o ,wiԇ @s(dZddlmZddlZejZddlZddlmZm Z ddlm Z ddl m Z eZddlmZgdZeed r@ed gZnd gZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlm Z ddlm!Z!ddlm"Z"ddlm#Z#ddlm$Z$ddlm%Z%ddlm&Z&ddlm'Z'ddlm(Z(e ee)edgddZ*ee*eZ+de+vre+,dej-Z.Gd d!d!ej/Z0Gd"d#d#e1Z2Gd$d%d%e.Z-Gd&d'd'eZ3e3e-_4e d(Z5e d)Z6e d*Z7ddd+ee$dd,d,df d-d Z8e$dfd.d/Z9dS)0zSSL wrapper for socket objects on Python 3. For the documentation, refer to :mod:`ssl` module manual. This module implements cooperative SSL socket wrappers. )absolute_importN)sockettimeout_default)timeout) copy_globals)ref) SSLContext SSLSocketget_server_certificate wrap_socket)AF_INET) SOCK_STREAM)SO_TYPE) SOL_SOCKET)SSLWantReadError)SSLWantWriteError) SSLEOFError)SSLZeroReturnError) CERT_NONE)SSLError) SSL_ERROR_EOF)SSL_ERROR_WANT_READ)SSL_ERROR_WANT_WRITE)PROTOCOL_SSLv23)CHANNEL_BINDING_TYPES) CERT_REQUIRED)DER_cert_to_PEM_cert)create_connectionr)names_to_ignoredunder_names_to_keep namedtuplecs eZdZdZfddZZS)_contextawaresock)_sslsockcst||||||_dSN)super__init__r#)selffamilytypeprotofilenosslsocket_wref __class__rG/home/ubuntu/sommelier/.venv/lib/python3.10/site-packages/gevent/ssl.pyr&[s z_contextawaresock.__init__)__name__ __module__ __qualname__ __slots__r& __classcell__rrr-r/r"Xsr"c@s eZdZdZddZddZdS) _Callback user_functioncCs ||_dSr$r6)r'r7rrr/r&ds z_Callback.__init__cGs|}|j|g|RSr$)r#r7)r'connargsrrr/__call__gsz_Callback.__call__N)r0r1r2r3r&r:rrrr/r5`s r5cseZdZdZdZ     dddZeejdr6ejj fdd Zej j fd d Z ej j fd d Z eedrOej j fddZ ej j fddZ eedreefddZej fddZeedrefddZej fddZZSfddZZS)rrNFTc Cs|j|||||||dS)N)sock server_sidedo_handshake_on_connectsuppress_ragged_eofsserver_hostname_context_session)sslsocket_class)r'r;r<r=r>r?sessionrrr/r rszSSLContext.wrap_socketsetterctttj||dSr$)r%orig_SSLContextoptions__set__r'valuer-rr/rGzSSLContext.optionscrEr$)r%rF verify_flagsrHrIr-rr/rLrKzSSLContext.verify_flagscrEr$)r%rF verify_moderHrIr-rr/rMrKzSSLContext.verify_modeminimum_versioncrEr$)r%rFrNrHrIr-rr/rNrKzSSLContext.minimum_versioncrEr$)r%rFmaximum_versionrHrIr-rr/rOrKzSSLContext.maximum_version _msg_callbackctj}t|tr |j}|Sr$)r%rP isinstancer5r7r'resultr-rr/rP zSSLContext._msg_callbackcsD|r t|r t|}tt_ztttj||Wtt_dStt_wr$)callabler5rF__ssl__rr%rPrHrIr-rr/rPs  sni_callbackcrQr$)r%rXrRr5r7rSr-rr/rXrUzSSLContext.sni_callbackcs,|r t|r t|}tttj||dSr$)rVr5r%rFrXrHrIr-rr/rXs cs$|r t|r t|}t|dSr$)rVr5r%set_servername_callback)r'server_name_callbackr-rr/rYs z"SSLContext.set_servername_callback)FTTNN)r0r1r2r3rBr hasattrrFrGrDrLrMrNrOpropertyrPrXrYr4rrr-r/rks@    rcseZdZdZddddeeddeeddddddddfddZdd Z d d Z e d d Z e j dd Z e ddZej ddZe ddZddZdaddZddZdbddZddZdcdd Zd!d"Zeed#rud$d%Zd&d'Zd(d)Zd*d+Zd,d-Zdefd.d/Zdad0d1Z