File: //lib64/python3.6/site-packages/M2Crypto/SSL/__pycache__/Context.cpython-36.opt-1.pyc
3
YݧZ�B�������������������@���s����d�d�l�m�Z���d�d�l�m�Z�m�Z�m�Z�m�Z�m�Z�m�Z���d�d�l m
Z
��d�d�l�m�Z���d�d�l
m�Z���e�j�rrd�d�l�m�Z�m�Z�m�Z�m�Z�m�Z���d�d�d g�Z�G�d
d���d�e���Z�d�d���Z�e�Z�G�d
d���d�e���Z�d�S�)������)���absolute_import)���BIO��Err��RSA��X509��m2��util)���cb)���Session)���WeakValueDictionary)���Any��AnyStr��Callable��Optional��Union��ctxmap��Context��mapc����������������@���s0���e�Z�d�Z�d�Z�d�d���Z�d�d���Z�d�d���Z�d�d ��Z�d�S�)
��_ctxmapNc����������������C���s����t���|�_�d�S�)�z Simple WeakReffed list.
N)�r����r����)���self��r������/usr/lib64/python3.6/Context.py��__init__����s������z�_ctxmap.__init__c����������������C���s
���|�j�|���S�)�N)�r����)�r������keyr����r����r������__getitem__����s������z�_ctxmap.__getitem__c����������������C���s����|�|�j�|�<�d�S�)�N)�r����)�r����r������valuer����r����r������__setitem__����s������z�_ctxmap.__setitem__c����������������C���s����|�j�|�=�d�S�)�N)�r����)�r����r����r����r����r������__delitem__"���s������z�_ctxmap.__delitem__)���__name__�
__module__��__qualname__� singletonr����r����r����r����r����r����r����r����r��������s
�������������r����c����������������C���s����t�j�d�k�r�t���t�_�t�j�S�)�N)�r����r!���r����r����r����r����r����'���s������
���c����������������@���s"���e�Z�d�Z�d�Z�e�j�Z�d<d�d���Z�d�d���Z�d�d ��Z d�e
j�f�d
d���Z�d�e
j�f�d�d
��Z
d�d���Z�e���Z�Z�d=d�d���Z�e�Z�d�d���Z�d�d���Z�d�d���Z�d�d���Z�d>d�d���Z�d�d���Z�d�d���Z�d d!��Z�d?d"d#��Z�d$d%��Z�d@d&d'��Z�e�j�f�d(d)��Z d*d+��Z!d,d-��Z"d.d/��Z#d0d1��Z$d2d3��Z%d4d5��Z&d6d7��Z'd8d9��Z(d:d;��Z)d�S�)Ar����z�'Context' for SSL connections.��tlsNc����������������C���s����t�t�|�d���d���}�|�d�k�r8|�d�k�r,t�t�d���}�n�t�d�|�������t�j�|�����|�_�d�|�_�|�|�_�|�t���t�|�j���<�t�j |�j�d�����|�d�k�r�|�d�k�r�|�j
t�j�t�j�B�t�j
B�����d�S�) N��_methodr"���Z
sslv23_methodz�no such protocol '%s'r����������sslv23)�r%���r"���)���getattrr�����
ValueErrorZ�ssl_ctx_new��ctx��allow_unknown_ca��post_connection_checkr������intZ�ssl_ctx_set_cache_size��set_optionsZ
SSL_OP_ALLZ�SSL_OP_NO_SSLv2Z�SSL_OP_NO_SSLv3)�r����Z�protocolZ�weak_cryptor*�����protor����r����r����r����6���s������������������������������z�Context.__init__c����������������C���s����t�|�d�d���r�|�j�|�j�����d�S�)�Nr(���)�r&�����m2_ssl_ctx_freer(���)�r����r����r����r������__del__I���s��������z�Context.__del__c����������������C���s����t���t�|�j���=�d�S�)�N)�r����r+���r(���)�r����r����r����r������closeN���s������z
Context.closec����������������C���sJ���t�j�|�j�|�����t�j�|�j�|�����|�s$|�}�t�j�|�j�|�����t�j�|�j���sFt�d�����d�S�)�a4���Load certificate and private key into the context.
:param certfile: File that contains the PEM-encoded certificate.
:param keyfile: File that contains the PEM-encoded private key.
Default value of None indicates that the private key
is to be found in 'certfile'.
