PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` giddlmZmZmZmZddlZddlZddlZddl Z ddl Z ddl m Z ddlmZddlmZmZmZmZmZmZmZmZmZmZmZmZmZmZddlm Z m!Z!m"Z"dd l#m$Z$m%Z%m"Z&dd l'm(Z(dd l)m*Z*m+Z+m,Z,m-Z-dd l.m/Z/m0Z0m1Z1m2Z2dd l3m4Z4m5Z5m6Z6m7Z7m8Z8m9Z9m:Z:m;Z;mZ>m?Z?m@Z@mAZAmBZBmCZCmDZDmEZEmFZFddlGmHZHm Z ddlImJZJejdkreLZMejZOnePZOejdkr ejZRn ejZRddgZSejdZUejZWeWdeWdfZXGdde0ZYGdde/ZZGdde[Z\Gdde[Z]y))unicode_literalsdivisionabsolute_importprint_functionN) Certificate)pretty_message)buffer_from_bytesbuffer_from_unicodebytes_from_buffercastderefis_nullnativenewnullrefsizeofstructunwrapwrite_to_buffer)secur32 Secur32Const handle_error)crypt32 Crypt32Constr)kernel32) type_namestr_clsbyte_cls int_types)TLSErrorTLSVerificationErrorTLSDisconnectErrorTLSGracefulDisconnectError)detect_client_auth_requestdetect_other_protocol extract_chainget_dh_params_length parse_alertparse_session_inforaise_client_authraise_dh_paramsraise_disconnectionraise_expired_not_yet_validraise_handshakeraise_hostnameraise_no_issuerraise_protocol_errorraise_protocol_version raise_revokedraise_self_signedraise_verificationraise_weak_signature)load_certificater)parse_certificate))r< TLSSession TLSSockets( | | )c eZdZy)_TLSDowngradeErrorN)__name__ __module__ __qualname__B/opt/nydus/tmp/pip-target-bkdi07qp/lib/python/oscrypto/_win/tls.pyrArAQsrFrAceZdZdZy)_TLSRetryErrorz TLSv1.2 on Windows 7 and 8 seems to have isuses with some DHE_RSA ServerKeyExchange messages due to variable length integer encoding. This exception is used to trigger a reconnection to attempt the handshake again. N)rBrCrD__doc__rErFrGrIrIVs   rFrIc8eZdZdZdZdZdZdZdZddZ dZ dZ y)r>zj A TLS session object that multiple TLSSocket objects can share for the sake of session reuse Nc jt|tsttdt |||_| t gd}t|tr t |g}n.t|t sttdt ||t gdz }|rttdt|||_ g|_ |r|D]}t|tr |j}nt|tr t|}nmt|tr/t!|d5}t|j#}dddn.t|t$sttdt ||jj'||j)y#1swY7xYw) a] :param protocol: A unicode string or set of unicode strings representing allowable protocols to negotiate with the server: - "TLSv1.2" - "TLSv1.1" - "TLSv1" - "SSLv3" Default is: {"TLSv1", "TLSv1.1", "TLSv1.2"} :param manual_validation: If certificate and certificate path validation should be skipped and left to the developer to implement :param extra_trust_roots: A list containing one or more certificates to be treated as trust roots, in one of the following formats: - A byte string of the DER encoded certificate - A unicode string of the certificate filename - An asn1crypto.x509.Certificate object - An oscrypto.asymmetric.Certificate object :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library zM manual_validation must be a boolean, not %s N)TLSv1TLSv1.1TLSv1.2zu protocol