o ?Og @s ddlZddlZddlmZddlmZmZm Z ddl Z ddl m Z m Z mZddl mZmZmZddl mZmZmZmZmZmZmZddl mZmZddl mZmZmZm Z zdd l m!Z!Wn e"yhYnwdd l m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,dd l m-Z-m.Z.ej/d e0d de de j/de0dde dej/de0dde dej/de0dde de j/de0dde dej/de0dde de1j2Z3e1_3dde1j45DZ6e7e1ddZ8GdddeZ9Gdd d eZ:Gd!d"d"eZ;Gd#d$d$eZZ>m?Z?dd'l@m@Z@mAZAmBZBdd(l@mCZCmDZDmEZEddl@ZFddlGZGddlHZHddlIZIeJZKd)gZLeMe d*ZNe-ZOeZPd+d,ZQd-d.ZRd/d0ZSd1d2ZTed3d4ZUd5d6ZVGd7d8d8ed8d9ZWGd:d;d;eWeZXGdd?d@Z[dZe\dAeXjZddddddBdCdDZ]e[Z^e]Z_GdEdFdFZ`dGdHZaGdIdJdJe@ZbebeY_ce`eY_ddddAe\e2ddKdKdf dLdMZedNdOZfdPZgdQZhdRdSZidTdUZjekdeEfdVdWZldXdYZmdS)[N) namedtuple)EnumIntEnumIntFlag)OPENSSL_VERSION_NUMBEROPENSSL_VERSION_INFOOPENSSL_VERSION) _SSLContext MemoryBIO SSLSession)SSLErrorSSLZeroReturnErrorSSLWantReadErrorSSLWantWriteErrorSSLSyscallError SSLEOFErrorSSLCertVerificationError)txt2objnid2obj) RAND_statusRAND_add RAND_bytesRAND_pseudo_bytes)RAND_egd) HAS_SNIHAS_ECDHHAS_NPNHAS_ALPN HAS_SSLv2 HAS_SSLv3 HAS_TLSv1 HAS_TLSv1_1 HAS_TLSv1_2 HAS_TLSv1_3)_DEFAULT_CIPHERS_OPENSSL_API_VERSION _SSLMethodcCs|do|dkS)NZ PROTOCOL_PROTOCOL_SSLv23 startswithnamer,*/opt/alt/python310/lib64/python3.10/ssl.py}sr.)sourceOptionscC |dS)NZOP_r(r*r,r,r-r. ZAlertDescriptioncCr1)NZALERT_DESCRIPTION_r(r*r,r,r-r.r2ZSSLErrorNumbercCr1)NZ SSL_ERROR_r(r*r,r,r-r.r2 VerifyFlagscCr1)NZVERIFY_r(r*r,r,r-r.r2 VerifyModecCr1)NZCERT_r(r*r,r,r-r.r2cCsi|]\}}||qSr,r,).0r+valuer,r,r- sr7ZPROTOCOL_SSLv2c@s6eZdZejZejZejZ ej Z ej Z ejZejZdS) TLSVersionN)__name__ __module__ __qualname___sslZPROTO_MINIMUM_SUPPORTEDZMINIMUM_SUPPORTEDZ PROTO_SSLv3SSLv3Z PROTO_TLSv1ZTLSv1Z PROTO_TLSv1_1ZTLSv1_1Z PROTO_TLSv1_2ZTLSv1_2Z PROTO_TLSv1_3ZTLSv1_3ZPROTO_MAXIMUM_SUPPORTEDZMAXIMUM_SUPPORTEDr,r,r,r-r8s r8c@s&eZdZ dZdZdZdZdZdZdS)_TLSContentTypeN) r9r:r;CHANGE_CIPHER_SPECALERTZ HANDSHAKEZAPPLICATION_DATAHEADERZINNER_CONTENT_TYPEr,r,r,r-r>sr>c@seZdZ dZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!d Z"d!Z#d"Z$d#S)$ _TLSAlertTyper r?r@rA()*+,-./0123<FGPVZdmnopqrstxN)%r9r:r;Z CLOSE_NOTIFYZUNEXPECTED_MESSAGEZBAD_RECORD_MACZDECRYPTION_FAILEDZRECORD_OVERFLOWZDECOMPRESSION_FAILUREZHANDSHAKE_FAILUREZNO_CERTIFICATEZBAD_CERTIFICATEZUNSUPPORTED_CERTIFICATEZCERTIFICATE_REVOKEDZCERTIFICATE_EXPIREDZCERTIFICATE_UNKNOWNZILLEGAL_PARAMETERZ UNKNOWN_CAZ ACCESS_DENIEDZ DECODE_ERRORZ DECRYPT_ERRORZEXPORT_RESTRICTIONZPROTOCOL_VERSIONZINSUFFICIENT_SECURITYZINTERNAL_ERRORZINAPPROPRIATE_FALLBACKZ USER_CANCELEDZNO_RENEGOTIATIONZMISSING_EXTENSIONZUNSUPPORTED_EXTENSIONZCERTIFICATE_UNOBTAINABLEZUNRECOGNIZED_NAMEZBAD_CERTIFICATE_STATUS_RESPONSEZBAD_CERTIFICATE_HASH_VALUEZUNKNOWN_PSK_IDENTITYZCERTIFICATE_REQUIREDZNO_APPLICATION_PROTOCOLr,r,r,r-rHsHrHc@sfeZdZ dZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdS)_TLSMessageTyper r?r@rArBCrDN)r9r:r;Z HELLO_REQUESTZ CLIENT_HELLOZ SERVER_HELLOZHELLO_VERIFY_REQUESTZNEWSESSION_TICKETZEND_OF_EARLY_DATAZHELLO_RETRY_REQUESTZENCRYPTED_EXTENSIONSZ CERTIFICATEZSERVER_KEY_EXCHANGEZCERTIFICATE_REQUESTZ SERVER_DONEZCERTIFICATE_VERIFYZCLIENT_KEY_EXCHANGEZFINISHEDZCERTIFICATE_URLZCERTIFICATE_STATUSZSUPPLEMENTAL_DATAZ KEY_UPDATEZ NEXT_PROTOZ MESSAGE_HASHrEr,r,r,r-rgs0rgwin32)enum_certificates enum_crls)socket SOCK_STREAMcreate_connection) SOL_SOCKETSO_TYPE_GLOBAL_DEFAULT_TIMEOUT tls-uniqueHOSTFLAG_NEVER_CHECK_SUBJECTcCs |sdS|d}|s||kS|dkrtd||d\}}}d|vr2td||s;td||dkrFtd||d\}}}|rR|sTdS||kS) NF*rhz1too many wildcards in certificate DNS name: {!r}..z9wildcard can only be present in the leftmost label: {!r}.z>sole wildcard without additional labels are not support: {!r}.z.shim_cb)Z sni_callbackcallable TypeError)rrrr,rr-set_servername_callback%s   z"SSLContext.set_servername_callbackcCs`t}|D]#}t|d}t|dkst|dkrtd|t|||q||dS)Nrrrz)ALPN protocols must be 1 to 255 in length)rrrr rrZ_set_alpn_protocols)rZalpn_protocolsrrrr,r,r-set_alpn_protocols2s  zSSLContext.set_alpn_protocolscCstt}zt|D]\}}}|dkr|dus|j|vr||qWnty/tdYnw|r8|j|d|S)NZx509_asnTz-unable to enumerate Windows certificate store)cadata)rryrrPermissionErrorrrload_verify_locations)r storenamepurposeZcertsrencodingZtrustr,r,r-_load_windows_store_certs=s   z$SSLContext._load_windows_store_certscCs@t|ts t|tjdkr|jD]}|||q|dS)Nrx)rrrsysplatform_windows_cert_storesrZset_default_verify_paths)rrrr,r,r-load_default_certsKs    zSSLContext.load_default_certsminimum_versionc ttjSr)r8rrrrr,r-rT zSSLContext.minimum_versioncs4|tjkr|jtjM_tttj||dSr) r8r=optionsr0Z OP_NO_SSLv3rrr__set__rr6rr,r-rXs crr)r8rmaximum_versionrrr,r-r^rzSSLContext.maximum_versionctttj||dSr)rrrrrrr,r-rbcrr)r0rrrrr,r-rfrzSSLContext.optionscrr)rrrrrrr,r-rjrrcCs|jtj@}|tjkSrZ _host_flagsr<r)rZncsr,r,r-hostname_checks_common_nameos  z&SSLContext.hostname_checks_common_namecCs.