One Hat Cyber Team

View File Name : tls.cpython-39.pyc

a

�������g������������������������@���s���d�dl�mZmZmZmZ�d�dlZd�dlZd�dlZd�dl	Z	d�dl
Z
ddlmZm
Z
�ddlmZmZmZmZ�ddlmZ�ddlmZ�dd	lmZ�dd
lmZmZmZmZmZ�ddl m!Z!m"Z"m#Z#m$Z$�ddl%m&Z&m'Z'm(Z(�dd
l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;�ddl<m=Z=mZ�ddl>m?Z?�ddl@mAZA�ejBdk��r\eCZDejBdk��rpejEZFnejFZFddgZGe���Hd�ZIe�Jd�ZKe
jLe
jMe
jNe
jOe
jPd�ZQdd��ZRG�dd��deS�ZTG�dd��deS�ZUdS�)�����)�unicode_literals�division�absolute_import�print_functionN����)�libssl�LibsslConst)�	libcrypto�libcrypto_version_info�handle_openssl_error�peek_openssl_error����)�_backend_config)�Certificate)�pretty_message)�null�bytes_from_buffer�buffer_from_bytes�is_null�buffer_pointer)�	type_name�str_cls�byte_cls�	int_types)�TLSError�TLSDisconnectError�TLSGracefulDisconnectError)�detect_client_auth_request�
extract_chain�get_dh_params_length�parse_session_info�raise_client_auth�raise_dh_params�raise_disconnection�raise_expired_not_yet_valid�raise_handshake�raise_hostname�raise_no_issuer�raise_protocol_error�raise_protocol_version�raise_self_signed�raise_verification�raise_weak_signature�parse_tls_records�parse_handshake_messages)�load_certificater���)�parse_certificate)�get_path�����)r3��������
TLSSession�	TLSSocket�trust_list_paths���(
|
|
))�SSLv2�SSLv3�TLSv1�TLSv1.1�TLSv1.2c�����������������C���s���t�dk�r|�S�|�d�d|�d�fS�)a^��
    Takes a 3-element tuple from peek_openssl_error() and modifies it
    to handle the changes in OpenSSL 3.0. That release removed the
    concept of an error function, meaning the second item in the tuple
    will always be 0.

    :param error_tuple:
        A 3-element tuple of integers

    :return:
        A 3-element tuple of integers
    r2���r���r
���)r
���)Zerror_tuple��r=����F/opt/nydus/tmp/pip-target-mke_irhy/lib/python/oscrypto/_openssl/tls.py�_homogenize_openssl3_errorD���s����r?���c�������������������@���s:���e�Zd�ZdZdZdZdZdZdZdZ	ddd�Z
dd��ZdS�)	r5���zj
    A TLS session object that multiple TLSSocket objects can share for the
    sake of session reuse
    NFc��������������	���C���s���t�|t�sttdt|����||�_|du�r6tg�d��}t�|t�rLt|g�}nt�|t�shttdt|����tg�d��}||�}|r�ttdt	|����||�_
g�|�_|�rD|D�]�}t�|t�r�|j
}nxt�|t�r�t|�}ndt�|t��rt|d��}t|����}W�d����n1��s0����Y��nt�|t��s6ttdt|����|�j�|��q�d}�z|td	k��r`t���}	nt���}	t�|	�}t|��r�td
��||�_t�|d��t�|tjtj t!����t"j#tdd
g�v��rt$}
|
du��r�t%��}
t"j#dk�r�d}nd}t�&||
�'|�t!���}n
t�(|�}t|��|�r tj)ntj*}
t�+||
t!����t�,|d�}t|��tdg�}|||�j
�O�}|D�]}t�|tj-t.|�t!�����qf|�j�r�t�/|�}|�jD�]$}t0|�}t�1||j2�}t|���q�W�n,�t3�y����|�r�t�4|��d|�_��Y�n0�dS�)a]��
        :param protocol:
            A unicode string or set of unicode strings representing allowable
            protocols to negotiate with the server:

             - "TLSv1.2"
             - "TLSv1.1"
             - "TLSv1"
             - "SSLv3"

            Default is: {"TLSv1", "TLSv1.1", "TLSv1.2"}

        :param manual_validation:
            If certificate and certificate path validation should be skipped
            and left to the developer to implement

