3

���[0`�@s�dd
lm
Z

ddlZddlZddlmZmZmZmZm	Z	m
Z
mZ
ddlm
Z
mZmZ
ddlmZ
ddlmZmZ
ddlmZ
e	r�ddlmZmZmZmZmZmZmZmZ
d	d
gZej e!�
Z"dd�Z#Gd
d	�d	e$�Z%dS)�)
�absolute_importN)�BIO�Err�X509�m2�py27plus�six�util)�Checker�Context�timeout)
�SSLError)�Cipher�Cipher_Stack)
�Session)�Any�AnyStr�Callable�Dict�List�Optional�Tuple�Union�
Connectionrc
Osd
S)N�
�)�args�kwrr�"/usr/lib64/python3.6/Connection.py�_serverPostConnectionChecksrc@sheZ
dZd
Zej�ZeZej	Z
ejZej
Zdejfdd�
Zdd�Zdd�Zd	d
�Zdd�Zd
d�Zdd�Zd�dd�
Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Z d$d%�Z!d&d'�Z"d(d)�Z#d*d+�Z$d,d-�Z%d.d/�Z&d0d1�Z'd2d3�Z(d4d5�Z)d6d7�Z*d8d9�Z+d�d;d<�
Z,d�d=d>�
Z-d?d@�Z.e.Z/Z0dAdB�Z1d�dDdE�
Z2d�dFdG�
Z3e3Z4dHdI�Z5dJdK�Z6dLdM�Z7d�dNdO�
Z8d�dPdQ�
Z9dRdS�Z:dTdU�Z;dVdW�Z<dXdY�Z=dZd[�Z>d\d]�Z?d^d_�Z@d`da�ZAdbdc�ZBddde�ZCd�dfdg�
ZDdhdi�ZEd�dldm�
ZFdndo�ZGdpdq�ZHdrds�ZIdtdu�ZJdvdw�ZKdxdy�ZLdzd{�ZMeNd|d}��
ZOd~d�ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d��ZVdS)�rzAn SSL connection.NcCs�|
|_t
j|jj�
|_|d
k	r&||_n$tj|tj�|_|jjtjtjd�
|jj	�|_
|jj�|_|jd
krrd|_t
j
|_|jjd
k	r�|j|jj�

d
|_d
S)zv

        :param ctx: SSL.Context
        :param sock: socket to be used
        :param family: socket family
        Nrg�?g�)�ctxrZssl_new�ssl�socketZSOCK_STREAM�
setsockopt�
SOL_SOCKETZSO_REUSEADDR�filenoZ_filenoZ
gettimeout�_timeout�bio_noclose�ssl_close_flagZpost_connection_check�"set_post_connection_check_callback�host)�selfr �sockZfamilyrrr�__init__.s










zConnection.__init__c

Csbt|d
d�r|j
|j�

t|dd�r0|j
|j�

|j|jkrTt|dd�rT|j|j�

|jj	�
dS)N�sslbio�sockbior!)
�getattr�m2_bio_freer.r/r(�m2_bio_noclose�m2_ssl_freer!r"�close)
r+rrr�__del__Ks






zConnection.__del__c

Cstj
|j�

dS)
N)rZssl_shutdownr!)
r+rrrr4YszConnection.closec

Cstj
|j�
S)
z�
        If there were errors in this connection, call clear() rather
        than close() to end it, so that bad sessions will be cleared
        from cache.
        )rZ	ssl_clearr!)
r+rrr�clear]szConnection.clearcCstj
|j|
�
d
S)a�Sets the shutdown state of the Connection to mode.

        The shutdown state of an ssl connection is a bitmask of (use
        m2.SSL_* constants):

        0   No shutdown setting, yet.

        SSL_SENT_SHUTDOWN
            A "close notify" shutdown alert was sent to the peer, the
            connection is being considered closed and the session is
            closed and correct.

        SSL_RECEIVED_SHUTDOWN
            A shutdown alert was received form the peer, either a normal
            "close notify" or a fatal error.

        SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the
        same time.

        :param mode: set the mode bitmask.
        N)rZssl_set_shutdown1r!)r+�moderrr�set_shutdownfszConnection.set_shutdownc

Cstj
|j�
S)
z0Get the current shutdown mode of the Connection.)rZssl_get_shutdownr!)
r+rrr�get_shutdownszConnection.get_shutdowncCs|jj
|
�

dS)
N)r"�bind)r+�addrrrrr:�szConnection.bind�cCs|jj
|
�

dS)
N)r"�listen)r+Zqlenrrrr=�szConnection.listencCstj
|j|
�S)
N)r�
ssl_get_errorr!)r+�retrrrr>�szConnection.ssl_get_errorcCstj
|j|
j�|j��
d
S)a;Explicitly set read and write bios

        Connects the BIOs for the read and write operations of the
        TLS/SSL (encrypted) side of ssl.

