr splitlinesrr[rrrr r=r>r?r@Z public_digestrSrupperrXZ_split_by_lengthrrZprivate) clsattrexcludesignrrZ base_headerr%rDrErErFrD`sF     &   zRelayDescriptor.contentTcCs||||||||| dS)N)r\r rC)rrrr\rrrrErErFcreateszRelayDescriptor.createcCsV|jddd}|tjkrtjt||S|tjkr%tjt ||St d|)z Provides the digest of our descriptor's content. :returns: the digest string encoded in uppercase hex :raises: ValueError if the digest cannot be calculated rz router-signature )startendzGServer descriptor digests are only available in sha1 and sha256, not %s) Z_content_rangerrr=rpZ_encode_digestrrZSHA256Zsha256r)rrrrDrErErFrs    zRelayDescriptor.digestc Cs|jstdd|jtttjj |jtttjj | |j d|jt|j|jr7t|jndgd|j|jddd}|jrSd |j|d <|jr`d d |jD|d <|jrmdt|jj|d<t|S)z Provides a RouterStatusEntryV3 for this descriptor content. .. versionadded:: 1.6.0 :returns: :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3` that would be in the consensus zmServer descriptor lacks a fingerprint. This is an optional field, but required to make a router status entry.rLz%Y-%m-%d %H:%M:%Srdz Bandwidth=%iz, r)rwpzTor %srcSsg|] \}}}d||fqS)z%s:%srE)rZaddrr_rErErFrsz.az ed25519 %sid)r%r[rXrjrGbinasciiZ unhexlifyr=r>r? _to_bytesrrstrftimerkrrmrorurZsummaryrr~rrrrr)rrrErErFmake_router_status_entrys*    z(RelayDescriptor.make_router_status_entrycCsJtt|j}|ttjj |j d}tjj t |S)z Provides the digest of the onion-key-crosscert data. This consists of the RSA identity key sha1 and ed25519 identity key. :returns: **unicode** digest encoded in uppercase hex :raises: ValueError if the digest cannot be calculated r<)rrr rrrAZ b64decoder=r>r?r rr@rZhexlifyr)rZsigning_key_digestdatarErErFr s z+RelayDescriptor._onion_key_crosscert_digestcs:tt|||jr|jstd|jstddSdS)NzMDescriptor must have a 'onion-key-crosscert' when identity-ed25519 is presentzLDescriptor must have a 'router-sig-ed25519' when identity-ed25519 is present)rrZrrrr[r)rrqrrErFrsz"RelayDescriptor._check_constraints)FNF)NrEFNN)NrETFNN)rrrrTYPE_ANNOTATION_NAMEdictrrr_parse_master_key_ed25519_line_parse_router_sig_ed25519_line_parse_onion_key_line_parse_onion_key_crosscert_line$_parse_ntor_onion_key_crosscert_line_parse_signing_key_line_parse_router_signature_linerr classmethodrDrrrrrrrr"r rrrErErrFrZsH(     , & rZc@seZdZdZdZeejfidefde fde fdZeej fiee e dZ e ddd Z ejejfd d Zd d ZeddZddZddZddZdS)rYa Bridge descriptor (`bridge descriptor specification `_) :var str ed25519_certificate_hash: sha256 hash of the original identity-ed25519 :var str router_digest_sha256: sha256 digest of this document .. versionchanged:: 1.5.0 Added the ed25519_certificate_hash and router_digest_sha256 attributes. Also added ntor_onion_key (previously this only belonged to unsanitized descriptors). zbridge-server-descriptorN)rrr)r#rrNrEFcCs>|r td|jt||ddttffddtfddfS)NzSigning of %s not implementedrr )rNZ(006FD96BA35E7785A6A3B8B75FE2E2435A13BDB4r)rz409600 819200 5120)rz*:*)rrrrrr)rrrrrErErFrDszBridgeDescriptor.contentcCs*|tjkr |tjkr |jStd||f)NzJBridge server descriptor digests are only available as sha1/hex, not %s/%s)rrrrrrrrErErFr szBridgeDescriptor.digestcCs |gkS)a< Checks if we've been properly scrubbed in accordance with the `bridge descriptor specification `_. Validation is a moving target so this may not be fully up to date. :returns: **True** if we're scrubbed, **False** otherwise )get_scrubbing_issuesrrErErF is_scrubbeds zBridgeDescriptor.is_scrubbedcCsg}|jds|d|j|jr |jdkr |d|j|jD]"\}}}|s7|ds7|d|q#|rE|dsE|d|q#|D](}|drY|d |qJ|d rf|d |qJ|d rr|d |qJ|S)z Provides issues with our scrubbing. :returns: **list** of strings which describe issues we have with our scrubbing, this list is empty if we're properly scrubbed z10.z=Router line's address should be scrubbed to be '10.x.x.x': %sZsomebodyzFContact line should be scrubbed to be 'somebody', but instead had '%s'zAor-address line's address should be scrubbed to be '10.x.x.x': %szfd9f:2e19:3bcf::zPor-address line's address should be scrubbed to be 'fd9f:2e19:3bcf::xx:xxxx': %sz onion-key z;Bridge descriptors should have their onion-key scrubbed: %sz signing-key z=Bridge descriptors should have their signing-key scrubbed: %szrouter-signature z;Bridge descriptors should have their signature scrubbed: %s)rkrWrr(rZget_unrecognized_lines)rZissuesrkrZis_ipv6rrErErFr.s(     z%BridgeDescriptor.get_scrubbing_issuescs(gddg}t|fddtDS)N)rr r!rNcsg|]}|vr|qSrErE)rfZexcluded_fieldsrErFrOsz5BridgeDescriptor._required_fields..)rr)rZincluded_fieldsrEr1rFrAsz!BridgeDescriptor._required_fieldscCs |tSr)rrrrErErFrQs zBridgeDescriptor._single_fieldscCsdSrrErrErErFrTrzBridgeDescriptor._last_keyword)NrEF)rrrrr$r%rr'_parse_master_key_ed25519_for_hash_line _parse_router_digest_sha256_line_parse_router_digest_linerr-rDrrrrrr/rr.rrrrErErErFrYs,      " rY)FF)errAr functoolsrryZstem.descriptor.certificater=Z$stem.descriptor.extrainfo_descriptorZstem.exit_policyZ stem.prereqZstem.util.connectionZstem.util.enumZstem.util.str_toolsZstem.util.tor_toolsZ stem.versionZ#stem.descriptor.router_status_entryrZstem.descriptorrrrrrrr r r r r rrrrrrrrrrrrrr Z_is_lru_cache_availablerZstem.util.lru_cacherrr>enumEnumZBridgeDistributionrrrrrrrGr_rsrxrrrrrrrrrr&r2rrpartialrrrrrrrrrrrr(r)r+r,rr*r'r3r4rrrZrYrErErErFs. h      L                     Ba