|r |jtjM_dS|jtjO_dSrrrr,r,r-rtscCsdSNTr,rr,r,r-r{cs tj}|dur |jSdSr)r _msg_callback user_function)rinnerrr,r-rs zSSLContext._msg_callbackcsbdurtttj|ddStdstdfdd}|_tttj||dS)N__call__z is not callable.cszt|}Wn tyYnwzt|}Wn tyYnw|tjkr(t}n |tjkr0t}nt}z||}Wn tyAYnw||||||Sr)r8rr>rGrFrHrg)ZconnZ directionversionZ content_typeZmsg_typedataZmsg_enumcallbackr,r-r s.        z'SSLContext._msg_callback..inner)rrrrhasattrrr )rrr rrr-rs  crr)r&rrrrr,r-rrzSSLContext.protocolcrr)r3r verify_flagsrrr,r-rrzSSLContext.verify_flagscrr)rrrrrrr,r-rrcs*tj}zt|WSty|YSwr)r verify_moder4rrrr,r-rs   zSSLContext.verify_modecrr)rrrrrrr,r-rrr)FTTNN)FNN)r9r:r;rrrrrrrrrrrrrrrr propertyrsetterrrr<rrrrrrr,r,rr-rsl            &%r)rrrcCs t|ts t||tjkrtt}t|_d|_ n|tj kr$tt }nt ||s.|s.|r6| |||n |jtkr@||t|drTtjd}|rTtjjsT||_|S)NTkeylog_filename SSLKEYLOGFILE)rrrrrrPROTOCOL_TLS_CLIENT CERT_REQUIREDrcheck_hostnamerPROTOCOL_TLS_SERVERrr CERT_NONErrrrrrflagsignore_environmentr)rrrrr keylogfiler,r,r-create_default_contexts&          rF) cert_reqsrrcertfilekeyfilerrrc Cs t|ts t||tjkr|durt}n|tjkr"|dur!t}nt|t |} || _ |dur4|| _ |r9d| _ |rA|sAtd|sE|rK| |||sQ|sQ|rY| |||n | j tkrc| |t| drwtjd} | rwtjjsw| | _| S)NTcertfile must be specifiedrr)rrrrrrrrrrrrload_cert_chainrrrrrrrrrrr) rr rrr!r"rrrrrr,r,r-_create_unverified_context s>          r%c@seZdZ ddZe  d1ddZeddZejd dZed d Z e jd d Z ed dZ eddZ eddZ d2ddZ ddZd3ddZddZddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zd4d+d,Zd-d.Zd/d0ZdS)5 SSLObjectcOt|jjd)NzU does not have a public constructor. Instances are returned by SSLContext.wrap_bio().rrr9rrrr,r,r-__init__X zSSLObject.__init__FNc Cs*||}|j||||||d}||_|S)N)rrownerr)rZ _wrap_bio_sslobj) rrrrrrrrrr,r,r-r^s zSSLObject._createcC |jjSrr-rrr,r,r-rjzSSLObject.contextcC ||j_dSrr/rctxr,r,r-rorcCr.rr-rrr,r,r-rsr0zSSLObject.sessioncCr1rr4rrr,r,r-rxrcCr.rr-session_reusedrr,r,r-r7|r0zSSLObject.session_reusedcCr.r)r-rrr,r,r-rr0zSSLObject.server_sidecCr.r)r-rrr,r,r-rszSSLObject.server_hostnamecCs, |dur|j||}|S|j|}|Sr)r-read)rrbuffervr,r,r-r9s  zSSLObject.readcC |j|Sr)r-writerr r,r,r-r=s zSSLObject.writecCr<r)r- getpeercertrZ binary_formr,r,r-r?s zSSLObject.getpeercertcCs tjdtdddSNrrir)rrrrr,r,r-selected_npn_protocols  zSSLObject.selected_npn_protocolcC |jSr)r-selected_alpn_protocolrr,r,r-rD z SSLObject.selected_alpn_protocolcCrCr)r-cipherrr,r,r-rF zSSLObject.ciphercCrCr)r-shared_ciphersrr,r,r-rHrEzSSLObject.shared_cipherscCrCr)r- compressionrr,r,r-rIrGzSSLObject.compressioncCrCr)r-pendingrr,r,r-rJ zSSLObject.pendingcCs |jdSr)r- do_handshakerr,r,r-rLszSSLObject.do_handshakecCrCr)r-shutdownrr,r,r-unwraprKzSSLObject.unwraprcCr<r)r-get_channel_bindingrZcb_typer,r,r-rOs zSSLObject.get_channel_bindingcCrCrr-r rr,r,r-r rGzSSLObject.versioncCs |jSr)r-verify_client_post_handshakerr,r,r-rRs z&SSLObject.verify_client_post_handshake)FNNNr8NFr)r9r:r;r*rrrrrrr7rrr9r=r?rBrDrFrHrIrJrLrNrOr rRr,r,r,r-r&IsF              r&cCs tt|jj|_|Sr)getattrr&r9__doc__)funcr,r,r- _sslcopydocsrYcseZdZ ddZe   dWfdd Zeedd Zej d d Zeed d Z e j d d Z eeddZ ddZ dXddZ ddZdYddZddZedZddZeddZedd Zed!d"Zed#d$Zed%d&Zd[fd(d) ZdXfd*d+ Zd,d-Zd[fd.d/ Zd\fd0d1 Zd]fd2d3 Zd^fd4d5 Zd]fd6d7 Zd^fd8d9 Zd:d;Z dd?Z"fd@dAZ#edBdCZ$edDdEZ%fdFdGZ&edZdHdIZ'fdJdKZ(dLdMZ)dNdOZ*fdPdQZ+ed_dSdTZ,edUdVZ-Z.S)` SSLSocketcOr')NzX does not have a public constructor. Instances are returned by SSLContext.wrap_socket().r(r)r,r,r-r*r+zSSLSocket.__init__FTNc sX|tttkr td|r|rtd|durtd|jr%|s%tdt|j|j |j | d}|j |fi|} t t| jdi||} ||| _|| _d| _d| _|| _||| _|| _|| _z| Wnuty} zi| jtjkr~d} | } | dz| !d}Wnty} z| jtjtj"fvrd}WYd} ~ nd} ~ ww| | |rd }t#| j|}||_$d|_%z| &Wn tyYnwz|d}wWYd} ~ nd} ~ wwd } | '| | | _(| r*z(| jj)| || j| | jd | _|r| }|d krtd | *W| SW| Sttfy)| &w| S)Nz!only stream sockets are supportedz4server_hostname can only be specified in client modez,session can only be specified in client modez'check_hostname requires server_hostname)familytypeprotofilenoFrhz5Closed before TLS handshake with data in recv buffer.Tr,rzHdo_handshake_on_connect should not be specified for non-blocking socketsr,)+Z getsockoptr~rr|NotImplementedErrorrrdictr[r\r]r^rrrZr* gettimeoutdetach_context_sessionZ_closedr-rrrrr getpeernamererrnoZENOTCONNZ getblockingZ setblockingrecvZEINVALr reasonZlibraryclose settimeout _connected _wrap_socketrL)rrrrrrrrrrZ sock_timeouteZ connectedZblockingZnotconn_pre_handshake_datarkZ notconn_pre_handshake_data_errortimeoutrr,r-rs           %    zSSLSocket._createcCs|jSr)rfrr,r,r-rVszSSLSocket.contextcCs||_||j_dSr)rfr-rr2r,r,r-r[s cC|jdur |jjSdSrr4rr,r,r-r` zSSLSocket.sessioncCs ||_|jdur||j_dSdSr)rgr-rr5r,r,r-rfs  cCrrrr6rr,r,r-r7lrszSSLSocket.session_reusedcCstd|jj)NzCan't dup() %s instances)rbrr9rr,r,r-duprsz SSLSocket.dupcCsdSrr,)rmsgr,r,r- _checkClosedvrzSSLSocket._checkClosedcCs|js |dSdSr)rnrhrr,r,r-_check_connectedzs zSSLSocket._check_connectedr8c Cs ||jdurtdz|dur|j||WS|j|WStyJ}z|jdtkrE|jrE|dur>WYd}~dSWYd}~dSd}~ww)Nz'Read on closed or unwrapped SSL socket.rr_)rvr-rr9r rZ SSL_ERROR_EOFr)rrr:xr,r,r-r9s  zSSLSocket.readcCs( ||jdurtd|j|S)Nz(Write on closed or unwrapped SSL socket.)rvr-rr=r>r,r,r-r=s   zSSLSocket.writecCs|||j|Sr)rvrwr-r?r@r,r,r-r?s zSSLSocket.getpeercertcCs|tjdtdddSrA)rvrrrrr,r,r-rBszSSLSocket.selected_npn_protocolcCs&||jdus tjsdS|jSr)rvr-r<rrDrr,r,r-rDs z SSLSocket.selected_alpn_protocolcC ||jdur dS|jSr)rvr-rFrr,r,r-rF  zSSLSocket.ciphercCryr)rvr-rHrr,r,r-rHrzzSSLSocket.shared_cipherscCryr)rvr-rIrr,r,r-rIrzzSSLSocket.compressionrcsB||jdur|dkrtd|j|j|St||S)Nrz3non-zero flags not allowed in calls to send() on %s)rvr-rrr=rsend)rr rrr,r-r{s  zSSLSocket.sendcsF||jdurtd|j|durt||St|||S)Nz%sendto not allowed on instances of %s)rvr-rrrsendto)rr Z flags_or_addrrrr,r-r|s zSSLSocket.sendtocOtd|j)Nz&sendmsg not allowed on instances of %srbrr)r,r,r-sendmsgszSSLSocket.sendmsgc s||jdurc|dkrtd|jd}t|?}|d!}t|}||kr:|||d}||7}||ks)Wdn1sDwYWddSWddS1s\wYdSt ||S)Nrz6non-zero flags not allowed in calls to sendall() on %sB) rvr-rr memoryviewcastrr{rsendall)rr rrZviewZ byte_viewZamountr;rr,r-rs$ PzSSLSocket.sendallcs* |jdur ||||St|||Sr)r-Z_sendfile_use_sendrsendfile)rfileoffsetrrr,r-rs zSSLSocket.sendfilecs@||jdur|dkrtd|j||St||S)Nrz3non-zero flags not allowed in calls to recv() on %s)rvr-rrr9rrjrZbuflenrrr,r-rjs  zSSLSocket.recvcsf||r|durt|}n|durd}|jdur+|dkr%td|j|||St|||S)Nr8rz8non-zero flags not allowed in calls to recv_into() on %s)rvrr-rrr9r recv_intorr:nbytesrrr,r-rs    zSSLSocket.recv_intocs.||jdurtd|jt||S)Nz'recvfrom not allowed on instances of %s)rvr-rrrrecvfromrrr,r-rs  zSSLSocket.recvfromcs0||jdurtd|jt|||S)Nz,recvfrom_into not allowed on instances of %s)rvr-rrr recvfrom_intorrr,r-r's  zSSLSocket.recvfrom_intocOr})Nz&recvmsg not allowed on instances of %sr~r)r,r,r-recvmsg/zSSLSocket.recvmsgcOr})Nz+recvmsg_into not allowed on instances of %sr~r)r,r,r- recvmsg_into3rzSSLSocket.recvmsg_intocCs ||jdur|jSdSNr)rvr-rJrr,r,r-rJ7s  zSSLSocket.pendingcs|d|_t|dSr)rvr-rrM)rZhowrr,r-rM?szSSLSocket.shutdowncCs*|jr |j}d|_|Stdt|NzNo SSL wrapper around )r-rMrr)rsr,r,r-rNDs  zSSLSocket.unwrapcCs |jr|jStdt|r)r-rRrrrr,r,r-rRMs z&SSLSocket.verify_client_post_handshakecsd|_tdSr)r-r _real_closerrr,r-rTszSSLSocket._real_closec CsN||}z|dkr|r|d|jW||dS||w)Nra)rwrdrmr-rL)rblockrqr,r,r-rLXs   zSSLSocket.do_handshakec s|jrtd|js|jdurtd|jj|d|j||jd|_z |r+t |}nd}t ||s?d|_|j r?