must be a unicode string or set of unicode strings, not %s SSLv3rMrNrOz protocol must contain only the unicode strings "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", not %s rbz extra_trust_roots must be a list of byte strings, unicode strings, asn1crypto.x509.Certificate objects or oscrypto.asymmetric.Certificate objects, not %s ) isinstancebool TypeErrorr r_manual_validationsetr ValueErrorrepr _protocols_extra_trust_rootsrasn1r!r;openreadAsn1Certificateappend_obtain_credentials)selfprotocolmanual_validationextra_trust_rootsunsupported_protocolsextra_trust_rootfs rG__init__zTLSSession.__init__ms>+T2N+,  #4  :;H h (H:HHc*N(#  !)3/W+X X ^*+  #"$ $5 A . <'7'<'<$ 0(;'89I'J$ 0':.5G+|j#tj$tj&tj(gt+t,dt/|z}t1|D] \}}|||< tj2tj4z} |j6s |j8s| tj:z} n| tj<z} t?t,d} tA| } tjB| _"d| _#tI| _%tI| _&d| _'tI| _(t/|| _)|| _*|| _+d| _,d| _-d| _.| | _/d| _0t+t,d} t-jbtItjdtjftI| tItI| tI } ti| | |_5y)zU Obtains a credentials handle from secur32.dll for use with SChannel rPrrOz ALG_ID[%s] SCHANNEL_CREDz CredHandle *N)6rSP_PROT_SSL3_CLIENTSP_PROT_TLS1_CLIENTSP_PROT_TLS1_1_CLIENTSP_PROT_TLS1_2_CLIENTitemsrZ CALG_AES_128 CALG_AES_256 CALG_3DES CALG_SHA1 CALG_ECDHE CALG_DH_EPHEM CALG_RSA_KEYX CALG_RSA_SIGN CALG_ECDSA CALG_DSS_SIGNextend CALG_SHA512 CALG_SHA384 CALG_SHA256rrlen enumerateSCH_USE_STRONG_CRYPTOSCH_CRED_NO_DEFAULT_CREDSrVr[SCH_CRED_AUTO_CRED_VALIDATIONSCH_CRED_MANUAL_CRED_VALIDATIONrrSCHANNEL_CRED_VERSION dwVersioncCredsrpaCred hRootStorecMappers aphMapperscSupportedAlgspalgSupportedAlgsgrbitEnabledProtocolsdwMinimumCipherStrengthdwMaximumCipherStrengthdwSessionLifespandwFlags dwCredFormatAcquireCredentialsHandleW UNISP_NAMESECPKG_CRED_OUTBOUNDr_credentials_handle)rbprotocol_valuesprotocol_bit_maskkeyvaluealgs alg_arrayindexalgflagsschannel_cred_pointer schannel_credcred_handle_pointerresults rGrazTLSSession._obtain_credentialss "55!55#99#99   )//1 +JCdoo%!U*! +  % %  % %  " "  " "  # #  & &  & &  & &  # #  & &    ' KK((((((  D !9: #D/ #JE3"Ie  #22\5[5[[&&t/F/F \?? ?E \AA AE &w @45 "."D"D  #v #'6  !" #'6  '*9~ $*3 '.? +01 -01 -*+ ' % %& "!'>:22 F  # #  - - F ! F F  F   V#6 rFc|jr2tj|j}t|d|_yyN)rrFreeCredentialsHandler)rbrs rG__del__zTLSSession.__del__s6  # #2243K3KLF  '+D $ $rF)NFN) rBrCrDrJrZ_ciphersrVr[rrirarrErFrGr>r>as8 JHX#tO7b,rFceZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZdZdZdZdZdZdZdZed dZd!dZdZdZ d"dZ!d Z"d d Z#d Z$d Z%d Z&dZ'd dZ(dZ)dZ*dZ+dZ,e-dZ.e-dZ/e-dZ0e-dZ1e-dZ2e-dZ3e-dZ4e-dZ5e-dZ6e-dZ7e-dZ8dZ9y)#r?z8 A wrapper around a socket.socket that adds TLS NFc2t|tjstt dt |t|t stt dt ||.t|tstt dt ||dd|}||_||_ |j|S#t$r'}t|j|j}|d}~wt$r}t!