PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` giddlmZmZmZmZddlZddlZddlZddl Z ddl Z ddl m Z m Z ddlmZmZmZmZddlmZddlmZdd lmZdd lmZmZmZmZmZdd l m!Z!m"Z"m#Z#m$Z$dd l%m&Z&m'Z'm(Z(dd l)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;ddlm?Z?ddl@mAZAejdkreCZDejdkr ejZFn ejZFddgZGejdZIejdZKe je je je je jdZQdZRGddeSZTGddeSZUy))unicode_literalsdivisionabsolute_importprint_functionN)libssl LibsslConst) libcryptolibcrypto_version_infohandle_openssl_errorpeek_openssl_error)_backend_config) Certificate)pretty_message)nullbytes_from_bufferbuffer_from_bytesis_nullbuffer_pointer) type_namestr_clsbyte_cls int_types)TLSErrorTLSDisconnectErrorTLSGracefulDisconnectError)detect_client_auth_request extract_chainget_dh_params_lengthparse_session_inforaise_client_authraise_dh_paramsraise_disconnectionraise_expired_not_yet_validraise_handshakeraise_hostnameraise_no_issuerraise_protocol_errorraise_protocol_versionraise_self_signedraise_verificationraise_weak_signatureparse_tls_recordsparse_handshake_messages)load_certificater)parse_certificate)get_path)r4 TLSSession TLSSockettrust_list_paths( | | ))SSLv2SSLv3TLSv1TLSv1.1TLSv1.2c.tdkr|S|dd|dfS)a^ Takes a 3-element tuple from peek_openssl_error() and modifies it to handle the changes in OpenSSL 3.0. That release removed the concept of an error function, meaning the second item in the tuple will always be 0. :param error_tuple: A 3-element tuple of integers :return: A 3-element tuple of integers r3rr)r ) error_tuples F/opt/nydus/tmp/pip-target-bkdi07qp/lib/python/oscrypto/_openssl/tls.py_homogenize_openssl3_errorrADs'$ NA{1~ ..c6eZdZdZdZdZdZdZdZdZ ddZ dZ y)r6zj A TLS session object that multiple TLSSocket objects can share for the sake of session reuse Nc t|tsttdt |||_| t gd}t|tr t |g}n.t|t sttdt |t gd}||z }|rttdt|||_ g|_ |r|D]}t|tr |j}nt|tr t|}nmt|tr/t!|d5}t|j#}dddn.t|t$sttdt ||jj'|d} t(d krt+j,} nt+j.} t+j0| }t3|r t5d ||_t+j8|d t+j:|t<j>t<j@tCtDjFt d d gvrYtH} | tK} tDjFd k(rd} nd} t+jL|| jO| tC} nt+jP|} t5| |rt<jRnt<jT} t+jV|| tCt+jX|d} t5| t dg}|||jz z}|D]7}t+j:|t<jZt\|tC9|jr]t+j^|}|jD]8}ta|}t+jb||jd} t5| :yy#1swYxYw#tf$r |rt+jh|d|_wxYw)a] :param protocol: A unicode string or set of unicode strings representing allowable protocols to negotiate with the server: - "TLSv1.2" - "TLSv1.1" - "TLSv1" - "SSLv3" Default is: {"TLSv1", "TLSv1.1", "TLSv1.2"} :param manual_validation: If certificate and certificate path validation should be skipped and left to the developer to implement :param extra_trust_roots: A list containing one or more certificates to be treated as trust roots, in one of the following formats: - A byte string of the DER encoded certificate - A unicode string of the certificate filename - An asn1crypto.x509.Certificate object - An oscrypto.asymmetric.Certificate object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library zM manual_validation must be a boolean, not %s N)r;r<r=zu protocol must be a unicode string or set of unicode strings, not %s )r:r;r<r=z protocol must contain only the unicode strings "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", not %s rbz extra_trust_roots must be a list of byte strings, unicode strings, asn1crypto.x509.Certificate objects or oscrypto.asymmetric.Certificate objects, not %s rrriXwin32darwinmbcsutf-8sECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHAr9)5 isinstancebool TypeErrorrr_manual_validationsetr ValueErrorrepr _protocols_extra_trust_rootsrasn1rr1openreadAsn1Certificateappendr r SSLv23_method TLS_method SSL_CTX_newrr _ssl_ctxSSL_CTX_set_timeout SSL_CTX_ctrlr SSL_CTRL_SET_SESS_CACHE_MODESSL_SESS_CACHE_CLIENTrsysplatform_trust_list_pathr2SSL_CTX_load_verify_locationsencode SSL_CTX_set_default_verify_pathsSSL_VERIFY_NONESSL_VERIFY_PEERSSL_CTX_set_verifySSL_CTX_set_cipher_listSSL_CTRL_OPTIONS _PROTOCOL_MAPSSL_CTX_get_cert_storer0X509_STORE_add_certx509 Exception SSL_CTX_free)selfprotocolmanual_validationextra_trust_rootsvalid_protocolsunsupported_protocolsextra_trust_rootfssl_ctxmethodr8 path_encodingresult verify_modedisabled_protocolsdisabled_protocol x509_storecert oscrypto_certs r@__init__zTLSSession.__init__ds>+T2N+,  #4  :;H h (H:HHc*N(#  FG (? : ^*+  #"$ $5 A . <'7'<'<$ 0(;'89I'J$ 0':.5G+|d}t|}|jjtd d gvr t|||k(r tj|j}t|}d}d}d}d}d}|r|d}t|}|j}ttjtjtjg}||vr| }ttjtjg} || v}|r t||r t||r t||r.|jjtd d gvr t|t|tdtt||}!|!d|_U|!d|_V|!d|_W|!d|_X|!d|_Y|jjddk7r*t|}"|"dkr|jt_|jdk(s|jdk(rm|j j&r)tj|j j&tj|j|j _|j js|jjtd d gvrt|j|jj|js!t|j|jyyy#ttjf$r|jr5tj|jd|_d|_d|_nd|jr&tj|jd|_|jr&tj|jd|_|jwxYw)z2 Perform an initial TLS handshake NrrJrBTrFrFr3 md5md2rs cipher_suite compression session_idsession_ticket_DHE_inew)h_ssl_rbio_wbiorSSL_newrr\rr BIO_s_memBIO_new SSL_set_biorreSSL_ctrlr SSL_CTRL_SET_TLSEXT_HOSTNAMETLSEXT_NAMETYPE_host_nameSSL_set_connect_staterSSL_set_sessionr _buffer_size_bio_write_buffer _read_bufferSSL_do_handshake _raw_write SSL_get_errorSSL_ERROR_WANT_READ _raw_readr$rr"r)SSL_ERROR_WANT_WRITESSL_ERROR_ZERO_RETURN_gracefully_closed _shutdown _raise_closedr ERR_LIB_SSL#SSL_F_SSL3_CHECK_CERT_AND_ALGORITHMSSL_R_DH_KEY_TOO_SMALLrASSL_F_TLS_PROCESS_SKE_DHESSL_F_SSL3_GET_KEY_EXCHANGESSL_R_BAD_DH_P_LENGTHr#r SSL_F_SSL23_GET_SERVER_HELLOSSL_R_UNKNOWN_PROTOCOLSSL_F_SSL3_GET_RECORDSSL_R_WRONG_VERSION_NUMBER"SSL_R_TLSV1_ALERT_PROTOCOL_VERSIONr*#SSL_R_SSLV3_ALERT_HANDSHAKE_FAILUREr&SSL_F_SSL3_READ_BYTESr.r/!SSL_F_SSL3_GET_SERVER_CERTIFICATESSL_R_CERTIFICATE_VERIFY_FAILED$SSL_F_TLS_PROCESS_SERVER_CERTIFICATE ERR_LIB_ASN1ASN1_F_ASN1_ITEM_VERIFY'ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHMrr0rT hash_algorOr-SSL_get_verify_result