diff options
Diffstat (limited to 'doc/html/_modules/M2Crypto/SSL/TwistedProtocolWrapper.html')
| -rw-r--r-- | doc/html/_modules/M2Crypto/SSL/TwistedProtocolWrapper.html | 597 |
1 files changed, 597 insertions, 0 deletions
diff --git a/doc/html/_modules/M2Crypto/SSL/TwistedProtocolWrapper.html b/doc/html/_modules/M2Crypto/SSL/TwistedProtocolWrapper.html new file mode 100644 index 0000000..88c32e0 --- /dev/null +++ b/doc/html/_modules/M2Crypto/SSL/TwistedProtocolWrapper.html @@ -0,0 +1,597 @@ + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="X-UA-Compatible" content="IE=Edge" /> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> + <title>M2Crypto.SSL.TwistedProtocolWrapper — M2Crypto documentation</title> + <link rel="stylesheet" href="../../../_static/alabaster.css" type="text/css" /> + <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" /> + <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script> + <script type="text/javascript" src="../../../_static/jquery.js"></script> + <script type="text/javascript" src="../../../_static/underscore.js"></script> + <script type="text/javascript" src="../../../_static/doctools.js"></script> + <script type="text/javascript" src="../../../_static/language_data.js"></script> + <link rel="index" title="Index" href="../../../genindex.html" /> + <link rel="search" title="Search" href="../../../search.html" /> + + <link rel="stylesheet" href="../../../_static/custom.css" type="text/css" /> + + + <meta name="viewport" content="width=device-width, initial-scale=0.9, maximum-scale=0.9" /> + + </head><body> + + + <div class="document"> + <div class="documentwrapper"> + <div class="bodywrapper"> + + + <div class="body" role="main"> + + <h1>Source code for M2Crypto.SSL.TwistedProtocolWrapper</h1><div class="highlight"><pre> +<span></span><span class="sd">"""</span> +<span class="sd">Make Twisted use M2Crypto for SSL</span> + +<span class="sd">Copyright (c) 2004-2007 Open Source Applications Foundation.</span> +<span class="sd">All rights reserved.</span> + +<span class="sd">FIXME THIS HAS NOT BEEN FINISHED. NEITHER PEP484 NOR PORT PYTHON3 HAS</span> +<span class="sd">BEEN FINISHED. THE FURTHER WORK WILL BE DONE WHEN THE STATUS OF TWISTED</span> +<span class="sd">IN THE PYTHON 3 (AND ASYNCIO) WORLD WILL BE CLEAR.</span> +<span class="sd">"""</span> + +<span class="n">__all__</span> <span class="o">=</span> <span class="p">[</span><span class="s1">'connectSSL'</span><span class="p">,</span> <span class="s1">'connectTCP'</span><span class="p">,</span> <span class="s1">'listenSSL'</span><span class="p">,</span> <span class="s1">'listenTCP'</span><span class="p">,</span> + <span class="s1">'TLSProtocolWrapper'</span><span class="p">]</span> + +<span class="kn">import</span> <span class="nn">logging</span> + +<span class="kn">from</span> <span class="nn">functools</span> <span class="k">import</span> <span class="n">partial</span> + +<span class="kn">import</span> <span class="nn">twisted.internet.reactor</span> +<span class="kn">import</span> <span class="nn">twisted.protocols.policies</span> <span class="k">as</span> <span class="nn">policies</span> + +<span class="kn">from</span> <span class="nn">M2Crypto</span> <span class="k">import</span> <span class="n">BIO</span><span class="p">,</span> <span class="n">X509</span><span class="p">,</span> <span class="n">m2</span><span class="p">,</span> <span class="n">util</span> +<span class="kn">from</span> <span class="nn">M2Crypto.SSL.Checker</span> <span class="k">import</span> <span class="n">Checker</span><span class="p">,</span> <span class="n">SSLVerificationError</span> + +<span class="kn">from</span> <span class="nn">twisted.internet.interfaces</span> <span class="k">import</span> <span class="n">ITLSTransport</span> +<span class="kn">from</span> <span class="nn">twisted.protocols.policies</span> <span class="k">import</span> <span class="n">ProtocolWrapper</span> +<span class="k">if</span> <span class="n">util</span><span class="o">.</span><span class="n">py27plus</span><span class="p">:</span> + <span class="kn">from</span> <span class="nn">typing</span> <span class="k">import</span> <span class="n">AnyStr</span><span class="p">,</span> <span class="n">Callable</span><span class="p">,</span> <span class="n">Iterable</span><span class="p">,</span> <span class="n">Optional</span> <span class="c1"># noqa</span> + <span class="kn">from</span> <span class="nn">zope.interface</span> <span class="k">import</span> <span class="n">implementer</span> + +<span class="n">log</span> <span class="o">=</span> <span class="n">logging</span><span class="o">.</span><span class="n">getLogger</span><span class="p">(</span><span class="vm">__name__</span><span class="p">)</span> + + +<span class="k">def</span> <span class="nf">_alwaysSucceedsPostConnectionCheck</span><span class="p">(</span><span class="n">peerX509</span><span class="p">,</span> <span class="n">expectedHost</span><span class="p">):</span> + <span class="k">return</span> <span class="mi">1</span> + + +<div class="viewcode-block" id="connectSSL"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.connectSSL">[docs]</a><span class="k">def</span> <span class="nf">connectSSL</span><span class="p">(</span><span class="n">host</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">factory</span><span class="p">,</span> <span class="n">contextFactory</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">,</span> + <span class="n">bindAddress</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> + <span class="n">reactor</span><span class="o">=</span><span class="n">twisted</span><span class="o">.</span><span class="n">internet</span><span class="o">.</span><span class="n">reactor</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">Checker</span><span class="p">()):</span> + <span class="c1"># type: (str, int, object, object, int, Optional[str], twisted.internet.reactor, Checker) -> reactor.connectTCP</span> + <span class="sd">"""</span> +<span class="sd"> A convenience function to start an SSL/TLS connection using Twisted.</span> + +<span class="sd"> See IReactorSSL interface in Twisted.</span> +<span class="sd"> """</span> + <span class="n">wrappingFactory</span> <span class="o">=</span> <span class="n">policies</span><span class="o">.