|j}|d}~wwxYw)az Takes an existing socket and adds TLS :param socket: A socket.socket object to wrap with TLS :param hostname: A unicode string of the hostname or IP the socket is connected to :param session: An existing TLSSession object to allow for session reuse, specific protocol or manual certificate validation :raises: ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library zU socket must be an instance of socket.socket, not %s zK hostname must be a unicode string, not %s N` session must be an instance of oscrypto.tls.TLSSession, not %s )session)rSsocket_socketrUr rr r>_socket _hostname _handshakerAr$message certificaterIr#)clsrhostnamer new_socketenew_es rGwrapzTLSSocket.wrapEs*&'..1N&!  (G,N(#    z':'FN'"  tW5 # '     ! ! ## (AMMBEK QYY'EK s$1C D "C.. D:DDcd|_d|_| |d|_nt|tst t dt|t|tst t dt||8t|tjst t dt|tj||f||_|jj|| t}n.t|tst t dt|||_|jr||_ |j#yy#t$$r|j't|j(t+dgz |j,|j.}|j1d|_||_tj||f||_|jj||j#Yyt2$rRd|_tj||f||_|jj||j#YywxYw)a :param address: A unicode string of the domain name or IP address to connect to :param port: An integer of the port number to connect to :param timeout: An integer timeout to use for the socket :param session: An oscrypto.tls.TLSSession object to allow for session reuse and controlling the protocols and validation performed rFNzR address must be a unicode string, not %s zI port must be an integer, not %s zJ timeout must be a number, not %s rrO)_received_bytes_decrypted_bytesrrSr rUr rr"numbersNumberrcreate_connection settimeoutr>_sessionrrrAcloserZrWrVr[rrI)rbaddressporttimeoutr new_sessions rGrizTLSSocket.__init__s' # # ?t|DLgw/g& !dI.dO !":gw~~+Ng& !#44gt_gNDL LL # #G , ? lGGZ0N'"    <<$DN "!  ' " (&&i[)99.... !'*$ + &88'4'R  ''0!" "'*$&88'4'R  ''0!  "s?EB7I$ AI$#I$c6ttd|z}td|D]6}d||_tj ||_t||_8ttd}t|}tj|_ ||_ ||_||fS)z Creates a SecBufferDesc struct and contained SecBuffer structs :param number: The number of contains SecBuffer objects to create :return: A tuple of (SecBufferDesc pointer, SecBuffer array) z SecBuffer[%d]r SecBufferDesc)rrrangecbBufferrSECBUFFER_EMPTY BufferTyperpvBufferrrSECBUFFER_VERSION ulVersioncBufferspBuffers)rbnumberbuffersrsec_buffer_desc_pointersec_buffer_descs rG_create_bufferszTLSSocket._create_bufferssg781f% -E&'GEN #(4(D(DGEN %&*fGEN # - #)/"B !89$0$B$B!#) #* '11rFc $d}d} tjtjtjt dt }t |r tdt}|jjD]}|j}tj|tj|t|tjt }|s td|j|j t#td}t%j&|j(t*j,|}t/|t1|}t3td|}t#t4d} t5j6| t3td| } t#td} t3tdtj8| d<t3tdtj:| d<t3tdtj<| d <t?td } t1| } d | _ t3td | | _!t?td }t1|}tjD|_#| |_$t?td}t1|}||_%tMt|}||_'t#td}tjPt || ||tjRtjTzt |}t|tjV}t1|}t1|}tYtZ|j\}|dk(rt1|j^}t1|}tYtZ|j`}|jb|dz }t1|}t1|jd}tg|jhtYtZ|jj}tmjn|}|j |vr|tjpz}t?td}t1|} tMt| | _'tjr| _:d| _;t3tdty|jz| _>t?td}!t1|!}"tMt|"|"_'||"_?t3td||"_@t?td}#t1|#}$tMt|$|$_'tjtj||!