self_signed&X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT$X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN,X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLYX509_V_ERR_CERT_HAS_EXPIREDX509_V_ERR_CERT_NOT_YET_VALIDr%r(r+r,rr! _protocol _cipher_suite _compression _session_id_session_ticketfindr closerSSL_get1_sessionrN certificateis_valid_domain_ipr'OSErrorrerrorSSL_freeBIO_free)#rrmem_bio utf8_domainhandshake_server_byteshandshake_client_bytesr}rchunkinfo dh_key_info_1 dh_key_info_2 dh_key_info_3unknown_protocol_infotls_version_info_errorhandshake_error_infohandshake_failure_infosaw_client_auth record_type_ record_data message_type message_datacert_verify_failed_infounknown_hash_algo_infochainrr verify_resultr time_invalid no_issuerissuer_error_codestime_error_codes session_infodh_params_lengths# r@rzTLSSocket._handshakes    N t}}'='=>DItyy!  $Q'&&(G0DJtzz"$Q'0DJtzz"$Q'   tyy$**djj A..//8K OO 8855    ( ( 3}}))&&tyy$--2L2LM%6t7H7H%ID " 1$2C2C DD %( "%( "00;&$//*;;&Q;,,TYY?K;;; NN,E|1S8/156LM-/,-CD*e3*k>>>*doo.??*k???.2D+NN5)&&(./D$//#GG#::%M %?}$MM$//#==#::%M %?}$MM$//#??#99%M %?}$MM}, 0EQ^I^')-6'33'DD'>>1-(33'=='BB1- 1KK`0a-44,-CD$//#@@#FF.* .HH^-_*55.0$//#@@#GG,(.5$BV:V')$//#99#GG.* .HH^-_*55*/;LMc;d*7KK*g5 (>VWb>c* : l#/7#:6:O$)**+-/')-6'33'II'GG3/(33'LL'GG3/ 3MMd2e/ $00#;;#KK.* .HH^-_*55 -.D E #(8D,?RR 4] C66(.(D(DTYY(O -.D E&+ ', $) #(,  #(8D,>J"4#3#3T^^DK 4' yy *  ! ! ::OODJJ/!%DJ::OODJJ/!%DJ JJL # sUQWW]'+$\\X-!''R-'+$ s C""E5AEEcZt|tsttdt |t |j }||k\r%|j d|}|j |d|_|S|j|j|dkDr&|jds|j }d|_|St|j||z }|j }d}|rd}tj|j|j|}|j|dkrtj |j|}|t"j$k(r!|j'dk7rd}t)nb|t"j*k(r|jd}|t"j,k(rd|_|j1dn-t3dt4|t7|j|z }|r|j.rt |dk(r|j||d|_|d|S)aO Reads data from the TLS-wrapped socket :param max_length: The number of bytes to read - output may be less than this :raises: socket.socket - when a non-TLS socket error occurs oscrypto.errors.TLSError - when a TLS-related error occurs ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the data read zG max_length must be an integer, not %s rNrBTF)rKrrMrrrrrr select_readr!rrSSL_readrrrr rrr$rrrrr rr)rr max_lengthbuffered_lengthrr'againr}rs r@rVzTLSSocket.reads $*i0N*%  d334 j (**1Z8F$($9$9*+$FD !M 99      Q t'7'7':**F$'D !Md''o)EF&&E__TYY0A0A7KF OO {,,TYY?K;;;~~'3. $ ')k>>>OO% Ek???.2D+NN5))H5 '(9(96B BF58  " "s6{a'7    &z{ 3a ##rBct|jdkDrytj|jggg|\}}}t|dkDS)aZ Blocks until the socket is ready to be read from, or the timeout is hit :param timeout: A float - the period of time to wait for data to be read. None for no time limit. :return: A boolean - if data is ready to be read. Will only be False if timeout is not None. rT)rrselectr)rrr read_readyrs r@r-zTLSSocket.select_readvsJ t$$ % )!==$,,RI Aq:""rBct|ts.t|tstt dt |d}t|t} t |jdkDr|j}d|_nP|j|jtj|jxsd}|j|}t |}||z }|r$|j|}|R|j}nBtd|t |z dz } |j!