</span><span class="n">WrappingFactory</span><span class="p">(</span><span class="n">factory</span><span class="p">)</span> + <span class="n">wrappingFactory</span><span class="o">.</span><span class="n">protocol</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">factory</span><span class="p">,</span> <span class="n">wrappedProtocol</span><span class="p">:</span> \ + <span class="n">TLSProtocolWrapper</span><span class="p">(</span><span class="n">factory</span><span class="p">,</span> + <span class="n">wrappedProtocol</span><span class="p">,</span> + <span class="n">startPassThrough</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> + <span class="n">client</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> + <span class="n">contextFactory</span><span class="o">=</span><span class="n">contextFactory</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">postConnectionCheck</span><span class="p">)</span> + <span class="k">return</span> <span class="n">reactor</span><span class="o">.</span><span class="n">connectTCP</span><span class="p">(</span><span class="n">host</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">wrappingFactory</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">bindAddress</span><span class="p">)</span></div> + + +<div class="viewcode-block" id="connectTCP"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.connectTCP">[docs]</a><span class="k">def</span> <span class="nf">connectTCP</span><span class="p">(</span><span class="n">host</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">factory</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">30</span><span class="p">,</span> <span class="n">bindAddress</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> + <span class="n">reactor</span><span class="o">=</span><span class="n">twisted</span><span class="o">.</span><span class="n">internet</span><span class="o">.</span><span class="n">reactor</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">Checker</span><span class="p">()):</span> + <span class="c1"># type: (str, int, object, int, Optional[util.AddrType], object, Callable) -> object</span> + <span class="sd">"""</span> +<span class="sd"> A convenience function to start a TCP connection using Twisted.</span> + +<span class="sd"> NOTE: You must call startTLS(ctx) to go into SSL/TLS mode.</span> + +<span class="sd"> See IReactorTCP interface in Twisted.</span> +<span class="sd"> """</span> + <span class="n">wrappingFactory</span> <span class="o">=</span> <span class="n">policies</span><span class="o">.</span><span class="n">WrappingFactory</span><span class="p">(</span><span class="n">factory</span><span class="p">)</span> + <span class="n">wrappingFactory</span><span class="o">.</span><span class="n">protocol</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">factory</span><span class="p">,</span> <span class="n">wrappedProtocol</span><span class="p">:</span> \ + <span class="n">TLSProtocolWrapper</span><span class="p">(</span><span class="n">factory</span><span class="p">,</span> + <span class="n">wrappedProtocol</span><span class="p">,</span> + <span class="n">startPassThrough</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> + <span class="n">client</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> + <span class="n">contextFactory</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">postConnectionCheck</span><span class="p">)</span> + <span class="k">return</span> <span class="n">reactor</span><span class="o">.</span><span class="n">connectTCP</span><span class="p">(</span><span class="n">host</span><span class="p">,</span> <span class="n">port</span><span class="p">,</span> <span class="n">wrappingFactory</span><span class="p">,</span> <span class="n">timeout</span><span class="p">,</span> <span class="n">bindAddress</span><span class="p">)</span></div> + + +<div class="viewcode-block" id="listenSSL"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.listenSSL">[docs]</a><span class="k">def</span> <span class="nf">listenSSL</span><span class="p">(</span><span class="n">port</span><span class="p">,</span> <span class="n">factory</span><span class="p">,</span> <span class="n">contextFactory</span><span class="p">,</span> <span class="n">backlog</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">interface</span><span class="o">=</span><span class="s1">''</span><span class="p">,</span> + <span class="n">reactor</span><span class="o">=</span><span class="n">twisted</span><span class="o">.</span><span class="n">internet</span><span class="o">.</span><span class="n">reactor</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">_alwaysSucceedsPostConnectionCheck</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> A convenience function to listen for SSL/TLS connections using Twisted.</span> + +<span class="sd"> See IReactorSSL interface in Twisted.</span> +<span class="sd"> """</span> + <span class="n">wrappingFactory</span> <span class="o">=</span> <span class="n">policies</span><span class="o">.</span><span class="n">WrappingFactory</span><span class="p">(</span><span class="n">factory</span><span class="p">)</span> + <span class="n">wrappingFactory</span><span class="o">.</span><span class="n">protocol</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">factory</span><span class="p">,</span> <span class="n">wrappedProtocol</span><span class="p">:</span> \ + <span class="n">TLSProtocolWrapper</span><span class="p">(</span><span class="n">factory</span><span class="p">,</span> + <span class="n">wrappedProtocol</span><span class="p">,</span> + <span class="n">startPassThrough</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> + <span class="n">client</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> + <span class="n">contextFactory</span><span class="o">=</span><span class="n">contextFactory</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">postConnectionCheck</span><span class="p">)</span> + <span class="k">return</span> <span class="n">reactor</span><span class="o">.