B ÐH/\bkã @s°dZddlmZddlZejZddlZddlmZddl m Z ddl m Z ddl m Z ddl mZdd lmZdd lmZd d d dddddgZeeeƒeddgddZyeWnek rÈdZYnXeeZdekräe d¡ejZGdd „d eƒZejdddfdd„Ze ddejdddddf dd„Z!eZ"e!Z#Gdd „d eƒZ$esVe%e$dƒsje&dd „d!d „ƒe$_e'd"ƒZ(e'd#ƒZ)e'd$ƒZ*ddde+e dd%d%df d&d „Z,e dfd'd„Z-dS)(z®SSL wrapper for socket objects on Python 2.7.9 and above. For the documentation, refer to :mod:`ssl` module manual. This module implements cooperative SSL socket wrappers. é)Úabsolute_importN)Úsocket)Útimeout_default)Úcreate_connection)Úerror)Útimeout)ÚPYPY)Ú copy_globalsÚ SSLContextÚ SSLSocketÚ wrap_socketÚget_server_certificateÚcreate_default_contextÚ_create_unverified_contextÚ_create_default_https_contextÚ_create_stdlib_contextrr©)Znames_to_ignoreZdunder_names_to_keep)ÚrecvÚrecvfromÚ recv_intoÚ recvfrom_intoÚsendÚsendtoÚ namedtuplec@seZdZddd„ZdS)r FTNcCst||||||dS)N)ÚsockÚ server_sideÚdo_handshake_on_connectÚsuppress_ragged_eofsÚserver_hostnameÚ_context)r )Úselfrrrrrrrú0lib/python3.7/site-packages/gevent/_sslgte279.pyr <s zSSLContext.wrap_socket)FTTN)Ú__name__Ú __module__Ú __qualname__r rrrr!r ;scCsît|tƒst|ƒ‚ttƒ}|jtO_|jtO_|jtt ddƒO_|t j krdt |_ d|_nV|t jkrº|jtt ddƒO_|jtt ddƒO_|jtt ddƒO_| t¡|sÆ|sÆ|rÖ| |||¡n|j tkrê| |¡|S)zíCreate a SSLContext object with default settings. NOTE: The protocol and settings may change anytime without prior deprecation. The values represent a fair balance between maximum compatibility and security. ZOP_NO_COMPRESSIONrTZOP_CIPHER_SERVER_PREFERENCEZOP_SINGLE_DH_USEZOP_SINGLE_ECDH_USE)Ú isinstanceÚ _ASN1ObjectÚ TypeErrorr ÚPROTOCOL_SSLv23ÚoptionsÚ OP_NO_SSLv2Ú OP_NO_SSLv3ÚgetattrÚ_sslÚPurposeÚ SERVER_AUTHÚ CERT_REQUIREDÚ verify_modeÚcheck_hostnameZ CLIENT_AUTHÚ set_ciphersZ_RESTRICTED_SERVER_CIPHERSÚload_verify_locationsÚ CERT_NONEÚload_default_certs)ÚpurposeÚcafileÚcapathÚcadataÚcontextrrr!rGs&       Fc Cs¢t|tƒst|ƒ‚t|ƒ} | jtO_| jtO_|dk rD|| _|| _|rZ|sZt dƒ‚|sb|rn|   ||¡|sz|sz|rŠ|   |||¡n| jt krž|   |¡| S)a/Create a SSLContext object for Python stdlib modules All Python stdlib modules shall use this function to create SSLContext objects in order to keep common settings in one place. The configuration is less restrict than create_default_context()'s to increase backward compatibility. Nzcertfile must be specified)r%r&r'r r)r*r+r1r2Ú ValueErrorÚload_cert_chainr4r5r6) ZprotocolÚ cert_reqsr2r7ÚcertfileÚkeyfiler8r9r:r;rrr!rws"     c@sªeZdZdZddddeeddeedddddddfdd„Ze dd „ƒZ e j d d „ƒZ d d „Z dZd d„Z dd„Zd[dd„Zdd„Zd\dd„Zdd„Zeedƒr¢dd„Zdd„Zdd „Zd!d"„Zdefd#d$„Zd]d%d&„Zd'd(„Zd^d)d*„Zd_d+d,„Zd`d-d.