:param callback: Callable object to be invoked if the private key is
passphrase-protected. Default callback provides a
simple terminal-style input for the passphrase.
z�public/private key mismatchN)�r������ssl_ctx_passphrase_callbackr(���Z�ssl_ctx_use_cert��ssl_ctx_use_privkey��ssl_ctx_check_privkeyr'���)�r����Z�certfile��keyfile��callbackr����r����r����� load_certR���s�����
������������z�Context.load_certc����������������C���sJ���t�j�|�j�|�����t�j�|�j�|�����|�s$|�}�t�j�|�j�|�����t�j�|�j���sFt�d�����d�S�)�a����Load certificate chain and private key into the context.
:param certchainfile: File object containing the PEM-encoded
certificate chain.
:param keyfile: File object containing the PEM-encoded private
key. Default value of None indicates that the
private key is to be found in 'certchainfile'.
:param callback: Callable object to be invoked if the private key
is passphrase-protected. Default callback
provides a simple terminal-style input for the
passphrase.
z�public/private key mismatchN)�r����r1���r(���Z�ssl_ctx_use_cert_chainr2���r3���r'���)�r����Z
certchainfiler4���r5���r����r����r������load_cert_chaing���s������������������z�Context.load_cert_chainc����������������C���s����t�j�|�j�|�����d�S�)�z�Load CA certs into the context. These CA certs are sent to the
peer during *SSLv3 certificate request*.
:param cafile: File object containing one or more PEM-encoded CA
certificates concatenated together.
N)�r����Z$ssl_ctx_set_client_CA_list_from_filer(���)�r������cafiler����r����r������set_client_CA_list_from_file~���s������z$Context.set_client_CA_list_from_filec����������������C���s(���|�d�k�r�|�d�k�r�t�d�����t�j�|�j�|�|���S�)�a����Load CA certs into the context.
These CA certs are used during verification of the peer's
certificate.
:param cafile: File containing one or more PEM-encoded CA
certificates concatenated together.
:param capath: Directory containing PEM-encoded CA certificates
(one certificate per file).
:return: 0 if the operation failed because CAfile and CApath are NULL
or the processing at one of the locations specified failed.
Check the error stack to find out the reason.
1 The operation succeeded.
Nz'cafile and capath can not both be None.)�r'���r����Z�ssl_ctx_load_verify_locationsr(���)�r����r8���Z�capathr����r����r������load_verify_locations����s����������z�Context.load_verify_locationsc����������������C���s&���t�j�|�j�|���}�|�s"t�j�t�j���d�����d�S�)�at���Sets the session id for the SSL.Context w/in a session can be reused.
:param id: Sessions are generated within a certain context. When
exporting/importing sessions with
i2d_SSL_SESSION/d2i_SSL_SESSION it would be possible,
to re-import a session generated from another context
(e.g. another application), which might lead to
malfunctions. Therefore each application must set its
own session id context sid_ctx which is used to
distinguish the contexts and is stored in exported
sessions. The sid_ctx can be any kind of binary data
with a given length, it is therefore possible to use
e.g. the name of the application and/or the hostname
and/or service name.
��N)�r����Z�ssl_ctx_set_session_id_contextr(���r����Z�SSLErrorZ�get_error_code)�r������id��retr����r����r������set_session_id_ctx����s����������z�Context.set_session_id_ctxc����������������C���s����t�j�|�j���}�|�s�t�d�����d�S�)�a����
Specifies that the default locations from which CA certs are
loaded should be used.
There is one default directory and one default file. The default
CA certificates directory is called "certs" in the default
OpenSSL directory. Alternatively the SSL_CERT_DIR environment
variable can be defined to override this location. The default
CA certificates file is called "cert.pem" in the default OpenSSL
directory. Alternatively the SSL_CERT_FILE environment variable
can be defined to override this location.
@return 0 if the operation failed. A missing default location is
still treated as a success. No error code is set.
1 The operation succeeded.
z)Cannot use default SSL certificate store!N)�r����Z ssl_ctx_set_default_verify_pathsr(���r'���)�r����r=���r����r����r������set_default_verify_paths����s����������z Context.set_default_verify_pathsc����������������C���s
���|�|�_�d�S�)�z�Set the context to accept/reject a peer certificate if the
certificate's CA is unknown.
:param ok: True to accept, False to reject.
N)�r)���)�r������okr����r����r������set_allow_unknown_ca����s������z�Context.set_allow_unknown_cac����������������C���s����|�j�S�)�z�Get the context's setting that accepts/rejects a peer
certificate if the certificate's CA is unknown.