</span><span class="n">listenTCP</span><span class="p">(</span><span class="n">port</span><span class="p">,</span> <span class="n">wrappingFactory</span><span class="p">,</span> <span class="n">backlog</span><span class="p">,</span> <span class="n">interface</span><span class="p">)</span></div> + + +<div class="viewcode-block" id="listenTCP"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.listenTCP">[docs]</a><span class="k">def</span> <span class="nf">listenTCP</span><span class="p">(</span><span class="n">port</span><span class="p">,</span> <span class="n">factory</span><span class="p">,</span> <span class="n">backlog</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">interface</span><span class="o">=</span><span class="s1">''</span><span class="p">,</span> + <span class="n">reactor</span><span class="o">=</span><span class="n">twisted</span><span class="o">.</span><span class="n">internet</span><span class="o">.</span><span class="n">reactor</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> A convenience function to listen for TCP connections using Twisted.</span> + +<span class="sd"> NOTE: You must call startTLS(ctx) to go into SSL/TLS mode.</span> + +<span class="sd"> See IReactorTCP interface in Twisted.</span> +<span class="sd"> """</span> + <span class="n">wrappingFactory</span> <span class="o">=</span> <span class="n">policies</span><span class="o">.</span><span class="n">WrappingFactory</span><span class="p">(</span><span class="n">factory</span><span class="p">)</span> + <span class="n">wrappingFactory</span><span class="o">.</span><span class="n">protocol</span> <span class="o">=</span> <span class="k">lambda</span> <span class="n">factory</span><span class="p">,</span> <span class="n">wrappedProtocol</span><span class="p">:</span> \ + <span class="n">TLSProtocolWrapper</span><span class="p">(</span><span class="n">factory</span><span class="p">,</span> + <span class="n">wrappedProtocol</span><span class="p">,</span> + <span class="n">startPassThrough</span><span class="o">=</span><span class="mi">1</span><span class="p">,</span> + <span class="n">client</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> + <span class="n">contextFactory</span><span class="o">=</span><span class="kc">None</span><span class="p">,</span> + <span class="n">postConnectionCheck</span><span class="o">=</span><span class="n">postConnectionCheck</span><span class="p">)</span> + <span class="k">return</span> <span class="n">reactor</span><span class="o">.</span><span class="n">listenTCP</span><span class="p">(</span><span class="n">port</span><span class="p">,</span> <span class="n">wrappingFactory</span><span class="p">,</span> <span class="n">backlog</span><span class="p">,</span> <span class="n">interface</span><span class="p">)</span></div> + + +<span class="k">class</span> <span class="nc">_BioProxy</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> The purpose of this class is to eliminate the __del__ method from</span> +<span class="sd"> TLSProtocolWrapper, and thus letting it be garbage collected.</span> +<span class="sd"> """</span> + + <span class="n">m2_bio_free_all</span> <span class="o">=</span> <span class="n">m2</span><span class="o">.</span><span class="n">bio_free_all</span> + + <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">bio</span><span class="p">):</span> + <span class="bp">self</span><span class="o">.</span><span class="n">bio</span> <span class="o">=</span> <span class="n">bio</span> + + <span class="k">def</span> <span class="nf">_ptr</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">bio</span> + + <span class="k">def</span> <span class="nf">__del__</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">bio</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">m2_bio_free_all</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">bio</span><span class="p">)</span> + + +<span class="k">class</span> <span class="nc">_SSLProxy</span><span class="p">(</span><span class="nb">object</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> The purpose of this class is to eliminate the __del__ method from</span> +<span class="sd"> TLSProtocolWrapper, and thus letting it be garbage collected.</span> +<span class="sd"> """</span> + + <span class="n">m2_ssl_free</span> <span class="o">=</span> <span class="n">m2</span><span class="o">.</span><span class="n">ssl_free</span> + + <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">ssl</span><span class="p">):</span> + <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span> <span class="o">=</span> <span class="n">ssl</span> + + <span class="k">def</span> <span class="nf">_ptr</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">return</span> <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span> + + <span class="k">def</span> <span class="nf">__del__</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">m2_ssl_free</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="p">)</span> + + +<div class="viewcode-block" id="TLSProtocolWrapper"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper">[docs]</a><span class="nd">@implementer</span><span class="p">(</span><span class="n">ITLSTransport</span><span class="p">)</span> +<span class="k">class</span> <span class="nc">TLSProtocolWrapper</span><span class="p">(</span><span class="n">ProtocolWrapper</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> A SSL/TLS protocol wrapper to be used with Twisted. Typically</span> +<span class="sd"> you would not use this class directly. Use connectTCP,</span> +<span class="sd"> connectSSL, listenTCP, listenSSL functions defined above,</span> +<span class="sd"> which will hook in this class.</span> +<span class="sd"> """</span> + + <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">factory</span><span class="p">,</span> <span class="n">wrappedProtocol</span><span class="p">,</span> <span class="n">startPassThrough</span><span class="p">,</span> <span class="n">client</span><span class="p">,</span> + <span class="n">contextFactory</span><span class="p">,</span> <span class="n">postConnectionCheck</span><span class="p">):</span> + <span class="c1"># type: (policies.WrappingFactory, object, int, int, object, Checker) -> None</span> + <span class="sd">"""</span> +<span class="sd"> :param factory:</span> +<span class="sd"> :param wrappedProtocol:</span> +<span class="sd"> :param startPassThrough: If true we won't encrypt at all. Need to</span> +<span class="sd"> call startTLS() later to switch to SSL/TLS.