Current File : //opt/imh-python/lib/python3.9/__pycache__/ssl.cpython-39.opt-2.pyc
a

-�h?��
@s�ddlZddlZddlmZddlmZmZm	Z
ddlZddlmZm
Z
mZddlmZmZmZddlmZmZmZmZmZmZmZddlmZmZddlmZmZmZm Z zdd	lm!Z!Wne"y�Yn0dd
lm#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,ddlm-Z-m.Z.ej/de0d
d�ed�e
j/de0dd�ed�ej/de0dd�ed�ej/de0dd�ed�e
j/de0dd�ed�ej/de0dd�ed�e1j2Z3e1_3dd�e1j4�5�D�Z6e7e1dd�Z8Gdd�de�Z9Gdd �d e�Z:Gd!d"�d"e�Z;Gd#d$�d$e�Z<ej=d%k�rdd&lm>Z>m?Z?dd'l@m@Z@mAZAmBZBdd(l@mCZCmDZDddl@ZEddlFZFddlGZGddlHZHeIZJd)gZKeLed*�ZMe-ZNeZOd+d,�ZPd-d.�ZQd/d0�ZRd1d2�ZSed3d4�ZTd5d6�ZUGd7d8�d8ed8d9��ZVGd:d;�d;eVe�ZWGd<d=�d=e�ZXeWjYfdddd>�d?d@�ZZe2fe[dAeWjYddddddB�dCdD�Z\eZZ]e\Z^GdEdF�dF�Z_dGdH�Z`GdIdJ�dJe@�ZaeaeX_be_eX_cdddAe[e2ddKdKdf	dLdM�ZddNdO�ZedPZfdQZgdRdS�ZhdTdU�Zie2dfdVdW�ZjdXdY�ZkdS)Z�N)�
namedtuple)�Enum�IntEnum�IntFlag)�OPENSSL_VERSION_NUMBER�OPENSSL_VERSION_INFO�OPENSSL_VERSION)�_SSLContext�	MemoryBIO�
SSLSession)�SSLError�SSLZeroReturnError�SSLWantReadError�SSLWantWriteError�SSLSyscallError�SSLEOFError�SSLCertVerificationError)�txt2obj�nid2obj)�RAND_status�RAND_add�
RAND_bytes�RAND_pseudo_bytes)�RAND_egd)
�HAS_SNI�HAS_ECDH�HAS_NPN�HAS_ALPN�	HAS_SSLv2�	HAS_SSLv3�	HAS_TLSv1�HAS_TLSv1_1�HAS_TLSv1_2�HAS_TLSv1_3)�_DEFAULT_CIPHERS�_OPENSSL_API_VERSION�
_SSLMethodcCs|�d�o|dkS)NZ	PROTOCOL_�PROTOCOL_SSLv23��
startswith��name�r,�$/opt/imh-python/lib/python3.9/ssl.py�<lambda>|�r.)�source�OptionscCs
|�d�S)NZOP_r(r*r,r,r-r.�r/ZAlertDescriptioncCs
|�d�S)NZALERT_DESCRIPTION_r(r*r,r,r-r.�r/ZSSLErrorNumbercCs
|�d�S)NZ
SSL_ERROR_r(r*r,r,r-r.�r/�VerifyFlagscCs
|�d�S)NZVERIFY_r(r*r,r,r-r.�r/�
VerifyModecCs
|�d�S)NZCERT_r(r*r,r,r-r.�r/cCsi|]\}}||�qSr,r,)�.0r+�valuer,r,r-�
<dictcomp>�r/r6ZPROTOCOL_SSLv2c@s6eZdZejZejZejZ	ej
ZejZ
ejZejZdS)�
TLSVersionN)�__name__�
__module__�__qualname__�_sslZPROTO_MINIMUM_SUPPORTEDZMINIMUM_SUPPORTEDZPROTO_SSLv3�SSLv3ZPROTO_TLSv1ZTLSv1Z
PROTO_TLSv1_1ZTLSv1_1Z
PROTO_TLSv1_2ZTLSv1_2Z
PROTO_TLSv1_3ZTLSv1_3ZPROTO_MAXIMUM_SUPPORTEDZMAXIMUM_SUPPORTEDr,r,r,r-r7�sr7c@s$eZdZdZdZdZdZdZdZdS)�_TLSContentType������N)	r8r9r:�CHANGE_CIPHER_SPEC�ALERTZ	HANDSHAKEZAPPLICATION_DATA�HEADERZINNER_CONTENT_TYPEr,r,r,r-r=�sr=c@s�eZdZdZdZdZdZdZdZdZ	dZ
d	Zd
ZdZ
dZd
ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!d Z"d!Z#d"Z$d#S)$�
_TLSAlertTyper�
r>r?r@��(�)�*�+�,�-�.�/�0�1�2�3�<�F�G�P�V�Z�d�m�n�o�p�q�r�s�t�xN)%r8r9r:ZCLOSE_NOTIFYZUNEXPECTED_MESSAGEZBAD_RECORD_MACZDECRYPTION_FAILEDZRECORD_OVERFLOWZDECOMPRESSION_FAILUREZHANDSHAKE_FAILUREZNO_CERTIFICATEZBAD_CERTIFICATEZUNSUPPORTED_CERTIFICATEZCERTIFICATE_REVOKEDZCERTIFICATE_EXPIREDZCERTIFICATE_UNKNOWNZILLEGAL_PARAMETERZ
UNKNOWN_CAZ
ACCESS_DENIEDZDECODE_ERRORZ
DECRYPT_ERRORZEXPORT_RESTRICTIONZPROTOCOL_VERSIONZINSUFFICIENT_SECURITYZINTERNAL_ERRORZINAPPROPRIATE_FALLBACKZ
USER_CANCELEDZNO_RENEGOTIATIONZMISSING_EXTENSIONZUNSUPPORTED_EXTENSIONZCERTIFICATE_UNOBTAINABLEZUNRECOGNIZED_NAMEZBAD_CERTIFICATE_STATUS_RESPONSEZBAD_CERTIFICATE_HASH_VALUEZUNKNOWN_PSK_IDENTITYZCERTIFICATE_REQUIREDZNO_APPLICATION_PROTOCOLr,r,r,r-rG�sDrGc@sdeZdZdZdZdZdZdZdZdZ	dZ
d	Zd
ZdZ
dZd
ZdZdZdZdZdZdZdZdZdZdS)�_TLSMessageTyper����������
���r>r?r@rA��C�rCN)r8r9r:Z
HELLO_REQUESTZCLIENT_HELLOZSERVER_HELLOZHELLO_VERIFY_REQUESTZNEWSESSION_TICKETZEND_OF_EARLY_DATAZHELLO_RETRY_REQUESTZENCRYPTED_EXTENSIONSZCERTIFICATEZSERVER_KEY_EXCHANGEZCERTIFICATE_REQUESTZSERVER_DONEZCERTIFICATE_VERIFYZCLIENT_KEY_EXCHANGE�FINISHEDZCERTIFICATE_URLZCERTIFICATE_STATUSZSUPPLEMENTAL_DATAZ
KEY_UPDATEZ
NEXT_PROTOZMESSAGE_HASHrDr,r,r,r-rf�s,rf�win32)�enum_certificates�	enum_crls)�socket�SOCK_STREAM�create_connection)�
SOL_SOCKET�SO_TYPE�
tls-unique�HOSTFLAG_NEVER_CHECK_SUBJECTcCs�|sdS|�d�}|s&|��|��kS|dkr<td�|���|�d�\}}}d|vrbtd�|���|sttd�|���|dkr�td�|���|�d�\}}}|r�|s�dS|��|��kS)	NF�*rgz1too many wildcards in certificate DNS name: {!r}.�.z9wildcard can only be present in the leftmost label: {!r}.z>sole wildcard without additional labels are not support: {!r}.z<partial wildcards in leftmost label are not supported: {!r}.)�count�lower�CertificateError�format�	partition)Zdn�hostnameZ	wildcardsZdn_leftmost�sepZdn_remainderZhostname_leftmostZhostname_remainderr,r,r-�_dnsname_matchs@