d2d3Z!ddd4d5Z"ded7d8Z#dfd9d:Z$ded;d<Z%dfd=d>Z&d?d@Z'dAdBZ(dCdDZ)dEdFZ*dGdHZ+dIdJZ,dKdLZ-dgdMdNZ.dOdPZ/dQdRZ0dSdTZ1fdUdVZ2dhdXdYZ3dZd[Z4ee5j6d\rd]d^Z7d_d`Z8Z9SZ9S)ir zp gevent `ssl.SSLSocket `_ for Python 3. NFTrc Cs |r||_nR|r|std|r|std|r|s|}t||_||j_|r-|j||r6|j|||r>|j||rF|j|||_||_ ||_ ||_ ||_ ||_ |tttkrdtd|rt|rltd|durttd|jjr~|s~td||_||_||_||_| |_d}d}|dur|}tj||j|j|j|d| n| durtj|| d n tj|| | | d d|_!d|_"z|j#$Wnxt%yG}zk|j&t&j'kr|(|)}|*dz|+d }Wn t%y}z|j&t&j't&j,fvrd }WYd}~nd}~ww|*||r=d }t-|j&|}||_.d|_/z|(W|t%y<Y|wWYd}~nd}~wwd}|0|||_1|rz!|2|||_"|rt|}|dkrmtd|3WdSWdSt%y|(wdS)Nz5certfile must be specified for server-side operationszcertfile must be specifiedz!only stream sockets are supportedz4server_hostname can only be specified in client modez,session can only be specified in client modez'check_hostname requires server_hostnameF)r(r)r*r+)r+)r(r)r*z5Closed before TLS handshake with data in recv buffer.TzHdo_handshake_on_connect should not be specified for non-blocking sockets)4r@ ValueErrorrrMload_verify_locationsload_cert_chainset_npn_protocols set_cipherskeyfilecertfile cert_reqs ssl_versionca_certsciphers getsockoptrrr NotImplementedErrorcheck_hostnamerAr<r?r=r> gettimeoutrr&r(r)r*r+detach_closed_sslobj_sock getpeernameOSErrorerrnoENOTCONNclose getblocking setblockingrecvEINVALrreasonlibrary settimeout _connected_SSLSocket__create_sslobj do_handshake)r'r;rerfr<rgrhrir=r(r)r*r+r> npn_protocolsrjr?rAr@ connected sock_timeouteblockingnotconn_pre_handshake_datar| notconn_pre_handshake_data_errorrrrr/r&s            &  zSSLSocket.__init__cCst||||t|Sr$)r"_wref)r'r(r)r*r+rrr/_gevent_sock_classdszSSLSocket._gevent_sock_classcCs&d|j|jdur|jfSdfS)Nz server=%s, cipher=%r)r<rqcipherr'rrr/ _extra_reprgs zSSLSocket._extra_reprcCs|jSr$)r@rrrr/contextnszSSLSocket.contextcCs||_||j_dSr$)r@rqr)r'ctxrrr/rrs cC|jdur |jjSdS)z!The SSLSession for client socket.N)rqrCrrrr/rCw zSSLSocket.sessioncCs ||_|jdur||j_dSdSr$)rArqrC)r'rCrrr/rC}s  cCr)z.Was the client session reused during handshakeN)rqsession_reusedrrrr/rrzSSLSocket.session_reusedcCstd|jj)NzCan't dup() %s instances)rlr.r0rrrr/dupsz SSLSocket.dupcCsdSr$r)r'msgrrr/ _checkClosedszSSLSocket._checkClosedcCs|js |dSdSr$)rrsrrrr/_check_connecteds zSSLSocket._check_connectedc Cs8|d} |jstd|dkr|durdSdSz|dur+||j||7}|WS|j|p1dWStyJ|jdkr@|j|jtdYnQt y`|jdkrV|j|j tdYn;t yv|j ru|durqdYS|YSt y}z|jdtkr|j r|durdn|WYd}~Sd}~wwq) zRead up to LEN bytes and return them. Return zero-length string on EOF. .. versionchanged:: 24.2.1 No longer requires a non-None *buffer* to implement ``len()``. This is a backport from 3.11.8. rTz'Read on closed or unwrapped SSL socket.Nr^r_ timeout_exc)rrqr`readrr_wait _read_event_SSLErrorReadTimeoutr _write_eventrr>rr9r)r'nbytesbuffer bytes_readexrrr/rs>      zSSLSocket.readc Cs| |js tdz|j|WStyR}z3|jdtkr1|jdkr(|j|j t dn|jdt krG|jdkr>|j|j t dnWYd}~nd}~wwq)zhWrite DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.Tz(Write on closed or unwrapped SSL socket.rr_rN) rrqr`writerr9rrrr_SSLErrorWriteTimeoutrr)r'datarrrr/rs&  zSSLSocket.writecCsD||z |jj}W||Sty!|jj}Y||Sw)zReturns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.)rrrqpeer_certificateAttributeError getpeercert)r' binary_formcrrr/rs  zSSLSocket.getpeercertcC"||jr tjs dS|jSr$)rrq_sslHAS_NPNselected_npn_protocolrrrr/r  zSSLSocket.selected_npn_protocolHAS_ALPNcCrr$)rrqrrselected_alpn_protocolrrrr/rrz SSLSocket.selected_alpn_protocolcCs |jS)zReturn a list of ciphers shared by the client during the handshake or None if this is not a valid server connection. )rqshared_ciphersrrrr/r s zSSLSocket.shared_cipherscCs|jsdS|jS)z^Return a string identifying the protocol version used by the current SSL channel. N)rqversionrrrr/rs zSSLSocket.versioncC||js dS|jSr$)rrqrrrrr/r zSSLSocket.ciphercCrr$)rrq compressionrrrr/r rzSSLSocket.compressioncCs||tur |j}|jrP|dkrtd|j z|j|WSty8|jdkr0YdS||j Ynt yN|jdkrFYdS||j Ynwqt ||||S)Nrz3non-zero flags not allowed in calls to send() on %sTr_)rrrrqr`r.rrrrrrrsend)r'rflagsrrrr/r&s0     zSSLSocket.sendcCsB||jrtd|j|durt|||St||||S)Nz%sendto not allowed on instances of %s)rrqr`r.rsendto)r'r flags_or_addraddrrrr/r=szSSLSocket.sendtocOtd|j)Nz&sendmsg not allowed on instances of %srlr.r'r9kwargsrrr/sendmsgFszSSLSocket.sendmsgcCsX||jr|dkrtd|jzt|||WSty+|jdkr*tdw)Nrz6non-zero flags not allowed in calls to sendall() on %sr_z&The operation did not complete (write)) rrqr`r.rsendall_socket_timeoutrr)r'rrrrr/rLs  zSSLSocket.sendallrcCsH||jr|dkrtd|j|dkrdS||St|||S)Nrz3non-zero flags not allowed in calls to recv() on %sr^)rrqr`r.rrrzr'buflenrrrr/rz\s zSSLSocket.recvcCs||dur'|dur#t| }|j}Wdn1swY|s'd}|jr;|dkr5td|j|||St||||S)z .. versionchanged:: 24.2.1 No longer requires a non-None *buffer* to implement ``len()``. This is a backport from 3.11.8. Nrrz8non-zero flags not allowed in calls to recv_into() on %s) r memoryviewrrqr`r.rr recv_into)r'rrrviewrrr/rjs  zSSLSocket.recv_intocCs*||jrtd|jt|||S)Nz'recvfrom not allowed on instances of %s)rrqr`r.rrecvfromrrrr/r~s zSSLSocket.recvfromcCs,||jrtd|jt||||S)Nz,recvfrom_into not allowed on instances of %s)rrqr`r.r recvfrom_into)r'rrrrrr/rs zSSLSocket.recvfrom_intocOr)Nz&recvmsg not allowed on instances of %srrrrr/recvmsgzSSLSocket.recvmsgcOr)Nz+recvmsg_into not allowed on instances of %srrrrr/ recvmsg_intorzSSLSocket.recvmsg_intocCs||jr |jSdSNr)rrqpendingrrrr/rs