U
|
����Z�±d��ã��������������������@���sÆ���d�d�l�Z�d�d�l�Z�d�d�l�m�Z���d�d�l�Z�d�d�l�m Z m
|
Z
|
��d�d�l�m�Z���d�d�l m�Z���d�d�l�m�Z�m�Z���d�Z�d d
|
�Z�G�d�d��d�e��Z�G�d d��d��Z�e�d�d�d�d�g��Z�G�d�d��d�e e�d��Z�G�d�d��d�e
|
e���e�d��Z�d�S�)�é����N)�Ú�Enumé����)�Ú�StreamÚ�Listener)�Ú�aclose_forcefully)�Ú�_sync)�Ú�ConflictDetectorÚ�Finali�@��c��������������������C���s ���t�|�t�j��p�t�|�d��o�d�|�j�k�S�)�NÚ�strerrorZ�UNEXPECTED_EOF_WHILE_READING)�Ú
|
isinstanceÚ�_stdlib_sslÚ�SSLEOFErrorÚ�hasattrr
|
���)�Ú�exc©�r����ú@d:\z\workplace\vscode\pyvenv\venv\Lib\site-packages\trio/_ssl.pyÚ�_is_eofÁ���s���������ÿr����c��������������������@���s����e�Z�d�Z�d�Z�d�S�)�Ú�NeedHandshakeErrorz§Some :class:`SSLStream` methods can't return any meaningful data until
|
after the handshake. If you call them before the handshake, they raise
|
this error.
|
|
N)�Ú�__name__Ú
|
__module__Ú�__qualname__Ú�__doc__r����r����r����r����r����Ë���s������r����c��������������������@���s(���e�Z�d�Z�d�d��Z�d�d��Z�e�d�d���Z�d�S�)�Ú�_Oncec��������������������G���s ���|�|�_�|�|�_�d�|�_�t� �¡�|�_�d�S�©�NF)�Ú�_afnÚ�_argsÚ�startedr����Ú�EventÚ�_done)�Ú�selfZ�afnÚ�argsr����r����r����Ú�__init__Ô���s������������z�_Once.__init__c��������������������Ã���sP���|�j�s*d�|�_�|�j�|�j��I�d�H���|�j� �¡���n"|�s<|�j� �¡�r<d�S�|�j� �¡�I�d�H���d�S�)�NT)�r����r����r����r����Ú�setÚ�is_setÚ�wait)�r����Ú
|
checkpointr����r����r�����ensure���s������������������z�_Once.ensurec��������������������C���s
|
���|�j� �¡�S�©�N)�r����r#���©�r����r����r����r����Ú�doneä���s������z
|
_Once.doneN)�r����r����r����r!���r&����propertyr)���r����r����r����r����r�������s���������
|
��r�����_State�OK�BROKEN�CLOSEDc������������������������s���e�Z�d�Z�d�Z�d�d�d�d��d�d��Z�d�d�d d
|
d�d�d d�d�d�d�d�d�d�h�Z�d�d�d d�d�d�d�d�d�h Z�d�d��Z��f�d�d��Z��f�d�d��Z d�d��Z
|
d�d�d��d�d��Z�d d!�Z�d"d#�Z d.d$d%�Z�d&d'�Z�d(d)�Z�d*d+�Z�d,d-�Z����Z�S�)/Ú SSLStreama����Encrypted communication using SSL/TLS.
|
|
:class:`SSLStream` wraps an arbitrary :class:`~trio.abc.Stream`, and
|
allows you to perform encrypted communication over it using the usual
|
:class:`~trio.abc.Stream` interface. You pass regular data to
|
:meth:`send_all`, then it encrypts it and sends the encrypted data on the
|
underlying :class:`~trio.abc.Stream`; :meth:`receive_some` takes encrypted
|
data out of the underlying :class:`~trio.abc.Stream` and decrypts it
|
before returning it.
|
|
You should read the standard library's :mod:`ssl` documentation carefully
|
before attempting to use this class, and probably other general
|
documentation on SSL/TLS as well. SSL/TLS is subtle and quick to
|
anger. Really. I'm not kidding.
|
|
Args:
|
transport_stream (~trio.abc.Stream): The stream used to transport
|
encrypted data. Required.
|
|
ssl_context (~ssl.SSLContext): The :class:`~ssl.SSLContext` used for
|
this connection. Required. Usually created by calling
|
:func:`ssl.create_default_context`.
