B ÐH/\ßiã @s\dZddlmZddlZejZddlZddlmZm Z ddlm Z ddlm Z ddlmZddlmZd d d d gZeeeƒed gddZeeZdekr¤e d¡ejZGdd „d eƒZGdd„dejƒZyeZWnek rèYnXeedƒrddd„ZGdd „d eƒZ e e_!e dƒZ"e dƒZ#e dƒZ$ddde%e&ddddf dd „Z'e&dfdd „Z(dS) z SSL wrapper for socket objects on Python 3. For the documentation, refer to :mod:`ssl` module manual. This module implements cooperative SSL socket wrappers. é)Úabsolute_importN)ÚsocketÚtimeout_default)Úerror)Útimeout)Ú copy_globals)ÚrefÚ SSLContextÚ SSLSocketÚ wrap_socketÚget_server_certificater©)Znames_to_ignoreZdunder_names_to_keepÚ namedtuplecs¦eZdZdZddd„Zeedƒs$dZeejdƒrlejj ‡fdd „ƒZej j ‡fd d „ƒZ ej j ‡fd d „ƒZ eedƒržej j ‡fdd„ƒZ ej j ‡fdd„ƒZ ‡ZS)r NFTc Cs|j|||||||dS)N)ÚsockÚ server_sideÚdo_handshake_on_connectÚsuppress_ragged_eofsÚserver_hostnameÚ_contextÚ_session)Ússlsocket_class)ÚselfrrrrrÚsessionr r ú+lib/python3.7/site-packages/gevent/_ssl3.pyr 4szSSLContext.wrap_socketÚcheck_hostnameÚsettercstttƒj ||¡dS)N)ÚsuperÚorig_SSLContextÚoptionsÚ__set__)rÚvalue)Ú __class__r rrOszSSLContext.optionscstttƒj ||¡dS)N)rrÚ verify_flagsr)rr )r!r rr"SszSSLContext.verify_flagscstttƒj ||¡dS)N)rrÚ verify_moder)rr )r!r rr#WszSSLContext.verify_modeÚminimum_versioncstttƒj ||¡dS)N)rrr$r)rr )r!r rr$]szSSLContext.minimum_versioncstttƒj ||¡dS)N)rrÚmaximum_versionr)rr )r!r rr%aszSSLContext.maximum_version)FTTNN)Ú__name__Ú __module__Ú __qualname__rr Úhasattrrrrrr"r#r$r%Ú __classcell__r r )r!rr /s   c@sLeZdZdZedd„ƒZejdd„ƒZedd„ƒZejdd„ƒZdd „Zd S) Ú_contextawaresock)Ú_sslsockcCs | ¡jS)N)r,Úcontext)rr r rr-ssz_contextawaresock.contextcCs|| ¡_dS)N)r,r-)rÚctxr r rr-wscCs | ¡jS)z!The SSLSession for client socket.)r,r)rr r rr{sz_contextawaresock.sessioncCs|| ¡_dS)N)r,r)rrr r rr€scCs0yt| ¡|ƒStk r"YnXt|ƒ‚dS)N)Úgetattrr,Ú RuntimeErrorÚAttributeError)rÚnamer r rÚ __getattr__„s z_contextawaresock.__getattr__N) r&r'r(Ú __slots__Úpropertyr-rrr3r r r rr+fs    r+Z_createcCs0t t¡}||_|p||j_|dk r,||j_|S)N)Ú SSLObjectÚ__new__Ú_sslobjÚownerr)Zsslobjr9rÚsr r rÚ_SSLObject_factory—s   r;c@s¦eZdZdZeZddddeeddee ddddddddfdd„Z e dd „ƒZ e j d d „ƒZ e d d „ƒZej d d „ƒZe dd„ƒZdd„ZdSdd„Zdd„ZdTdd„Zdd„ZdUdd„Zdd„ZeedƒrÞd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zdefd*d+„ZdVd,d-„Z d.d/„Z!dWd0d1„Z"dXd2d3„Z#dYd4d5„Z$dZd6d7„Z%d[d8d9„Z&d:d;„Z'dd?„Z)d@dA„Z*dBdC„Z+dDdE„Z,dFdG„Z-dHdI„Z.dJdK„Z/dLdM„Z0dNdO„Z1d\dQdR„Z2dS)]r zl gevent `ssl.SSLSocket `_ for Python 3. NFTrc Csˆ|r ||_n¤|r|stdƒ‚|r,|s,tdƒ‚|r8|s8|}t|ƒ|_||j_|rZ|j |¡|rl|j ||¡|r||j |¡|rŒ|j |¡||_||_ ||_ ||_ ||_ ||_ | tt¡tkrÈtdƒ‚|rè|rØtdƒ‚|dk rètdƒ‚|jjrü|sütdƒ‚||_||_||_||_| |_d}|dk r¤tj||j|j|j| ¡d| |  ¡¡y | !