3 \�e � @ s� d dl Z d dlZyd dlZW n ek r4 dZY nX ddlmZ ddlmZ ddlmZ ddlmZ ddl m Z dd � Zd d� ZdZ d ZdZdZG dd� de�ZG dd� dejej�ZG dd� dej�ZdS )� N� )�base_events)�compat)� protocols)� transports)�loggerc C sj | rt d��ttd�r*tj� }|sfd|_n<tjtj�}| jtjO _| jtj O _|j � tj|_|S )Nz(Server side SSL needs a valid SSLContext�create_default_contextF) � ValueError�hasattr�sslr �check_hostnameZ SSLContextZPROTOCOL_SSLv23ZoptionsZOP_NO_SSLv2ZOP_NO_SSLv3Zset_default_verify_pathsZ CERT_REQUIRED�verify_mode)�server_side�server_hostname� sslcontext� r �(/usr/lib64/python3.6/asyncio/sslproto.py�_create_transport_context s r c C s t td�S )N� MemoryBIO)r r r r r r �_is_sslproto_available% s r Z UNWRAPPEDZDO_HANDSHAKEZWRAPPEDZSHUTDOWNc @ s~ e Zd ZdZdZddd�Zedd� �Zed d � �Zedd� �Z ed d� �Z ddd�Zddd�Zdd� Z ddd�Zd dd�ZdS )!�_SSLPipea An SSL "Pipe". An SSL pipe allows you to communicate with an SSL/TLS protocol instance through memory buffers. It can be used to implement a security layer for an existing connection where you don't have access to the connection's file descriptor, or for some reason you don't want to use it. An SSL pipe can be in "wrapped" and "unwrapped" mode. In unwrapped mode, data is passed through untransformed. In wrapped mode, application level data is encrypted to SSL record level data and vice versa. The SSL record level is the lowest level in the SSL protocol suite and is what travels as-is over the wire. An SslPipe initially is in "unwrapped" mode. To start SSL, call do_handshake(). To shutdown SSL again, call unwrap(). � i Nc C sH || _ || _|| _t| _tj� | _tj� | _d| _ d| _ d| _d| _dS )a� The *context* argument specifies the ssl.SSLContext to use. The *server_side* argument indicates whether this is a server side or client side transport. The optional *server_hostname* argument can be used to specify the hostname you are connecting to. You may only specify this parameter if the _ssl module supports Server Name Indication (SNI). NF) �_context�_server_side�_server_hostname� _UNWRAPPED�_stater r � _incoming� _outgoing�_sslobj� _need_ssldata� _handshake_cb�_shutdown_cb)�self�contextr r r r r �__init__D s z_SSLPipe.__init__c C s | j S )z*The SSL context passed to the constructor.)r )r# r r r r$ Z s z_SSLPipe.contextc C s | j S )z^The internal ssl.SSLObject instance. Return None if the pipe is not wrapped. )r )r# r r r � ssl_object_ s z_SSLPipe.ssl_objectc C s | j S )zgWhether more record level data is needed to complete a handshake that is currently in progress.)r )r# r r r �need_ssldatag s z_SSLPipe.need_ssldatac C s | j tkS )zj Whether a security layer is currently in effect. Return False during handshake. )r �_WRAPPED)r# r r r �wrappedm s z_SSLPipe.wrappedc C sR | j tkrtd��| jj| j| j| j| jd�| _ t | _ || _| jddd�\}}|S )aL Start the SSL handshake. Return a list of ssldata. A ssldata element is a list of buffers The optional *callback* argument can be used to install a callback that will be called when the handshake is complete. The callback will be called with None if successful, else an exception instance. z"handshake in progress or completed)r r � T)�only_handshake) r r �RuntimeErrorr Zwrap_bior r r r r � _DO_HANDSHAKEr! �feed_ssldata)r# �callback�ssldata�appdatar r r �do_handshakev s z_SSLPipe.do_handshakec C sB | j tkrtd��| j tkr$td��t| _ || _| jd�\}}|S )a1 Start the SSL shutdown sequence. Return a list of ssldata. A ssldata element is a list of buffers The optional *callback* argument can be used to install a callback that will be called when the shutdown is complete. The callback will be called without arguments. zno security layer presentzshutdown in progressr* )r r r, � _SHUTDOWNr"