|
|
server_hostname (str or None): The name of the server being connected
|
to. Used for `SNI
|
<https://en.wikipedia.org/wiki/Server_Name_Indication>`__ and for
|
validating the server's certificate (if hostname checking is
|
enabled). This is effectively mandatory for clients, and actually
|
mandatory if ``ssl_context.check_hostname`` is ``True``.
|
|
server_side (bool): Whether this stream is acting as a client or
|
server. Defaults to False, i.e. client mode.
|
|
https_compatible (bool): There are two versions of SSL/TLS commonly
|
encountered in the wild: the standard version, and the version used
|
for HTTPS (HTTP-over-SSL/TLS).
|
|
Standard-compliant SSL/TLS implementations always send a
|
cryptographically signed ``close_notify`` message before closing the
|
connection. This is important because if the underlying transport
|
were simply closed, then there wouldn't be any way for the other
|
side to know whether the connection was intentionally closed by the
|
peer that they negotiated a cryptographic connection to, or by some
|
`man-in-the-middle
|
<https://en.wikipedia.org/wiki/Man-in-the-middle_attack>`__ attacker
|
who can't manipulate the cryptographic stream, but can manipulate
|
the transport layer (a so-called "truncation attack").
|
|
However, this part of the standard is widely ignored by real-world
|
HTTPS implementations, which means that if you want to interoperate
|
with them, then you NEED to ignore it too.
|
|
Fortunately this isn't as bad as it sounds, because the HTTP
|
protocol already includes its own equivalent of ``close_notify``, so
|
doing this again at the SSL/TLS level is redundant. But not all
|
protocols do! Therefore, by default Trio implements the safer
|
standard-compliant version (``https_compatible=False``). But if
|
you're speaking HTTPS or some other protocol where
|
``close_notify``\s are commonly skipped, then you should set
|
``https_compatible=True``; with this setting, Trio will neither
|
expect nor send ``close_notify`` messages.
|
|
If you have code that was written to use :class:`ssl.SSLSocket` and
|
now you're porting it to Trio, then it may be useful to know that a
|
difference between :class:`SSLStream` and :class:`ssl.SSLSocket` is
|
that :class:`~ssl.SSLSocket` implements the
|
``https_compatible=True`` behavior by default.
|
|
Attributes:
|
transport_stream (trio.abc.Stream): The underlying transport stream
|
that was passed to ``__init__``. An example of when this would be
|
useful is if you're using :class:`SSLStream` over a
|
:class:`~trio.SocketStream` and want to call the
|
:class:`~trio.SocketStream`'s :meth:`~trio.SocketStream.setsockopt`
|
method.
|
|
Internally, this class is implemented using an instance of
|
:class:`ssl.SSLObject`, and all of :class:`~ssl.SSLObject`'s methods and
|
attributes are re-exported as methods and attributes on this class.
|
However, there is one difference: :class:`~ssl.SSLObject` has several
|
methods that return information about the encrypted connection, like
|
:meth:`~ssl.SSLSocket.cipher` or
|
:meth:`~ssl.SSLSocket.selected_alpn_protocol`. If you call them before the
|
handshake, when they can't possibly return useful data, then
|
:class:`ssl.SSLObject` returns None, but :class:`trio.SSLStream`
|
raises :exc:`NeedHandshakeError`.
|
|
This also means that if you register a SNI callback using
|
`~ssl.SSLContext.sni_callback`, then the first argument your callback
|
receives will be a :class:`ssl.SSLObject`.
