a h;@sUddlmZddlZddlZddlZddlZddlmZmZddl m Z ddl m Z ddlm Z ddlmZmZdd lmZmZmZmZmZdd lmZmZdd lmZmZmZmZmZm Z ej!d krdd lm"Z"n dd l#m"Z"ej!dkrddlm$Z$m%Z%nddl#m$Z$m%Z%ej!dkr(ddlm&Z&n ddl#m&Z&edZ'e$dZ(e)e)e*e*fdfZ+de,d<e)e+dfZ-de,d<GdddeZ.e ddGdddeZ/e ddGdddee/Z0Gd d!d!eZ1dS)") annotationsN)CallableMapping) dataclass)wraps) SSLContext)AnyTypeVar)BrokenResourceError EndOfStreamaclose_forcefullyget_cancelled_exc_class to_thread)TypedAttributeSettyped_attribute) AnyByteStreamAnyByteStreamConnectable ByteStreamByteStreamConnectableListener TaskGroup) ) TypeAlias)r ) TypeVarTupleUnpack)r )overrideT_RetvalPosArgsT.r_PCTRTT_PCTRTTTc@seZdZUdZeZded<eZded<eZded<eZ ded <eZ d ed <eZ d ed <eZ ded<eZ ded<eZd ed<eZded<dS) TLSAttributez5Contains Transport Layer Security related attributes. str | None alpn_protocolbyteschannel_binding_tls_uniqueztuple[str, str, int]cipherz*None | dict[str, str | _PCTRTTT | _PCTRTT]peer_certificatez bytes | Nonepeer_certificate_binarybool server_sidez!list[tuple[str, str, int]] | Noneshared_ciphers ssl.SSLObject ssl_objectstandard_compatiblestr tls_versionN)__name__ __module__ __qualname____doc__rr&__annotations__r(r)r*r+r-r.r0r1r3r9r9M/var/www/html/assistant/venv/lib/python3.9/site-packages/anyio/streams/tls.pyr$3s r$F)eqc @seZdZUdZded<ded<ded<ded <ded <ed d d d d dddddddddZddddddZddddZdddd Z d/d"d#d$d%d&Z d#dd'd(d)Z ddd*d+Z e d,dd-d.Zd S)0 TLSStreama A stream wrapper that encrypts all sent data and decrypts received data. This class has no public initializer; use :meth:`wrap` instead. All extra attributes from :class:`~TLSAttribute` are supported. :var AnyByteStream transport_stream: the wrapped stream rtransport_streamr,r1r/ _ssl_objectz ssl.MemoryBIO _read_bio _write_bioNT)r-hostname ssl_contextr1z bool | Noner%ssl.SSLContext | None)r=r-rArBr1returnc s|dur| }|sL|rtjjntjj}t|}ttdrL|jtjM_t}t}t |tj ur~|j ||||d} nt |j ||||dIdH} |||| ||d} | | jIdH| S)a Wrap an existing stream with Transport Layer Security. This performs a TLS handshake with the peer. :param transport_stream: a bytes-transporting stream to wrap :param server_side: ``True`` if this is the server side of the connection, ``False`` if this is the client side (if omitted, will be set to ``False`` if ``hostname`` has been provided, ``False`` otherwise). Used only to create a default context when an explicit context has not been provided. :param hostname: host name of the peer (if host name checking is desired) :param ssl_context: the SSLContext object to use (if not provided, a secure default will be created) :param standard_compatible: if ``False``, skip the closing handshake when closing the connection, and don't raise an exception if the peer does the same :raises ~ssl.SSLError: if the TLS handshake fails NOP_IGNORE_UNEXPECTED_EOF)r-server_hostname)r=r1r>r?r@)sslPurpose CLIENT_AUTH SERVER_AUTHcreate_default_contexthasattroptionsrE MemoryBIOtyperwrap_biorZrun_sync_call_sslobject_method do_handshake) clsr=r-rArBr1purposeZbio_inZbio_outr0wrapperr9r9r:wrapas>   zTLSStream.wrapz&Callable[[Unpack[PosArgsT]], T_Retval]zUnpack[PosArgsT]r )funcargsrDc sz||}Wntjyz4|jjr@|j|jIdH|jIdH}WnXtyn|j YnJt y}z&|j |j t |WYd}~nd}~00|j |Yqtjy|j|jIdHYqtjy&}z&|j |j t |WYd}~qd}~0tjy}zZ|j |j t|tjsn|jrd|jvr|jr~t |ntdWYd}~qd}~00|jjr|j|jIdH|SqdS)NZUNEXPECTED_EOF_WHILE_READING)rGSSLWantReadErrorr@pendingr=sendreadreceiver r? write_eofOSErrorr writeSSLWantWriteErrorSSLSyscallErrorSSLError isinstance SSLEOFErrorstrerrorr1)selfrWrXresultdataexcr9r9r:rQsF        z TLSStream._call_sslobject_methodztuple[AnyByteStream, bytes]rDcs8||jjIdH|j|j|j|jfS)z Does the TLS closing handshake. :return: a tuple of (wrapped byte stream, bytes left in the read buffer) N)rQr>unwrapr?r^r@r=r\rgr9r9r:rls  zTLSStream.unwrapNonecsR|jr>z|IdHWn$ty<t|jIdHYn0|jIdHdSN)r1rl BaseExceptionr r=aclosermr9r9r:rqs zTLSStream.acloseintr') max_bytesrDcs"||jj|IdH}|st|Sro)rQr>r\r )rgrtrir9r9r:r]szTLSStream.receive)itemrDcs||jj|IdHdSro)rQr>r`)rgrur9r9r:r[szTLSStream.sendcsd|tj}td|}|rXt|dt|dp6d}}||fdkrXtd|tddS)NzTLSv(\d+)(?:\.