        The SSL engine inherits the behaviour of both BIO objects,
        respectively. If a BIO is non-blocking, the Connection will also
        have non-blocking behaviour.

        If there was already a BIO connected to Connection, BIO_free()
        will be called (for both the reading and writing side, if
        different).

        :param readbio: BIO for reading
        :param writebio: BIO for writing.
        N)r�ssl_set_bior!�_ptr)r+ZreadbioZwritebiorrr�set_bio�szConnection.set_biocCstj
|j|
�
d
S)a(Set the acceptable client CA list.

        If the client returns a certificate, it must have been issued by
        one of the CAs listed in cafile.

        Makes sense only for servers.

        :param cafile: Filename from which to load the CA list.

        :return: 0 A failure while manipulating the STACK_OF(X509_NAME)
                   object occurred or the X509_NAME could not be
                   extracted from cacert. Check the error stack to find
                   out the reason.

                 1 The operation succeeded.
        N)rZ ssl_set_client_CA_list_from_filer!)r+Zcafilerrr�set_client_CA_list_from_file�sz'Connection.set_client_CA_list_from_filec

Cstj
|j|jj�
d
S)z�
        Set the acceptable client CA list. If the client
        returns a certificate, it must have been issued by
        one of the CAs listed in context.

        Makes sense only for servers.
        N)rZ#ssl_set_client_CA_list_from_contextr!r )
r+rrr�set_client_CA_list_from_context�s	z*Connection.set_client_CA_list_from_contextcCs
|
|_dS)
N)
r;)r+r;rrr�
setup_addr�szConnection.setup_addrcCs"|
tj
tjfkrtd
�
�
|
|_dS)z�
        By default, SSL struct will be freed in __del__. Call with
        m2.bio_close to override this default.

        :param flag: either m2.bio_close or m2.bio_noclose
        z+flag must be m2.bio_close or m2.bio_nocloseN)rZ	bio_closer'�
ValueErrorr()r+�flagrrr�set_ssl_close_flag�s

zConnection.set_ssl_close_flagc

CsPtj
|jj�d
�|_tj|j|j|j�
tjtj��
|_	tj
|j	|jtj�
dS)Nr
)rZbio_new_socketr"r%r/r@r!Zbio_newZ	bio_f_sslr.Zbio_set_sslr')
r+rrr�	setup_ssl�szConnection.setup_sslcCs|j|
�

|j
�
d
S)Z
DeprecatedN)rErI)r+r;rrr�
_setup_ssl�s

zConnection._setup_sslc

Cstj
|j�

d
S)z+Sets Connection to work in the server mode.N)rZssl_set_accept_stater!)
r+rrr�set_accept_state�szConnection.set_accept_statec

Cstj
|j|j�S)
aWaits for a TLS/SSL client to initiate the TLS/SSL handshake.

        The communication channel must already have been set and
        assigned to the ssl by setting an underlying BIO.

        :return: 0 The TLS/SSL handshake was not successful but was shut
                   down controlled and by the specifications of the
                   TLS/SSL protocol. Call get_error() with the return
                   value ret to find out the reason.

                 1 The TLS/SSL handshake was successfully completed,
                   a TLS/SSL connection has been established.

                 <0 The TLS/SSL handshake was not successful because
                    a fatal error occurred either at the protocol level
                    or a connection failure occurred. The shutdown was
                    not clean. It can also occur of action is need to
                    continue the operation for non-blocking BIOs. Call
                    get_error() with the return value ret to find
                    out the reason.
        )rZ
ssl_acceptr!r&)
r+rrr�
accept_ssl�szConnection.accept_sslc
Cst|jj
�\}
}t|j|
�}||_|j�
|j�
|j�
t|d
|j	�}|dk	rl||j
�|jd�sltjd�
�
||fS)aAccept an SSL connection.

        The return value is a pair (ssl, addr) where ssl is a new SSL
        connection object and addr is the address bound to the other end
        of the SSL connection.

