B F.\@sddlmZmZmZy ddlZWnek r8dZYnXddlZdddgZddgZdd gZ d gZ e e d d e Dd d eDZ ddZ GdddeZdS))print_functiondivisionabsolute_importNZclientZ schedulerZworkerkeycertca_fileciphersrequire_encryptioncCsg|] }d|qS)ztls_%s).0fieldr r 3lib/python3.7/site-packages/distributed/security.py srcCs"g|]}tD]}d||fq qS)z tls_%s_%s)_tls_per_role_fields)r roler r r r rscCs |ddS)N_-)replace)r r r r _field_to_config_keysrc@s`eZdZdZeeZddZddZddZ dd Z d d Z d d Z ddZ ddZddZdS)Securitya An object to gather and pass around security configuration. Default values are gathered from the global ``config`` object and can be overriden by constructor args. Supported fields: - require_encryption - tls_ca_file - tls_ciphers - tls_client_key - tls_client_cert - tls_scheduler_key - tls_scheduler_cert - tls_worker_key - tls_worker_cert cKs`|tjjx(|D]\}}|dk rt|||qWx"tD]}t||s>t||dq>WdS)N)_init_from_dictdaskZconfigitemssetattr_fieldshasattr)selfkwargskvr r r __init__3s  zSecurity.__init__cCs$||dti||dttdS)z7 Initialize Security from nested dict. tlsN)_init_fields_from_dict _misc_fields _tls_fieldsr)rdr r r r<szSecurity._init_from_dictc Cs|r||i}|d}nd}x4|D],}t|}||kr$t|d||f||q$WxPtD]H}||i} x6|D].}t|}|| krpt|d|||f| |qpWqZWdS)Nrr!z%s%sz%s%s_%s)getrr_roles) rr&categoryfieldsper_role_fieldsZcategory_prefixr rrZddr r r r#Cs      zSecurity._init_fields_from_dictcs2tfddtD}dddd|DdS)Nc3s|]}|t|fVqdS)N)getattr)r r)rr r Vsz$Security.__repr__..z Security(z, css&|]\}}|dk rd||fVqdS)Nz%s=%rr )r rrr r r r-Xs))sortedrjoin)rrr )rr __repr__UszSecurity.__repr__cCs|d|ttS)zR Return the TLS configuration for the given role, as a flat dict. r")_get_config_for_roler%r)rrr r r get_tls_config_for_role[sz Security.get_tls_config_for_rolecCsp|tkrtd|fi}x&|D]}d||f}t||||<q Wx(|D] }d|||f}t||||<qHW|S)Nzunknown role %rz%s_%sz%s_%s_%s)r( ValueErrorr,)rr)rr*r+r&r rr r r r2as   zSecurity._get_config_for_rolecCs|dr|drytj||dd}Wntk rFtdYnXtj|_d|_||d|d|dr| |d|SdS)Nrr)purposeZcafilez(TLS functionality requires Python 2.7.9+Frr) r'sslZcreate_default_contextAttributeError RuntimeErrorZ CERT_REQUIREDZ verify_modeZcheck_hostnameZload_cert_chainZ set_ciphers)rr"r5Zctxr r r _get_tls_contextms zSecurity._get_tls_contextcCsBi}||}ttdr tjjnd}||||d<|j|d<|S)zh Get the *connection_args* argument for a connect() call with the given *role*. PurposeN ssl_contextr )r3rr6r:Z SERVER_AUTHr9r )rrr&r"r5r r r get_connection_args}s   zSecurity.get_connection_argscCsBi}||}ttdr tjjnd}||||d<|j|d<|S)zg Get the *connection_args* argument for a listen() call with the given *role*. r:Nr;r )r3rr6r:Z CLIENT_AUTHr9r )rrr&r"r5r r r get_listen_argss   zSecurity.get_listen_argsN)__name__ __module__ __qualname____doc__tupler __slots__r rr#r1r3r2r9r<r=r r r r rs   r)Z __future__rrrr6 ImportErrorrr(rr%r$setrrobjectrr r r r s