U dd/@sddlZddlZddlZddlmZddlmZddlmZm Z m Z m Z m Z m Z mZmZmZddlmZmZmZmZddlmZmZddlmZmZmZmZed Zeeeefd fZ ee d fZ!Gd d d eZ"ed dGdddeZ#ed dGdddee#Z$dS)N) dataclass)wraps) AnyCallableDictListMappingOptionalTupleTypeVarUnion)BrokenResourceError EndOfStreamaclose_forcefullyget_cancelled_exc_class)TypedAttributeSettyped_attribute) AnyByteStream ByteStreamListener TaskGroupT_Retval.c@seZdZUdZeZeeed<eZ e ed<eZ e eee fed<eZeeeeeeeffed<eZee ed<eZeed<eZee eee fed<eZejed <eZeed <eZeed <d S) TLSAttributez5Contains Transport Layer Security related attributes. alpn_protocolchannel_binding_tls_uniquecipherpeer_certificatepeer_certificate_binary server_sideshared_ciphers ssl_objectstandard_compatible tls_versionN)__name__ __module__ __qualname____doc__rrr str__annotations__rbytesrr intrrr _PCTRTTT_PCTRTTrrboolr rr!ssl SSLObjectr"r#r1r15/tmp/pip-unpacked-wheel-yaxr6kle/anyio/streams/tls.pyrs rF)eqc @seZdZUdZeed<eed<ejed<ej ed<ej ed<e ddddd ee ee e e ej edd d d Zed efeedddZeeefdddZddddZd!eedddZeddddZddddZeeeegeffddd ZdS)" TLSStreama A stream wrapper that encrypts all sent data and decrypts received data. This class has no public initializer; use :meth:`wrap` instead. All extra attributes from :class:`~TLSAttribute` are supported. :var AnyByteStream transport_stream: the wrapped stream transport_streamr" _ssl_object _read_bio _write_bioNT)rhostname ssl_contextr")r5rr9r:r"returnc s|dkr| }|sJ|rtjjntjj}t|}ttdrJ|jtjN_t}t}|j ||||d} |||| ||d} | | j IdH| S)a Wrap an existing stream with Transport Layer Security. This performs a TLS handshake with the peer. :param transport_stream: a bytes-transporting stream to wrap :param server_side: ``True`` if this is the server side of the connection, ``False`` if this is the client side (if omitted, will be set to ``False`` if ``hostname`` has been provided, ``False`` otherwise). Used only to create a default context when an explicit context has not been provided. :param hostname: host name of the peer (if host name checking is desired) :param ssl_context: the SSLContext object to use (if not provided, a secure default will be created) :param standard_compatible: if ``False``, skip the closing handshake when closing the connection, and don't raise an exception if the peer does the same :raises ~ssl.SSLError: if the TLS handshake fails NOP_IGNORE_UNEXPECTED_EOF)rserver_hostname)r5r"r6r7r8) r/Purpose CLIENT_AUTH SERVER_AUTHcreate_default_contexthasattroptionsr< MemoryBIOwrap_bio_call_sslobject_method do_handshake) clsr5rr9r:r"purposeZbio_inZbio_outr!wrapperr1r1r2wrapEs2  zTLSStream.wrap.)funcargsr;c sz||}Wntjk rz4|jjrB|j|jIdH|jIdH}WnXtk rr|j YnHt k r}z|j |j t |W5d}~XYnX|j |Yqtjk r|j|jIdHYqtjk r(}z|j |j t |W5d}~XYqtjk r}zJ|j |j t|tjsjd|jkr|jrzt |ntdW5d}~XYqX|jjr|j|jIdH|SqdS)NZUNEXPECTED_EOF_WHILE_READING)r/SSLWantReadErrorr8pendingr5sendreadreceiverr7 write_eofOSErrorrwriteSSLWantWriteErrorSSLSyscallErrorSSLError isinstance SSLEOFErrorstrerrorr")selfrLrMresultdataexcr1r1r2rF}sD        z TLSStream._call_sslobject_methodr;cs8||jjIdH|j|j|j|jfS)z Does the TLS closing handshake. :return: a tuple of (wrapped byte stream, bytes left in the read buffer) N)rFr6unwrapr7rSr8r5rQr\r1r1r2ras  zTLSStream.unwrapcsT|jr@z|IdHWn&tk r>t|jIdHYnX|jIdHdSN)r"ra BaseExceptionrr5acloserbr1r1r2reszTLSStream.aclose) max_bytesr;cs"||jj|IdH}|st|Src)rFr6rQr)r\rgr^r1r1r2rRszTLSStream.receive)itemr;cs||jj|IdHdSrc)rFr6rU)r\rhr1r1r2rPszTLSStream.sendcsd|tj}td|}|rXt|dt|dp6d}}||fdkrXtd|tddS)NzTLSv(\d+)(?:\.