Plan 9 from Bell Labs’s /usr/web/sources/contrib/stallion/root/sys/lib/python2.7/ssl.pyo

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution.


�`^c
@s/dZddlZddlZddlmZmZmZddlmZddlmZmZm	Z	ddlm
Z
mZmZddlm
Z
mZmZmZmZmZmZmZmZddlmZmZmZid	e6d
e6de6ZyddlmZeZWnek
r,eZnXd
ee<ddlmZmZm Z m!Z"ddlm#Z$ddlm%Z%m&Z&m'Z'ddl(Z(ddl)Z)dZ*defd��YZ+eee,eeee-e-ed�Z.d�Z/dZ0dZ1d�Z2d�Z3eed�Z4d�Z5eed�Z6dS(sThis module provides some more Pythonic support for SSL.

Object types:

  SSLSocket -- subtype of socket.socket which does SSL over the socket

Exceptions:

  SSLError -- exception raised for I/O errors

Functions:

  cert_time_to_seconds -- convert time string used for certificate
                          notBefore and notAfter functions to integer
                          seconds past the Epoch (the time values
                          returned from time.time())

  fetch_server_certificate (HOST, PORT) -- fetch the certificate provided
                          by the server running on HOST at port PORT.  No
                          validation of the certificate is performed.

Integer constants:

SSL_ERROR_ZERO_RETURN
SSL_ERROR_WANT_READ
SSL_ERROR_WANT_WRITE
SSL_ERROR_WANT_X509_LOOKUP
SSL_ERROR_SYSCALL
SSL_ERROR_SSL
SSL_ERROR_WANT_CONNECT

SSL_ERROR_EOF
SSL_ERROR_INVALID_ERROR_CODE

The following group define certificate requirements that one side is
allowing/requiring from the other side:

CERT_NONE - no certificates from the other side are required (or will
            be looked at if provided)
CERT_OPTIONAL - certificates are not required, but if provided will be
                validated, and if validation fails, the connection will
                also fail
CERT_REQUIRED - certificates are required, and will be validated, and
                if validation fails, the connection will also fail

The following constants identify various SSL protocol variants:

PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLSv1
i�N(tOPENSSL_VERSION_NUMBERtOPENSSL_VERSION_INFOtOPENSSL_VERSION(tSSLError(t	CERT_NONEt
CERT_OPTIONALt
CERT_REQUIRED(tRAND_statustRAND_egdtRAND_add(	tSSL_ERROR_ZERO_RETURNtSSL_ERROR_WANT_READtSSL_ERROR_WANT_WRITEtSSL_ERROR_WANT_X509_LOOKUPtSSL_ERROR_SYSCALLt
SSL_ERROR_SSLtSSL_ERROR_WANT_CONNECTt
SSL_ERROR_EOFtSSL_ERROR_INVALID_ERROR_CODE(tPROTOCOL_SSLv3tPROTOCOL_SSLv23tPROTOCOL_TLSv1tTLSv1tSSLv23tSSLv3(tPROTOCOL_SSLv2tSSLv2(tsockett_fileobjectt_delegate_methodsterror(tgetnameinfo(t
SOL_SOCKETtSO_TYPEtSOCK_STREAMs)DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2t	SSLSocketc
BseZdZddeeedeedd�Zdd�Z	d�Z
ed�Zd�Zdd�Z
dd	�Zdd
�Zddd�Zddd�Zddd
�Zddd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zddd�ZRS(s�This class implements a subtype of socket.socket that wraps
    the underlying OS socket in an SSL context when necessary, and
    provides read and write methods over that channel.c
	Cs�|jtt�tkr'td��ntj|d|j�x3tD]+}yt	||�WqDt
k
rnqDXqDW|
dkr�|tkr�t
}
n|r�|r�|}nytj|�Wn=tk
r�|jtjkr�nt|_d|_nGXt|_tj|j|||||||
�|_|rA|j�n||_||_||_||_||_|
|_||_|	|_ d|_!dS(Ns!only stream sockets are supportedt_socki("t
getsockoptR R!R"tNotImplementedErrorRt__init__R$RtdelattrtAttributeErrortNonet_SSLv2_IF_EXISTSt_DEFAULT_CIPHERStgetpeernametsocket_errorterrnotENOTCONNtFalset
_connectedt_sslobjtTruet_ssltsslwraptdo_handshaketkeyfiletcertfilet	cert_reqstssl_versiontca_certstcipherstdo_handshake_on_connecttsuppress_ragged_eofst_makefile_refs(
tselftsockR8R9tserver_sideR:R;R<R>R?R=tattrte((s/sys/lib/python2.7/ssl.pyR'ksF