</span> +<span class="sd"> :param client: True if this should be a client protocol.</span> +<span class="sd"> :param contextFactory: Factory that creates SSL.Context objects.</span> +<span class="sd"> The called function is getContext().</span> +<span class="sd"> :param postConnectionCheck: The post connection check callback that</span> +<span class="sd"> will be called just after connection has</span> +<span class="sd"> been established but before any real data</span> +<span class="sd"> has been exchanged. The first argument to</span> +<span class="sd"> this function is an X509 object, the second</span> +<span class="sd"> is the expected host name string.</span> +<span class="sd"> """</span> + <span class="c1"># ProtocolWrapper.__init__(self, factory, wrappedProtocol)</span> + <span class="c1"># XXX: Twisted 2.0 has a new addition where the wrappingFactory is</span> + <span class="c1"># set as the factory of the wrappedProtocol. This is an issue</span> + <span class="c1"># as the wrap should be transparent. What we want is</span> + <span class="c1"># the factory of the wrappedProtocol to be the wrappedFactory and</span> + <span class="c1"># not the outer wrappingFactory. This is how it was implemented in</span> + <span class="c1"># Twisted 1.3</span> + <span class="bp">self</span><span class="o">.</span><span class="n">factory</span> <span class="o">=</span> <span class="n">factory</span> + <span class="bp">self</span><span class="o">.</span><span class="n">wrappedProtocol</span> <span class="o">=</span> <span class="n">wrappedProtocol</span> + + <span class="c1"># wrappedProtocol == client/server instance</span> + <span class="c1"># factory.wrappedFactory == client/server factory</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">data</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> <span class="c1"># Clear text to encrypt and send</span> + <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> <span class="c1"># Encrypted data we need to decrypt and pass on</span> + <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># SSL/TLS mode or pass through</span> + <span class="bp">self</span><span class="o">.</span><span class="n">checked</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># Post connection check done or not</span> + <span class="bp">self</span><span class="o">.</span><span class="n">isClient</span> <span class="o">=</span> <span class="n">client</span> + <span class="bp">self</span><span class="o">.</span><span class="n">helloDone</span> <span class="o">=</span> <span class="mi">0</span> <span class="c1"># True when hello has been sent</span> + <span class="k">if</span> <span class="n">postConnectionCheck</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">postConnectionCheck</span> <span class="o">=</span> <span class="n">_alwaysSucceedsPostConnectionCheck</span> + <span class="k">else</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">postConnectionCheck</span> <span class="o">=</span> <span class="n">postConnectionCheck</span> + + <span class="k">if</span> <span class="ow">not</span> <span class="n">startPassThrough</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">startTLS</span><span class="p">(</span><span class="n">contextFactory</span><span class="o">.</span><span class="n">getContext</span><span class="p">())</span> + +<div class="viewcode-block" id="TLSProtocolWrapper.clear"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.clear">[docs]</a> <span class="k">def</span> <span class="nf">clear</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> Clear this instance, after which it is ready for reuse.</span> +<span class="sd"> """</span> + <span class="k">if</span> <span class="nb">getattr</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="s1">'tlsStarted'</span><span class="p">,</span> <span class="mi">0</span><span class="p">):</span> + <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span> <span class="o">=</span> <span class="kc">None</span> + <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span> <span class="o">=</span> <span class="kc">None</span> + <span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span> <span class="o">=</span> <span class="kc">None</span> + <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span> <span class="o">=</span> <span class="kc">None</span> + <span class="bp">self</span><span class="o">.</span><span class="n">data</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> + <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> + <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span> <span class="o">=</span> <span class="mi">0</span> + <span class="bp">self</span><span class="o">.</span><span class="n">checked</span> <span class="o">=</span> <span class="mi">0</span> + <span class="bp">self</span><span class="o">.</span><span class="n">isClient</span> <span class="o">=</span> <span class="mi">1</span> + <span class="bp">self</span><span class="o">.</span><span class="n">helloDone</span> <span class="o">=</span> <span class="mi">0</span></div> + <span class="c1"># We can reuse self.ctx and it will be deleted automatically</span> + <span class="c1"># when this instance dies</span> + +<div class="viewcode-block" id="TLSProtocolWrapper.startTLS"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.startTLS">[docs]</a> <span class="k">def</span> <span class="nf">startTLS</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">ctx</span><span class="p">):</span> + <span class="sd">"""</span> +<span class="sd"> Start SSL/TLS. If this is not called, this instance just passes data</span> +<span class="sd"> through untouched.</span> +<span class="sd"> """</span> + <span class="c1"># NOTE: This method signature must match the startTLS() method Twisted</span> + <span class="c1"># expects transports to have. This will be called automatically</span> + <span class="c1"># by Twisted in STARTTLS situations, for example with SMTP.</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span><span class="p">:</span> + <span class="k">raise</span> <span class="ne">Exception</span><span class="p">(</span><span class="s1">'TLS already started'</span><span class="p">)</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">ctx</span> <span class="o">=</span> <span class="n">ctx</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span> <span class="o">=</span> <span class="n">m2</span><span class="o">.