|#}t|t1|}%tg|%jhtYtZ|%jj}tmjn|}|$j}&|&r|&tjk(r t||&tjk(r.t|}'|'jr t|n t||&tjk(rt||jz|&tjk(r t||&tjk(r t|t||jtddgvr t||rtj|d|rtj|yy#|rtj|d|rtj|wwxYw)z Manually invoked windows certificate chain builder and verification step when there are extra trust roots to include in the search process NrzPCERT_CONTEXT * PCERT_CONTEXTz FILETIME *z char *[3]zchar *rrCERT_ENHKEY_USAGEr<zchar **CERT_USAGE_MATCHCERT_CHAIN_PARAzPCERT_CHAIN_CONTEXT * SSL_EXTRA_CERT_CHAIN_POLICY_PARAz wchar_t *CERT_CHAIN_POLICY_PARAzvoid *CERT_CHAIN_POLICY_STATUSmd5md2)Ur CertOpenStorerCERT_STORE_PROV_MEMORYX509_ASN_ENCODINGrrhandle_crypt32_errorrWrr[dump CertAddEncodedCertificateToStorerCERT_STORE_ADD_USE_EXISTINGaddsha256rrQueryContextAttributesW_context_handle_pointerrSECPKG_ATTR_REMOTE_CERT_CONTEXTrrr rGetSystemTimeAsFileTimePKIX_KP_SERVER_AUTHSERVER_GATED_CRYPTO SGC_NETSCAPErcUsageIdentifierrgpszUsageIdentifierUSAGE_MATCH_TYPE_ORdwTypeUsageRequestedUsagercbSizeCertGetCertificateChainCERT_CHAIN_CACHE_END_CERT&CERT_CHAIN_REVOCATION_CHECK_CACHE_ONLY.CERT_CHAIN_POLICY_IGNORE_ALL_REV_UNKNOWN_FLAGSrintcChainrgpChaincElement rgpElement pCertContextr pbCertEncoded cbCertEncodedr_load'CERT_CHAIN_POLICY_ALLOW_UNKNOWN_CA_FLAGAUTHTYPE_SERVER dwAuthType fdwChecksr rpwszServerNamerpvExtraPolicyPara CertVerifyCertificateChainPolicyCERT_CHAIN_POLICY_SSLdwErrorCERT_E_EXPIREDr0CERT_E_UNTRUSTEDROOTr: self_signedr7r3CERT_E_CN_NO_MATCHr2TRUST_E_CERT_SIGNATUREr9CRYPT_E_REVOKEDr6r8 hash_algoCertCloseStoreCertFreeCertificateChain)(rbstorecert_chain_context_pointer cert_hashescert cert_datarcert_context_pointer_pointercert_context_pointerorig_now_pointer now_pointerusage_identifierscert_enhkey_usage_pointercert_enhkey_usagecert_usage_match_pointercert_usage_matchcert_chain_para_pointercert_chain_paracert_chain_para_size"cert_chain_context_pointer_pointercert_chain_policy_para_flagscert_chain_context num_chainsfirst_simple_chain_pointerfirst_simple_chain num_elementslast_element_pointer last_elementlast_element_certlast_element_cert_data last_cert(ssl_extra_cert_chain_policy_para_pointer ssl_extra_cert_chain_policy_paracert_chain_policy_para_pointercert_chain_policy_para cert_chain_policy_status_pointercert_chain_policy_status cert_contexterror oscrypto_certs( rG_extra_trust_root_validationz&TLSSocket._extra_trust_root_validations %)"g M))33.. Eu~$Q'%K 88 - IIK  AA 22 N <<F (+ , -,/w8I+J (44,,<<,F  #)*F#G #'BV#W  #8\:   , ,-= >w 6FGK #G[ 9 #'<;[;[#\ a #'<;[;[#\ a #'<;T;T#U a (.w8K(L % &'@ A 12  .59'9N_5`  2'-g7I'J $%&>? &2&F&F  #%6  "&,W6G&H #$%<=O-=O *#)'?#C %9O "14W>U1V .44$'669l9ll2 F ! (+7+f+f ()/0R)S & "((B!C %7%>%>?JQ-34F4O4O-P*%+,F%G"%c+=+F+FG '9'D'D\TUEU'V$%&:; $*<+D+D$E!):%333 1 ? ?