(\d+))?r r)riz;send_eof() requires at least TLSv1.3; current session uses z7send_eof() has not yet been implemented for TLS streams)extrarr#rematchr+groupNotImplementedError)r\r#rmmajorminorr1r1r2send_eofs  " zTLSStream.send_eofcsjjtjjjtjjjtjjjtj fddtj fddtj fddtj fddtj fddtjfddtjjji S)Ncs jdS)NFr6 getpeercertr1rbr1r2z,TLSStream.extra_attributes..cs jdS)NTrsr1rbr1r2ruscsjjSrc)r6rr1rbr1r2rurvcs jSrc)r6r r1rbr1r2rurvcsjSrcr"r1rbr1r2rurvcsjSrc)r6r1rbr1r2rurv)r5extra_attributesrrr6selected_alpn_protocolrget_channel_bindingrrrrr r"r!r#versionrbr1rbr2rxs,      zTLSStream.extra_attributes)rf)r$r%r&r'rr)r.r/r0rD classmethodr r( SSLContextrKrrobjectrFr r*rarer+rRrPrrpropertyrrrxr1r1r1r2r43s<     8  /  r4c@seZdZUdZeeed<ejed<dZ e ed<dZ e ed<e eedd d d Zdeegefeedd d dZddddZeeeegeffdddZdS) TLSListenera A convenience listener that wraps another listener and auto-negotiates a TLS session on every accepted connection. If the TLS handshake times out or raises an exception, :meth:`handle_handshake_error` is called to do whatever post-mortem processing is deemed necessary. Supports only the :attr:`~TLSAttribute.standard_compatible` extra attribute. :param Listener listener: the listener to wrap :param ssl_context: the SSL context object :param standard_compatible: a flag passed through to :meth:`TLSStream.wrap` :param handshake_timeout: time limit for the TLS handshake (passed to :func:`~anyio.fail_after`) listenerr:Tr"handshake_timeoutN)r_streamr;csRdtdt|IdHt|ts6ttdt|trLt|trNdS)Nz Handle an exception raised during the TLS handshake. This method does 3 things: #. Forcefully closes the original stream #. Logs the exception (unless it was a cancellation exception) using the ``z`` logger #. Reraises the exception if it was a base exception or a cancellation exception :param exc: the exception :param stream: the original stream zError during TLS handshake)r$rrYrlogging getLogger exception Exception)r_rr1r1r2handle_handshake_errors z"TLSListener.handle_handshake_error)handler task_groupr;cs6ttddfdd }j||IdHdS)N)rr;c sddlm}z4|j tj|jjdIdH}W5QRXWn4tk rt}z||IdHW5d}~XYnX|IdHdS)Nr ) fail_after)r:r") rrr4rKr:r"rdr)rrZwrapped_streamr_rr\r1r2handler_wrapper$s  $z*TLSListener.serve..handler_wrapper)rrrserve)r\rrrr1rr2rszTLSListener.server`cs|jIdHdSrc)rrerbr1r1r2re6szTLSListener.aclosecstjfddiS)NcsjSrcrwr1rbr1r2ru<rvz.TLSListener.extra_attributes..)rr"rbr1rbr2rx9s zTLSListener.extra_attributes)N)r$r%r&r'rrr)r/r}r"r.rfloat staticmethodrdrrrr4r rrrerrrxr1r1r1r2rs       r)%rrlr/Z dataclassesr functoolsrtypingrrrrrr r r r rrrrrZ_core._typedattrrrabcrrrrrr(r-r,rr4rr1r1r1r2s"  , ;