</span><span class="n">bio_new</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_s_bio</span><span class="p">())</span> + <span class="n">m2</span><span class="o">.</span><span class="n">bio_set_write_buf_size</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> + <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span> <span class="o">=</span> <span class="n">_BioProxy</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_new</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_s_bio</span><span class="p">()))</span> + <span class="n">m2</span><span class="o">.</span><span class="n">bio_set_write_buf_size</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">(),</span> <span class="mi">0</span><span class="p">)</span> + <span class="n">m2</span><span class="o">.</span><span class="n">bio_make_bio_pair</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span> <span class="o">=</span> <span class="n">_BioProxy</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_new</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_f_ssl</span><span class="p">()))</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span> <span class="o">=</span> <span class="n">_SSLProxy</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">ssl_new</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ctx</span><span class="o">.</span><span class="n">ctx</span><span class="p">))</span> + + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isClient</span><span class="p">:</span> + <span class="n">m2</span><span class="o">.</span><span class="n">ssl_set_connect_state</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + <span class="k">else</span><span class="p">:</span> + <span class="n">m2</span><span class="o">.</span><span class="n">ssl_set_accept_state</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="n">m2</span><span class="o">.</span><span class="n">ssl_set_bio</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">(),</span> <span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">internalBio</span><span class="p">)</span> + <span class="n">m2</span><span class="o">.</span><span class="n">bio_set_ssl</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">(),</span> <span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">(),</span> <span class="n">m2</span><span class="o">.</span><span class="n">bio_noclose</span><span class="p">)</span> + + <span class="c1"># Need this for writes that are larger than BIO pair buffers</span> + <span class="n">mode</span> <span class="o">=</span> <span class="n">m2</span><span class="o">.</span><span class="n">ssl_get_mode</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + <span class="n">m2</span><span class="o">.</span><span class="n">ssl_set_mode</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">(),</span> + <span class="n">mode</span> <span class="o">|</span> + <span class="n">m2</span><span class="o">.</span><span class="n">SSL_MODE_ENABLE_PARTIAL_WRITE</span> <span class="o">|</span> + <span class="n">m2</span><span class="o">.</span><span class="n">SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER</span><span class="p">)</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span> <span class="o">=</span> <span class="mi">1</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.write"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.write">[docs]</a> <span class="k">def</span> <span class="nf">write</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> + <span class="c1"># type: (bytes) -> None</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span><span class="p">:</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">)</span> + <span class="k">return</span> + + <span class="k">try</span><span class="p">:</span> + <span class="n">encryptedData</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_encrypt</span><span class="p">(</span><span class="n">data</span><span class="p">)</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">encryptedData</span><span class="p">)</span> + <span class="bp">self</span><span class="o">.</span><span class="n">helloDone</span> <span class="o">=</span> <span class="mi">1</span> + <span class="k">except</span> <span class="n">BIO</span><span class="o">.</span><span class="n">BIOError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> + <span class="c1"># See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS</span> + <span class="c1"># for the error codes returned by SSL_get_verify_result.</span> + <span class="n">e</span><span class="o">.</span><span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">ssl_get_verify_result</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">()),</span> <span class="n">e</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> + <span class="k">raise</span> <span class="n">e</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.writeSequence"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.writeSequence">[docs]</a> <span class="k">def</span> <span class="nf">writeSequence</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> + <span class="c1"># type: (Iterable[bytes]) -> None</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span><span class="p">:</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">writeSequence</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="sa">b</span><span class="s1">''</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">data</span><span class="p">))</span> + <span class="k">return</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="sa">b</span><span class="s1">''</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">data</span><span class="p">))</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.loseConnection"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.loseConnection">[docs]</a> <span class="k">def</span> <span class="nf">loseConnection</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># XXX Do we need to do m2.ssl_shutdown(self.ssl._ptr())?