| |WSt tfyNd|_w)Nz!can't connect in server-side modez/attempt to connect already-connected SSLSocket!Fr`T)rrrnr-rrorrgr connect_exconnectrrLr)rrrZrcrr,r- _real_connectcs, zSSLSocket._real_connectcCs ||ddS)NFrrrr,r,r-r}szSSLSocket.connectcCs ||dSrrrr,r,r-rs zSSLSocket.connect_excs0 t\}}|jj||j|jdd}||fS)NT)rrr)racceptrrrr)rZnewsockrrr,r-rszSSLSocket.acceptrcCs0|jdur |j|S|tvrtd|dS)Nz({0} channel binding type not implemented)r-rOCHANNEL_BINDING_TYPESrrrPr,r,r-rOs  zSSLSocket.get_channel_bindingcCs|jdur |jSdSrrQrr,r,r-r s  zSSLSocket.version)FTTNNNrrSrT)r)rN)r8rrrU)/r9r:r;r*rrrrYrrrr7rtrvrwr9r=r?rBrDrFrHrIr{r|rrrrjrrrrrrJrMrNrRrrLrrrrrOr rr,r,rr-rZs_                           rZTc Cs|tjdtdd|r|std|r|stdt|} || _|r&| ||r.| ||| r5| | | j ||||dS)Nz=ssl.wrap_socket() is deprecated, use SSLContext.wrap_socket()rirz5certfile must be specified for server-side operationsr#)rrrr) rrrrrrrr$Z set_ciphersr) rr"r!rr  ssl_versionca_certsrrZciphersrr,r,r-rs,   rcCs ddlm}ddlm}d}d}z||ddd}Wnty/td||fw||dd|}||d|f|d d S) Nr)strptime)timegm) ZJanZFebZMarZAprZMayZJunZJulZAugZSepZOctZNovZDecz %d %H:%M:%S %Y GMTrjrhz*time data %r does not match format "%%b%s"rirm)timerZcalendarrindextitler)Z cert_timerrZmonthsZ time_formatZ month_numberZttr,r,r-cert_time_to_secondss  rz-----BEGIN CERTIFICATE-----z-----END CERTIFICATE-----csT tt|ddtg}|fddtdtdD7}|tdd|S)NASCIIstrictcsg|] }||dqS)@r,)r5ifr,r- sz(DER_cert_to_PEM_cert..rr ) rbase64Zstandard_b64encode PEM_HEADERrangerr PEM_FOOTERr)Zder_cert_bytesZssr,rr-DER_cert_to_PEM_certs " rcCs^ |ts tdt|tstdt|tttt }t| ddS)Nz(Invalid PEM encoding; must start with %sz&Invalid PEM encoding; must end with %srr) r)rrstripendswithrrrZ decodebytesr)Zpem_cert_stringdr,r,r-PEM_cert_to_DER_certs rc Cs |\}}|dur t}nt}t|||d}t||d1}|j||d } | d} Wdn1s3wYWdt| SWdt| S1sOwYt| S)N)r r)rq)rT)rr_create_stdlib_contextr}rr?r) rrrrqZhostZportr rrZsslsockZdercertr,r,r-get_server_certificates(   rcCs t|dS)Nz )_PROTOCOL_NAMESr)Z protocol_coder,r,r-get_protocol_names rr)nrr collectionsrenumrZ_EnumrZ_IntEnumrZ_IntFlagr<rrrr r r r r rrrrrrrrrrrrrr ImportErrorrrrrrrr r!r"r#r$r% _convert_r9r&rr' __members__itemsrrVZ_SSLv2_IF_EXISTSr8r>rHrgrryrzr{r|r}r~rrrrrirrZ socket_errorrrZHAS_NEVER_CHECK_COMMON_NAMEZ_RESTRICTED_SERVER_CIPHERSrrrrrrrrrrrrrr%Z_create_default_https_contextrr&rYrZrrrrrrrrrrrr,r,r,r-sZ $ 0   )  1# > & 7@