��`�^c
@s/�dZd�d�l�Z�d�d�l�Z�d�d�l�m�Z�m�Z�m�Z��d�d�l�m�Z��d�d�l�m�Z�m�Z�m Z �d�d�l�m
Z
m�Z�m�Z��d�d�l�m
Z
m�Z�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z��d�d�l�m�Z�m�Z�m�Z��i�d e�6d
e�6d�e�6Z�y�d�d�l�m�Z��e�Z�Wn��e�k
r,����e�Z�n�Xd
e�e�<d�d�l�m�Z�m�Z�m Z m!Z"�d�d�l�m#Z$�d�d�l�m%Z%m&Z&m'Z'�d�d�l(Z(d�d�l)Z)d�Z*d�e�f�d���YZ+e�e�e,e�e�e�e-e-e�d��Z.d��Z/d�Z0d�Z1d��Z2d��Z3e�e�d��Z4d��Z5e�e�d��Z6d�S(�s��This module provides some more Pythonic support for SSL.
Object types:
SSLSocket -- subtype of socket.socket which does SSL over the socket
Exceptions:
SSLError -- exception raised for I/O errors
Functions:
cert_time_to_seconds -- convert time string used for certificate
notBefore and notAfter functions to integer
seconds past the Epoch (the time values
returned from time.time())
fetch_server_certificate (HOST, PORT) -- fetch the certificate provided
by the server running on HOST at port PORT. No
validation of the certificate is performed.
Integer constants:
SSL_ERROR_ZERO_RETURN
SSL_ERROR_WANT_READ
SSL_ERROR_WANT_WRITE
SSL_ERROR_WANT_X509_LOOKUP
SSL_ERROR_SYSCALL
SSL_ERROR_SSL
SSL_ERROR_WANT_CONNECT
SSL_ERROR_EOF
SSL_ERROR_INVALID_ERROR_CODE
The following group define certificate requirements that one side is
allowing/requiring from the other side:
CERT_NONE - no certificates from the other side are required (or will
be looked at if provided)
CERT_OPTIONAL - certificates are not required, but if provided will be
validated, and if validation fails, the connection will
also fail
CERT_REQUIRED - certificates are required, and will be validated, and
if validation fails, the connection will also fail
The following constants identify various SSL protocol variants:
PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLSv1
i�N(�t�OPENSSL_VERSION_NUMBERt�OPENSSL_VERSION_INFOt�OPENSSL_VERSION(�t�SSLError(�t CERT_NONEt
CERT_OPTIONALt
CERT_REQUIRED(�t�RAND_statust�RAND_egdt�RAND_add( t�SSL_ERROR_ZERO_RETURNt�SSL_ERROR_WANT_READt�SSL_ERROR_WANT_WRITEt�SSL_ERROR_WANT_X509_LOOKUPt�SSL_ERROR_SYSCALLt
SSL_ERROR_SSLt�SSL_ERROR_WANT_CONNECTt
SSL_ERROR_EOFt�SSL_ERROR_INVALID_ERROR_CODE(�t�PROTOCOL_SSLv3t�PROTOCOL_SSLv23t�PROTOCOL_TLSv1t�TLSv1t�SSLv23t�SSLv3(�t�PROTOCOL_SSLv2t�SSLv2(�t�sockett�_fileobjectt�_delegate_methodst�error(�t�getnameinfo(�t
SOL_SOCKETt�SO_TYPEt�SOCK_STREAMs)DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2t SSLSocketc
Bs��eZ�dZ�d�d�e�e�e�d�e�e�d�d��Z�d�d��Z d��Z
e�d��Z�d��Z�d�d��Z
d�d �Z�d�d
�Z�d�d�d��Z�d�d�d��Z�d�d�d
�Z�d�d�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d��Z�d�d�d��Z�RS(�s�This class implements a subtype of socket.socket that wraps