FIXME 2Bconverted to bool
)�r)���)�r����r����r����r������get_allow_unknown_ca����s������z�Context.get_allow_unknown_cac����������������C���s:���|�d�k�r�t�j�|�j�|�����n�t�j�|�j�|�|�����t�j�|�j�|�����d�S�)�a[���
Set verify options. Most applications will need to call this
method with the right options to make a secure SSL connection.
:param mode: The verification mode to use. Typically at least
SSL.verify_peer is used. Clients would also typically
add SSL.verify_fail_if_no_peer_cert.
:param depth: The maximum allowed depth of the certificate chain
returned by the peer.
:param callback: Callable that can be used to specify custom
verification checks.
N)�r����Z�ssl_ctx_set_verify_defaultr(���Z�ssl_ctx_set_verifyZ�ssl_ctx_set_verify_depth)�r������mode��depthr5���r����r����r�����
set_verify����s������������z�Context.set_verifyc����������������C���s����t�j�|�j���S�)�N)�r����Z�ssl_ctx_get_verify_moder(���)�r����r����r����r������get_verify_mode����s������z�Context.get_verify_modec����������������C���s����t�j�|�j���S�)�z?Returns the verification mode currently set in the SSL Context.)�r����Z�ssl_ctx_get_verify_depthr(���)�r����r����r����r������get_verify_depth����s������z�Context.get_verify_depthc����������������C���s&���t�j�|���}�t�j�|�j�����}�t�j�|�j�|���S�)�z�Load ephemeral DH parameters into the context.
:param dhpfile: Filename of the file containing the PEM-encoded
DH parameters.
)�r����Z�openfiler����Z�dh_read_parametersZ�bio_ptrZ�ssl_ctx_set_tmp_dhr(���)�r����Z�dhpfile��fZ�dhpr����r����r�����
set_tmp_dh����s������
���z�Context.set_tmp_dhc����������������C���s����|�d�k r�t�j�|�j�|�����d�S�)�z�Sets the callback function for SSL.Context.
:param callback: Callable to be used when a DH parameters are required.
N)�r����Z�ssl_ctx_set_tmp_dh_callbackr(���)�r����r5���r����r����r������set_tmp_dh_callback����s��������z�Context.set_tmp_dh_callbackc����������������C���s,���t�|�t�j���r�t�j�|�j�|�j���S�t�d�|�������d�S�)�zXLoad ephemeral RSA key into the context.
:param rsa: RSA.RSA instance.
z(Expected an instance of RSA.RSA, got %s.N)��
isinstancer����r����Z�ssl_ctx_set_tmp_rsar(�����rsa� TypeError)�r����rL���r����r����r������set_tmp_rsa����s����������z�Context.set_tmp_rsac����������������C���s����|�d�k r�t�j�|�j�|�����d�S�)�zfSets the callback function to be used when
a temporary/ephemeral RSA key is required.
N)�r����Z�ssl_ctx_set_tmp_rsa_callbackr(���)�r����r5���r����r����r������set_tmp_rsa_callback����s��������z�Context.set_tmp_rsa_callbackc����������������C���s����t�j�|�j�|�����d�S�)�a!���Set a callback function to get state information.
It can be used to get state information about the SSL
connections that are created from this context.
:param callback: Callback function. The default prints
information to stderr.
N)�r����Z�ssl_ctx_set_info_callbackr(���)�r����r5���r����r����r������set_info_callback'���s�����
z�Context.set_info_callbackc����������������C���s����t�j�|�j�|���S�)�z�Sets the list of available ciphers.
:param cipher_list: The format of the string is described in
ciphers(1).
:return: 1 if any cipher could be selected and 0 on complete
failure.
)�r����Z�ssl_ctx_set_cipher_listr(���)�r����Z�cipher_listr����r����r������set_cipher_list3���s����� z�Context.set_cipher_listc����������������C���s����t�j�|�j�|�j�����S�)�z�Add the session to the context.
:param session: the session to be added.
:return: 0 The operation failed. It was tried to add the same
(identical) session twice.
1 The operation succeeded.
)�r����Z�ssl_ctx_add_sessionr(�����_ptr)�r������sessionr����r����r������add_session>���s������z�Context.add_sessionc����������������C���s����t�j�|�j�|�j�����S�)�z�Remove the session from the context.
:param session: the session to be removed.
:return: 0 The operation failed. The session was not found in
the cache.