¡Wn4t"k r”}z|j#t#j$kr„‚Wdd}~XYnXd }| %¡n,| dk r¾tj|| d ntj|| | | d t&|ƒ|j'_(d|_)d|_*||_+|r„y^|j ,|j'||¡|_*|dk r(t-|j*||jd |_*|rP|  ¡}|d krHtdƒ‚| .¡Wn0t"k r‚}z| /¡|‚Wdd}~XYnXdS)Nz5certfile must be specified for server-side operationszcertfile must be specifiedz!only stream sockets are supportedz4server_hostname can only be specified in client modez,session can only be specified in client modez'check_hostname requires server_hostnameF)ÚfamilyÚtypeÚprotoÚfilenoT)r?)r<r=r>)r9rgzHdo_handshake_on_connect should not be specified for non-blocking sockets)0rÚ ValueErrorr r#Zload_verify_locationsZload_cert_chainZset_npn_protocolsZ set_ciphersÚkeyfileÚcertfileÚ cert_reqsÚ ssl_versionÚca_certsÚciphersZ getsockoptZ SOL_SOCKETZSO_TYPEÚ SOCK_STREAMÚNotImplementedErrorrrrrrrrÚ__init__r<r=r>r?Z settimeoutZ gettimeoutÚ getpeernameÚ socket_errorÚerrnoZENOTCONNÚdetachÚ_wrefÚ_sockr,Z_closedr8Ú _connectedÚ _wrap_socketr;Ú do_handshakeÚclose)rrrArBrrCrDrErr<r=r>r?rZ npn_protocolsrFrrrZ connectedÚerÚxr r rrI©s–                 zSSLSocket.__init__cCs|jS)N)r)rr r rr- szSSLSocket.contextcCs||_||j_dS)N)rr8r-)rr.r r rr-scCs|jdk r|jjSdS)z!The SSLSession for client socket.N)r8r)rr r rrs zSSLSocket.sessioncCs||_|jdk r||j_dS)N)rr8r)rrr r rrs cCs|jdk r|jjSdS)z.Was the client session reused during handshakeN)r8Úsession_reused)rr r rrV"s zSSLSocket.session_reusedcCstd|jjƒ‚dS)NzCan't dup() %s instances)rHr!r&)rr r rÚdup(sz SSLSocket.dupcCsdS)Nr )rÚmsgr r rÚ _checkClosed,szSSLSocket._checkClosedcCs|js| ¡dS)N)rPrJ)rr r rÚ_check_connected0szSSLSocket._check_connectedéc Cs| ¡xö|jstdƒ‚|dkr0|dkr,dSdSy&|dk rH|j ||¡S|j |pTd¡Stk r†|jdkrr‚|j|jtdYq t k r´|jdkr ‚|j|j tdYq t k rú}z*|j dt krè|jrè|dkrädSdS‚Wdd}~XYq Xq WdS)zORead up to LEN bytes and return them. Return zero-length string on EOF.z'Read on closed or unwrapped SSL socket.rNóig)Ú timeout_exc)rYr8r@ÚreadÚSSLWantReadErrorrÚ_waitÚ _read_eventÚ_SSLErrorReadTimeoutÚSSLWantWriteErrorÚ _write_eventÚSSLErrorÚargsZ SSL_ERROR_EOFr)rÚlenÚbufferÚexr r rr^8s0  zSSLSocket.readc Csª| ¡xœ|jstdƒ‚y |j |¡Stk r }z^|jdtkrb|jdkrP‚|j|j t dn.