@*&,001GH ##{20L4h4hh07=gGi7j 4/56^/_ ,6B#DNN3? , ; .4G=U-V *%+,J%K ",27V.W $ +==22*.0 F ! (!"67L),*D*DfSR^RlRlFmnI"'' 2D,44EL777/5L===$4T$:M$00)$/'-L;;;"48L???(.L888!$'"4(~~eU^!44$T*&&ua0)001KL*&&ua0)001KL*s Z&[2\cBd}d}d} |r |j}nttd}|}tjdtj dtj dtjdtjdtjdtjd i}d |_ |D]}|xj|zc_ |jd \}}tj|d _|jd \} }tj|d _tj|d _ttd } |r |} t!} n t!} |} tj"|j$j&| |j(|jd d t!d | | | t! } | t+tj,tj.gvrt1| t2|s| }n| }d}d}|d j4d kDrt7|d j8|d j4}||z }|j:j=|d |d _tj>|d j8t!|d _tAd}tCtd||d _d}| tj,k7r d}|j:jEd}|dk(r tG||z }|xjJ|z c_%tM|jJ|d _tO||jJtj"|j$j&||j(|jd d |d t!| | t! } | tjPk(rtj|d _|d jtjRk7rntjR|d _d |d _tU|d j8s4tj>|d j8t!|d _|r tG| tjVk(r;tY|r t[t]|}|r|dk(r t_ta| tjbk(r$te|}tg|d |j(| tjhk(rte|}tk|d | tjlk(r=te|}|d }to|}|jps ts|tu|| tjvk(rty|dkr t{| tj|k(r t[| t~jk(r t| tjk(r|d j4d kDrt7|d j8|d j4}||z }|dd}|dk(s|dk(rTd|j$jvr|d j8t!|d _|d jtjk(r|d j4}|jJ| d|_%tjR|d _d |d _tj>|d j8t!|d _| tj,k(r|| d}nd|_%| tj,k7r ttd}tj|tj|} t1| t2t|}tjdtjdtjd tjd!tjdijtt|jt|j|_Z|jt+gd"vr4t||}|d#|_\|d$|_]|d%|_^|d&|__t| }|D]"}||zd k(s ttd'|||s||_d}ttd(}tj|jtj|} t1| t|} tt| j|_ett| j|_gtt| j|_i|j|jz|jz|_j|j$jr|j|rttU|d j8s"tj>|d j8tU|d j8s"tj>|d j8|rtj|yy#tH$rd}YwxYw#ttjf$r|jwxYw#|rttU|d j8s"tj>|d j8tU|d j8s"tj>|d j8|rtj|wwxYw))z Perform an initial TLS handshake, or a renegotiation :param renegotiate: If the handshake is for a renegotiation Nz CtxtHandle *zreplay detectionzsequence detectionconfidentialityzmemory allocation integrityzstream orientationzdisable automatic client authrrrULONG *rFiBYTE *F T)rFir=(+rOzMServer certificate verification failed - weak certificate signature algorithmzTLS handshake failedSecPkgContext_ConnectionInfoSSLv2rQrMrNrP cipher_suite compression session_idsession_ticketzl Unable to obtain a credential context with the property %s SecPkgContext_StreamSizes)qrrrrISC_REQ_REPLAY_DETECTISC_REQ_SEQUENCE_DETECTISC_REQ_CONFIDENTIALITYISC_REQ_ALLOCATE_MEMORYISC_REQ_INTEGRITYISC_REQ_STREAMISC_REQ_USE_SUPPLIED_CREDS_context_flagsrSECBUFFER_TOKENrSECBUFFER_ALERTrInitializeSecurityContextWrrrrWSEC_E_OKSEC_I_CONTINUE_NEEDEDrr#rr rrsendFreeContextBufferr r recvr/socket_error_clsrrrSEC_E_INCOMPLETE_MESSAGErrSEC_E_ILLEGAL_MESSAGEr'r-r+r5r1SEC_E_WRONG_PRINCIPALr)r2SEC_E_CERT_EXPIREDr0SEC_E_UNTRUSTED_ROOTr:rr3r7SEC_E_INTERNAL_ERRORr*r.SEC_I_INCOMPLETE_CREDENTIALSrrr9SEC_E_INVALID_TOKENrZrAr(r4SEC_E_BUFFER_TOO_SMALLSEC_E_MESSAGE_ALTEREDrISEC_E_INVALID_PARAMETERSECBUFFER_EXTRArrSECPKG_ATTR_CONNECTION_INFOrSP_PROT_SSL2_CLIENTrlrmrnrogetrr dwProtocolr _protocolr, _cipher_suite _compression _session_id_session_ticketrOSErrorr SECPKG_ATTR_STREAM_SIZEScbHeader _header_sizecbMaximumMessage _message_size cbTrailer _trailer_size _buffer_sizer[r>rr<rDeleteSecurityContext)!rb