        :param extra_trust_roots:
            A list containing one or more certificates to be treated as trust
            roots, in one of the following formats:
             - A byte string of the DER encoded certificate
             - A unicode string of the certificate filename
             - An asn1crypto.x509.Certificate object
             - An oscrypto.asymmetric.Certificate object

        :raises:
            ValueError - when any of the parameters contain an invalid value
            TypeError - when any of the parameters are of the wrong type
            OSError - when an error is returned by the OS crypto library
        zM
                manual_validation must be a boolean, not %s
                N)r:���r;���r<���zu
                protocol must be a unicode string or set of unicode strings,
                not %s
                )r9���r:���r;���r<���z�
                protocol must contain only the unicode strings "SSLv3", "TLSv1",
                "TLSv1.1", "TLSv1.2", not %s
                �rbz�
                        extra_trust_roots must be a list of byte strings, unicode
                        strings, asn1crypto.x509.Certificate objects or
                        oscrypto.asymmetric.Certificate objects, not %s
                        �r���r���r���iX���win32�darwin�mbcs�utf-8s���ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHAr8���)5�
isinstance�bool�	TypeErrorr���r����_manual_validation�setr����
ValueError�repr�
_protocols�_extra_trust_rootsr����asn1r���r0����open�read�Asn1Certificate�appendr
���r���Z
SSLv23_methodZ
TLS_methodZSSL_CTX_newr���r����_ssl_ctxZSSL_CTX_set_timeoutZSSL_CTX_ctrlr���ZSSL_CTRL_SET_SESS_CACHE_MODEZSSL_SESS_CACHE_CLIENTr����sys�platform�_trust_list_pathr1���ZSSL_CTX_load_verify_locations�encodeZ SSL_CTX_set_default_verify_pathsZSSL_VERIFY_NONEZSSL_VERIFY_PEERZSSL_CTX_set_verifyZSSL_CTX_set_cipher_listZSSL_CTRL_OPTIONS�
_PROTOCOL_MAPZSSL_CTX_get_cert_storer/���ZX509_STORE_add_cert�x509�	Exception�SSL_CTX_free)�self�protocolZmanual_validationZextra_trust_rootsZvalid_protocolsZunsupported_protocolsZextra_trust_root�fZssl_ctx�methodr7���Z
path_encoding�result�verify_modeZdisabled_protocolsZdisabled_protocolZ
x509_store�cert�
oscrypto_certr=���r=���r>����__init__d���s�����
�

��


.�



�
�
�
�

�
zTLSSession.__init__c�����������������C���s4���|�j�rt�|�j���d�|�_�|�jr0t�|�j��d�|�_d�S��N)rT���r���r\����_ssl_session�SSL_SESSION_free�r]���r=���r=���r>����__del__��s����zTLSSession.__del__)NFN)�__name__�
__module__�__qualname__�__doc__rM���Z_ciphersrI���rN���rT���rg���re���rj���r=���r=���r=���r>���r5���W���s���
�3c�������������������@���s���e�Zd�ZdZdZdZdZdZdZdZ	dZ
dZdZdZ
dZdZdZdZdZdZdZdZdZdZed@dd��ZdAdd	�Zd
d��Zdd
��Zdd��Zdd��ZdBdd�Zdd��Z dd��Z!dd��Z"dd��Z#dCdd�Z$dd��Z%d d!��Z&d"d#��Z'd$d%��Z(d&d'��Z)e*d(d)���Z+e*d*d+���Z,e*d,d-���Z-e*d.d/���Z.e*d0d1���Z/e*d2d3���Z0e*d4d5���Z1e*d6d7���Z2e*d8d9���Z3e*d:d;���Z4e*d<d=���Z5d>d?��Z6dS�)Dr6���z8
    A wrapper around a socket.socket that adds TLS
    N�� ��Fc�����������������C���s����t�|tj�sttdt|����t�|t�s:ttdt|����|dur^t�|t�s^ttdt|����|�dd|d�}||_||_	|�
���|S�)az��
        Takes an existing socket and adds TLS

        :param socket:
            A socket.socket object to wrap with TLS

        :param hostname:
            A unicode string of the hostname or IP the socket is connected to