(\d+))?r r)rvrz;send_eof() requires at least TLSv1.3; current session uses z7send_eof() has not yet been implemented for TLS streams)extrar$r3rematchrsgroupNotImplementedError)rgr3rymajorminorr9r9r:send_eofs  " zTLSStream.send_eofMapping[Any, Callable[[], Any]]csijjtjjjtjjjtjjjtj fddtj fddtj fddtj fddtj fddtjfddtjjji S)Ncs jdS)NFr> getpeercertr9rmr9r:z,TLSStream.extra_attributes..cs jdS)NTrr9rmr9r:rscsjjSro)r>r-r9rmr9r:rrcsjjrjSdSro)r>r-r.r9rmr9r:rs csjSror1r9rmr9r:rrcsjSro)r>r9rmr9r:rr)r=extra_attributesr$r&r>selected_alpn_protocolr(get_channel_bindingr)r*r+r-r.r1r0r3versionrmr9rmr:rs   zTLSStream.extra_attributes)rr)r4r5r6r7r8 classmethodrVrQrlrqr]r[r~propertyrr9r9r9r:r<Os(  F.  r<c@seZdZUdZded<ded<dZded<d Zd ed <ed d ddddZdddddddZ ddddZ e ddddZ dS) TLSListenera A convenience listener that wraps another listener and auto-negotiates a TLS session on every accepted connection. If the TLS handshake times out or raises an exception, :meth:`handle_handshake_error` is called to do whatever post-mortem processing is deemed necessary. Supports only the :attr:`~TLSAttribute.standard_compatible` extra attribute. :param Listener listener: the listener to wrap :param ssl_context: the SSL context object :param standard_compatible: a flag passed through to :meth:`TLSStream.wrap` :param handshake_timeout: time limit for the TLS handshake (passed to :func:`~anyio.fail_after`) z Listener[Any]listenerzssl.SSLContextrBTr,r1floathandshake_timeoutrprrn)rjstreamrDcsJt|IdHt|ts.ttjd|dt|trDt|trFdS)a Handle an exception raised during the TLS handshake. This method does 3 things: #. Forcefully closes the original stream #. Logs the exception (unless it was a cancellation exception) using the ``anyio.streams.tls`` logger #. Reraises the exception if it was a base exception or a cancellation exception :param exc: the exception :param stream: the original stream NzError during TLS handshake)exc_info)r rdrlogging getLoggerr4 exception Exception)rjrr9r9r:handle_handshake_error4s  z"TLSListener.handle_handshake_errorNzCallable[[TLSStream], Any]zTaskGroup | None)handler task_grouprDcs6tdddfdd }j||IdHdS)Nrrn)rrDc sddlm}zH|j*tj|jjdIdH}Wdn1sH0YWn6ty}z||IdHWYd}~nd}~00|IdHdS)Nr ) fail_after)rBr1) rrr<rVrBr1rpr)rrZwrapped_streamrjrrgr9r:handler_wrapperYs  .(z*TLSListener.serve..handler_wrapper)rrserve)rgrrrr9rr:rTszTLSListener.serverkcs|jIdHdSro)rrqrmr9r9r:rqkszTLSListener.aclosercstjfddiS)NcsjSrorr9rmr9r:rqrz.TLSListener.extra_attributes..)r$r1rmr9rmr:rnszTLSListener.extra_attributes)N) r4r5r6r7r8r1r staticmethodrrrqrrr9r9r9r:rs   "rc@sBeZdZdZddddddddd d d d Zed dddZdS)TLSConnectablea Wraps another connectable and does TLS negotiation after a successful connection. :param connectable: the connectable to wrap :param hostname: host name of the server (if host name checking is desired) :param ssl_context: the SSLContext object to use (if not provided, a secure default will be created) :param standard_compatible: if ``False``, skip the closing handshake when closing the connection, and don't raise an exception if the server does the same NTrArBr1rr%rCr,rn) connectablerArBr1rDcCsN||_|pttjj|_t|jtjs>tdt |jj ||_ ||_ dS)Nz7ssl_context must be an instance of ssl.SSLContext, not ) rrGrKrHrJrBrdr TypeErrorrOr4rAr1)rgrrArBr1r9r9r:__init__s zTLSConnectable.__init__r<rkcsX|jIdH}z tj||j|j|jdIdHWStyRt|IdHYn0dS)Nr) rconnectr<rVrArBr1rpr )rgrr9r9r:rs zTLSConnectable.connect)r4r5r6r7rrrr9r9r9r:rusr)2 __future__rrrxrGsyscollections.abcrrZ dataclassesr functoolsrrtypingrr rr r r rrZ_core._typedattrrrabcrrrrrr version_inforZtyping_extensionsrrrr r!tupler2r"r8r#r$r<rrr9r9r9r:s@        MX