�������r�cCs�zt�|�}Wnty Yn"0t�|�|kr4|Std�|���zt�tj|�WStyrtd�|���Ynty�Yn0td�|���dS)Nz'{!r} is not a quad-dotted IPv4 address.z+{!r} is neither an IPv4 nor an IP6 address.z{!r} is not an IPv4 address.)	�_socket�	inet_aton�OSError�	inet_ntoa�
ValueErrorr��	inet_pton�AF_INET6�AttributeError)Zipname�addrr,r,r-�_inet_patonDs$��
r�cCst|���}||kS�N)r��rstrip)Zcert_ipaddress�host_ipZipr,r,r-�_ipaddress_matchgsr�cCsH|std��zt|�}Wnty.d}Yn0g}|�dd�}|D]^\}}|dkrx|durlt||�rldS|�|�qD|dkrD|dur�t||�r�dS|�|�qD|s�|�dd�D]6}|D],\}}|dkr�t||�r�dS|�|�q�q�t|�dk�rtd	|d
�t	t
|��f��n,t|�dk�r<td||df��ntd
��dS)Nztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDZsubjectAltNamer,ZDNSz
IP AddressZsubjectZ
commonNamergz&hostname %r doesn't match either of %sz, zhostname %r doesn't match %rrz=no appropriate commonName or subjectAltName fields were found)r�r��getr��appendr��lenr��join�map�repr)�certr�r�ZdnsnamesZsan�keyr5�subr,r,r-�match_hostnamessB


