Qi;*UddlmZdZddlZddlZddlZddlZddlmZm Z ddl m Z ddl m Z ddlmZddlmZmZmZd d lmZmZmZmZmZd d lmZmZd d lmZmZmZm Z m!Z!m"Z"ejFd k\r ddlm$Z$m%Z%nddl&m$Z$m%Z%ejFdk\rddlm'Z'nddl&m'Z'edZ(e$dZ)e*e*e+e+fdfZ,de-d<e*e,dfZ.de-d<GddeZ/e dGddeZ0e dGdde!e0Z1Gdd e Z2y)!) annotations) TLSAttributeTLSConnectable TLSListener TLSStreamN)CallableMapping) dataclass)wraps) SSLContext)Any TypeAliasTypeVar)BrokenResourceError EndOfStreamaclose_forcefullyget_cancelled_exc_class to_thread)TypedAttributeSettyped_attribute) AnyByteStreamAnyByteStreamConnectable ByteStreamByteStreamConnectableListener TaskGroup) ) TypeVarTupleUnpack)r )overrideT_RetvalPosArgsT.r_PCTRTT_PCTRTTTceZdZUdZeZded<eZded<eZded<eZ ded <eZ d ed <eZ d ed <eZ ded<eZ ded<eZd ed<eZded<y)rz5Contains Transport Layer Security related attributes. str | None alpn_protocolbyteschannel_binding_tls_uniqueztuple[str, str, int]cipherz*None | dict[str, str | _PCTRTTT | _PCTRTT]peer_certificatez bytes | Nonepeer_certificate_binarybool server_sidez!list[tuple[str, str, int]] | Noneshared_ciphers ssl.SSLObject ssl_objectstandard_compatiblestr tls_versionN)__name__ __module__ __qualname____doc__rr*__annotations__r,r-r.r/r1r2r4r5r7rF)eqceZdZUdZded<ded<ded<ded <ded <ed d d d d  ddZ ddZddZddZ dddZ ddZ ddZ e ddZy )ra A stream wrapper that encrypts all sent data and decrypts received data. This class has no public initializer; use :meth:`wrap` instead. All extra attributes from :class:`~TLSAttribute` are supported. :var AnyByteStream transport_stream: the wrapped stream rtransport_streamr0r5r3 _ssl_objectz ssl.MemoryBIO _read_bio _write_bioNT)r1hostname ssl_contextr5cK|| }|s|rtjjntjj}tj|}t tdr$|xj tjzc_tj}tj}t|tjur|j||||} n,tj|j||||dd{} |||| ||} | j| jd{| S767w)a Wrap an existing stream with Transport Layer Security. This performs a TLS handshake with the peer. :param transport_stream: a bytes-transporting stream to wrap :param server_side: ``True`` if this is the server side of the connection, ``False`` if this is the client side (if omitted, will be set to ``False`` if ``hostname`` has been provided, ``False`` otherwise). Used only to create a default context when an explicit context has not been provided. :param hostname: host name of the peer (if host name checking is desired) :param ssl_context: the SSLContext object to use (if not provided, a secure default will be created) :param standard_compatible: if ``False``, skip the closing handshake when closing the connection, and don't raise an exception if the peer does the same :raises ~ssl.SSLError: if the TLS handshake fails NOP_IGNORE_UNEXPECTED_EOF)r1server_hostname)rBr5rCrDrE)sslPurpose CLIENT_AUTH SERVER_AUTHcreate_default_contexthasattroptionsrI MemoryBIOtyper wrap_biorrun_sync_call_sslobject_method do_handshake) clsrBr1rFrGr5purposebio_inbio_outr4wrappers r?wrapzTLSStream.wrapcs/:  &,K+6 ''CKKt j$r?