|
|
NF)�Ú�server_hostnameÚ�server_sideÚ�https_compatiblec��������������������C���s���|�|�_�t�j�|�_�|�|�_�t� �¡�|�_�d�|�_�t� �¡�|�_ |�j
|
|�j |�j�|�|�d��|�_�t�|�j �|�_�t� �¡�|�_�d�|�_�t� �¡�|�_�t�d��|�_�t�d��|�_�t�|�_�d�S�)�N)�r1���r0���r����z8another task is currently sending data on this SSLStreamz:another task is currently receiving data on this SSLStream)�Ú�transport_streamr+���r,���Ú�_stateÚ�_https_compatibler����Ú MemoryBIOÚ _outgoingÚ�_delayed_outgoingÚ _incomingÚ�wrap_bioÚ�_ssl_objectr����Ú _do_handshakeÚ
|
_handshookr����Z�StrictFIFOLock�_inner_send_lock�_inner_recv_count�Lock�_inner_recv_lockr�����_outer_send_conflict_detector�_outer_recv_conflict_detector�STARTING_RECEIVE_SIZE�_estimated_receive_size)�r����r3����ssl_contextr0���r1���r2���r����r����r����r!���L���s.���� ������
|
|
����������ü����
|
|
����ÿ�����ÿ��z�SSLStream.__init__Ú�contextr1���r0���Ú�sessionÚ�session_reusedÚ�getpeercertÚ�selected_npn_protocolÚ�cipherÚ�shared_ciphersÚ�compressionÚ�pendingÚ�get_channel_bindingÚ�selected_alpn_protocolÚ�versionc��������������������C���sB���|�|�j�k�r6|�|�j�k�r*|�j�j�s*t�d� �|�¡���t�|�j�|��S�t�|���d�S�)�Nz'call do_handshake() before calling {!r}) Ú
|
_forwarded�_after_handshaker=���r)���r�����format�getattrr;����AttributeError)�r�����namer����r����r�����__getattr__���s������
|
������ÿ����z�SSLStream.__getattr__c������������������������s,���|�|�j�k�r�t�|�j�|�|����n�t�� �|�|�¡���d�S�r'���)�rS���Ú�setattrr;���Ú�superÚ�__setattr__)�r����rX���Ú�value©�Ú __class__r����r����r\������s������
|
���z�SSLStream.__setattr__c������������������������s����t�� �¡�t�|�j����S�r'���)�r[���Ú�__dir__Ú�listrS���r(���r^���r����r����r`���£���s������z�SSLStream.__dir__c��������������������C���sD���|�j�t�j�k�r�d�S�|�j�t�j�k�r$t�j��n�|�j�t�j�k�r8t�j��n�d�s@t��d�S�r����) r4���r+���r,���r-���Ú�trioÚ�BrokenResourceErrorr.���Z�ClosedResourceErrorÚ�AssertionErrorr(���r����r����r����Ú _check_status¦���s������������������z�SSLStream._check_status)�Ú�ignore_want_readÚ�is_handshakec������������ ���
|
���Ç���sð���t�j� �¡�I�d�H���d�}�d�}�|��sÖd�}�d�}�z�|�|��}�W�nR��t�j�k
|
rL������d�}�Y�n>��t�j�t�j�f�k
|
r��} ��z�t�j�|�_ t�j
|
| �W�5�d�} ~ X�Y�n�X�d�}�|�rd�}�d�}�|�j� �¡�}
|
|�rÖ|�sÖ|�j j�rÖ|�j �¡�d�k�rÖ|�j�d�k�sÌt��|
|
|�_�d�}
|
|
|
�rL|�j�4�I�d�H�T��d�}�z2|�j�d�k �r�|�j�|
|
��}
|
d�|�_�|�j� �|
|
¡�I�d�H���W�n�������t�j�|�_ �Y�n�X�W�5�Q�I�d�H�R�X�q�|�r�|�j�}�|�j�4�I�d�H�d��d�}�|�|�j�k��rÄ|�j� �¡�I�d�H�}�|��s|�j� �¡���n�t�|�j�t�|���|�_�|�j� �|�¡���|���j�d�7���_�W�5�Q�I�d�H�R�X�q�|��sìt�j� �¡�I�d�H���|�S�)�NFTz�TLSv1.3ó����r����)�rb���Ú�lowlevelZ�checkpoint_if_cancelledr����Ú�SSLWantReadErrorÚ�SSLErrorÚ�CertificateErrorr+���r-���r4���rc���r7���Ú�readr;���r1���rR���r8���rd���r>���r3���Ú�send_allr?���rA���Ú�receive_somer9���Ú write_eofÚ�maxrE���Ú�lenÚ�writeZ�cancel_shielded_checkpoint) r����Ú�fnrf���rg���r ���Ú�yieldedÚ�finishedZ want_readÚ�retr����Z�to_sendZ
|
recv_countÚ�datar����r����r����Ú�_retry´���sr���������������������������������������
|
��ÿ���þ���ý���ü�������;����������
|
��������������������������������ÿ���� �����z�SSLStream._retryc��������������������Ã���s8���z�|�j�|�j�j�d�d��I�d�H���W�n�������t�j�|�_��Y�n�X�d�S�)�NT)�rg���)�ry���r;���Ú�do_handshaker+���r-���r4���r(���r����r����r����r<���`���s
|
�������������z�SSLStream._do_handshakec��������������������Ã���s ���|� �¡���|�j�j�d�d��I�d�H���d�S�)�u���Ensure that the initial handshake has completed.