	
		
		
								icCsQy|jj|�SWn6tk
rL}|jdtkrF|jrFdS�nXdS(sORead up to LEN bytes and return them.
        Return zero-length string on EOF.itN(R3treadRtargsRR?(RAtlentx((s/sys/lib/python2.7/ssl.pyRG�scCs|jj|�S(shWrite DATA to the underlying SSL channel.  Returns
        number of bytes of DATA actually transmitted.(R3twrite(RAtdata((s/sys/lib/python2.7/ssl.pyRK�scCs|jj|�S(s�Returns a formatted version of the data in the
        certificate provided by the other end of the SSL channel.
        Return None if no certificate was provided, {} if a
        certificate was provided, but not validated.(R3tpeer_certificate(RAtbinary_form((s/sys/lib/python2.7/ssl.pytgetpeercert�scCs|js
dS|jj�SdS(N(R3R*tcipher(RA((s/sys/lib/python2.7/ssl.pyRP�s	icCs�|jr�|dkr+td|j��nx�tr�y|jj|�}WnDtk
r�}|jdtkrsdS|jdtkr�dS�q.X|Sq.Wn|j	j
||�SdS(Nis3non-zero flags not allowed in calls to send() on %s(R3t
ValueErrort	__class__R4RKRRHRRR$tsend(RARLtflagstvRJ((s/sys/lib/python2.7/ssl.pyRS�s 		cCsX|jrtd|j��n5|dkr>|jj||�S|jj|||�SdS(Ns%sendto not allowed on instances of %s(R3RQRRR*R$tsendto(RARLt
flags_or_addrtaddr((s/sys/lib/python2.7/ssl.pyRV�s	cCs�|jrq|dkr+td|j��nt|�}d}x-||krl|j||�}||7}q@W|Stj|||�SdS(Nis6non-zero flags not allowed in calls to sendall() on %s(R3RQRRRIRSRtsendall(RARLRTtamounttcountRU((s/sys/lib/python2.7/ssl.pyRY�s	cCsO|jr8|dkr+td|j��n|j|�S|jj||�SdS(Nis3non-zero flags not allowed in calls to recv() on %s(R3RQRRRGR$trecv(RAtbuflenRT((s/sys/lib/python2.7/ssl.pyR\�s	
cCs�|r!|dkr!t|�}n|dkr6d}n|jr�|dkratd|j��n|j|�}t|�}|||*|S|jj|||�SdS(Niis8non-zero flags not allowed in calls to recv_into() on %s(R*RIR3RQRRRGR$t	recv_into(RAtbuffertnbytesRTt
tmp_bufferRU((s/sys/lib/python2.7/ssl.pyR^�s		
cCs6|jrtd|j��n|jj||�SdS(Ns'recvfrom not allowed on instances of %s(R3RQRRR$trecvfrom(RAR]RT((s/sys/lib/python2.7/ssl.pyRbs	cCs9|jrtd|j��n|jj|||�SdS(Ns,recvfrom_into not allowed on instances of %s(R3RQRRR$t
recvfrom_into(RAR_R`RT((s/sys/lib/python2.7/ssl.pyRcs	cCs|jr|jj�SdSdS(Ni(R3tpending(RA((s/sys/lib/python2.7/ssl.pyRds	
cCs?|jr%|jj�}d|_|Stdt|���dS(NsNo SSL wrapper around (R3tshutdownR*RQtstr(RAts((s/sys/lib/python2.7/ssl.pytunwraps
		cCsd|_tj||�dS(N(R*R3RRe(RAthow((s/sys/lib/python2.7/ssl.pyRe's	cCs;|jdkr(d|_tj|�n|jd8_dS(Ni(R@R*R3Rtclose(RA((s/sys/lib/python2.7/ssl.pyRj+s	cCs|jj�dS(sPerform a TLS/SSL handshake.N(R3R7(RA((s/sys/lib/python2.7/ssl.pyR72sc	Cs�|jrtd��ntj|jt|j|j|j|j	|j
|j�|_ya|rrt
j||�}nd}t
j||�|s�|jr�|j�nt|_n|SWntk
r�d|_�nXdS(Ns/attempt to connect already-connected SSLSocket!(R2RQR5R6R$R1R8R9R:R;R<R=R3Rt
connect_exR*tconnectR>R7R4R.(RARXtreturn_errnotrc((s/sys/lib/python2.7/ssl.pyt
_real_connect8s$		