�
�r��DefaultVerifyPathszQcafile capath openssl_cafile_env openssl_cafile openssl_capath_env openssl_capathcCsft��}tj�|d|d�}tj�|d|d�}ttj�|�rF|ndtj�|�rX|ndg|�R�S)Nrrgrhri)	r;�get_default_verify_paths�os�environr�r��path�isfile�isdir)�parts�cafile�capathr,r,r-r��s��r�cs@eZdZdZ�fdd�Ze�fdd��Ze�fdd��Z�ZS)�_ASN1Objectr,cst�j|gt|dd��R�S)NFr*��super�__new__�_txt2obj)�cls�oid��	__class__r,r-r��sz_ASN1Object.__new__cst�j|gt|��R�Sr�)r�r��_nid2obj)r�Znidr�r,r-�fromnid�sz_ASN1Object.fromnidcst�j|gt|dd��R�S)NTr*r�)r�r+r�r,r-�fromname�sz_ASN1Object.fromname)	r8r9r:�	__slots__r��classmethodr�r��
__classcell__r,r,r�r-r��sr�znid shortname longname oidc@seZdZdZdZdS)�Purposez1.3.6.1.5.5.7.3.1z1.3.6.1.5.5.7.3.2N)r8r9r:�SERVER_AUTHZCLIENT_AUTHr,r,r,r-r��sr�cs�eZdZdZdZdZefdd�Zdd�Zd1d	d
�Z	d2dd�Z
d
d�Zdd�Zdd�Z
dd�Zejfdd�Zeed�r�e�fdd��Zej�fdd��Ze�fdd��Zej�fdd��Ze�fdd��Zej�fd d��Zeed!��red"d#��Zejd$d#��Zned%d#��Ze�fd&d'��Zej�fd(d'��Ze�fd)d*��Ze�fd+d,��Zej�fd-d,��Ze�fd.d/��Zej�fd0d/��Z�ZS)3�
SSLContext)ZCAZROOTNcOst�||�}|Sr�)r	r�)r��protocol�args�kwargs�selfr,r,r-r��szSSLContext.__new__cCs4|durdSt|t�r&|�d��d�S|�d�SdS)NZidna�ascii)�
isinstance�str�encode�decode)r�r�r,r,r-�_encode_hostname�s