|| }|dk7r|t |z}n||d|jz|_|d|S)a Reads data from the socket until a marker is found. Data read includes the marker. :param marker: A byte string or regex object from re.compile(). Used to determine when to stop reading. Regex objects are more inefficient since they must scan the entire byte string of read data each time data is read off the socket. :return: A byte string of the data read, including the marker z_ marker must be a byte string or compiled regex object, not %s rBrNrrr)rKrPatternrMrrrrrrr SSL_pendingrVsearchendmaxr) rrmarkerris_regexrr'offsetmatchr9starts r@ read_untilzTLSSocket.read_untilsZ&(+Jvw4ON&!  fg.4(()A---(+%99$&&( ,,TYY7?4 '*[F eOF f-$))+C AvF 3a78 FE2B;#f+-C58!'st t/D/D Da}rBc,|jtS)z Reads a line from the socket, including the line ending of "\r\n", "\r", or "\n" :return: A byte string of the next line from the socket )r@ _line_regexrs r@ read_linezTLSSocket.read_lines{++rBchd}|}|dkDr(||j|z }|t|z }|dkDr(|S)z Reads exactly the specified number of bytes from the socket :param num_bytes: An integer - the exact number of bytes to read :return: A byte string of the data that was read rBr)rVr)rr num_bytesr remainings r@ read_exactlyzTLSSocket.read_exactlysF !m dii * *F!CK/I!m rBcrt|}|r)|j|jtj|j||}|j |dkrtj |j|}|tjk(r|jdk7rtnp|tjk(r|j |tjk(r)d|_ |jd|jntdt ||d}t|}|r(yy)a Writes data to the TLS-wrapped socket :param data: A byte string to write to the socket :raises: socket.socket - when a non-TLS socket error occurs oscrypto.errors.TLSError - when a TLS-related error occurs ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library NrrBTF)rrrr SSL_writerrr rrr$rrrrr r)rrrdata_lenr}rs r@writezTLSSocket.writest9yy ""$%%diix@F OO {,,TYY?K;;;~~'3. ')k>>>OO%k???.2D+NN5)&&()H5=D4yH5rBcltjg|jgg|\}}}t|dkDS)aw Blocks until the socket is ready to be written to, or the timeout is hit :param timeout: A float - the period of time to wait for the socket to be ready to written to. None for no time limit. :return: A boolean - if the socket is ready for writing. Will only be False if timeout is not None. r)r3rr)rrrr write_readys r@r%zTLSSocket.select_writes5#MM"t||nb'J;;!##rBc|jy tj|j} |j|dk\rn|dkr|tj |j|}|t jk(r|jdk7rn5|t jk(r|jtdt|rd|_ tj|jd|_d|_d|_ |j j#t$j&y#t$rYwxYw#t$j($rYywxYw)z Shuts down the TLS session and then shuts down the underlying socket :param manual: A boolean if the connection was manually shutdown NTrrB)rr SSL_shutdownrrrr rrrr r _local_closedrrrrshutdownr SHUT_RDWRr)rrmanualr}rs r@rzTLSSocket._shutdowns) 99  ((3F !{z,,TYY?K;;;~~'3. k>>>OO%)H514 !%D  "     LL ! !'"3"3 4='  >    s#D/)D>/ D;:D;>EEc&|jdy)zV Shuts down the TLS session and then shuts down the underlying socket TN)rrs r@rQzTLSSocket.shutdownQs trBcR |j|jr# |jjd|_yy#tj$rYwxYw#|jr= |jjn#tj$rYnwxYwd|_wwxYw)zN Shuts down the TLS session and socket and forcibly closes it N)rQrrrrrs r@rzTLSSocket.closeXs $ MMO||LL&&( $  ||LL&&( # s@AAAA B&)BB&BB&B B&ctj|j}t|rt dt t dkrtj|}ntj|}g|_ td|D]}t dkrtj||}ntj||}tj|t}t!