        :return: tuple of Connection and addr. Address can take very
                 various forms (see socket documentation), for IPv4 it
                 is tuple(str, int), for IPv6 a tuple of four (host,
                 port, flowinfo, scopeid), where the last two are
                 optional ints.
        �postConnectionCheckNr
zpost connection check failed)
r"�acceptrr r;rIrKrLr0�serverPostConnectionCheck�
get_peer_certr
�SSLVerificationError)r+r,r;r!�checkrrrrN
s











zConnection.acceptc

Cstj
|j�

d
S)z+Sets Connection to work in the client mode.N)rZssl_set_connect_stater!)
r+rrr�set_connect_state
szConnection.set_connect_statec

Cstj
|j|j�S)
N)rZssl_connectr!r&)
r+rrr�connect_ssl#
szConnection.connect_sslcCsn|jj
|
�

|
|_|j�
|j�
|j�}t|d
|j�}|dk	rj||j�|j	rT|j	n|jd�sjt
jd�
�
|S)z�Overloading socket.connect()

        :param addr: addresses have various depending on their type

        :return:status of ssl_connect()
        rMNr
zpost connection check failed)r"�connectr;rIrSrTr0�clientPostConnectionCheckrPr*r
rQ)r+r;r?rRrrrrU'
s











zConnection.connectcCstj
|j|
�
dS)
N)rZssl_set_shutdownr!)r+Zhowrrr�shutdown=
szConnection.shutdownc

Cstj
|j�
S)
z-Renegotiate this connection's SSL parameters.)rZssl_renegotiater!)
r+rrr�renegotiateA
szConnection.renegotiatec

Cstj
|j�
S)
zBReturn the numbers of octets that can be read from the connection.)rZssl_pendingr!)
r+rrr�pendingF
szConnection.pendingcCstj
|j|
|j�S)
N)rZ	ssl_writer!r&)r+�datarrr�
_write_bioK
szConnection._write_biocCstj
|j|
�S)
N)rZssl_write_nbior!)r+rZrrr�_write_nbioO
szConnection._write_nbio�cCs"|
d
k
rtd�
�
t
j|j|
|j�S)Nr
z	size <= 0)rFr�ssl_readr!r&)r+�sizerrr�	_read_bioS
s

zConnection._read_biocCs|
d
k
rtd�
�
t
j|j|
�S)Nr
z	size <= 0)rFrZ
ssl_read_nbior!)r+r_rrr�
_read_nbioY
s

zConnection._read_nbiocCs|jd
kr|j
|
�
S|j|
�
S)Ng)r&r[r\)r+rZrrr�write_
s



zConnection.writec


CsdS)
Nr)
r+rrr�_decref_socketiosf
s
zConnection._decref_socketiosr
cCs�|d
krt|
�
n|}|d
k
r$t
d�
�
tj|j||j�}t|�
}trrt|
t�rr||
d|�<dt|
�
||
|d�<n||
dd�<|S)a�
        A version of recv() that stores its data into a buffer rather
        than creating a new string.  Receive up to buffersize bytes from
        the socket.  If buffersize is not specified (or 0), receive up
        to the size available in the given buffer.

        If buff is bytearray, it will have after return length of the
        actually returned number of bytes. If buff is memoryview, then
        the size of buff won't change (it cannot), but all bytes after
        the number of returned bytes will be NULL.

        :param buffer: a buffer for the received bytes
        :param nbytes: maximum number of bytes to read
        :return: number of bytes read

        See recv() for documentation about the flags.
        r
z	size <= 0N�
)	�lenrFrr^r!r&r�
isinstance�
memoryview)r+Zbuff�nbytes�
nZ
buff_bytes�buflenrrr�	recv_intoi
s



zConnection.recv_intocCs|jd
kr|j
|
�
S|j|
�
S)Ng)r&r`ra)r+r_rrr�read�
s



zConnection.readcCs"|jj
|
�

|
rd|_nd|_dS)a�Set this connection's underlying socket to _mode_.

        Set blocking or non-blocking mode of the socket: if flag is 0,
        the socket is set to non-blocking, else to blocking mode.
        Initially all sockets are in blocking mode. In non-blocking mode,
        if a recv() call doesn't find any data, or if a send() call can't
        immediately dispose of the data, a error exception is raised;
        in blocking mode, the calls block until they can proceed.
        s.setblocking(0) is equivalent to s.settimeout(0.0);
        s.setblocking(1) is equivalent to s.settimeout(None).

        :param mode: new mode to be set
        g�?gNg�)r"�setblockingr&)r+r7rrrrm�
s

zConnection.setblockingcCs&|jj
|
�

|
|_|jd
kr"d|_d
S)z?Set this connection's underlying socket's timeout to _timeout_.Ng�?g�)r"�
settimeoutr&)r+rrrrrn�
s



zConnection.settimeoutc


Cs
|jj
�S)
N)r"r%)
r+rrrr%�
szConnection.filenocCs|jj
|
||�S)
a�Get the value of the given socket option.