zSSLContext._encode_hostnameFTc	Cs|jj|||||||d�S)N)�sock�server_side�do_handshake_on_connect�suppress_ragged_eofs�server_hostname�context�session)�sslsocket_class�_create)r�r�r�r�r�r�r�r,r,r-�wrap_socket�s�zSSLContext.wrap_socketcCs|jj||||�|�||d�S)N)r�r�r�r�)�sslobject_classr�r�)r��incoming�outgoingr�r�r�r,r,r-�wrap_bio�s
�zSSLContext.wrap_biocCs`t�}|D]F}t|d�}t|�dks0t|�dkr8td��|�t|��|�|�q
|�|�dS)Nr�r�z(NPN protocols must be 1 to 255 in length)�	bytearray�bytesr�rr��extendZ_set_npn_protocols)r�Z
npn_protocols�protosr��br,r,r-�set_npn_protocolss
zSSLContext.set_npn_protocolscs8�durd�_n$t��s td����fdd�}|�_dS)Nznot a callable objectcs��|�}�|||�Sr�)r�)�sslobjZ
servernameZsslctx�r��server_name_callbackr,r-�shim_cbs
z3SSLContext.set_servername_callback.<locals>.shim_cb)Zsni_callback�callable�	TypeError)r�r�r�r,r�r-�set_servername_callbacksz"SSLContext.set_servername_callbackcCs`t�}|D]F}t|d�}t|�dks0t|�dkr8td��|�t|��|�|�q
|�|�dS)Nr�rr�z)ALPN protocols must be 1 to 255 in length)r�r�r�rr�r�Z_set_alpn_protocols)r�Zalpn_protocolsr�r�r�r,r,r-�set_alpn_protocols s
zSSLContext.set_alpn_protocolscCstt�}z<t|�D].\}}}|dkr|dus4|j|vr|�|�qWnty^t�d�Yn0|rp|j|d�|S)NZx509_asnTz-unable to enumerate Windows certificate store)�cadata)r�ryr�r��PermissionError�warnings�warn�load_verify_locations)r��	storename�purposeZcertsr��encodingZtrustr,r,r-�_load_windows_store_certs+sz$SSLContext._load_windows_store_certscCs@t|t�st|��tjdkr4|jD]}|�||�q"|��dS)Nrx)r�r�r��sys�platform�_windows_cert_storesr�Zset_default_verify_paths)r�r�r�r,r,r-�load_default_certs9s


zSSLContext.load_default_certs�minimum_versioncstt�j�Sr�)r7r�r��r�r�r,r-r�BszSSLContext.minimum_versioncs4|tjkr|jtjM_ttt�j�||�dSr�)	r7r<�optionsr1ZOP_NO_SSLv3r�r�r��__set__�r�r5r�r,r-r�Fs
cstt�j�Sr�)r7r��maximum_versionr�r�r,r-r�LszSSLContext.maximum_versioncsttt�j�||�dSr�)r�r�r�r�r�r�r,r-r�Pscstt�j�Sr�)r1r�r�r�r�r,r-r�TszSSLContext.optionscsttt�j�||�dSr�)r�r�r�r�r�r�r,r-r�Xsr�cCs|jtj@}|tjkSr��Z_host_flagsr;r�)r�Zncsr,r,r-�hostname_checks_common_name]sz&SSLContext.hostname_checks_common_namecCs,|r|jtjM_n|jtjO_dSr�r�r�r,r,r-r�bscCsdS�NTr,r�r,r,r-r�iscst�j}|dur|jSdSdSr�)r��
_msg_callback�
user_function)r��innerr�r,r-r�ms!zSSLContext._msg_callbackcsb�dur ttt�j�|d�dSt�d�s8t��d����fdd�}�|_ttt�j�||�dS)N�__call__z is not callable.cs�zt|�}WntyYn0zt|�}Wnty>Yn0|tjkrPt}n|tjkr`t}nt}z||�}Wnty�Yn0�||||||�Sr�)r7r�r=rFrErGrf)�conn�	direction�versionZcontent_typeZmsg_type�dataZmsg_enum��callbackr,r-r��s(

�z'SSLContext._msg_callback.<locals>.inner)r�r�r�r��hasattrr�r�)r�rr�r�rr-r��s
cstt�j�Sr�)r&r�r�r�r�r,r-r��szSSLContext.protocolcstt�j�Sr�)r2r��verify_flagsr�r�r,r-r�szSSLContext.verify_flagscsttt�j�||�dSr�)r�r�rr�r�r�r,r-r�scs.t�j}z
t|�WSty(|YS0dSr�)r��verify_moder3r�r�r�r,r-r	�s

zSSLContext.verify_modecsttt�j�||�dSr�)r�r�r	r�r�r�r,r-r	�s)FTTNN)FNN) r8r9r:r�r�r��PROTOCOL_TLSr�r�r�r�r�r�r�r�r�r�r�rr	�propertyr��setterr�r�r;r�r�r�rr	r�r,r,r�r-r��sh�
�





&%r�)r�r�r�cCs�t|t�st|��tt�}|tjkr0t|_d|_	|s<|s<|rL|�
|||�n|jtkr`|�|�t
|d�r�tj�d�}|r�tjjs�||_|S)NT�keylog_filename�
SSLKEYLOGFILE)r�r�r�r�r
r�r��
CERT_REQUIREDr	�check_hostnamer��	CERT_NONEr�rr�r�r�r��flags�ignore_environmentr
)r�r�r�r�r��
keylogfiler,r,r-�create_default_context�s




rF)�	cert_reqsrr��certfile�keyfiler�r�r�cCs�t|t�st|��t|�}	|s$d|	_|dur2||	_|r<d|	_|rL|sLtd��|sT|r`|	�||�|sl|sl|r||	�|||�n|	jt	kr�|	�
|�t|	d�r�tj
�d�}
|
r�tjjs�|
|	_|	S)NFT�certfile must be specifiedr
r)r�r�r�r�rr	r��load_cert_chainr�rr�rr�r�r�r�rrr
)r�rrr�rrr�r�r�r�rr,r,r-�_create_unverified_context�s,



rc@s�eZdZdd�Zed1dd��Zedd��Zejd	d��Zed
d��Z	e	jdd��Z	ed
d��Z
edd��Zedd��Zd2dd�Z
dd�Zd3dd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd4d+d,�Zd-d.�Zd/d0�ZdS)5�	SSLObjectcOst|jj�d���dS)NzU does not have a public constructor. Instances are returned by SSLContext.wrap_bio().�r�r�r8�r�r�r�r,r,r-�__init__;s�zSSLObject.__init__FNc	Cs*|�|�}|j||||||d�}||_|S)N)r�r��ownerr�)r�Z	_wrap_bio�_sslobj)	r�r�r�r�r�r�r�r�r�r,r,r-r�As
�zSSLObject._createcCs|jjSr��r!r�r�r,r,r-r�MszSSLObject.contextcCs||j_dSr�r"�r��ctxr,r,r-r�RscCs|jjSr��r!r�r�r,r,r-r�VszSSLObject.sessioncCs||j_dSr�r%�r�r�r,r,r-r�[scCs|jjSr��r!�session_reusedr�r,r,r-r(_szSSLObject.session_reusedcCs|jjSr�)r!r�r�r,r,r-r�dszSSLObject.server_sidecCs|jjSr�)r!r�r�r,r,r-r�iszSSLObject.server_hostname�cCs(|dur|j�||�}n|j�|�}|Sr�)r!�read)r�r��buffer�vr,r,r-r*oszSSLObject.readcCs|j�|�Sr�)r!�write�r�rr,r,r-r-{szSSLObject.writecCs|j�|�Sr�)r!�getpeercert�r�Zbinary_formr,r,r-r/�szSSLObject.getpeercertcCstjr|j��SdSr�)r;rr!�selected_npn_protocolr�r,r,r-r1�szSSLObject.selected_npn_protocolcCstjr|j��SdSr�)r;rr!�selected_alpn_protocolr�r,r,r-r2�sz SSLObject.selected_alpn_protocolcCs
|j��Sr�)r!�cipherr�r,r,r-r3�szSSLObject.ciphercCs
|j��Sr�)r!�shared_ciphersr�r,r,r-r4�szSSLObject.shared_cipherscCs
|j��Sr�)r!�compressionr�r,r,r-r5�szSSLObject.compressioncCs
|j��Sr�)r!�pendingr�r,r,r-r6�szSSLObject.pendingcCs|j��dSr�)r!�do_handshaker�r,r,r-r7�szSSLObject.do_handshakecCs
|j��Sr�)r!�shutdownr�r,r,r-�unwrap�szSSLObject.unwrapr�cCs|j�|�Sr�)r!�get_channel_binding�r�Zcb_typer,r,r-r:�szSSLObject.get_channel_bindingcCs
|j��Sr��r!rr�r,r,r-r�szSSLObject.versioncCs
|j��Sr�)r!�verify_client_post_handshaker�r,r,r-r=�sz&SSLObject.verify_client_post_handshake)FNNN)r)N)F)r�)r8r9r:rr�r�rr�rr�r(r�r�r*r-r/r1r2r3r4r5r6r7r9r:rr=r,r,r,r-r,sB�








	
rcCstt|j�j|_|Sr�)�getattrrr8�__doc__)�funcr,r,r-�_sslcopydoc�srAcseZdZdd�ZedW�fdd�	�Zeedd	���Zej	d
d	��Zeedd���Z
e
j	d
d��Z
eedd���Zdd�ZdXdd�Z
dd�ZdYdd�Zdd�ZedZdd��Zedd��Zedd ��Zed!d"��Zed#d$��Zed%d&��Zd[�fd(d)�	Zd\�fd*d+�	Zd,d-�Zd]�fd.d/�	Zd^�fd0d1�	Zd_�fd2d3�	Zd`�fd4d5�	Zda�fd6d7�	Zdb�fd8d9�	Zd:d;�Z d<d=�Z!ed>d?��Z"�fd@dA�Z#edBdC��Z$edDdE��Z%�fdFdG�Z&edcdHdI��Z'�fdJdK�Z(dLdM�Z)dNdO�Z*�fdPdQ�Z+edddSdT��Z,edUdV��Z-�Z.S)e�	SSLSocketcOst|jj�d���dS)NzX does not have a public constructor. Instances are returned by SSLContext.wrap_socket().rrr,r,r-r�s�zSSLSocket.__init__FTNc

s�|�tt�tkrtd��|r8|r(td��|dur8td��|jrJ|sJtd��t|j|j	|j
|��d�}|j|fi|��}	t
t|	�jfi|��|	�|���|��||	_||	_d|	_d|	_||	_|�|�|	_||	_||	_z|	��Wn:t�y}
z |
jtjk�r�d}WYd}
~
nd}
~
00d}||	_ |�r�zH|	jj!|	||	j|	|	jd�|	_|�rv|	��}|d	k�rntd
��|	�"�Wn"ttf�y�|	�#��Yn0|	S)Nz!only stream sockets are supportedz4server_hostname can only be specified in client modez,session can only be specified in client modez'check_hostname requires server_hostname)�family�type�proto�filenoFT�r r��zHdo_handshake_on_connect should not be specified for non-blocking sockets)$�
getsockoptr~rr|�NotImplementedErrorr�r�dictrCrDrErFr�r�rBr�
settimeout�
gettimeout�detach�_context�_session�_closedr!r�r�r�r�r��getpeernamer��errnoZENOTCONN�
_connected�_wrap_socketr7�close)
r�r�r�r�r�r�r�r�r�r��eZ	connected�timeoutr�r,r-r��s`
��
zSSLSocket._createcCs|jSr�)rOr�r,r,r-r�szSSLSocket.contextcCs||_||j_dSr�)rOr!r�r#r,r,r-r�scCs|jdur|jjSdSr�r%r�r,r,r-r� s
zSSLSocket.sessioncCs||_|jdur||j_dSr�)rPr!r�r&r,r,r-r�&s
cCs|jdur|jjSdSr�r'r�r,r,r-r(,s
zSSLSocket.session_reusedcCstd|jj��dS)NzCan't dup() %s instances)rJr�r8r�r,r,r-�dup2s�z
SSLSocket.dupcCsdSr�r,)r��msgr,r,r-�_checkClosed6szSSLSocket._checkClosedcCs|js|��dSr�)rTrRr�r,r,r-�_check_connected:szSSLSocket._check_connectedr)c
Cs�|��|jdurtd��z*|dur4|j�||�WS|j�|�WSWn`ty�}zH|jdtkr�|jr�|dur~WYd}~dSWYd}~dSn�WYd}~n
d}~00dS)Nz'Read on closed or unwrapped SSL socket.rr/)r[r!r�r*rr�Z
SSL_ERROR_EOFr�)r�r�r+�xr,r,r-r*Bs
zSSLSocket.readcCs&|��|jdurtd��|j�|�S)Nz(Write on closed or unwrapped SSL socket.)r[r!r�r-r.r,r,r-r-Ws
zSSLSocket.writecCs|��|��|j�|�Sr�)r[r\r!r/r0r,r,r-r/`szSSLSocket.getpeercertcCs*|��|jdustjsdS|j��SdSr�)r[r!r;rr1r�r,r,r-r1fszSSLSocket.selected_npn_protocolcCs*|��|jdustjsdS|j��SdSr�)r[r!r;rr2r�r,r,r-r2nsz SSLSocket.selected_alpn_protocolcCs$|��|jdurdS|j��SdSr�)r[r!r3r�r,r,r-r3vs
zSSLSocket.ciphercCs$|��|jdurdS|j��SdSr�)r[r!r4r�r,r,r-r4~s
zSSLSocket.shared_cipherscCs$|��|jdurdS|j��SdSr�)r[r!r5r�r,r,r-r5�s
zSSLSocket.compressionrcsF|��|jdur4|dkr(td|j��|j�|�St��||�SdS)Nrz3non-zero flags not allowed in calls to send() on %s)r[r!r�r�r-r��send)r�rrr�r,r-r^�s
��zSSLSocket.sendcsL|��|jdur"td|j��n&|dur8t��||�St��|||�SdS)Nz%sendto not allowed on instances of %s)r[r!r�r�r��sendto)r�rZ
flags_or_addrr�r�r,r-r_�s
�zSSLSocket.sendtocOstd|j��dS)Nz&sendmsg not allowed on instances of %s�rJr�rr,r,r-�sendmsg�s�zSSLSocket.sendmsgc	s�|��|jdur�|dkr(td|j��d}t|��f}|�d��<}t|�}||krn|�||d��}||7}qJWd�n1s�0YWd�q�1s�0Ynt��	||�SdS)Nrz6non-zero flags not allowed in calls to sendall() on %s�B)
r[r!r�r��
memoryview�castr�r^r��sendall)r�rrr��view�	byte_view�amountr,r�r,r-re�s
��HzSSLSocket.sendallcs,|jdur|�|||�St��|||�SdSr�)r!�_sendfile_use_sendr��sendfile)r��file�offsetr�r�r,r-rj�s
zSSLSocket.sendfilecsD|��|jdur2|dkr(td|j��|�|�St��||�SdS)Nrz3non-zero flags not allowed in calls to recv() on %s)r[r!r�r�r*r��recv�r��buflenrr�r,r-rm�s
��
zSSLSocket.recvcsj|��|r|durt|�}n|dur*d}|jdurV|dkrJtd|j��|�||�St��|||�SdS)Nr)rz8non-zero flags not allowed in calls to recv_into() on %s)r[r�r!r�r�r*r��	recv_into�r�r+�nbytesrr�r,r-rp�s