|jj|jj d{7Ynt j$r@}|jj|jjt|d}~wt j $r}|jj|jjt#|t j$s|j&r(d|j&vr|j(rt|tdd}~wwxYww)NUNEXPECTED_EOF_WHILE_READING)rEpendingrBsendreadrKSSLWantReadErrorreceiverDwriter write_eofOSErrorrSSLWantWriteErrorSSLSyscallErrorSSLError isinstance SSLEOFErrorstrerrorr5)selffuncargsresultdataexcs r?rVz TLSStream._call_sslobject_methods ( tH??**//44T__5I5I5KLLL MI'' / /.."33889M9M9OPPP!%!6!6!>!>!@@@DNN((.#/NN,,.7NN,,.OO--/-367 (( I++001E1E1GHHH&& 3((*))+)s2<< ((*))+c3??3LL%Cs||%S//1s:)t3 1sJ8AA J8AJ8J34A DC"D#C&$D)J3#E2(J3*E22;E--E22J35J88AJ3GJ3J8J3;HJ3+BJ..J33J8cK|j|jjd{|jj |j j |j |jjfS7^w)z Does the TLS closing handshake. :return: a tuple of (wrapped byte stream, bytes left in the read buffer) N)rVrCunwraprDrfrErBrbrns r?ruzTLSStream.unwrapsl))$*:*:*A*ABBB   " !!#$$dnn&9&9&;;; Cs)B B AB cK|jr |jd{|jj d{y7'#t$r t|jd{7wxYw73wN)r5ru BaseExceptionrrBacloservs r?rzzTLSStream.aclosesm  # # kkm## ##**,,, $  '(=(=>>>  -sC A;A A A A;A9A; A !A6.A1/A66A;c~K|j|jj|d{}|st|S7wrx)rVrCrbr)rn max_bytesrrs r?rdzTLSStream.receives;001A1A1F1F RR  Ss *=;=clK|j|jj|d{y7wrx)rVrCre)rnitems r?razTLSStream.sends())$*:*:*@*@$GGGs *424c(K|jtj}tjd|}|rMt |j dt |j dxsd}}||fdkrtd|tdw)NzTLSv(\d+)(?:\.(\d+))?rr)rrz;send_eof() requires at least TLSv1.3; current session uses z7send_eof() has not yet been implemented for TLS streams)extrarr7rematchintgroupNotImplementedError)rnr7rmajorminors r?send_eofzTLSStream.send_eofsjj!9!9: 1;? u{{1~.EKKN4Ga0H5Eu~&)$$/=2 " E  sBBc<ijjtjjj tj jjtjjjtjfdtjfdtjfdtjfdtjfdtjfdtjjj i S)Nc:jjdS)NFrC getpeercertrvsr?z,TLSStream.extra_attributes..s43C3C3O3OPU3Vr>c:jjdS)NTrrvsr?rz,TLSStream.extra_attributes..s$:J:J:V:V;r>c0jjSrx)rCr1rvsr?rz,TLSStream.extra_attributes..sd.>.>.J.Jr>chjjrjjSdSrx)rCr1r2rvsr?rz,TLSStream.extra_attributes..s3##//  //1r>cjSrxr5rvsr?rz,TLSStream.extra_attributes.. d6N6Nr>cjSrx)rCrvsr?rz,TLSStream.extra_attributes..s T-=-=r>)rBextra_attributesrr*rCselected_alpn_protocolr,get_channel_bindingr-r.r/r1r2r5r4r7versionrvs`r?rzTLSStream.extra_attributess ##44  & &(8(8(O(O  3 3  44   !1!1!8!8  ) )+V  0 03  $ $&J  ' '*  , ,.N  # #%=  $ $d&6&6&>&>'  r>) rBrr1z bool | NonerFr)rGssl.SSLContext | Noner5r0returnr)roz&Callable[[Unpack[PosArgsT]], T_Retval]rpzUnpack[PosArgsT]rr$)rztuple[AnyByteStream, bytes]rNone)i)r|rrr+)r~r+rrrzMapping[Any, Callable[[], Any]])r8r9r:r;r< classmethodr]rVrurzrdrarpropertyrr=r>r?rrQs$# $(#-1$(D'D! D  D + D"D DDL,:,CS, ,\ <-H    r>rceZdZUdZded<ded<dZded<d Zd ed <edd Z d ddZ ddZ e ddZ y )ra A convenience listener that wraps another listener and auto-negotiates a TLS session on every accepted connection. If the TLS handshake times out or raises an exception, :meth:`handle_handshake_error` is called to do whatever post-mortem processing is deemed necessary. Supports only the :attr:`~TLSAttribute.standard_compatible` extra attribute. :param