        :param session:
            An existing TLSSession object to allow for session reuse, specific
            protocol or manual certificate validation

        :raises:
            ValueError - when any of the parameters contain an invalid value
            TypeError - when any of the parameters are of the wrong type
            OSError - when an error is returned by the OS crypto library
        zU
                socket must be an instance of socket.socket, not %s
                zK
                hostname must be a unicode string, not %s
                N�`
                session must be an instance of oscrypto.tls.TLSSession, not %s
                )�session)rF����socket_�socketrH���r���r���r���r5����_socket�	_hostname�
_handshake)�clsrs����hostnamerq���Z
new_socketr=���r=���r>����wrapS��s(�����
��zTLSSocket.wrap�
���c�����������������C���s����d|�_�d|�_|du�r$|du�r$d|�_n|t|t�s@ttdt|����t|t�s\ttdt|����|dur�t|t	j
�s�ttdt|����t�||f|�|�_|�j�
|��|du�r�t��}nt|t�s�ttdt|����||�_|�jr�||�_|�����dS�)a���
        :param address:
            A unicode string of the domain name or IP address to connect to

        :param port:
            An integer of the port number to connect to

        :param timeout:
            An integer timeout to use for the socket

        :param session:
            An oscrypto.tls.TLSSession object to allow for session reuse and
            controlling the protocols and validation performed
        �����NzR
                    address must be a unicode string, not %s
                    zI
                    port must be an integer, not %s
                    zJ
                    timeout must be a number, not %s
                    rp���)�
_raw_bytes�_decrypted_bytesrt���rF���r���rH���r���r���r����numbers�Numberrr����create_connection�
settimeoutr5����_sessionru���rv���)r]����address�port�timeoutrq���r=���r=���r>���re������s@����
�
��
�zTLSSocket.__init__c�����������#���	���C���sL��d|�_�d|�_d|�_�z�t�|�jj�|�_�t|�j��r>d|�_�td��t�	��}t�
|�|�_t|�j�rdtd��t�
|�|�_t|�j�r�td��t�|�j�|�j|�j��|�j�
d�}t�|�j�tjtj|��t�|�j���|�jjr�t�|�j�|�jj��t|�j�|�_t|�j�|�_d}d}t�|�j��}||����7�}|dk�r$�q�t�|�j�|�}|tjk�r�|����}|dk�rx|dk�r`t���t|��rpt ���t!|��||7�}q�|tj"k�r�||����7�}q�|tj#k�r�d|�_$|��%d��|��&���q�t'��}tj(tj)tj*f}	t+|	�}	tj(tj,tj*f}
t+|
�}
tj(tj-tj.f}t+|�}||	k�s.||
k�s.||k�r4t/���t0dk��rPtj(tj1tj2f}ntj(tj3tj4f}t+|�}||k�rzt!|��tj(tj1tj5f}
t+|
�}
||
k�r�t6���tj(tj1tj7f}t0d	k��r�||k�r�t8���tj(tj9tj7f}t+|�}||k�rPd}t:|�D�]B\}}}|d
k�r�q�t;|�D�]\}}|dk�rd}��q��q�q�|�rJt ���t8���t0dk��rltj(tj<tj=f}ntj(tj>tj=f}t+|�}tj?tj@tjAf}t+|�}||k�r�tB|�}|�r�|d�}tC|�}|jDjEtFdd
g�v��r�tG|��||k�r�t�H|�j��}tB|�}d}d}d}d}d}|�rl|d�}tC|�}|jI}tFtjJtjKtjLg�}||v��rT|�}tFtjMtjNg�} || v�}|�rztO|��|�r�tP|��|�r�tQ|��|�r�|jDjEtFdd