renegotiate in_buffers out_buffersnew_context_handle_pointertemp_context_handle_pointerrequested_flagsflagin_sec_buffer_desc_pointerout_sec_buffer_desc_pointeroutput_context_flags_pointer first_handle second_handlerhandshake_server_byteshandshake_client_bytestokenin_data_buffer bytes_read fail_late alert_infochainrr= alert_bytes alert_number extra_amountconnection_info_pointerconnection_info session_infooutput_context_flagsstream_sizes_pointer stream_sizess! rGrzTLSSocket._handshakes   %)"` J.2.J.J+-0.-I*.H+224F446J446G446I.. ++-A779XO#$D ' ,##t+# ,6:5I5I!5L 2 & '3'C'CJqM $7;7K7KA7N 4 '(4(D(DKN %(4(D(DKN %+.w +B (: $ #v ; 77 11##+, FS,"7"79[9[!\]]VX..;+.:+%( "%( "1~&&*)+a.*A*A;q>CZCZ[&%/& !!%(*+ A'))+a.*A*AB*.& A'.u5N%)'8^%LJqM "JL111% %I!%!2!24!8J!S(+-'*4&$$ 2$),T-A-A)B 1 &0D0DE ;;MM55/NN''.F/0F \BBB/;/K/KJqM,"!}//<3O3OO3?3O3O 1 012 1 .&z!}'='=>#55jm6L6LM59VJqM2 +-\???12HI)+!,-C!DJ!jG&;.0#%\???)*@AE"58T^^<\<<<)*@AE/a9\>>>)*@AE 8D$4T$:M(44'-%d+\>>>+,BCdJ')\FFF%'\@@@(.\===#1~..2&7 A8O8OQ\]^Q_QhQh&i .+=.'21Q'7 '72lg6M(DMM,D,DDT]]MeMeIfijIj(56L(M&8$s$)!H'"!"22HI)+,-CD,-CD#% \@@@FlNpNpDp DMM$<$<<,-CDD')\AAA+,BCdJ')l&;&;\=_=_%`!aa 2q>**Q.-k!n.E.E{ST~G^G^_E*e3*LL%%e,./KN+--k!n.E.EF.2fKN+a=++|/K/KK#-a=#9#9L+/+?+? +OD(/;/K/KJqM,-.JqM*--jm.D.DE-1VJqM*!6!661G 1W.,/D(_L111b'-W6T&U #44+88'F  *$%<=O00'00'00'22I22I  c&o8897?C]C];^_ N~~%M!NN12HJ`a %1.%A"$0$?!#/ #= '34D'E$#()E#F ' //A5!.(- # /J,-1*'-g7R'S$ 8800 99( V$%&:; $*3 0E0E$F!%+C1N1N%O"%+C1G1G%H"$($5$58J8J$JTM_M_$_!}}//113{1~667--k!n.E.EF{1~667--k!n.E.EF)--.HI*_)% $I%H'  JJL   {1~667--k!n.E.EF{1~667--k!n.E.EF)--.HI*sLJ?o ,o4Wo Eo D'o  oo oo +p  pBrc t|tsttdt |j Dj dk7r%j d|}j |d_|Sjjstj_jd\_ _ tjjd_t#t$djjd_t)|j}t+jd jdjdjd  fd }j }t-|}d_|dkDrj/ds d_|St-j0dk(}||kr|rPxj0j2j5|z c_t-j0dk(r t7t9t-j0j}|dk(rnT|jd_t=jj0d|t%j>j jdt+}d }|tj@k(r |d }|tjBk(rd _"jGn|tjHk(r#jKd jM|S|tjNk7rtQ|tRtUtjVtjXtjZg} d} fD]} | j } | tjk(r/|t]| j&| j:z }t-|}Q| tj^k(rtatb| j:} | | vstetd| | rj0|| z d_nj0|d_|j/drd }|st-j0dk(rn||krt-||kDr||d_|d|}|S)a0 Reads data from the TLS-wrapped socket :param max_length: The number of bytes to read :raises: socket.socket - when a non-TLS socket error occurs oscrypto.errors.TLSError - when a TLS-related error occurs ValueError - when any of the parameters contain an invalid value TypeError - when any of the parameters are of the wrong type OSError - when an error is returned by the OS crypto library :return: A byte string of the data read zG max_length must be an integer, not %s NrFrrCrrr<cPtj_ttdj _d_tj__d_tj__d_tj__d_y)NrCr) rSECBUFFER_DATArr r_decrypt_data_bufferrrr)buf0buf1buf2buf3 null_valuerbsrG_reset_buffersz&TLSSocket.read.._reset_bufferss~*99DO (D4M4MNDMDM*::DO&DMDM*::DO&DMDM*::DO&DMDMrFFT)rz] Unexpected decrypt output buffer of type %s )3rSr"rUr rrr _raise_closedrr r~r _decrypt_desc_decrypt_buffersrrrr rrmaxrr select_readrrr_r/minrrDecryptMessageraSEC_I_CONTEXT_EXPIRED_remote_closedshutdownSEC_I_RENEGOTIATErr^r[rr#rWrSECBUFFER_STREAM_HEADERSECBUFFER_STREAM_TRAILERr rlrrrv)rb max_lengthoutputto_recvr output_lendo_readdata_lenrvalid_buffer_typesrbuf buffer_typerrrrrs` @@@@@rGr^zTLSSocket.readss$*i0N*%    ' ' /$$+..q<(,(=(=jk(J%    (((9$:K:K(LD %8<8L8LQ8O 5D  52>2M2MD ! !! $ /04WhHaHa0bD ! !! $ -j$"3"34V $$Q'$$Q'$$Q'$$Q'  "&&[ # >$"2"21"5$'D !Md**+q0:%$$ (9(9'(BB$t++,1')3t334d6G6GHH1}08D ! !! $ - D55t7K7KAh7W X++,,"" FG>>> <===&*# <999D1yy,,<000VX.!$,,4455&"   LdD$/ !nn ,"="==/ cllKKF!$VJ L$@$@@#)#s||#2V2VD ! !! $ /040A0AD ! !! $ -04WhHaHa0bD ! !! $ -2>2M2MD ! !! $ /03D4M4MtO`O`0aD ! !! $ -2>2W2WD ! !! $ /040B0BD ! !! $ -03D4M4MtO`O`cgcucuOu0vD ! !! $ -$i!m3t9d&8&89H D55tAh7GIZIZ [08D ! !! $ -03D4M4MtO`O`ckOk0lD ! !! $ -++,,"" F...VX.S$"7"7":"C"CDG vc4#8#8#;#D#DE EG vc4#8#8#;#D#DE EG  !!"3D4M4Mw"WX >D7$i!m,MM 77e#') s"/M((N;NNcltjg|jgg|\}}}t|dkDS)aw Blocks until the socket is ready to be written to, or the timeout is hit :param timeout: A float - the period of time to wait for the socket to be ready to written to. None for no time limit. :return: A boolean - if the socket is ready for writing. Will only be False if timeout is not None. r)rrr)rbrr write_readys rG select_writezTLSSocket.select_write's5#MM"t||nb'J;;!##rFc |jyd} tdk\rttd}d|d_t j |d_ttdtd|d_ ttd}t|}t j|_d |_||_tj"|j|}t%|t&|j)d \}}t j |d_t j*|d _ttd }tj,|j.j0|j|j2|j4ddt7dt7||t7 }t9t j:t j<t j>g}||vrt%|t&tA|dj|dj} |jBjE| |rttK|djs"tjL|djtK|d js"tjL|d jtjN|jd|_ |jBjQtFjRy#tFjH$rYwxYw#tFjH$rYywxYw#|rttK|djs"tjL|djtK|d js"tjL|d jtjN|jd|_ |jBjQtFjRw#tFjH$rYwwxYwxYw) z Shuts down the TLS session and then shuts down the underlying socket :raises: OSError - when an error is returned by the OS crypto library N)rFrz SecBuffer[1]rrrCsrrrrB)*r_win_version_inforrrrrXrr r rrrrrrrApplyControlTokenrr#rrYrZrrrrWrrWr[SEC_E_CONTEXT_EXPIREDr\r rr]rr<rr^rr SHUT_RDWR) rbrrrrrrracceptable_resultsrs rGrzTLSSocket.shutdown7sH  ' ' /  F !F*g~6'( #(4(D(D %&*7H>OPc>d&e #*0/*J'"()@"A,8,J,J)+,(+2( 2243O3OQhiVX.7;7K7KA7N 4 '(4(D(DKN %(4(D(DKN %+.w +B (77 11,,##+, F"%%%2222&"  //VX.%k!n&=&={1~?V?VWE  !!%( {1~667--k!n.E.EF{1~667--k!n.E.EF  ) )$*F*F G+/D (  %%g&7&78MM  MM  {1~667--k!n.E.EF{1~667--k!n.E.EF  ) )$*F*F G+/D (  %%g&7&78MM  saG;L! K/)L/LL!LL!LL!BP?)O)(P)O?<P>O??PcR |j|jr# |jjd|_yy#tj$rYwxYw#|jr= |jjn#tj$rYnwxYwd|_wwxYw)zN Shuts down the TLS session and socket and forcibly closes it N)rrrrr<rs rGrzTLSSocket.closes $ MMO||LL&&( $  ||LL&&( # s@AAAA B&)BB&BB&B B&cttd}tj|jt j |}t|tt|}ttd|}t|}t|jtt|j}t!j"||_g|_d} |j(}tj*|t-}t/|st|}t|jtt|j} | |k7r.