„Zdad/d0„Z dbd1d2„Z!d3d4„Z"d5d6„Z#d7d8„Z$d9d:„Z%d;d<„Z&e'rJd=d>„Z(d?d@„Z)dAdB„Z*dCdD„Z+dEdF„Z,dGdH„Z-dIdJ„Z.dKdL„Z/dMdN„Z0dOdP„Z1dcdSdT„Z2dddVdW„Z3dXdY„Z4dS)er z„ gevent `ssl.SSLSocket `_ for Pythons >= 2.7.9 but less than 3. NFTrc Cs\|r ||_n¤|r|stdƒ‚|r,|s,tdƒ‚|r8|s8|}t|ƒ|_||j_|rZ|j |¡|rl|j ||¡|r||j |¡|rŒ|j |¡||_||_ ||_ ||_ ||_ ||_ | tt¡tkrÈtdƒ‚trätj||d| ¡ntj||jdx2tD]*}yt||ƒWqútk r"YqúXqúW|r<|rÚ ssl_versionÚca_certsÚciphersZ getsockoptZ SOL_SOCKETZSO_TYPEÚ SOCK_STREAMÚNotImplementedErrorrrÚ__init__Ú_droprAÚ_delegate_methodsÚdelattrÚAttributeErrorr2rrrrÚ settimeoutÚ gettimeoutÚ getpeernameÚ socket_errorÚerrnoZENOTCONNÚ_makefile_refsZ_closedÚ_sslobjÚ _connectedÚ _wrap_socketÚ do_handshakeÚclose)r rr@r?rr>rCrDrZfamilyÚtypeÚprotoÚfilenorZ npn_protocolsrErrÚattrÚeZ connectedrÚxrrr!rH­s†              zSSLSocket.__init__cCs|jS)N)r)r rrr!r;szSSLSocket.contextcCs||_||j_dS)N)rrSr;)r Zctxrrr!r;scCstd|jjƒ‚dS)NzCan't dup() %s instances)rGÚ __class__r")r rrr!Údupsz SSLSocket.dupcCsdS)Nr)r Úmsgrrr!Ú _checkClosedszSSLSocket._checkClosedcCs|js| ¡dS)N)rTrO)r rrr!Ú_check_connected"szSSLSocket._check_connectedéc Cs&| ¡x|jstdƒ‚|dkr2|dkr.dSdS|dkrJ|dkrJtdƒ‚y&|dk rb|j ||¡S|j |pnd¡Stk r |jdkrŒ‚|j|jtdYq t k rÎ|jdkrº‚|j|j tdYq t k r}z0|j dt kr |jr |dk rdSdS‚Wdd}~XYq Xq WdS) zORead up to LEN bytes and return them. Return zero-length string on EOF.z'Read on closed or unwrapped SSL socket.rNózNegative read lengthig)Ú timeout_exc)rarSr<ÚreadÚSSLWantReadErrorrÚ_waitÚ _read_eventÚ_SSLErrorReadTimeoutÚSSLWantWriteErrorÚ _write_eventÚSSLErrorÚargsÚ SSL_ERROR_EOFr)r ÚlenÚbufferÚexrrr!rf*s4   zSSLSocket.readc Csª| ¡xœ|jstdƒ‚y |j |¡Stk r }z^|jdtkrb|jdkrP‚|j|j t dn.|jdt krŽ|jdkr|‚|j|j t dn‚Wdd}~XYq Xq WdS)zhWrite DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.z(Write on closed or unwrapped SSL socket.rg)reN) rarSr<ÚwritermrnÚSSL_ERROR_WANT_READrrhriÚ_SSLErrorWriteTimeoutÚSSL_ERROR_WANT_WRITErl)r Údatarrrrr!rsKs    zSSLSocket.writecCs| ¡| ¡|j |¡S)záReturns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.)rarbrSZpeer_certificate)r Z binary_formrrr!Ú getpeercertbszSSLSocket.getpeercertcCs"| ¡|jrtjsdS|j ¡S)N)rarSr-ZHAS_NPNÚselected_npn_protocol)r rrr!ryls zSSLSocket.selected_npn_protocolÚHAS_ALPNcCs"| ¡|jrtjsdS|j ¡S)N)rarSr-rzÚselected_alpn_protocol)r rrr!r{ts z SSLSocket.selected_alpn_protocolcCs| ¡|jsdS|j ¡S)N)rarSÚcipher)r rrr!r|zszSSLSocket.ciphercCs| ¡|jsdS|j ¡S)N)rarSÚ compression)r rrr!r}€szSSLSocket.compressioncCs|dkrtd||jfƒ‚dS)Nrz/non-zero flags not allowed in calls to %s on %s)r<r^)r ÚmethÚflagsrrr!Z __check_flags†szSSLSocket.