; Êâ"Ic@s£dZddlZddlZddlmZddlmZmZmZddlmZmZm Z m Z ddlm Z m Z m Z ddlmZmZmZmZmZmZmZmZmZddlmZdd lmZdd lmZdd lmZmZmZddl Z ddl!Z!Gd „d eƒZ"e#e#e$ee e#e%e%d„Z&d„Z'dZ(dZ)d„Z*d„Z+ee#d„Z,d„Z-dS(uThis module provides some more Pythonic support for SSL. Object types: SSLSocket -- subtype of socket.socket which does SSL over the socket Exceptions: SSLError -- exception raised for I/O errors Functions: cert_time_to_seconds -- convert time string used for certificate notBefore and notAfter functions to integer seconds past the Epoch (the time values returned from time.time()) fetch_server_certificate (HOST, PORT) -- fetch the certificate provided by the server running on HOST at port PORT. No validation of the certificate is performed. Integer constants: SSL_ERROR_ZERO_RETURN SSL_ERROR_WANT_READ SSL_ERROR_WANT_WRITE SSL_ERROR_WANT_X509_LOOKUP SSL_ERROR_SYSCALL SSL_ERROR_SSL SSL_ERROR_WANT_CONNECT SSL_ERROR_EOF SSL_ERROR_INVALID_ERROR_CODE The following group define certificate requirements that one side is allowing/requiring from the other side: CERT_NONE - no certificates from the other side are required (or will be looked at if provided) CERT_OPTIONAL - certificates are not required, but if provided will be validated, and if validation fails, the connection will also fail CERT_REQUIRED - certificates are required, and will be validated, and if validation fails, the connection will also fail The following constants identify various SSL protocol variants: PROTOCOL_SSLv2 PROTOCOL_SSLv3 PROTOCOL_SSLv23 PROTOCOL_TLSv1 iN(uSSLError(u CERT_NONEu CERT_OPTIONALu CERT_REQUIRED(uPROTOCOL_SSLv2uPROTOCOL_SSLv3uPROTOCOL_SSLv23uPROTOCOL_TLSv1(u RAND_statusuRAND_egduRAND_add( uSSL_ERROR_ZERO_RETURNuSSL_ERROR_WANT_READuSSL_ERROR_WANT_WRITEuSSL_ERROR_WANT_X509_LOOKUPuSSL_ERROR_SYSCALLu SSL_ERROR_SSLuSSL_ERROR_WANT_CONNECTu SSL_ERROR_EOFuSSL_ERROR_INVALID_ERROR_CODE(u getnameinfo(uerror(udup(usocketuAF_INETu SOCK_STREAMcBs1|EeZdZddddeeddee dddd„ Z d„Z dd„Z ddd„Z d„Zdd„Zd„Zdd „Zdd „Zdd „Zd dd „Zddd„Zd dd„Zddd„Zd„Zd„Zd„Zd„Zdd„Zd„Zd„Zd„ZdS(uµThis class implements a subtype of socket.socket that wraps the underlying OS socket in an SSL context when necessary, and provides read and write methods over that channel.icCsÂ|dk oHtj|d|jd|jd|jdt|jƒƒƒ|jƒnD| dk otj|d| ƒn tj|d| d| d| ƒd|_ |o| o |}nytj |ƒWnd|_ Yn¡Xyft j|||||||ƒ|_ |o7|jƒ}|dkotdƒ‚n|jƒnWn7tk o+}z|jƒ|‚WYdd}~XnX||_||_||_||_||_||_| |_dS(NufamilyutypeuprotoufilenoguHdo_handshake_on_connect should not be specified for non-blocking socketsF(uNoneusocketu__init__ufamilyutypeuprotou_dupufilenoucloseuFalseu_closedu getpeernameu_sslobju_sslusslwrapu gettimeoutu ValueErroru do_handshakeu