|j&j1t!j"| tj*||}t/|s|rtj2|dyy#|rtj2|dwwxYw)zh Reads end-entity and intermediate certificate information from the TLS session zCERT_CONTEXT **zCERT_CONTEXT *Nr)rrrrrrrrr#rr r rrrrr_r _certificate_intermediates hCertStoreCertEnumCertificatesInStorerrr`r) rbrrrr;r store_handlecontext_pointercontextrs rG_read_certificateszTLSSocket._read_certificatessz (+74E'F$00  ( (  8 8 (  VX&%&BC#G-=?ST23 %l&@&@&lNhNhBij +00;   8'22L%AA,PTPVWOo. 1()>)>sGLaLa@bc9$''../C/CD/IJ")"E"ElTc"do.&&|Q7|&&|Q7s CF&&GcF|jr tdtd)zi Raises an exception describing if the local or remote end closed the connection z$The remote end closed the connectionz!The connection was already closed)rr&r%rs rGrzTLSSocket._raise_closeds%   ,-ST T$%HI IrFc|j|j|j|j|jS)zu An asn1crypto.x509.Certificate object of the end-entity certificate presented by the server )rrrrrs rGrzTLSSocket.certificates@  ' ' /       $  # # %   rFc|j|j|j|j|jS)zz A list of asn1crypto.x509.Certificate objects that were presented as intermediates by the server )rrrrrrs rG intermediateszTLSSocket.intermediatess@  ' ' /       $  # # %"""rFc|jS)zg A unicode string of the IANA cipher suite name of the negotiated cipher suite )rrrs rGrKzTLSSocket.cipher_suites!!!rFc|jS)zM A unicode string of: "TLSv1.2", "TLSv1.1", "TLSv1", "SSLv3" )rqrs rGrczTLSSocket.protocol ~~rFc|jS)z5 A boolean if compression is enabled )rsrs rGrLzTLSSocket.compressions    rFc|jSzM A unicode string of "new" or "reused" or None for no ticket )rtrs rGrMzTLSSocket.session_ids rFc|jSr)rurs rGrNzTLSSocket.session_ticket s ###rFc|jS)zM The oscrypto.tls.TLSSession object used for this connection )rrs rGrzTLSSocket.sessions }}rFc|jS)zN A unicode string of the TLS server domain name or IP address )rrs rGrzTLSSocket.hostnamerrFc<|jjdS)zJ An integer of the port number the socket is connected to r)r getpeernamers rGrzTLSSocket.port%s {{&&(++rFcR|j|j|jS)z9 The underlying socket.socket connection )rrrrs rGrzTLSSocket.socket-s&  ' ' /    ||rFc$|jyr)rrs rGrzTLSSocket.__del__8s  rFr) N)F):rBrCrDrJrrrrWrryr{r}rrrrrrrrrrrqrrrsrtrur classmethodrrirr>rr^rrrrrrrrrrpropertyrrrKrcrLrMrNrrrrrrErFrGr?r?sGH"NILMMOMMLNIMLKON<<|U"n26pMdlJ\ hT#(5n ,&<"|$ Rh$ &8P J ! ! # #""!!  $$,,rF)^ __future__rrrrsysrerrrr_asn1rr__errorsr _ffir r r r rrrrrrrrrr_secur32rrr_crypt32rrr _kernel32r_typesrr r!r"errorsr#r$r%r&_tlsr'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9 asymmetricr:keysr; version_infoxrangerr<r` WindowsError _pattern_typer__all__compilergetwindowsversion_gwvrrArIobjectr>r?rErFrGrs6RR  2$ :9QQ<<cc*6$d E}}#fGjjG  bjj) s!Wd1g& -  X {,{,|ZZrF