the underlying OS socket in an SSL context when necessary, and
provides read and write methods over that channel.c�
Cs�|�jt�t��t�k�r't�d���nt�j�|d�|�j����x3t�D]+}�y�t ||���WqD�t
k
rn���qDXqDW|
dk�r�|�t�k�r�t
}
n|�r�|��r�|�}�ny�t�j�|��Wn=�t�k
r���|�j�t�j�k�r�nt�|_�d|_�nGXt�|_�t�j�|j�|�|�|�|�|�|�|
�|_�|�rA�|j���n|�|_�|�|_�|�|_�|�|_�|�|_�|
|_�|�|_�| |_ d�|_!dS(�Ns!only stream sockets are supportedt�_socki("t
getsockoptR R!R"t�NotImplementedErrorR�t�__init__R$R�t�delattrt�AttributeErrort�Nonet�_SSLv2_IF_EXISTSt�_DEFAULT_CIPHERSt�getpeernamet�socket_errort�errnot�ENOTCONNt�Falset
_connectedt�_sslobjt�Truet�_sslt�sslwrapt�do_handshaket�keyfilet�certfilet cert_reqst�ssl_versiont�ca_certst�cipherst�do_handshake_on_connectt�suppress_ragged_eofst�_makefile_refs(
t�selft�sockR8R9t�server_sideR:R;R<R>R?R=t�attrt�e((s�/sys/lib/python2.7/ssl.pyR'ksF�������
�����
����� �
� ����������� �
� ����� �����
� � � � � � � � �i�c���CsQy�|jj�|��SWn6�t�k
rL�}��|�j�d��t�k�rF|j�rFd�S�n�Xd�S(�sORead up to LEN bytes and return them.
Return zero-length string on EOF.itN(�R3t�readR�t�argsR�R?(�RAt�lent�x((s�/sys/lib/python2.7/ssl.pyRG�s������������c���Cs�|jj�|��S(�shWrite DATA to the underlying SSL channel. Returns
number of bytes of DATA actually transmitted.(�R3t�write(�RAt�data((s�/sys/lib/python2.7/ssl.pyRK�s��c���Cs�|jj�|��S(�s�Returns a formatted version of the data in the
certificate provided by the other end of the SSL channel.
Return None if no certificate was provided, {} if a
certificate was provided, but not validated.(�R3t�peer_certificate(�RAt�binary_form((s�/sys/lib/python2.7/ssl.pyt�getpeercert�s��c���Cs�|js
dS|jj��SdS(�N(�R3R*t�cipher(�RA((s�/sys/lib/python2.7/ssl.pyRP�s�� ���ic���Cs�|jr�|�d�k�r+t�d�|j����nx�t�r�y�|jj�|��}�WnD�t�k
r��}��|�j�d��t�k�rsd�S|�j�d��t�k�r�d�S�q.X|�Sq.Wn�|j j
|�|��SdS(�Nis3non-zero flags not allowed in calls to send() on %s(�R3t
ValueErrort __class__R4RKR�RHR�R�R$t�send(�RARLt�flagst�vRJ((s�/sys/lib/python2.7/ssl.pyRS�s � ��������� �������������������c���CsX|jr�t�d�|j����n5|�dk�r>|j�j�|�|��S|j�j�|�|�|��SdS(�Ns%sendto not allowed on instances of %s(�R3RQRRR*R$t�sendto(�RARLt
flags_or_addrt�addr((s�/sys/lib/python2.7/ssl.pyRV�s�� ���������c���Cs�|jrq|�d�k�r+t�d�|j����nt�|��}�d�}�x-|�|�krl|j�|�|���}�|�|�7}�q@W|�St�j�||�|��SdS(�Nis6non-zero flags not allowed in calls to sendall() on %s(�R3RQRRRIRSR�t�sendall(�RARLRTt�amountt�countRU((s�/sys/lib/python2.7/ssl.pyRY�s�� ���������������������c���CsO|jr8|�d�k�r+t�d�|j����n|j�|��S|j�j�|�|��SdS(�Nis3non-zero flags not allowed in calls to recv() on %s(�R3RQRRRGR$t�recv(�RAt�buflenRT((s�/sys/lib/python2.7/ssl.pyR\�s�� ���������
�c���Cs�|�r!|�dk�r!t�|��}�n�|�dk�r6d�}�n|j�r�|�d�k�rat�d�|j����n|j�|��}�t�|��}�|�|�|�*|�S|j�j�|�|�|��SdS(�Ni�is8non-zero flags not allowed in calls to recv_into() on %s(�R*RIR3RQRRRGR$t recv_into(�RAt�buffert�nbytesRTt
tmp_bufferRU((s�/sys/lib/python2.7/ssl.pyR^�s�������� � �������������
���c���Cs6|jr�t�d�|j����n�|j�j�|�|��SdS(�Ns'recvfrom not allowed on instances of %s(�R3RQRRR$t�recvfrom(�RAR]RT((s�/sys/lib/python2.7/ssl.pyRb��s�� �����c���Cs9|jr�t�d�|j����n�|j�j�|�|�|��SdS(�Ns,recvfrom_into not allowed on instances of %s(�R3RQRRR$t
recvfrom_into(�RAR_R`RT((s�/sys/lib/python2.7/ssl.pyRc��s�� �����c���Cs�|jr�|jj��Sd�SdS(�Ni(�R3t�pending(�RA((s�/sys/lib/python2.7/ssl.pyRd��s�� �
�c���Cs?|jr%|jj��}�d|_|�St�d�t�|����dS(�Ns�No SSL wrapper around (�R3t�shutdownR*RQt�str(�RAt�s((s�/sys/lib/python2.7/ssl.pyt�unwrap��s
� ��� ���c���Cs�d|_�t�j�||���dS(�N(�R*R3R�Re(�RAt�how((s�/sys/lib/python2.7/ssl.pyRe'�s�� �c���Cs;|jd�kr(d|_�t�j�|��n�|�jd�8�_dS(�Ni�(�R@R*R3R�t�close(�RA((s�/sys/lib/python2.7/ssl.pyRj+�s���� ���c���Cs�|jj���d�S(�s�Perform a TLS/SSL handshake.N(�R3R7(�RA((s�/sys/lib/python2.7/ssl.pyR72�s��c�� Cs�|jr�t�d���nt�j�|j�t�|j�|j�|j�|j |j
|j��|_�ya|�rrt
j�||��}�n�d}�t
j�||���|�s�|j�r�|j���nt�|_n|�SWn��t�k
r����d|_��n�XdS(�Ns/attempt to connect already-connected SSLSocket!(�R2RQR5R6R$R1R8R9R:R;R<R=R3R�t
connect_exR*t�connectR>R7R4R.(�RARXt�return_errnot�rc((s�/sys/lib/python2.7/ssl.pyt
_real_connect8�s$� ��������������������� �
�����
� �c���Cs�|j|�t���d�S(�sQConnects to remote ADDR, and then wraps the connection in
an SSL channel.N(�RoR1(�RARX((s�/sys/lib/python2.7/ssl.pyRlO�s��c���Cs�|j|�t��S(�sQConnects to remote ADDR, and then wraps the connection in
an SSL channel.(�RoR4(�RARX((s�/sys/lib/python2.7/ssl.pyRkT�s��c���Cs�tj�|�\�}�}�ybt�|�d�|j�d�|j�d�t�d�|j�d�|j�d�|j�d�|j d�|j
d |j�� |�f�SWn#�t�k
r��}��|�j
��|��n�Xd
S(�s�Accepts a new connection from a remote client, and returns
a tuple containing that new connection wrapped with a server-side
SSL channel, and the address of the remote client.R8R9RCR:R;R<R=R>R?N(�R�t�acceptR#R8R9R4R:R;R<R=R>R?R.Rj(�RAt�newsockRXRE((s�/sys/lib/python2.7/ssl.pyRpY�s ����� � � ��� � � � � � �����
�t�ri�c���Cs%|�jd�7�_t�||�|�d�t���S(�s�Make and return a file-like object that
works with the SSL connection. Just use the code
from the socket module.i�Rj(�R@R�R4(�RAt�modet�bufsize((s�/sys/lib/python2.7/ssl.pyt�makefilep�s����N(�t�__name__t