g�v��r�tG|��tR|��tdtS��q�tT||�}!|!d�|�_U|!d�|�_V|!d�|�_W|!d�|�_X|!d�|�_Y|�jV�Zd�dk�r<t[|�}"|"dk��r<|��\���t/���|�jXdk�sT|�jYdk�r||�jj�rlt�]|�jj��t�^|�j��|�j_|�jj_�s�|�j`jEtFdd
g�v��r�tG|�j`��|�j`�a|�j��s�tb|�j`|�j��W�n��tctdjef�yF���|�j��rt�f|�j���d|�_�d|�_d|�_n4|�j�rt�g|�j��d|�_|�j�r8t�g|�j��d|�_|��\�����Y�n0�dS�)z2
        Perform an initial TLS handshake
        Nr���rE���r{���r���TFrA���r2�����������
�md5Zmd2r^����cipher_suite�compression�
session_id�session_ticketZ_DHE_���i����new)h�_ssl�_rbio�_wbior���ZSSL_newr����rT���r���r���Z	BIO_s_memZBIO_newZSSL_set_bioru���rX���ZSSL_ctrlr���ZSSL_CTRL_SET_TLSEXT_HOSTNAMEZTLSEXT_NAMETYPE_host_nameZSSL_set_connect_staterg���ZSSL_set_sessionr����_buffer_size�_bio_write_buffer�_read_bufferZSSL_do_handshake�
_raw_write�
SSL_get_error�SSL_ERROR_WANT_READ�	_raw_readr#���r���r!���r(����SSL_ERROR_WANT_WRITE�SSL_ERROR_ZERO_RETURN�_gracefully_closed�	_shutdown�
_raise_closedr���ZERR_LIB_SSLZ#SSL_F_SSL3_CHECK_CERT_AND_ALGORITHMZSSL_R_DH_KEY_TOO_SMALLr?���ZSSL_F_TLS_PROCESS_SKE_DHEZSSL_F_SSL3_GET_KEY_EXCHANGEZSSL_R_BAD_DH_P_LENGTHr"���r
���ZSSL_F_SSL23_GET_SERVER_HELLOZSSL_R_UNKNOWN_PROTOCOLZSSL_F_SSL3_GET_RECORDZSSL_R_WRONG_VERSION_NUMBERZ"SSL_R_TLSV1_ALERT_PROTOCOL_VERSIONr)���Z#SSL_R_SSLV3_ALERT_HANDSHAKE_FAILUREr%���ZSSL_F_SSL3_READ_BYTESr-���r.���Z!SSL_F_SSL3_GET_SERVER_CERTIFICATEZSSL_R_CERTIFICATE_VERIFY_FAILEDZ$SSL_F_TLS_PROCESS_SERVER_CERTIFICATEZERR_LIB_ASN1ZASN1_F_ASN1_ITEM_VERIFYZ'ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHMr���r/���rO���Z	hash_algorJ���r,���ZSSL_get_verify_result�self_signedZ&X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERTZ$X509_V_ERR_SELF_SIGNED_CERT_IN_CHAINZ,X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLYZX509_V_ERR_CERT_HAS_EXPIREDZX509_V_ERR_CERT_NOT_YET_VALIDr$���r'���r*���r+���r���r ����	_protocol�
_cipher_suite�_compression�_session_id�_session_ticket�findr����closerh���ZSSL_get1_sessionrI����certificateZis_valid_domain_ipr&����OSErrorrr����error�SSL_freeZBIO_free)#r]���Zmem_bioZutf8_domainZhandshake_server_bytesZhandshake_client_bytesra���r�����chunk�infoZ
dh_key_info_1Z
dh_key_info_2Z
dh_key_info_3Zunknown_protocol_infoZtls_version_info_errorZhandshake_error_infoZhandshake_failure_infoZsaw_client_authZrecord_type�_Zrecord_dataZmessage_typeZmessage_dataZcert_verify_failed_infoZunknown_hash_algo_info�chainrc���rd���Z
verify_resultr����Ztime_invalidZ	no_issuerZissuer_error_codesZtime_error_codesZsession_infoZdh_params_lengthr=���r=���r>���rv������s����


�






���
��
�
��



���

�
��








zTLSSocket._handshakec�����������������C���sZ���|�j�}z||�j�d�7�}W�n�tjy.���Y�n0�|}t�|�j|t|��}||d��|�_�|S�)aD��
        Reads data from the socket and writes it to the memory bio
        used by libssl to decrypt the data. Returns the unencrypted
        data for the purpose of debugging handshakes.