__check_flagscCsª| ¡| d|¡|tkr"|j}|js8t ||||¡Sxly |j |¡Stk rt|jdkrddS|  |j ¡Yq:t k r |jdkrdS|  |j ¡Yq:Xq:WdS)Nrgr) raÚ_SSLSocket__check_flagsrrrSrrrsrgrhrirkrl)r rwrrrrr!rŒs"    zSSLSocket.sendcCsH| ¡|jrtd|jƒ‚n&|dkr4t |||¡St ||||¡SdS)Nz%sendto not allowed on instances of %s)rarSr<r^rr)r rwZ flags_or_addrÚaddrrrr!r¢s zSSLSocket.sendtocOstd|jƒ‚dS)Nz&sendmsg not allowed on instances of %s)rGr^)r rnÚkwargsrrr!Úsendmsg¬szSSLSocket.sendmsgc Csh| ¡| d|¡yt ||¡Wn>tk rb}z |jdkrHtdƒ‚t|jŽ‚Wdd}~XYnXdS)NÚsendallgz&The operation did not complete (write)) rar€rr„Ú_socket_timeoutrrkrmrn)r rwrrrrrr!r„²s  zSSLSocket.sendallcCsH| ¡|jr:|dkr$td|jƒ‚|dkr0dS| |¡St |||¡S)Nrz3non-zero flags not allowed in calls to recv() on %srd)rarSr<r^rfrr)r Úbuflenrrrr!rÀs  zSSLSocket.recvcCsf| ¡|dk r"|dkr"t|ƒ}n |dkr.d}|jrV|dkrJtd|jƒ‚| ||¡St ||||¡S)Nirz8non-zero flags not allowed in calls to recv_into() on %s)rarprSr<r^rfrr)r rqÚnbytesrrrr!rÌs   zSSLSocket.recv_intocCs*| ¡|jrtd|jƒ‚t |||¡S)Nz'recvfrom not allowed on instances of %s)rarSr<r^rr)r r†rrrr!rÜs  zSSLSocket.recvfromcCs2| ¡|jrtd|jƒ‚nt ||||¡SdS)Nz,recvfrom_into not allowed on instances of %s)rarSr<r^rr)r rqr‡rrrr!rãs  zSSLSocket.recvfrom_intocOstd|jƒ‚dS)Nz&recvmsg not allowed on instances of %s)rGr^)r rnr‚rrr!ÚrecvmsgëszSSLSocket.recvmsgcOstd|jƒ‚dS)Nz+recvmsg_into not allowed on instances of %s)rGr^)r rnr‚rrr!Ú recvmsg_intoïszSSLSocket.recvmsg_intocCs| ¡|jr|j ¡SdS)Nr)rarSÚpending)r rrr!rŠós zSSLSocket.pendingcCs| ¡d|_t ||¡dS)N)rarSrÚshutdown)r Zhowrrr!r‹ùszSSLSocket.shutdowncCs.|jdkrd|_t |¡n|jd8_dS)Né)rRrSrrW)r rrr!rWþs  zSSLSocket.closecCs|jd7_dS)NrŒ)rR)r rrr!Ú_reuseszSSLSocket._reusecCs&|jdkr| ¡n|jd8_dS)NrŒ)rRrW)r rrr!rI s  zSSLSocket._dropc Csºx´y |j ¡Stk r°}z†|jdtkr6|jr6dS|jdtkrj|jdkrP‚t  ¡|j |j t dn6|jdt krž|jdkr„‚t  ¡|j |jtdn‚Wdd}~XYqXqWdS)NrÚg)re)rSr‹rmrnrorrtrÚsysZ exc_clearrhrirjrvrlru)r rrrrr!Ú_sslobj_shutdowns"   zSSLSocket._sslobj_shutdowncCs.|jstdt|ƒƒ‚| ¡}d|_t|dS)NzNo SSL wrapper around )rA)rSr<Ústrrr)r Úsrrr!