__module__t�__doc__R*R1R�R�R4R'RGRKRORPRSRVRYR\R^RbRcRdRhReRjR7RoRlRkRpRu(((s�/sys/lib/python2.7/ssl.pyR#es6�������������0�
�� ���� ���
������ � � � � � � � � �c
�Cs@t|d�|�d�|�d�|�d�|�d�|�d�|�d�|�d�|�d | � S(
NR8R9RCR:R;R<R>R?R=(�R#(
RBR8R9RCR:R;R<R>R?R=((s�/sys/lib/python2.7/ssl.pyt�wrap_socket}�s������������c���Cs%d�d�l}�|�j�|�j�|d���S(�s�Takes a date-time string in standard ASN1_print form
("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return
a Python time value in seconds past the epoch.i�Ns�%b %d %H:%M:%S %Y GMT(�t�timet�mktimet�strptime(�t cert_timeRz((s�/sys/lib/python2.7/ssl.pyt�cert_time_to_seconds�s����s�-----BEGIN CERTIFICATE-----s�-----END CERTIFICATE-----c���Csctt�d��rBt�j�|�}�t�d��t�j�|�d���d��t��d��St�d��t�j�|��t��d��Sd�S(�s[Takes a certificate in binary DER format and returns the
PEM version of it as a string.t�standard_b64encodes�
i@N(�t�hasattrt�base64Rt
PEM_HEADERt�textwrapt�fillt
PEM_FOOTERt�encodestring(�t�der_cert_bytest�f((s�/sys/lib/python2.7/ssl.pyt�DER_cert_to_PEM_cert�s������$�c���Csw|jt��s"t�d�t����n|j��j�t��sJt�d�t����n|j��t�t��t�t���!}�t�j�|��S(�shTakes a certificate in ASCII PEM format and returns the
DER-encoded version of it as a byte sequences(Invalid PEM encoding; must start with %ss&Invalid PEM encoding; must end with %s( t
startswithR�RQt�stript�endswithR�RIR�t�decodestring(�t�pem_cert_stringt�d((s�/sys/lib/python2.7/ssl.pyt�PEM_cert_to_DER_cert�s������
�����
� �c���Csx|\�}�}�|�d�k r!t�}�n�t�}�t�t��d�|�d�|�d�|���}�|�j�|��|�j�t��}�|�j���t |��S(�s�Retrieve the certificate from the server at the specified address,
and return it as a PEM-encoded string.
If 'ca_certs' is specified, validate the server cert against it.
If 'ssl_version' is specified, use it in the connection attempt.R;R:R<N(
R*R�R�RyR�RlROR4RjR�(�RXR;R<t�hostt�portR:Rgt�dercert((s�/sys/lib/python2.7/ssl.pyt�get_server_certificate�s������ �������
���
�c���Cs�tj�|d��S(�Ns <unknown>(�t�_PROTOCOL_NAMESt�get(�t
protocol_code((s�/sys/lib/python2.7/ssl.pyt�get_protocol_name�s��c���Cslt|d��r�|j�}nt�j�|d�|�|�t�t�d��}�y�|j���Wn��t�k
r]���n�X|�j ��|�S(�s�A replacement for the old socket.ssl function. Designed
for compability with Python 2.5 and earlier. Will disappear in
Python 3.0.R$iN(
R�R$R5R6R�R�R*R-R.R7(�RBR8R9t�ssl_sock((s�/sys/lib/python2.7/ssl.pyt�sslwrap_simple�s��������������
���
�(7RxR�R5RR�R�R�R�R�R�R�R�R R
R�R�R
R�R�R�R�R�R�R�R�R�R�R+t�ImportErrorR*R�R�R�R�R.R�t�_getnameinfoR R!R"R�R/R,R#R1R4RyR~R�R�R�R�R�R�R�(((s�/sys/lib/python2.7/ssl.pyt�<module>8sN��������������@
��������
�����
�
�
�
�"���������������������� ���� � ��� �
|