        :param level: level at which the option resides.
               To manipulate options at the sockets API level, level is
               specified as socket.SOL_SOCKET. To manipulate options at
               any other level the protocol number of the appropriate
               protocol controlling the option is supplied. For example,
               to indicate that an option is to be interpreted by the
               TCP protocol, level should be set to the protocol number
               of socket.SOL_TCP; see getprotoent(3).

        :param optname: The value of the given socket option is
               described in the Unix man page getsockopt(2)). The needed
               symbolic constants (SO_* etc.) are defined in the socket
               module.

        :param buflen: If it is absent, an integer option is assumed
               and its integer value is returned by the function. If
               buflen is present, it specifies the maximum length of the
               buffer used to receive the option in, and this buffer is
               returned as a bytes object.

        :return: Either integer or bytes value of the option. It is up
                 to the caller to decode the contents of the buffer (see
                 the optional built-in module struct for a way to decode
                 C structures encoded as byte strings).
        )r"�
getsockopt)r+�level�optnamerjrrrro�
szConnection.getsockoptcCs|jj
|
||�S)
a8Set the value of the given socket option.

        :param level: same as with getsockopt() above

        :param optname: same as with getsockopt() above

        :param value: an integer or a string representing a buffer. In
                      the latter case it is up to the caller to ensure
                      that the string contains the proper bits (see the
                      optional built-in module struct for a way to
                      encode C structures as strings).

        :return: None for success or the error handler for failure.
        )r"r#)r+rprq�valuerrrr#�
szConnection.setsockoptc

Cstj
|j�
S)
z:Return the Context object associated with this connection.)rZssl_get_ssl_ctxr!)
r+rrr�get_context�
szConnection.get_contextc

Cstj
|j�
S)
a�
Return the SSL state of this connection.

        During its use, an SSL objects passes several states. The state
        is internally maintained. Querying the state information is not
        very informative before or when a connection has been
        established. It however can be of significant interest during
        the handshake.

        :return: 6 letter string indicating the current state of the SSL
                 object ssl.
        )rZ
ssl_get_stater!)
r+rrr�	get_state�
s
zConnection.get_statec

Cstj
|j�
tjkS)
N)r�ssl_get_verify_resultr!Z	X509_V_OK)
r+rrr�	verify_ok�
szConnection.verify_okc

Cstj
|j�
S)
z.Return the peer certificate verification mode.)rZssl_get_verify_moder!)
r+rrr�get_verify_mode�
szConnection.get_verify_modec

Cstj
|j�
S)
z/Return the peer certificate verification depth.)rZssl_get_verify_depthr!)
r+rrr�get_verify_depthszConnection.get_verify_depthc

Cstj
|j�
S)
z0Return the peer certificate verification result.)rrur!)
r+rrr�get_verify_result	szConnection.get_verify_resultc
Cs$tj
|j�
}
|
d
krd
Stj|
d�S)zfReturn the peer certificate.

        If the peer did not provide a certificate, return None.
        Nr)rZssl_get_peer_certr!r)r+�
crrrrPs

zConnection.get_peer_certc
Cs"tj
|j�
}
|
d
krd
Stj|
�
S)aE
Return the peer certificate chain; if the peer did not provide
        a certificate chain, return None.

        :warning: The returned chain will be valid only for as long as the
                  connection object is alive. Once the connection object
                  gets freed, the chain will be freed as well.
        N)rZssl_get_peer_cert_chainr!rZ
X509_Stack)r+rzrrr�get_peer_cert_chains	

zConnection.get_peer_cert_chainc
Cs tj
|j�
}
|
d
krd
St|
�
S)z�Return an M2Crypto.SSL.Cipher object for this connection; if the
        connection has not been initialised with a cipher suite, return None.
        N)rZssl_get_current_cipherr!r)r+rzrrr�
get_cipher)s


zConnection.get_cipherc
Cs tj
|j�
}
|
d
krd
St|
�
S)z�Return an M2Crypto.SSL.Cipher_Stack object for this
        connection; if the connection has not been initialised with
        cipher suites, return None.
        N)rZssl_get_ciphersr!r)r+rzrrr�get_ciphers3s


zConnection.get_cipherscCstj
tj|j|
��
S)
z@Return the cipher suites for this connection as a string object.)r�ensure_textrZssl_get_cipher_listr!)r+�idxrrr�get_cipher_list>szConnection.get_cipher_listcCstj
|j|
�S)
z*Set the cipher suites for this connection.)rZssl_set_cipher_listr!)r+Zcipher_listrrr�set_cipher_listCszConnection.set_cipher_list�rbrcCs$tj
rtj||
�Stj||
|�SdS)
N)rZPY3r"ZSocketIOZ_fileobject)r+r7�bufsizerrr�makefileHs
zConnection.makefilec


Cs
|jj
�S)
a
Return the socket's own address.