Listener listener: the listener to wrap :param ssl_context: the SSL context object :param standard_compatible: a flag passed through to :meth:`TLSStream.wrap` :param handshake_timeout: time limit for the TLS handshake (passed to :func:`~anyio.fail_after`) z Listener[Any]listenerzssl.SSLContextrGTr0r5floathandshake_timeoutcKt|d{t|ts*tjt j d|t|trt|try7hw)a Handle an exception raised during the TLS handshake. This method does 3 things: #. Forcefully closes the original stream #. Logs the exception (unless it was a cancellation exception) using the ``anyio.streams.tls`` logger #. Reraises the exception if it was a base exception or a cancellation exception :param exc: the exception :param stream: the original stream NzError during TLS handshake)exc_info)rrkrlogging getLoggerr8 exception Exception)rsstreams r?handle_handshake_errorz"TLSListener.handle_handshake_error8sr  '''#689   h ' 1 1,s 2  #y)Z=T=V-W .X (sA<A:A)A<NcKtdfd }jj||d{y7w)Nc\Kddlm} |j5tj |j j d{}dddd{y7#1swYxYw7#t$r%}j||d{7Yd}~yd}~wwxYww)Nr) fail_after)rGr5) rrrr]rGr5ryr)rrwrapped_streamrshandlerrns r?handler_wrapperz*TLSListener.serve..handler_wrapper]s % . 6 67+4>>$($4$4,0,D,D,:,&N8n---&87.! ?11#v>>> ?suB,A;0A- A+A-A; B,%A9&B,+A--A62A;9B,; B)B$BB$B,$B))B,)rrrr)r rserve)rnr task_grouprs`` r?rzTLSListener.serveXs; w .  .mm!!/:>>>s5A?AcTK|jjd{y7wrx)rrzrvs r?rzzTLSListener.acloseosmm""$$$s (&(c.tjfdiS)NcjSrxrrvsr?rz.TLSListener.extra_attributes..urr>)rr5rvs`r?rzTLSListener.extra_attributesrs  , ,.N  r>)rsryrrrrrx)rzCallable[[TLSStream], Any]rzTaskGroup | Nonerrrr) r8r9r:r;r<r5r staticmethodrrrzrrr=r>r?rr s}" $$!u!D(,?+?%?  ?.%  r>rcFeZdZdZdddd ddZeddZy) ra Wraps another connectable and does TLS negotiation after a successful connection. :param connectable: the connectable to wrap :param hostname: host name of the server (if host name checking is desired) :param ssl_context: the SSLContext object to use (if not provided, a secure default will be created) :param standard_compatible: if ``False``, skip the closing handshake when closing the connection, and don't raise an exception if the server does the same NTrFrGr5c8||_|xs-tjtjj|_t |j tjs+tdt|j j||_ ||_ y)Nz7ssl_context must be an instance of ssl.SSLContext, not ) connectablerKrOrLrNrGrkr TypeErrorrSr8rFr5)rnrrFrGr5s r?__init__zTLSConnectable.__init__s''2( c6P6P KK # #7 $**CNN;I(()2235 ! #6 r>cK|jjd{} tj||j|j |j d{S7D7#t$rt|d{7wxYww)Nr) rconnectrr]rFrGr5ryr)rnrs r?rzTLSConnectable.connects''//11 " ,,$($<$< ( 2  #F+ + +  sDB A%B :A) A'!A)$B 'A))BBBB ) rrrFr)rGrr5r0rr)rr)r8r9r:r;rr#rr=r>r?rrys[  $-1$( 7-7 7 + 7 " 7 7(  r>r)3 __future__r__all__rrrKsyscollections.abcrr dataclassesr functoolsr r typingr rrrrrrrr_core._typedattrrrabcrrrrrr version_infor r!typing_extensionsr#r$r%tupler6r&r<r'rrrrr=r>r?rs "  -!**Bw++6w* :   #5c?C/00GSL))))$)8 eK K K \ eU (9%U U p,*,r>