</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">loseConnection</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.connectionMade"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.connectionMade">[docs]</a> <span class="k">def</span> <span class="nf">connectionMade</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">connectionMade</span><span class="p">(</span><span class="bp">self</span><span class="p">)</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">isClient</span> <span class="ow">and</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">helloDone</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">_clientHello</span><span class="p">()</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.dataReceived"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.dataReceived">[docs]</a> <span class="k">def</span> <span class="nf">dataReceived</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> + <span class="c1"># type: (bytes) -> None</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">tlsStarted</span><span class="p">:</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">dataReceived</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="p">)</span> + <span class="k">return</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">+=</span> <span class="n">data</span> + + <span class="k">try</span><span class="p">:</span> + <span class="k">while</span> <span class="mi">1</span><span class="p">:</span> + <span class="n">decryptedData</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_decrypt</span><span class="p">()</span> + + <span class="bp">self</span><span class="o">.</span><span class="n">_check</span><span class="p">()</span> + + <span class="n">encryptedData</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_encrypt</span><span class="p">()</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">encryptedData</span><span class="p">)</span> + + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">dataReceived</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">decryptedData</span><span class="p">)</span> + + <span class="k">if</span> <span class="n">decryptedData</span> <span class="o">==</span> <span class="sa">b</span><span class="s1">''</span> <span class="ow">and</span> <span class="n">encryptedData</span> <span class="o">==</span> <span class="sa">b</span><span class="s1">''</span><span class="p">:</span> + <span class="k">break</span> + <span class="k">except</span> <span class="n">BIO</span><span class="o">.</span><span class="n">BIOError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> + <span class="c1"># See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS</span> + <span class="c1"># for the error codes returned by SSL_get_verify_result.</span> + <span class="n">e</span><span class="o">.</span><span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">ssl_get_verify_result</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">()),</span> <span class="n">e</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> + <span class="k">raise</span> <span class="n">e</span></div> + +<div class="viewcode-block" id="TLSProtocolWrapper.connectionLost"><a class="viewcode-back" href="../../../M2Crypto.SSL.html#M2Crypto.SSL.TwistedProtocolWrapper.TLSProtocolWrapper.connectionLost">[docs]</a> <span class="k">def</span> <span class="nf">connectionLost</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">reason</span><span class="p">):</span> + <span class="c1"># type: (AnyStr) -> None</span> + <span class="bp">self</span><span class="o">.</span><span class="n">clear</span><span class="p">()</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">connectionLost</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">reason</span><span class="p">)</span></div> + + <span class="k">def</span> <span class="nf">_check</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">checked</span> <span class="ow">and</span> <span class="n">m2</span><span class="o">.</span><span class="n">ssl_is_init_finished</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">()):</span> + <span class="n">x509</span> <span class="o">=</span> <span class="n">m2</span><span class="o">.</span><span class="n">ssl_get_peer_cert</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + <span class="k">if</span> <span class="n">x509</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span> + <span class="n">x509</span> <span class="o">=</span> <span class="n">X509</span><span class="o">.</span><span class="n">X509</span><span class="p">(</span><span class="n">x509</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">isClient</span><span class="p">:</span> + <span class="n">host</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">transport</span><span class="o">.</span><span class="n">addr</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> + <span class="k">else</span><span class="p">:</span> + <span class="n">host</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">transport</span><span class="o">.</span><span class="n">getPeer</span><span class="p">()</span><span class="o">.</span><span class="n">host</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">postConnectionCheck</span><span class="p">(</span><span class="n">x509</span><span class="p">,</span> <span class="n">host</span><span class="p">):</span> + <span class="k">raise</span> <span class="n">SSLVerificationError</span><span class="p">(</span><span class="s1">'post connection check'</span><span class="p">)</span> + <span class="bp">self</span><span class="o">.</span><span class="n">checked</span> <span class="o">=</span> <span class="mi">1</span> + + <span class="k">def</span> <span class="nf">_clientHello</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="k">try</span><span class="p">:</span> + <span class="c1"># We rely on OpenSSL implicitly starting with client hello</span> + <span class="c1"># when we haven't yet established an SSL connection</span> + <span class="n">encryptedData</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_encrypt</span><span class="p">(</span><span class="n">clientHello</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> + <span class="n">ProtocolWrapper</span><span class="o">.