1 The operation succeeded.
)�r����Z�ssl_ctx_remove_sessionr(���rR���)�r����rS���r����r����r������remove_sessionK���s������z�Context.remove_sessionc����������������C���s����t�j�|�j���S�)�a����Get current session timeout.
Whenever a new session is created, it is assigned a maximum
lifetime. This lifetime is specified by storing the creation
time of the session and the timeout value valid at this time. If
the actual time is later than creation time plus timeout, the
session is not reused.
Due to this realization, all sessions behave according to the
timeout value valid at the time of the session negotiation.
Changes of the timeout value do not affect already established
sessions.
Expired sessions are removed from the internal session cache,
whenever SSL_CTX_flush_sessions(3) is called, either directly by
the application or automatically (see
SSL_CTX_set_session_cache_mode(3))
The default value for session timeout is decided on a per
protocol basis, see SSL_get_default_timeout(3). All currently
supported protocols have the same default timeout value of 300
seconds.
SSL_CTX_set_timeout() returns the previously set timeout value.
:return: the currently set timeout value.
)�r����Z�ssl_ctx_get_session_timeoutr(���)�r����r����r����r������get_session_timeoutX���s������z�Context.get_session_timeoutc����������������C���s����t�j�|�j�|���S�)�z�Set new session timeout.
See self.get_session_timeout() for explanation of the session
timeouts.
:param timeout: new timeout value.
:return: the previously set timeout value.
)�r����Z�ssl_ctx_set_session_timeoutr(���)�r����Z�timeoutr����r����r������set_session_timeoutw���s������z�Context.set_session_timeoutc����������������C���s����t�j�|�j�|���S�)�z�Enables/disables session caching.
The mode is set by using m2.SSL_SESS_CACHE_* constants.
:param mode: new mode value.
:return: the previously set cache mode value.
)�r����Z�ssl_ctx_set_session_cache_moder(���)�r����rC���r����r����r������set_session_cache_mode����s�����
z�Context.set_session_cache_modec����������������C���s����t�j�|�j���S�)�z�Gets the current session caching.
The mode is set to m2.SSL_SESS_CACHE_* constants.
:return: the previously set cache mode value.
)�r����Z�ssl_ctx_get_session_cache_moder(���)�r����r����r����r������get_session_cache_mode����s������z�Context.get_session_cache_modec����������������C���s����t�j�|�j�|���S�)�a)���Adds the options set via bitmask in options to the Context.
!!! Options already set before are not cleared!
The behaviour of the SSL library can be changed by setting
several options. The options are coded as bitmasks and can be
combined by a logical or operation (|).
SSL.Context.set_options() and SSL.set_options() affect the
(external) protocol behaviour of the SSL library. The (internal)
behaviour of the API can be changed by using the similar
SSL.Context.set_mode() and SSL.set_mode() functions.
During a handshake, the option settings of the SSL object are
used. When a new SSL object is created from a context using
SSL(), the current option setting is copied. Changes to ctx
do not affect already created SSL objects. SSL.clear() does not
affect the settings.
:param op: bitmask of additional options specified in
SSL_CTX_set_options(3) manpage.
:return: the new options bitmask after adding options.
)�r����Z�ssl_ctx_set_optionsr(���)�r������opr����r����r����r,�������s������z�Context.set_optionsc����������������C���s����t�j�t�j�|�j�����S�)�z�
Get the certificate store associated with this context.
:warning: The store is NOT refcounted, and as such can not be relied
to be valid once the context goes away or is changed.
)�r����Z
X509_Storer����Z�ssl_ctx_get_cert_storer(���)�r����r����r����r������get_cert_store����s������z�Context.get_cert_store)�r"���NN)�NN)�N)�N)�N)*r����r����r �����__doc__r����Z�ssl_ctx_freer.���r����r/���r0���r����Z�passphrase_callbackr6���r7���r9���Z�load_client_CAZ�load_client_car:���Z�load_verify_infor>���r?���rA���rB���rE���rF���rG���rI���rJ���rN���rO���r ���Z�ssl_info_callbackrP���rQ���rT���rU���rV���rW���rX���rY���r,���r[���r����r����r����r����r����0���sF�����������
�����������������
�������� �
�������
��
������
�
���
���
��N)�Z
__future__r����Z�M2Cryptor����r����r����r����r����r����Z�M2Crypto.SSLr ���Z�M2Crypto.SSL.Sessionr
�����weakrefr����Z�py27plusZ�typingr����r
���r����r����r������__all__��objectr����r����r����r����r����r����r����r������<module>����s������ �����������
�������