Úunwrap$s zSSLSocket.unwrapcCsd|_t |¡dS)N)rSrÚ _real_close)r rrr!r”/szSSLSocket._real_closecCs¨| ¡xty|j ¡PWq tk rJ|jdkr6‚|j|jtdYq tk rx|jdkrd‚|j|j tdYq Xq W|j j r¤|j s”t dƒ‚t| ¡|j ƒdS)zPerform a TLS/SSL handshake.g)rez-check_hostname needs server_hostname argumentN)rbrSrVrgrrhriÚ_SSLErrorHandshakeTimeoutrkrlrr2rr<Zmatch_hostnamerx)r rrr!rV3s"   zSSLSocket.do_handshakecCs–|jrtdƒ‚|jrtdƒ‚|jj|jd|j|d|_y>|rJt  ||¡}nd}t  ||¡|srd|_|j rr|  ¡|St k rd|_‚YnXdS)Nz!can't connect in server-side modez/attempt to connect already-connected SSLSocket!F)rBT)rr<rTrrUrArrSrÚ connect_exÚconnectrrVrP)r rr–Zrcrrr!Ú _real_connectIs$ zSSLSocket._real_connectcCs| |d¡dS)zQConnects to remote ADDR, and then wraps the connection in an SSL channel.FN)r˜)r rrrr!r—`szSSLSocket.connectcCs | |d¡S)zQConnects to remote ADDR, and then wraps the connection in an SSL channel.T)r˜)r rrrr!r–eszSSLSocket.connect_excCs6t |¡\}}| ¡|jj||j|jdd}||fS)z¿Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.T)rrr)rÚacceptZ _drop_eventsrr rr)r Znewsockrrrr!r™jszSSLSocket.acceptÚréÿÿÿÿcCs"ts|jd7_t|||ddS)zMake and return a file-like object that works with the SSL connection. Just use the code from the socket module.rŒT)rW)rrRZ _fileobject)r ÚmodeÚbufsizerrr!ÚmakefilewszSSLSocket.makefileú tls-uniquecCs>|tkrtdƒ‚|dkr&td |¡ƒ‚|jdkr4dS|j ¡S)zäGet channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake). z Unsupported channel binding typez tls-uniquez({0} channel binding type not implementedN)ZCHANNEL_BINDING_TYPESr<rGÚformatrSZ tls_unique_cb)r Zcb_typerrr!Úget_channel_binding‚s zSSLSocket.get_channel_bindingcCs|jdkrdS|j ¡S)z— Return a string identifying the protocol version used by the current SSL channel, or None if there is no established channel. N)rSÚversion)r rrr!r¢‘s zSSLSocket.version)N)rcN)F)N)r)rcr)Nr)rcr)Nr)ršr›)rŸ)5r"r#r$Ú__doc__r5r(ZAF_INETrFrHÚpropertyr;Úsetterr_rarbrfrsrxryÚhasattrr-r{r|r}r€rrrrƒr„rrrrrˆr‰rŠr‹rWrrrIrr“r”rVr˜r—r–r™ržr¡r¢rrrr!r §sd ]   !         rcCs| ¡S)N)rN)r rrr!Ú¢sr§cCs | |¡S)N)rM)r Úvaluerrr!r§£szThe read operation timed outzThe write operation timed outz!The handshake operation timed outTc Cst|||||||||| d S)N) rr@r?rr>rCrDrrrE)r ) rr@r?rr>rCrDrrrErrr!r «s c Csl|\}}|dk rt}nt}t|||d}tt|ƒƒ*}t| |¡ƒ}| d¡}WdQRXWdQRXt|ƒS)z÷Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt.N)r>r8T)r0r5rÚclosingrr rxZDER_cert_to_PEM_cert) rrCrDÚ_r>r;rZsslsockZdercertrrr!r ¹s).r£Z __future__rZsslZ__ssl__r-rQZgevent._socket2rZ gevent.socketrrrrPrr…Zgevent._compatrZ gevent._utilr Z__implements__ÚglobalsZ __imports__rJÚ NameErrorÚ__all__Úremover Zorig_SSLContextr.r/rr(rrrr r¦r¤rmrjrur•r5r r rrrr!Úsp            /'v