</span><span class="n">write</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">encryptedData</span><span class="p">)</span> + <span class="bp">self</span><span class="o">.</span><span class="n">helloDone</span> <span class="o">=</span> <span class="mi">1</span> + <span class="k">except</span> <span class="n">BIO</span><span class="o">.</span><span class="n">BIOError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> + <span class="c1"># See http://www.openssl.org/docs/apps/verify.html#DIAGNOSTICS</span> + <span class="c1"># for the error codes returned by SSL_get_verify_result.</span> + <span class="n">e</span><span class="o">.</span><span class="n">args</span> <span class="o">=</span> <span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">ssl_get_verify_result</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">ssl</span><span class="o">.</span><span class="n">_ptr</span><span class="p">()),</span> <span class="n">e</span><span class="o">.</span><span class="n">args</span><span class="p">[</span><span class="mi">0</span><span class="p">])</span> + <span class="k">raise</span> <span class="n">e</span> + + <span class="c1"># Optimizations to reduce attribute accesses</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_get_wr_guar_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="sd">"""Return max. length of data can be written to the BIO.</span> + +<span class="sd"> Writes larger than this value will return a value from</span> +<span class="sd"> BIO_write() less than the amount requested or if the buffer is</span> +<span class="sd"> full request a retry.</span> +<span class="sd"> """</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_ctrl_get_write_guarantee</span><span class="p">,</span> + <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_get_wr_guar_net</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_ctrl_get_write_guarantee</span><span class="p">,</span> + <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_shoud_retry_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="c1"># BIO_should_retry() is true if the call that produced this</span> + <span class="c1"># condition should then be retried at a later time.</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_should_retry</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_shoud_retry_net</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_should_retry</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_ctrl_pend_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="c1"># size_t BIO_ctrl_pending(BIO *b);</span> + <span class="c1"># BIO_ctrl_pending() return the number of pending characters in</span> + <span class="c1"># the BIOs read and write buffers.</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_ctrl_pending</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_ctrl_pend_net</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[], int]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_ctrl_pending</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_write_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[bytes], int]</span> + <span class="c1"># All these functions return either the amount of data</span> + <span class="c1"># successfully read or written (if the return value is</span> + <span class="c1"># positive) or that no data was successfully read or written</span> + <span class="c1"># if the result is 0 or -1. If the return value is -2 then</span> + <span class="c1"># the operation is not implemented in the specific BIO type.</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_write</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_write_net</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[bytes], int]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_write</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_read_ssl</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[int], Optional[bytes]]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_read</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="nd">@property</span> + <span class="k">def</span> <span class="nf">_read_net</span><span class="p">(</span><span class="bp">self</span><span class="p">):</span> + <span class="c1"># type: () -> Callable[[int], Optional[bytes]]</span> + <span class="k">return</span> <span class="n">partial</span><span class="p">(</span><span class="n">m2</span><span class="o">.</span><span class="n">bio_read</span><span class="p">,</span> <span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="o">.</span><span class="n">_ptr</span><span class="p">())</span> + + <span class="k">def</span> <span class="nf">_encrypt</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="sa">b</span><span class="s1">''</span><span class="p">,</span> <span class="n">clientHello</span><span class="o">=</span><span class="mi">0</span><span class="p">):</span> + <span class="c1"># type: (bytes, int) -> bytes</span> + <span class="sd">"""</span> +<span class="sd"> :param data:</span> +<span class="sd"> :param clientHello:</span> +<span class="sd"> :return:</span> +<span class="sd"> """</span> + <span class="n">encryptedData</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> + <span class="bp">self</span><span class="o">.</span><span class="n">data</span> <span class="o">+=</span> <span class="n">data</span> + + <span class="k">while</span> <span class="mi">1</span><span class="p">:</span> + <span class="k">if</span> <span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_get_wr_guar_ssl</span><span class="p">()</span> <span class="o">></span> <span class="mi">0</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span> <span class="o">!=</span> <span class="sa">b</span><span class="s1">''</span><span class="p">)</span> <span class="ow">or</span> <span class="n">clientHello</span><span class="p">:</span> + <span class="n">r</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_write_ssl</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">)</span> + <span class="k">if</span> <span class="n">r</span> <span class="o"><=</span> <span class="mi">0</span><span class="p">:</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">_shoud_retry_ssl</span><span class="p">():</span> + <span class="k">raise</span> <span class="ne">IOError</span><span class="p">(</span> + <span class="p">(</span><span class="s1">'Data left to be written to </span><span class="si">{}</span><span class="s1">, '</span> <span class="o">+</span> + <span class="s1">'but cannot retry SSL connection!'