|
|
The SSL protocol requires an initial handshake to exchange
|
certificates, select cryptographic keys, and so forth, before any
|
actual data can be sent or received. You don't have to call this
|
method; if you don't, then :class:`SSLStream` will automatically
|
perform the handshake as needed, the first time you try to send or
|
receive data. But if you want to trigger it manually â for example,
|
because you want to look at the peer's certificate before you start
|
talking to them â then you can call this method.
|
|
If the initial handshake is already in progress in another task, this
|
waits for it to complete and then returns.
|
|
If the initial handshake has already completed, this returns
|
immediately without doing anything (except executing a checkpoint).
|
|
.. warning:: If this method is cancelled, then it may leave the
|
:class:`SSLStream` in an unusable state. If this happens then any
|
future attempt to use the object will raise
|
:exc:`trio.BrokenResourceError`.
|
|
T©�r%���N)�re���r=���r&���r(���r����r����r����rz���g���s��������z�SSLStream.do_handshakec��������������������Ã���s\���|�j��J��|� �¡���z�|�j�j�d�d��I�d�H���W�nh��t�j�k
|
r��}���zH|�j�rt�|�j�t j
|
�s\t�|�j��rt�j� ¡�I�d�H���W�Y�¢�W�5�Q�R�£�d�S��W�5�d�}�~�X�Y�n�X�|�d�k�r®t�|�j�|�j�j��}�n�t� �|�¡�}�|�d�k�rÈt�d���z$|� �|�j�j�|�¡�I�d�H�W�W���5�Q�R�£�S���t�j�k
|
�rL��}���z>|�j��r:t�|�j���r:t�j� ¡�I�d�H���W�Y�¢�W�5�Q�R�£�d�S��W�5�d�}�~�X�Y�n�X�W�5�Q�R�X�d�S�)�aã���Read some data from the underlying transport, decrypt it, and
|
return it.
|
|
See :meth:`trio.abc.ReceiveStream.receive_some` for details.
|
|
.. warning:: If this method is cancelled while the initial handshake
|
or a renegotiation are in progress, then it may leave the
|
:class:`SSLStream` in an unusable state. If this happens then any
|
future attempt to use the object will raise
|
:exc:`trio.BrokenResourceError`.
|
|
Fr{���Nrh���r����z�max_bytes must be >= 1)�rC���re���r=���r&���rb���rc���r5���r����Ú __cause__r����Ú�SSLSyscallErrorr����ri���r%���rq���rE���r9���rO���Ú _operatorÚ�indexÚ
|
ValueErrorry���r;���rm���)�r����Z max_bytesr����r����r����r����ro������s2����
|
������������ÿ���þ������������
|
�������$���������z�SSLStream.receive_somec���������������� ���Ã���sj���|�j�Z��|� �¡���|�j�j�d�d��I�d�H���|�sFt�j� �¡�I�d�H���W�5�Q�R�£�d�S�|� �|�j�j |�¡�I�d�H���W�5�Q�R�X�d�S�)�az���Encrypt some data and then send it on the underlying transport.
|
|
See :meth:`trio.abc.SendStream.send_all` for details.
|
|
.. warning:: If this method is cancelled, then it may leave the
|
:class:`SSLStream` in an unusable state. If this happens then any
|
attempt to use the object will raise
|
:exc:`trio.BrokenResourceError`.
|
|
Fr{���N)
|
rB���re���r=���r&���rb���ri���r%���ry���r;���rs���)�r����rx���r����r����r����rn���¿���s������������������z�SSLStream.send_allc��������������������Ã���s���|�j�~��|�j�l��|� �¡���|�j�j�d�d��I�d�H���|� �|�j�j�¡�I�d�H���|�j�}�d�|�_�t j
|
|�_�|�|�j� ¡�f�W���5�Q�R�£�W���5�Q�R�£�S�Q�R�X�W�5�Q�R�X�d�S�)�að���Cleanly close down the SSL/TLS encryption layer, allowing the
|
underlying stream to be used for unencrypted communication.
|
|
You almost certainly don't need this.
|
|
Returns:
|
A pair ``(transport_stream, trailing_bytes)``, where
|
``transport_stream`` is the underlying transport stream, and
|
``trailing_bytes`` is a byte string. Since :class:`SSLStream`
|
doesn't necessarily know where the end of the encrypted data will
|
be, it can happen that it accidentally reads too much from the
|
underlying stream. ``trailing_bytes`` contains this extra data; you
|
should process it as if it was returned from a call to
|
``transport_stream.receive_some(...)``.