|jdt krŽ|jdkr|‚|j|j t dn‚Wdd}~XYq Xq WdS)zhWrite DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.z(Write on closed or unwrapped SSL socket.rg)r]N) rYr8r@ÚwritererfZSSL_ERROR_WANT_READrr`raÚ_SSLErrorWriteTimeoutZSSL_ERROR_WANT_WRITErd)rÚdatarir r rrjYs    zSSLSocket.writecCsB| ¡| ¡y |jj}Wntk r8|jj}YnX||ƒS)záReturns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.)rYrZr8Zpeer_certificater1Ú getpeercert)rZ binary_formÚcr r rrmps zSSLSocket.getpeercertcCs"| ¡|jrtjsdS|j ¡S)N)rYr8Ú_sslZHAS_NPNÚselected_npn_protocol)rr r rrp€s zSSLSocket.selected_npn_protocolÚHAS_ALPNcCs"| ¡|jrtjsdS|j ¡S)N)rYr8rorqÚselected_alpn_protocol)rr r rrrˆs z SSLSocket.selected_alpn_protocolcCs |j ¡S)zReturn a list of ciphers shared by the client during the handshake or None if this is not a valid server connection. )r8Úshared_ciphers)rr r rrsŽszSSLSocket.shared_cipherscCs|js dS|j ¡S)z^Return a string identifying the protocol version used by the current SSL channel. N)r8Úversion)rr r rrt”szSSLSocket.versioncCs| ¡|jsdS|j ¡S)N)rYr8Úcipher)rr r rruszSSLSocket.ciphercCs| ¡|jsdS|j ¡S)N)rYr8Ú compression)rr r rrv£szSSLSocket.compressioncCs¶| ¡|tkr|j}|jr¢|dkr2td|jƒ‚x~y |j |¡Stk rn|jdkr^dS| |j ¡Yq4t k rš|jdkrŠdS| |j ¡Yq4Xq4Wnt   ||||¡SdS)Nrz3non-zero flags not allowed in calls to send() on %sg)rYrrr8r@r!rjr_r`rarcrdrÚsend)rrlÚflagsrr r rrw©s(    zSSLSocket.sendcCsH| ¡|jrtd|jƒ‚n&|dkr4t |||¡St ||||¡SdS)Nz%sendto not allowed on instances of %s)rYr8r@r!rÚsendto)rrlZ flags_or_addrÚaddrr r rryÀs zSSLSocket.sendtocOstd|jƒ‚dS)Nz&sendmsg not allowed on instances of %s)rHr!)rrfÚkwargsr r rÚsendmsgÊszSSLSocket.sendmsgcCs`| ¡|jr$|dkr$td|jƒ‚yt |||¡Stk rZ|jdkrTtdƒ‚‚YnXdS)Nrz6non-zero flags not allowed in calls to sendall() on %sgz&The operation did not complete (write)) rYr8r@r!rÚsendallÚ_socket_timeoutrrc)rrlrxr r rr}Ðs  zSSLSocket.sendallcCsH| ¡|jr:|dkr$td|jƒ‚|dkr0dS| |¡St |||¡S)Nrz3non-zero flags not allowed in calls to recv() on %sr\)rYr8r@r!r^rÚrecv)rÚbuflenrxr r rràs  zSSLSocket.recvcCsb| ¡|r|dkrt|ƒ}n |dkr*d}|jrR|dkrFtd|jƒ‚| ||¡St ||||¡S)Nirz8non-zero flags not allowed in calls to recv_into() on %s)rYrgr8r@r!r^rÚ recv_into)rrhÚnbytesrxr r rrîs   zSSLSocket.recv_intocCs0| ¡|jrtd|jƒ‚nt |||¡SdS)Nz'recvfrom not allowed on instances of %s)rYr8r@r!rÚrecvfrom)rr€rxr r rrƒús  zSSLSocket.recvfromcCs2| ¡|jrtd|jƒ‚nt ||||¡SdS)Nz,recvfrom_into not allowed on instances of %s)rYr8r@r!rÚ recvfrom_into)rrhr‚rxr r rr„s  zSSLSocket.recvfrom_intocOstd|jƒ‚dS)Nz&recvmsg not allowed on instances of %s)rHr!)rrfr{r r rÚrecvmsg szSSLSocket.recvmsgcOstd|jƒ‚dS)Nz+recvmsg_into not allowed on instances of %s)rHr!)rrfr{r r rÚ recvmsg_intoszSSLSocket.recvmsg_intocCs| ¡|jr|j ¡SdS)Nr)rYr8Úpending)rr r rr‡s zSSLSocket.pendingcCs| ¡d|_t ||¡dS)N)rYr8rÚshutdown)rZhowr r rrˆszSSLSocket.shutdowncCsœ|jstdt|ƒƒ‚xly|j ¡}PWqtk rT|jdkrD‚| |j¡Yqtk r~|jdkrn‚| |j ¡YqXqWd|_||j ks˜t ‚|S)NzNo SSL wrapper around g) r8r@Ústrrˆr_rr`rarcrdrOÚAssertionError)rr:r r rÚunwraps"   zSSLSocket.unwrapcCsd|_t |¡dS)N)r8rÚ _real_close)rr r rrŒAszSSLSocket._real_closecCsº| ¡xty|j ¡PWq tk rJ|jdkr6‚|j|jtdYq tk rx|jdkrd‚|j|j tdYq Xq Wt j dd…dkr¶|j j r¶|js¦tdƒ‚t| ¡|jƒdS)zPerform a TLS/SSL handshake.g)r]Né)ééz-check_hostname needs server_hostname argument)rZr8rRr_rr`raÚ_SSLErrorHandshakeTimeoutrcrdÚsysÚ version_inforrrr@Zmatch_hostnamerm)rr r rrRFs"   zSSLSocket.do_handshakecCs°|jrtdƒ‚|jrtdƒ‚|j |jd|j¡|_|jdk rPt |j||jd|_y>|rdt   ||¡}nd}t   ||¡|sŒ|j r†| ¡d|_|Stk rªd|_‚YnXdS)Nz!can't connect in server-side modez/attempt to connect already-connected SSLSocket!F)r9rT)rr@rPrrQrOrr8rr;rÚ connect_exÚconnectrrRrK)rrzr“Zrcr r rÚ _real_connect^s(  zSSLSocket._real_connectcCs| |d¡dS)zQConnects to remote ADDR, and then wraps the connection in an SSL channel.FN)r•)rrzr r rr”wszSSLSocket.connectcCs | |d¡S)zQConnects to remote ADDR, and then wraps the connection in an SSL channel.T)r•)rrzr r rr“|szSSLSocket.connect_excCs6t |¡\}}| ¡|jj||j|jdd}||fS)z¿Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.T)rrr)rÚacceptZ _drop_eventsrr rr)rZnewsockrzr r rr–szSSLSocket.acceptú tls-uniquecCsVt|jdƒr|j |¡S|tkr(tdƒ‚|dkr>td |¡ƒ‚|jdkrLdS|j ¡S)zäGet channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake). Úget_channel_bindingz Unsupported channel binding typez tls-uniquez({0} channel binding type not implementedN)r)r8r˜ZCHANNEL_BINDING_TYPESr@rHÚformatZ tls_unique_cb)rZcb_typer r rr˜Žs   zSSLSocket.get_channel_binding)N)r[N)F)N)r)r[r)Nr)r[r)Nr)r—)3r&r'r(Ú__doc__r+Ú_gevent_sock_classÚ CERT_NONEÚPROTOCOL_SSLv23ZAF_INETrGrIr5r-rrrVrWrYrZr^rjrmrpr)rorrrsrtrurvrrwryr|r}rrrƒr„r…r†r‡rˆr‹rŒrRr•r”r“r–r˜r r r rr Ÿsb \     !        $ zThe read operation timed outzThe write operation timed outz!The handshake operation timed outFTc Cst|||||||||| d S)N) rrArBrrCrDrErrrF)r ) rrArBrrCrDrErrrFr r rr ©s cCsL|\}}|dk rt}nt}t|ƒ}t||||d}| d¡}| ¡t|ƒS)z÷Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt.N)rDrCrET)Z CERT_REQUIREDrœZcreate_connectionr rmrSZDER_cert_to_PEM_cert)rzrDrEÚ_rCr:Zdercertr r rr ¸s  )NN))ršZ __future__rZsslZ__ssl__rorLZ gevent.socketrrrrKrr~Z gevent._utilrÚweakrefrrNZ__implements__ÚglobalsZ __imports__Ú__all__Úremover rr›r+r6r;Ú NameErrorr)r rrbrkrrœrr r r r r rÚsX      7'