zSSLSocket.pendingcCs|d|_t||dSr$)rrqrshutdown)r'howrrr/rszSSLSocket.shutdownc Cs |js tdt|z|jj}Wn ty|jj}Ynw|j} z|}WnQty=|jdkr5| |j Yn<t yQ|jdkrI| |j Yn(t yYYn!tyaYntyx}z |jdkrsWYd}~nd}~wwq#d|_||jusJ|S)NNo SSL wrapper around Tr_r)rqr`strrrunwraprrrrrrrrrrrtru)r'rsrrrr/rsD           zSSLSocket.unwrapcCsd|_t|dSr$)rqr _real_closerrrr/rszSSLSocket._real_closecCsx| z|jWdSty$|jdkr|j|jtdYnty:|jdkr0|j|j tdYnwq)zPerform a TLS/SSL handshake.Tr_rN) rrqrrrrr_SSLErrorHandshakeTimeoutrrrrrr/rs     zSSLSocket.do_handshakecCs|jj|j||j|j|dS)N)ownerrC)r _wrap_socketrrr?)r'r<rCrrr/__create_sslobjs zSSLSocket.__create_sslobjcCs|jrtd|jrtd|d|j|_z |r t||}nd}t|||s4|j r1| d|_|WSt yAd|_w)Nz!can't connect in server-side modez/attempt to connect already-connected SSLSocket!FT) r<r`rrrArqr connect_exconnectr=r socket_error)r'rrrcrrr/ _real_connects&  zSSLSocket._real_connectcCs||ddS)QConnects to remote ADDR, and then wraps the connection in an SSL channel.FNrr'rrrr/rszSSLSocket.connectcCs ||dS)rTrrrrr/rs zSSLSocket.connect_excsBt\}}z|jj||j|jdd}||fWS|)z Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client. T)r=r>r<)r%acceptr@r r=r>rw)r'newsockrr-rr/rs zSSLSocket.accept tls-uniquecCsVt|jdr |j|S|tvrtd|dkrtd||jdur&dS|jS)zGet channel binding data for current connection. Raise ValueError if the requested `cb_type` is not supported. Return bytes of the data or None if the data is not available (e.g. before the handshake). get_channel_bindingz Unsupported channel binding typerz({0} channel binding type not implementedN)r[rqrrr`rlformat tls_unique_cb)r'cb_typerrr/r-s    zSSLSocket.get_channel_bindingcCs |jr|jStdt|)Nr)rqverify_client_post_handshaker`rrrrr/r=s z&SSLSocket.verify_client_post_handshakeget_verified_chaincC$|j}|dur gSdd|DS)NcSg|]}|tjqSr public_bytesr ENCODING_DER.0certrrr/ Kz0SSLSocket.get_verified_chain..)rqrr'chainrrr/rE zSSLSocket.get_verified_chaincCr)NcSrrrrrrr/rSrz2SSLSocket.get_unverified_chain..)rqget_unverified_chainrrrr/rMrzSSLSocket.get_unverified_chainr$)rN)F)r)rrr)FN)r):r0r1r2__doc__rrr r r&rrr\rrDrCrrrrrrrrr[rrrrrrrrrrrrzrrrrrrrrrrrrrrrrrrWr rrr4rrr-r/r s        =         <    r zThe read operation timed outzThe write operation timed outz!The handshake operation timed outFTc Cst|||||||||| d S)N r;rerfr<rgrhrir=r>rj)r rrrr/r _sc Cs|\}}|dur t}nt}t|%}t||||d }|d}Wdn1s*wYWdn1s9wYd}}t|S)zRetrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt.N)rhrgriT)rrrr rr)rrhri_rgr;sslsockdercertrrr/r ns  r ):r __future__rsslrWrru gevent.socketrrrr gevent._utilrrtrweakrefrr__implements__r[append __extra__r r rrrrrrrrrrrrrrrrglobals __imports____all__removerrFrr"objectr5r rBrrrr r rrrr/s                           c