|
|
Fr{���N)�rC���rB���re���r=���r&���ry���r;���Ú�unwrapr3���r+���r.���r4���r9���rm���©�r����r3���r����r����r����r���Ô���s��������������������z�SSLStream.unwrapc���������������� ���Ã���sä���|�j�t�j�k�r t�j� �¡�I�d�H���d�S�|�j�t�j�k�s2|�j�rNt�j�|�_�|�j� ¡�I�d�H���d�S�zzR|�j
|
j�d�d��I�d�H���z�|�j�|�j j�d�d��I�d�H���W�n���t�j�t�j�f�k
|
r������Y�n�X�W�n�������t�|�j��I�d�H����Y�n�X�|�j� ¡�I�d�H���W�5�t�j�|�_�X�d�S�)�aÃ���Gracefully shut down this connection, and close the underlying
|
transport.
|
|
If ``https_compatible`` is False (the default), then this attempts to
|
first send a ``close_notify`` and then close the underlying stream by
|
calling its :meth:`~trio.abc.AsyncResource.aclose` method.
|
|
If ``https_compatible`` is set to True, then this simply closes the
|
underlying stream and marks this stream as closed.
|
|
NFr{���T)�rf���)�r4���r+���r.���rb���ri���r%���r-���r5���r3����acloser=���r&���ry���r;���r���rc���Z�BusyResourceErrorr����r(���r����r����r����r�����s$����������������������0������
|
���������z�SSLStream.aclosec��������������������Ã���sN���|�j�>��|� �¡���|�j�4�I�d�H����|�j� �¡�I�d�H���W�5�Q�I�d�H�R�X�W�5�Q�R�X�d�S�)�z>See :meth:`trio.abc.SendStream.wait_send_all_might_not_block`.N)�rB���re���r>���r3���Ú�wait_send_all_might_not_blockr(���r����r����r����r���E���s������������z'SSLStream.wait_send_all_might_not_block)�N)�r����r����r����r����r!���rS���rT���rY���r\���r`���re���ry���r<���rz���ro���rn���r���r���r���Ú __classcell__r����r����r^���r����r/���ì���sV������d�����ù�*���������������������������ò�������������������÷������������-���#
|
5�����Wr/���)�Ú metaclassc��������������������@���s.���e�Z�d�Z�d�Z�d�d��d�d��Z�d�d��Z�d�d �Z�d
|
S�)�Ú�SSLListenera»���A :class:`~trio.abc.Listener` for SSL/TLS-encrypted servers.
|
|
:class:`SSLListener` wraps around another Listener, and converts
|
all incoming connections to encrypted connections by wrapping them
|
in a :class:`SSLStream`.
|
|
Args:
|
transport_listener (~trio.abc.Listener): The listener whose incoming
|
connections will be wrapped in :class:`SSLStream`.
|
|
ssl_context (~ssl.SSLContext): The :class:`~ssl.SSLContext` that will be
|
used for incoming connections.
|
|
https_compatible (bool): Passed on to :class:`SSLStream`.
|
|
Attributes:
|
transport_listener (trio.abc.Listener): The underlying listener that was
|
passed to ``__init__``.
|
|
F)�r2���c��������������������C���s����|�|�_�|�|�_�|�|�_�d�S�r'���)�Ú�transport_listenerÚ�_ssl_contextr5���)�r����r���rF���r2���r����r����r����r!������s����������z�SSLListener.__init__c��������������������Ã���s$���|�j� �¡�I�d�H�}�t�|�|�j�d�|�j�d��S�)�z
Accept the next connection and wrap it in an :class:`SSLStream`.
|
|
See :meth:`trio.abc.Listener.accept` for details.
|
|
NT)�r1���r2���)�r���Ú�acceptr/���r���r5���r���r����r����r����r������s�����������������üz�SSLListener.acceptc��������������������Ã���s����|�j� �¡�I�d�H���d�S�)�z�Close the transport listener.N)�r���r���r(���r����r����r����r������s������z�SSLListener.acloseN)�r����r����r����r����r!���r���r���r����r����r����r����r���n���s
|
��������û����r���)�Ú�operatorr~���Ú�sslr����Ú�enumr����Ú�_Enumrb���Ú�abcr����r����Z�_highlevel_genericr����Ú�r����Z�_utilr����r ���rD���r����Ú Exceptionr����r����r+���r/���r���r����r����r����r����Ú�<module>���s&����������������������
|
�������������
|