|}t#|}tj||}t |t%||} t'j(| } |dk(r| |_|jj-| y)zh Reads end-entity and intermediate certificate information from the TLS session rrFN)rSSL_get_peer_cert_chainrrr rr sk_numOPENSSL_sk_num_intermediatesrangesk_valueOPENSSL_sk_valuer i2d_X509rrrrrWload _certificaterX) rr stack_pointer number_certsindexx509_ buffer_size cert_buffer cert_pointer cert_length cert_datars r@_read_certificateszTLSSocket._read_certificateshs 66tyyA = ! H - !F *!==7L!00?L 1l+ 1E%. u=// uE#,,UDF;K+K8K)+6L#,,ULAK  -)+{CI"'' 2Dz$(!##**40# 1rBct|jr td|jr tdtd)zi Raises an exception describing if the local or remote end closed the connection z!The connection was already closedz$The remote end closed the connectionzThe connection was closed)rPrrrrs r@rzTLSSocket._raise_closeds:   $%HI I  $ $,-ST T$%@A ArBc|j|j|j|j|jS)zu An asn1crypto.x509.Certificate object of the end-entity certificate presented by the server )rrr`rjrs r@rzTLSSocket.certificates> 99        $  # # %   rBc|j|j|j|j|jS)zz A list of asn1crypto.x509.Certificate objects that were presented as intermediates by the server )rrr`rjrZrs r@ intermediateszTLSSocket.intermediatess> 99        $  # # %"""rBc|jS)zg A unicode string of the IANA cipher suite name of the negotiated cipher suite )rrs r@rzTLSSocket.cipher_suites!!!rBc|jS)zM A unicode string of: "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" )rrs r@rszTLSSocket.protocol ~~rBc|jS)z5 A boolean if compression is enabled )rrs r@rzTLSSocket.compressions    rBc|jSzM A unicode string of "new" or "reused" or None for no ticket )rrs r@rzTLSSocket.session_ids rBc|jSrt)rrs r@rzTLSSocket.session_tickets ###rBc|jS)zM The oscrypto.tls.TLSSession object used for this connection )rrs r@rzTLSSocket.sessions }}rBc|jS)zN A unicode string of the TLS server domain name or IP address )rrs r@rzTLSSocket.hostnamerqrBc<|jjdS)zJ An integer of the port number the socket is connected to r)r getpeernamers r@rzTLSSocket.ports {{&&(++rBcR|j|j|jS)z9 The underlying socket.socket connection )rrrrs r@rzTLSSocket.sockets$ 99     ||rBc$|jyr)rrs r@rzTLSSocket.__del__s  rBr) N)7rrrrrrrrrrrrrrrr`rZrrrrrrPr classmethodrrrrrrVr-r@rCrGrKr%rrQrrjrpropertyrrnrrsrrrrrrrrrrBr@r7r7 sGH D E ELLJILNIMLKOM11fAFWr*%NU$n#(8t ,&*!X$ 1f$ "1H B ! ! # #""!!  $$,,rB)V __future__rrrrrarerrr3r_libsslrr _libcryptor r r r r_asn1rrW_errorsr_ffirrrrr_typesrrrrerrorsrrr_tlsrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/ asymmetricr0keysr1 trust_listr2 version_infoxranger[ _pattern_typer6__all__getrccompilerBSSL_OP_NO_SSLv2SSL_OP_NO_SSLv3SSL_OP_NO_TLSv1SSL_OP_NO_TLSv1_1SSL_OP_NO_TLSv1_2rlrAobjectr6r7rrBr@rs#RR  (cc2$VV<<MM(6$!d EfGjjG  #$(():;bjj)  ( (  ( (  ( (,,,,  /&F%F%RddrB