	cCs|j|t�dS(sQConnects to remote ADDR, and then wraps the connection in
        an SSL channel.N(RoR1(RARX((s/sys/lib/python2.7/ssl.pyRlOscCs|j|t�S(sQConnects to remote ADDR, and then wraps the connection in
        an SSL channel.(RoR4(RARX((s/sys/lib/python2.7/ssl.pyRkTscCs�tj|�\}}ybt|d|jd|jdtd|jd|jd|jd|j	d|j
d	|j�	|fSWn#tk
r�}|j
�|�nXd
S(s�Accepts a new connection from a remote client, and returns
        a tuple containing that new connection wrapped with a server-side
        SSL channel, and the address of the remote client.R8R9RCR:R;R<R=R>R?N(RtacceptR#R8R9R4R:R;R<R=R>R?R.Rj(RAtnewsockRXRE((s/sys/lib/python2.7/ssl.pyRpYs 									
tri�cCs%|jd7_t|||dt�S(s�Make and return a file-like object that
        works with the SSL connection.  Just use the code
        from the socket module.iRj(R@RR4(RAtmodetbufsize((s/sys/lib/python2.7/ssl.pytmakefilepsN(t__name__t
__module__t__doc__R*R1RRR4R'RGRKRORPRSRVRYR\R^RbRcRdRhReRjR7RoRlRkRpRu(((s/sys/lib/python2.7/ssl.pyR#es60
				
									c

Cs@t|d|d|d|d|d|d|d|d|d	|	�	S(
NR8R9RCR:R;R<R>R?R=(R#(
RBR8R9RCR:R;R<R>R?R=((s/sys/lib/python2.7/ssl.pytwrap_socket}scCs%ddl}|j|j|d��S(s�Takes a date-time string in standard ASN1_print form
    ("MON DAY 24HOUR:MINUTE:SEC YEAR TIMEZONE") and return
    a Python time value in seconds past the epoch.i�Ns%b %d %H:%M:%S %Y GMT(ttimetmktimetstrptime(t	cert_timeRz((s/sys/lib/python2.7/ssl.pytcert_time_to_seconds�ss-----BEGIN CERTIFICATE-----s-----END CERTIFICATE-----cCscttd�rBtj|�}tdtj|d�dtdStdtj|�tdSdS(s[Takes a certificate in binary DER format and returns the
    PEM version of it as a string.tstandard_b64encodes
i@N(thasattrtbase64Rt
PEM_HEADERttextwraptfillt
PEM_FOOTERtencodestring(tder_cert_bytestf((s/sys/lib/python2.7/ssl.pytDER_cert_to_PEM_cert�s$cCsw|jt�s"tdt��n|j�jt�sJtdt��n|j�tt�tt�!}tj|�S(shTakes a certificate in ASCII PEM format and returns the
    DER-encoded version of it as a byte sequences(Invalid PEM encoding; must start with %ss&Invalid PEM encoding; must end with %s(	t
startswithR�RQtstriptendswithR�RIR�tdecodestring(tpem_cert_stringtd((s/sys/lib/python2.7/ssl.pytPEM_cert_to_DER_cert�s

 cCsx|\}}|dk	r!t}nt}tt�d|d|d|�}|j|�|jt�}|j�t	|�S(s�Retrieve the certificate from the server at the specified address,
    and return it as a PEM-encoded string.
    If 'ca_certs' is specified, validate the server cert against it.
    If 'ssl_version' is specified, use it in the connection attempt.R;R:R<N(
R*RRRyRRlROR4RjR�(RXR;R<thosttportR:Rgtdercert((s/sys/lib/python2.7/ssl.pytget_server_certificate�s	

cCstj|d�S(Ns	<unknown>(t_PROTOCOL_NAMEStget(t
protocol_code((s/sys/lib/python2.7/ssl.pytget_protocol_name�scCslt|d�r|j}ntj|d||ttd�}y|j�Wntk
r]nX|j	�|S(s�A replacement for the old socket.ssl function.  Designed
    for compability with Python 2.5 and earlier.  Will disappear in
    Python 3.0.R$iN(
R�R$R5R6RRR*R-R.R7(RBR8R9tssl_sock((s/sys/lib/python2.7/ssl.pytsslwrap_simple�s

(7RxR�R5RRRRRRRRRR	R
RRR
RRRRRRRRR�RR+tImportErrorR*RRRRR.Rt_getnameinfoR R!R"R�R/R,R#R1R4RyR~R�R�R�R�R�R�R�(((s/sys/lib/python2.7/ssl.pyt<module>8sN@





"�					

Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].