        :return:
            A byte string of ciphertext from the socket. Used for
            debugging the handshake only.
        ro���N)	r|���rt����recvrr���r����r���Z	BIO_writer�����len)r]����data�outputZwrittenr=���r=���r>���r�������s����zTLSSocket._raw_readc�����������	���
���C���s����t��|�j�}|dkrdS�t|�j|�}t��|�j|�j|�}t|�j|�}|}t|�r�d}z|�j	�
|�}W�n\�tjy��}�zB|j
dks�|j
dkr�d}ntjdkr�|j
dkr�d}n��W�Y�d	}~n
d	}~0�0�|r�t���||d	��}t|�rF|�����qF|S�)
z�
        Takes ciphertext from the memory bio and writes it to the
        socket.

        :return:
            A byte string of ciphertext going to the socket. Used
            for debugging the handshake only.
        r���r{���F�h���� ���TrC����)���N)r���ZBIO_ctrl_pendingr�����minr����ZBIO_readr����r���r����rt����sendrr���r�����errnorU���rV���r#����select_write)	r]���Zdata_available�to_readrQ���Zto_writer����Zraise_disconnect�sent�er=���r=���r>���r�������s.����

zTLSSocket._raw_writec�����������������C���s���t�|t�sttdt|����t|�j�}||krP|�jd|��}|�j|d��|�_|S�|�jdu�rb|�����|dkr�|��	d�s�|�j}d|�_|S�t
|�j||��}|�j}d}|�rXd}t�
|�j|�j|�}|�����|dk�rFt�|�j|�}|tjkr�|����dkr�d}q�t���nH|tjk�r|�����d}q�n,|tjk�r<d|�_|��d���qXn
tdt��|t|�j|�7�}q�|�j�rvt|�dk�rv|�����||d��|�_|d|��S�)aO��
        Reads data from the TLS-wrapped socket

        :param max_length:
            The number of bytes to read - output may be less than this

        :raises:
            socket.socket - when a non-TLS socket error occurs
            oscrypto.errors.TLSError - when a TLS-related error occurs
            ValueError - when any of the parameters contain an invalid value
            TypeError - when any of the parameters are of the wrong type
            OSError - when an error is returned by the OS crypto library

        :return:
            A byte string of the data read
        zG
                max_length must be an integer, not %s
                r���Nr{���TF)rF���r���rH���r���r���r����r}���r����r�����select_readr����r����r���ZSSL_readr����r����r����r���r����r����r#���r����r����r����r����r���r���r���)r]����
max_lengthZbuffered_lengthr����r����Zagainra���r����r=���r=���r>���rQ�����sX����
�





zTLSSocket.readc�����������������C���s8���t�|�j�dkrdS�t�|�jgg�g�|�\}}}t�|�dkS�)aZ��
        Blocks until the socket is ready to be read from, or the timeout is hit

        :param timeout:
            A float - the period of time to wait for data to be read. None for
            no time limit.

        :return:
            A boolean - if data is ready to be read. Will only be False if
            timeout is not None.
        r���T)r����r}����selectrt���)r]���r����Z
read_readyr����r=���r=���r>���r����v��s����zTLSSocket.select_readc�����������
������C���s��t�|t�s&t�|t�s&ttdt|����d}t�|t�}t|�j�dkrP|�j}d|�_n,|�jdu�rb|��	���t
�|�j�ppd}|��|�}t|�}||7�}|r�|�
|�}|dur�|���}q�q4td|t|��d��}	|�||	�}|dkr4|t|��}q�q4||d��|�j�|�_|d|��S�)a���
        Reads data from the socket until a marker is found. Data read includes
        the marker.

        :param marker:
            A byte string or regex object from re.compile(). Used to determine
            when to stop reading. Regex objects are more inefficient since
            they must scan the entire byte string of read data each time data
            is read off the socket.