socket_errorukeyfileucertfileu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectusuppress_ragged_eofs(uselfusockukeyfileucertfileu server_sideu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectufamilyutypeuprotoufilenousuppress_ragged_eofsutimeoutux((u /mit/python/lib/python3.0/ssl.pyu__init__[sH                  cCstd|jjƒ‚dS(NuCan't dup() %s instances(uNotImplementedu __class__u__name__(uself((u /mit/python/lib/python3.0/ssl.pyudup‘scCsdS(N((uselfumsg((u /mit/python/lib/python3.0/ssl.pyu _checkClosed•sc Cs®|jƒyA|o|jj||ƒ}n|jj|pdƒ}|SWn\tk oP}z:|jdtko|jo|odSdSn‚WYdd}~XnXdS(uORead up to LEN bytes and return them. Return zero-length string on EOF.iisN(u _checkClosedu_sslobjureaduSSLErroruargsu SSL_ERROR_EOFusuppress_ragged_eofs(uselfulenubufferuvux((u /mit/python/lib/python3.0/ssl.pyuread™s cCs|jƒ|jj|ƒS(uhWrite DATA to the underlying SSL channel. Returns number of bytes of DATA actually transmitted.(u _checkClosedu_sslobjuwrite(uselfudata((u /mit/python/lib/python3.0/ssl.pyuwrite­s cCs|jƒ|jj|ƒS(uáReturns a formatted version of the data in the certificate provided by the other end of the SSL channel. Return None if no certificate was provided, {} if a certificate was provided, but not validated.(u _checkClosedu_sslobjupeer_certificate(uselfu binary_form((u /mit/python/lib/python3.0/ssl.pyu getpeercert´s cCs*|jƒ|jpdS|jjƒSdS(N(u _checkClosedu_sslobjuNoneucipher(uself((u /mit/python/lib/python3.0/ssl.pyucipher½s  c CsÒ|jƒ|jo§|dkotd|jƒ‚nx“y|jj|ƒ}Wn\tk oP}z:|jdtkodS|jdtkodS‚WYdd}~Xq;X|Sq;nt j |||ƒSdS(Niu3non-zero flags not allowed in calls to send() on %s( u _checkClosedu_sslobju ValueErroru __class__uwriteuSSLErroruargsuSSL_ERROR_WANT_READuSSL_ERROR_WANT_WRITEusocketusend(uselfudatauflagsuvux((u /mit/python/lib/python3.0/ssl.pyusendÄs"    cCsE|jƒ|jotd|jƒ‚ntj||||ƒSdS(Nu%sendto not allowed on instances of %s(u _checkClosedu_sslobju ValueErroru __class__usocketusendto(uselfudatauaddruflags((u /mit/python/lib/python3.0/ssl.pyusendtoÚs   cCsz|jƒ|joOt|ƒ}d}x5||ko'|j||d…ƒ}||7}q)W|Stj|||ƒSdS(Ni(u _checkClosedu_sslobjulenusendusocketusendall(uselfudatauflagsuamountucountuv((u /mit/python/lib/python3.0/ssl.pyusendallâs    ic Csµ|jƒ|joŠ|dkotd|jƒ‚nxvy|j|ƒSWq;tk o<}z&|jdtkow;n|‚WYdd}~Xq;Xq;ntj |||ƒSdS(Niu8non-zero flags not allowed in calls to recv_into() on %s( u _checkClosedu_sslobju ValueErroru __class__ureaduSSLErroruargsuSSL_ERROR_WANT_READusocketurecv(uselfubuflenuflagsux((u /mit/python/lib/python3.0/ssl.pyurecvîs   !c Csü|jƒ|o|dkot|ƒ}n|dko d}n|jo“|dkotd|jƒ‚nx‚y|j||ƒ}|SWqvtk o<}z&|jdt kowvn|‚WYdd}~XqvXqvnt j ||||ƒSdS(Niiu8non-zero flags not allowed in calls to recv_into() on %s( u _checkCloseduNoneulenu_sslobju ValueErroru __class__ureaduSSLErroruargsuSSL_ERROR_WANT_READusocketu