        This is useful to find out the port number of an IPv4/v6 socket,
        for instance. (The format of the address returned depends
        on the address family -- see above.)

        :return:socket's address as addr type
        )r"�getsockname)
r+rrrr�Os
zConnection.getsocknamec


Cs
|jj
�S)
z�Return the remote address to which the socket is connected.

        This is useful to find out the port number of a remote IPv4/v6 socket,
        for instance.
        On some systems this function is not supported.

        :return:
        )r"�getpeername)
r+rrrr�[s
zConnection.getpeernamecCs"tj
|j|
�}|sttj��
�
dS)
N)rZssl_set_session_id_contextr!r
rZget_error_message)r+�idr?rrr�set_session_id_ctxgs

zConnection.set_session_id_ctxc
Cstj
|j�
}
t|
�
S)
N)rZssl_get_sessionr!r)r+Zsessrrr�get_sessionms
zConnection.get_sessioncCstj
|j|
j��
dS)
N)rZssl_set_sessionr!rA)r+Zsessionrrr�set_sessionrszConnection.set_sessionc

Cstj
|j�
S)
N)rZssl_get_default_session_timeoutr!)
r+rrr�get_default_session_timeoutvsz&Connection.get_default_session_timeoutc

Cstj
|jjtjtjtj���
S)
N)r�struct_to_timeoutr"ror$�SO_RCVTIMEO�struct_size)
r+rrr�get_socket_read_timeoutzs

z"Connection.get_socket_read_timeoutc

Cs$t|t
j�st�
d
jdd�|D�
�
S)N�
:c
ss&|]}
djt
jrt|
�
n|
�
V
qd
S)z{0:02x}N)�formatrZPY2�ord)�.0rzrrr�	<genexpr>�sz&Connection._hexdump.<locals>.<genexpr>)rfrZbinary_type�AssertionError�join)
�
srrr�_hexdump�s
zConnection._hexdumpc
Cs&|jj
tjtjtj��}
tj|
�
}|S)
N)r"ror$�SO_SNDTIMEOrr�r�)r+�binstr�timeorrr�get_socket_write_timeout�s


z#Connection.get_socket_write_timeoutcCs,t|
t
j
�st�
|jjtjtj|
j��
dS)
N)rfrr�r"r#r$r��pack)r+r�rrr�set_socket_read_timeout�s

z"Connection.set_socket_read_timeoutcCs0t|
t
j
�st�
|
j�}|jjtjtj|�
dS)
N)rfrr�r�r"r#r$r�)r+r�r�rrr�set_socket_write_timeout�s

z#Connection.set_socket_write_timeoutc

Cstj
tj|j�
�
S)
z8Return the TLS/SSL protocol version for this connection.)rr~rZssl_get_versionr!)
r+rrr�get_version�szConnection.get_versioncCs
|
|_dS)
N)
rM)r+rMrrrr)�sz-Connection.set_post_connection_check_callbackcCstj
|j|
�
d
S)z[Set the requested hostname for the SNI (Server Name Indication)
        extension.
        N)rZssl_set_tlsext_host_namer!)r+�namerrr�set_tlsext_host_name�szConnection.set_tlsext_host_namecCs
|
|_d
S)z>Set the requested hostname to check in the server certificate.N)
r*)r+r�rrr�	set1_host�szConnection.set1_host)
r<)
r])
r])
r
)
r])
N)
N)
r
���)r�r�)W�__name__�
__module__�__qualname__�__doc__r
rVrrOrZbio_freer1Zssl_freer3r'r2r"ZAF_INETr-r5r4r6r8r9r:r=r>rBrCrDrErHrIrJrKrLrNrSrTrUrWrXrYr[r\r`rarbZsendall�sendrcrkrlZrecvrmrnr%ror#rsrtrvrwrxryrPr{r|r}r�r�r�r�r�r�r�r�r�r��staticmethodr�r�r�r�r�r)r�r�rrrrr$s�



	



%







)&Z
__future__rZloggingr"ZM2Cryptorrrrrrr	ZM2Crypto.SSLr
rrr
ZM2Crypto.SSL.CipherrrZM2Crypto.SSL.SessionrZtypingrrrrrrrr�__all__Z	getLoggerr��logr�objectrrrrr�<module>
s
$





(