</span><span class="p">)</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">sslBio</span><span class="p">))</span> + <span class="k">else</span><span class="p">:</span> + <span class="k">assert</span> <span class="bp">self</span><span class="o">.</span><span class="n">checked</span> + <span class="bp">self</span><span class="o">.</span><span class="n">data</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">data</span><span class="p">[</span><span class="n">r</span><span class="p">:]</span> + + <span class="n">pending</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_ctrl_pend_net</span><span class="p">()</span> + <span class="k">if</span> <span class="n">pending</span><span class="p">:</span> + <span class="n">d</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_read_net</span><span class="p">(</span><span class="n">pending</span><span class="p">)</span> + <span class="k">if</span> <span class="n">d</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span> <span class="c1"># This is strange, but d can be None</span> + <span class="n">encryptedData</span> <span class="o">+=</span> <span class="n">d</span> + <span class="k">else</span><span class="p">:</span> + <span class="k">assert</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_shoud_retry_net</span><span class="p">())</span> + <span class="k">else</span><span class="p">:</span> + <span class="k">break</span> + <span class="k">return</span> <span class="n">encryptedData</span> + + <span class="k">def</span> <span class="nf">_decrypt</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="sa">b</span><span class="s1">''</span><span class="p">):</span> + <span class="c1"># type: (bytes) -> bytes</span> + <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">+=</span> <span class="n">data</span> + <span class="n">decryptedData</span> <span class="o">=</span> <span class="sa">b</span><span class="s1">''</span> + + <span class="k">while</span> <span class="mi">1</span><span class="p">:</span> + <span class="k">if</span> <span class="bp">self</span><span class="o">.</span><span class="n">_get_wr_guar_ssl</span><span class="p">()</span> <span class="o">></span> <span class="mi">0</span> <span class="ow">and</span> <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">!=</span> <span class="sa">b</span><span class="s1">''</span><span class="p">:</span> + <span class="n">r</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_write_net</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span><span class="p">)</span> + <span class="k">if</span> <span class="n">r</span> <span class="o"><=</span> <span class="mi">0</span><span class="p">:</span> + <span class="k">if</span> <span class="ow">not</span> <span class="bp">self</span><span class="o">.</span><span class="n">_shoud_retry_net</span><span class="p">():</span> + <span class="k">raise</span> <span class="ne">IOError</span><span class="p">(</span> + <span class="p">(</span><span class="s1">'Data left to be written to </span><span class="si">{}</span><span class="s1">, '</span> <span class="o">+</span> + <span class="s1">'but cannot retry SSL connection!'</span><span class="p">)</span><span class="o">.</span><span class="n">format</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">networkBio</span><span class="p">))</span> + <span class="k">else</span><span class="p">:</span> + <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">encrypted</span><span class="p">[</span><span class="n">r</span><span class="p">:]</span> + + <span class="n">pending</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_ctrl_pend_ssl</span><span class="p">()</span> + <span class="k">if</span> <span class="n">pending</span><span class="p">:</span> + <span class="n">d</span> <span class="o">=</span> <span class="bp">self</span><span class="o">.</span><span class="n">_read_ssl</span><span class="p">(</span><span class="n">pending</span><span class="p">)</span> + <span class="k">if</span> <span class="n">d</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span><span class="p">:</span> <span class="c1"># This is strange, but d can be None</span> + <span class="n">decryptedData</span> <span class="o">+=</span> <span class="n">d</span> + <span class="k">else</span><span class="p">:</span> + <span class="k">assert</span><span class="p">(</span><span class="bp">self</span><span class="o">.</span><span class="n">_shoud_retry_ssl</span><span class="p">())</span> + <span class="k">else</span><span class="p">:</span> + <span class="k">break</span> + + <span class="k">return</span> <span class="n">decryptedData</span></div> +</pre></div> + + </div> + + </div> + </div> + <div class="sphinxsidebar" role="navigation" aria-label="main navigation"> + <div class="sphinxsidebarwrapper"> +<h1 class="logo"><a href="../../../index.html">M2Crypto</a></h1> + + + + + + + + +<h3>Navigation</h3> +<ul> +<li class="toctree-l1"><a class="reference internal" href="../../../M2Crypto.html">M2Crypto Package</a></li> +</ul> + +<div class="relations"> +<h3>Related Topics</h3> +<ul> + <li><a href="../../../index.html">Documentation overview</a><ul> + <li><a href="../../index.html">Module code</a><ul> + <li><a href="../SSL.html">M2Crypto.SSL</a><ul> + </ul></li> + </ul></li> + </ul></li> +</ul> +</div> +<div id="searchbox" style="display: none" role="search"> + <h3>Quick search</h3> + <div class="searchformwrapper"> + <form class="search" action="../../../search.html" method="get"> + <input type="text" name="q" /> + <input type="submit" value="Go" /> + <input type="hidden" name="check_keywords" value="yes" /> + <input type="hidden" name="area" value="default" /> + </form> + </div> +</div> +<script type="text/javascript">$('#searchbox').show(0);</script> + + + + + + + + + </div> + </div> + <div class="clearer"></div> + </div> + <div class="footer"> + ©2017, Matej Cepl <mcepl@cepl.eu>. + + | + Powered by <a href="http://sphinx-doc.org/">Sphinx 1.8.5</a> + & <a href="https://github.com/bitprophet/alabaster">Alabaster 0.7.12</a> + + </div> + + + + + </body> +</html>
\ No newline at end of file |