recv_into(uselfubufferunbytesuflagsuvux((u /mit/python/lib/python3.0/ssl.pyu recv_intos&     !cCsE|jƒ|jotd|jƒ‚ntj||||ƒSdS(Nu'recvfrom not allowed on instances of %s(u _checkClosedu_sslobju ValueErroru __class__usocketurecvfrom(uselfuaddrubuflenuflags((u /mit/python/lib/python3.0/ssl.pyurecvfroms   cCsE|jƒ|jotd|jƒ‚ntj||||ƒSdS(Nu,recvfrom_into not allowed on instances of %s(u _checkClosedu_sslobju ValueErroru __class__usocketu recvfrom_into(uselfubufferunbytesuflags((u /mit/python/lib/python3.0/ssl.pyu recvfrom_intos   cCs*|jƒ|jo|jjƒSdSdS(Ni(u _checkClosedu_sslobjupending(uself((u /mit/python/lib/python3.0/ssl.pyupending's  cCs'|jƒd|_tj||ƒdS(N(u _checkCloseduNoneu_sslobjusocketushutdown(uselfuhow((u /mit/python/lib/python3.0/ssl.pyushutdown.s  cCsA|jo|jjƒ}d|_|Stdt|ƒƒ‚dS(NuNo SSL wrapper around (u_sslobjushutdownuNoneu ValueErrorustr(uselfus((u /mit/python/lib/python3.0/ssl.pyuunwrap3s   cCsd|_tj|ƒdS(N(uNoneu_sslobjusocketu _real_close(uself((u /mit/python/lib/python3.0/ssl.pyu _real_close;s c CsW|jƒ}z6|dko|o|jdƒn|jjƒWd|j|ƒXdS(uPerform a TLS/SSL handshake.gN(u gettimeoutu settimeoutuNoneu_sslobju do_handshake(uselfublockutimeout((u /mit/python/lib/python3.0/ssl.pyu do_handshake@s  cCs”|jotdƒ‚ntj||ƒtj|d|j|j|j |j |j ƒ|_y|j o|j ƒnWnd|_‚YnXdS(uQConnects to remote ADDR, and then wraps the connection in an SSL channel.u/attempt to connect already-connected SSLSocket!NF(u_sslobju ValueErrorusocketuconnectu_sslusslwrapuFalseukeyfileucertfileu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectu do_handshakeuNone(uselfuaddr((u /mit/python/lib/python3.0/ssl.pyuconnectKs    cCsdtj|ƒ\}}td|d|jd|jdd d|jd|jd|jd|j ƒ|fS( u¿Accepts a new connection from a remote client, and returns a tuple containing that new connection wrapped with a server-side SSL channel, and the address of the remote client.usockukeyfileucertfileu server_sideu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectT( usocketuacceptu SSLSocketukeyfileucertfileuTrueu cert_reqsu ssl_versionuca_certsudo_handshake_on_connect(uselfunewsockuaddr((u /mit/python/lib/python3.0/ssl.pyuaccept^s     cCs|jƒdS(N(u _real_close(uself((u /mit/python/lib/python3.0/ssl.pyu__del__nsNFT( u__name__u __module__u__doc__uNoneuFalseu CERT_NONEuPROTOCOL_SSLv23uTrueuAF_INETu SOCK_STREAMu__init__udupu _checkClosedureaduwriteu getpeercertucipherusendusendtousendallurecvu recv_intourecvfromu recvfrom_intoupendingushutdownuunwrapu _real_closeu do_handshakeuconnectuacceptu__del__(u __locals__((u /mit/python/lib/python3.0/ssl.pyu SSLSocketUs8    1             u SSLSocketc Cs=td|d|d|d|d|d|d|d|d |ƒ S( Nusockukeyfileucertfileu server_sideu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectusuppress_ragged_eofs(u