��zSSLSocket.recv_intocs4|��|jdur"td|j��nt��||�SdS)Nz'recvfrom not allowed on instances of %s)r[r!r�r�r��recvfromrnr�r,r-rs�s
�zSSLSocket.recvfromcs6|��|jdur"td|j��nt��|||�SdS)Nz,recvfrom_into not allowed on instances of %s)r[r!r�r�r��
recvfrom_intorqr�r,r-rt�s
�zSSLSocket.recvfrom_intocOstd|j��dS)Nz&recvmsg not allowed on instances of %sr`rr,r,r-�recvmsg�s�zSSLSocket.recvmsgcOstd|j��dS)Nz+recvmsg_into not allowed on instances of %sr`rr,r,r-�recvmsg_into�s�zSSLSocket.recvmsg_intocCs$|��|jdur|j��SdSdS)Nr)r[r!r6r�r,r,r-r6�s

zSSLSocket.pendingcs|��d|_t��|�dSr�)r[r!r�r8)r��howr�r,r-r8�szSSLSocket.shutdowncCs.|jr|j��}d|_|Stdt|���dS�NzNo SSL wrapper around )r!r8r�r�)r��sr,r,r-r9s

zSSLSocket.unwrapcCs$|jr|j��Stdt|���dSrx)r!r=r�r�r�r,r,r-r=s
z&SSLSocket.verify_client_post_handshakecsd|_t���dSr�)r!r��_real_closer�r�r,r-rzszSSLSocket._real_closec	CsP|��|��}z.|dkr(|r(|�d�|j��W|�|�n|�|�0dS)NrH)r\rMrLr!r7)r��blockrXr,r,r-r7s
zSSLSocket.do_handshakec	s�|jrtd��|js|jdur&td��|jj|d|j||jd�|_z@|rVt��	|�}nd}t��
|�|s~d|_|jr~|��|WSt
tfy�d|_�Yn0dS)Nz!can't connect in server-side modez/attempt to connect already-connected SSLSocket!FrGT)r�r�rTr!r�rUr�rPr��
connect_ex�connectr�r7r�)r�r�r|�rcr�r,r-�
_real_connect!s*�zSSLSocket._real_connectcCs|�|d�dS)NF�r�r�r�r,r,r-r};szSSLSocket.connectcCs|�|d�Sr�r�r�r,r,r-r|@szSSLSocket.connect_excs.t���\}}|jj||j|jdd�}||fS)NT)r�r�r�)r��acceptr�r�r�r�)r�Znewsockr�r�r,r-r�Es�zSSLSocket.acceptr�cCs4|jdur|j�|�S|tvr,td�|���dSdS)Nz({0} channel binding type not implemented)r!r:�CHANNEL_BINDING_TYPESr�r�r;r,r,r-r:Qs
�zSSLSocket.get_channel_bindingcCs|jdur|j��SdSdSr�r<r�r,r,r-r\s