        :return:
            A byte string of the data read, including the marker
        z_
                marker must be a byte string or compiled regex object, not %s
                r{���r���Nro���r���r����)rF���r����PatternrH���r���r���r����r}���r����r����r���ZSSL_pendingrQ����search�end�maxr����)
r]����markerr�����is_regexr����r�����offset�matchr�����startr=���r=���r>����
read_until���s8�����



zTLSSocket.read_untilc�����������������C���s
���|���t�S�)z�
        Reads a line from the socket, including the line ending of "\r\n", "\r",
        or "\n"

        :return:
            A byte string of the next line from the socket
        )r�����_line_regexri���r=���r=���r>����	read_line���s����	zTLSSocket.read_linec�����������������C���s0���d}|}|dkr,||���|�7�}|t|��}q|S�)z�
        Reads exactly the specified number of bytes from the socket

        :param num_bytes:
            An integer - the exact number of bytes to read

        :return:
            A byte string of the data that was read
        r{���r���)rQ���r����)r]����	num_bytesr�����	remainingr=���r=���r>����read_exactly���s����zTLSSocket.read_exactlyc�����������������C���s����t�|�}|r�|�jdu�r|�����t�|�j||�}|�����|dkr�t�|�j|�}|tjkrl|��	��dkrdqt
���nD|tjkr�|�����qn.|tjkr�d|�_
|��d��|�����n
tdt��||d��}t�|�}qdS�)a���
        Writes data to the TLS-wrapped socket

        :param data:
            A byte string to write to the socket

        :raises:
            socket.socket - when a non-TLS socket error occurs
            oscrypto.errors.TLSError - when a TLS-related error occurs
            ValueError - when any of the parameters contain an invalid value
            TypeError - when any of the parameters are of the wrong type
            OSError - when an error is returned by the OS crypto library
        Nr���r{���TF)r����r����r����r���Z	SSL_writer����r����r���r����r����r#���r����r����r����r����r���r���)r]���r�����data_lenra���r����r=���r=���r>����write���s,����






zTLSSocket.writec�����������������C���s&���t���g�|�jgg�|�\}}}t|�dkS�)aw��
        Blocks until the socket is ready to be written to, or the timeout is hit

        :param timeout:
            A float - the period of time to wait for the socket to be ready to
            written to. None for no time limit.

        :return:
            A boolean - if the socket is ready for writing. Will only be False
            if timeout is not None.
        r���)r����rt���r����)r]���r����r����Zwrite_readyr=���r=���r>���r������s����
zTLSSocket.select_writec�����������������C���s����|�j�du�rdS�t�|�j��}z|�����W�n�ty8���Y�n0�|dkrDq�|dk�rt�|�j�|�}|tjkrx|����dkr�qq�q�q|tj	kr�|�����qqt
dt��q|r�d|�_t�
|�j���d|�_�d|�_d|�_z|�j�tj��W�n�tjy����Y�n0�dS�)z�
        Shuts down the TLS session and then shuts down the underlying socket

        :param manual:
            A boolean if the connection was manually shutdown
        Nr���r{���T)r����r���ZSSL_shutdownr����r���r����r���r����r����r����r���r����
_local_closedr����r����r����rt����shutdownrr����	SHUT_RDWRr����)r]���Zmanualra���r����r=���r=���r>���r������s:����


zTLSSocket._shutdownc�����������������C���s���|���d��dS�)zV
        Shuts down the TLS session and then shuts down the underlying socket
        TN)r����ri���r=���r=���r>���r����Q��s����zTLSSocket.shutdownc�����������������C���st���z<|������W�|�jrpz|�j����W�n�tjy4���Y�n0�d|�_n2|�jrnz|�j����W�n�tjyf���Y�n0�d|�_0�dS�)zN
        Shuts down the TLS session and socket and forcibly closes it
        N)r����rt���r����rr���r����ri���r=���r=���r>���r����X��s����
�zTLSSocket.closec�����������������C���s����t��|�j�}t|�rtdt��tdk�r2t��|�}n
t��|�}g�|�_	t
d|�D�]�}tdk�rft��||�}nt��||�}t
�|t���}t|�}t|�}t
�||�}t|��t||�}	t�|	�}
|dkr�|
|�_qL|�j	�|
��qLdS�)zh
        Reads end-entity and intermediate certificate information from the
        TLS session
        r���rA���N)r���ZSSL_get_peer_cert_chainr����r���r���r���r
���Zsk_numZOPENSSL_sk_num�_intermediates�rangeZsk_valueZOPENSSL_sk_valuer	���Zi2d_X509r���r���r���r���rR����load�_certificaterS���)r]���Z
stack_pointerZnumber_certs�indexZx509_�buffer_sizeZcert_bufferZcert_pointerZcert_lengthZ	cert_datarc���r=���r=���r>����_read_certificatesh��s*����



zTLSSocket._read_certificatesc�����������������C���s,���|�j�rtd��n|�jr td��ntd��dS�)zi
        Raises an exception describing if the local or remote end closed the
        connection
        z!The connection was already closedz$The remote end closed the connectionzThe connection was closedN)r����r���r����r���ri���r=���r=���r>���r�������s
����

zTLSSocket._raise_closedc�����������������C���s*���|�j�du�r|�����|�jdu�r$|�����|�jS�)zu
        An asn1crypto.x509.Certificate object of the end-entity certificate
        presented by the server
        N)r����r����r����r����ri���r=���r=���r>���r�������s
����

zTLSSocket.certificatec�����������������C���s*���|�j�du�r|�����|�jdu�r$|�����|�jS�)zz
        A list of asn1crypto.x509.Certificate objects that were presented as
        intermediates by the server
        N)r����r����r����r����r����ri���r=���r=���r>����
intermediates���s
����

zTLSSocket.intermediatesc�����������������C���s���|�j�S�)zg
        A unicode string of the IANA cipher suite name of the negotiated
        cipher suite
        )r����ri���r=���r=���r>���r�������s����zTLSSocket.cipher_suitec�����������������C���s���|�j�S�)zM
        A unicode string of: "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3"
        )r����ri���r=���r=���r>���r^������s����zTLSSocket.protocolc�����������������C���s���|�j�S�)z5
        A boolean if compression is enabled
        )r����ri���r=���r=���r>���r�������s����zTLSSocket.compressionc�����������������C���s���|�j�S��zM
        A unicode string of "new" or "reused" or None for no ticket
        )r����ri���r=���r=���r>���r�������s����zTLSSocket.session_idc�����������������C���s���|�j�S�r����)r����ri���r=���r=���r>���r�������s����zTLSSocket.session_ticketc�����������������C���s���|�j�S�)zM
        The oscrypto.tls.TLSSession object used for this connection
        )r����ri���r=���r=���r>���rq������s����zTLSSocket.sessionc�����������������C���s���|�j�S�)zN
        A unicode string of the TLS server domain name or IP address
        )ru���ri���r=���r=���r>���rx������s����zTLSSocket.hostnamec�����������������C���s���|�j����d�S�)zJ
        An integer of the port number the socket is connected to
        r���)rs����getpeernameri���r=���r=���r>���r�������s����zTLSSocket.portc�����������������C���s���|�j�du�r|�����|�jS�)z9
        The underlying socket.socket connection
        N)r����r����rt���ri���r=���r=���r>���rs������s����
zTLSSocket.socketc�����������������C���s���|������d�S�rf���)r����ri���r=���r=���r>���rj�����s����zTLSSocket.__del__)N)rz���N)N)N)7rk���rl���rm���rn���rt���r����r����r����r����r����r����r����r|���r}���ru���r����r����r����r����r����r����r����r����r�����classmethodry���re���rv���r����r����rQ���r����r����r����r����r����r����r����r����r����r����r�����propertyr����r����r����r^���r����r����r����rq���rx���r����rs���rj���r=���r=���r=���r>���r6��� ��s����3
C��'W
:,
3$











)V�
__future__r���r���r���r���rU����rers���rr���r����r~���Z_libsslr���r���Z
_libcryptor	���r
���r���r�����r���Z_asn1r���rR����_errorsr���Z_ffir���r���r���r���r����_typesr���r���r���r����errorsr���r���r����_tlsr���r���r���r ���r!���r"���r#���r$���r%���r&���r'���r(���r)���r*���r+���r,���r-���r.���Z
asymmetricr/����keysr0���Z
trust_listr1����version_info�xranger����Z
_pattern_typer�����__all__�getrW����compiler����ZSSL_OP_NO_SSLv2ZSSL_OP_NO_SSLv3ZSSL_OP_NO_TLSv1ZSSL_OP_NO_TLSv1_1ZSSL_OP_NO_TLSv1_2rY���r?����objectr5���r6���r=���r=���r=���r>����<module>���sJ���P�
�	�J