SSLSocket( usockukeyfileucertfileu server_sideu cert_reqsu ssl_versionuca_certsudo_handshake_on_connectusuppress_ragged_eofs((u /mit/python/lib/python3.0/ssl.pyu wrap_socketss   cCs%ddl}|j|j|dƒƒS(u¢Takes a date-time string in standard ASN1_print form ("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return a Python time value in seconds past the epoch.iNu%b %d %H:%M:%S %Y GMT(utimeumktimeustrptime(u cert_timeutime((u /mit/python/lib/python3.0/ssl.pyucert_time_to_secondss u-----BEGIN CERTIFICATE-----u-----END CERTIFICATE-----cCs?ttj|ƒddƒ}tdtj|dƒdtdS(u[Takes a certificate in binary DER format and returns the PEM version of it as a string.uASCIIustrictu i@(ustrubase64ustandard_b64encodeu PEM_HEADERutextwrapufillu PEM_FOOTER(uder_cert_bytesuf((u /mit/python/lib/python3.0/ssl.pyuDER_cert_to_PEM_certŒscCsŠ|jtƒptdtƒ‚n|jƒjtƒptdtƒ‚n|jƒttƒttƒ …}tj|j ddƒƒS(uhTakes a certificate in ASCII PEM format and returns the DER-encoded version of it as a byte sequenceu(Invalid PEM encoding; must start with %su&Invalid PEM encoding; must end with %suASCIIustrict( u startswithu PEM_HEADERu ValueErrorustripuendswithu PEM_FOOTERulenubase64u decodestringuencode(upem_cert_stringud((u /mit/python/lib/python3.0/ssl.pyuPEM_cert_to_DER_cert•s#cCsz|\}}|dk o t}nt}ttƒd|d|d|ƒ}|j|ƒ|jdƒ}|jƒt |ƒS(u÷Retrieve the certificate from the server at the specified address, and return it as a PEM-encoded string. If 'ca_certs' is specified, validate the server cert against it. If 'ssl_version' is specified, use it in the connection attempt.u ssl_versionu cert_reqsuca_certsNT( uNoneu CERT_REQUIREDu CERT_NONEu wrap_socketusocketuconnectu getpeercertuTrueucloseuDER_cert_to_PEM_cert(uaddru ssl_versionuca_certsuhostuportu cert_reqsusudercert((u /mit/python/lib/python3.0/ssl.pyuget_server_certificate¢s     cCsP|tkodS|tkodS|tkodS|tkodSdSdS(NuTLSv1uSSLv23uSSLv2uSSLv3u (uPROTOCOL_TLSv1uPROTOCOL_SSLv23uPROTOCOL_SSLv2uPROTOCOL_SSLv3(u protocol_code((u /mit/python/lib/python3.0/ssl.pyuget_protocol_name´s    (.u__doc__utextwrapu_ssluSSLErroru CERT_NONEu CERT_OPTIONALu CERT_REQUIREDuPROTOCOL_SSLv2uPROTOCOL_SSLv3uPROTOCOL_SSLv23uPROTOCOL_TLSv1u RAND_statusuRAND_egduRAND_adduSSL_ERROR_ZERO_RETURNuSSL_ERROR_WANT_READuSSL_ERROR_WANT_WRITEuSSL_ERROR_WANT_X509_LOOKUPuSSL_ERROR_SYSCALLu SSL_ERROR_SSLuSSL_ERROR_WANT_CONNECTu SSL_ERROR_EOFuSSL_ERROR_INVALID_ERROR_CODEusocketu getnameinfou _getnameinfouerroru socket_errorudupu_dupuAF_INETu SOCK_STREAMubase64u tracebacku SSLSocketuNoneuFalseuTrueu wrap_socketucert_time_to_secondsu PEM_HEADERu PEM_FOOTERuDER_cert_to_PEM_certuPEM_cert_to_DER_certuget_server_certificateuget_protocol_name(((u /mit/python/lib/python3.0/ssl.pyu7s6  "@   ÿ