zSSLSocket.version)FTTNNN)N)r)N)F)r)N)r)rN)r)r)Nr)r)r)Nr)F)r�)/r8r9r:rr�r�rrAr�rr�r(rYr[r\r*r-r/r1r2r3r4r5r^r_rarerjrmrprsrtrurvr6r8r9r=rzr7rr}r|r�r:rr�r,r,r�r-rB�s��>



	











rBTc
Csl|r|std��|r |s td��t|�}
||
_|r<|
�|�|rL|
�||�|	rZ|
�|	�|
j||||d�S)Nz5certfile must be specified for server-side operationsr)r�r�r�r�)r�r�r	r�rZset_ciphersr�)r�rrr�r�ssl_version�ca_certsr�r�Zciphersr�r,r,r-r�is"

�r�cCs�ddlm}ddlm}d}d}z|�|dd����d}Wn"ty`td||f��Yn00||dd�|�}||d|f|d	d
��SdS)Nr)�strptime)�timegm)ZJanZFebZMarZAprZMayZJunZJulZAugZSepZOctZNovZDecz %d %H:%M:%S %Y GMTrirgz*time data %r does not match format "%%b%s"rhrl)�timer�Zcalendarr��index�titler�)Z	cert_timer�r�ZmonthsZtime_formatZmonth_number�ttr,r,r-�cert_time_to_seconds�s
�r�z-----BEGIN CERTIFICATE-----z-----END CERTIFICATE-----csRtt�|�dd��tg}|�fdd�tdt��d�D�7}|�td�d�|�S)N�ASCII�strictcsg|]}�||d��qS)�@r,)r4�i��fr,r-�
<listcomp>�r/z(DER_cert_to_PEM_cert.<locals>.<listcomp>rr��
)	r��base64Zstandard_b64encode�
PEM_HEADER�ranger�r��
PEM_FOOTERr�)Zder_cert_bytes�ssr,r�r-�DER_cert_to_PEM_cert�s
"r�cCs\|�t�stdt��|���t�s0tdt��|��tt�tt��}t�|�	dd��S)Nz(Invalid PEM encoding; must start with %sz&Invalid PEM encoding; must end with %sr�r�)
r)r�r��strip�endswithr�r�r�Zdecodebytesr�)Zpem_cert_string�dr,r,r-�PEM_cert_to_DER_cert�s
��r�c
	Cs�|\}}|durt}nt}t|||d�}t|��D}|�|��}|�d�}	Wd�n1s\0YWd�n1sz0Yt|	�S)N)rr�T)rr�_create_stdlib_contextr}r�r/r�)
r�r�r��host�portrr�r�ZsslsockZdercertr,r,r-�get_server_certificate�s�
Fr�cCst�|d�S)Nz	<unknown>)�_PROTOCOL_NAMESr�)Z
protocol_coder,r,r-�get_protocol_name�sr�)lr�r��collectionsr�enumrZ_Enumr�_IntEnumrZ_IntFlagr;rrrr	r
rrr
rrrrrrr�rr�rrrrr�ImportErrorrrrrrrr r!r"r#r$r%�	_convert_r8r&r
r'�__members__�itemsr�r>Z_SSLv2_IF_EXISTSr7r=rGrfr�ryrzr{r|r}r~rr�r�rSr�r�Zsocket_errorr�rZHAS_NEVER_CHECK_COMMON_NAMEZ_RESTRICTED_SERVER_CIPHERSr�r�r�r�r�r�r�r�r�r�r�rrrZ_create_default_https_contextr�rrArBr�r�r�r�r�r�r�r�r�r�r,r,r,r-�<module>]s�$0������
)
1#9�z�#�/