Mini Shell
a
�DOg2� �
@ s� d Z ddlZddlZddlmZ ddlmZmZ m
Z ddlZddlm
Z
mZmZ ddlmZmZmZ ddlmZmZmZmZmZmZmZ ddlmZmZ dd lmZmZm Z m!Z! zdd
lm"Z" W n e#y� Y n0 ddlm$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z- ddlm.Z.m/Z/ e j0d
e1dd� ed� ej0de1dd� ed� e j0de1dd� ed� e j0de1dd� ed� ej0de1dd� ed� e j0de1dd� ed� e2j3 Z4e2_4dd� e2j5�6� D �Z7e8e2dd�Z9G dd� de �Z:G d d!� d!e �Z;G d"d#� d#e �Z<G d$d%� d%e �Z=ej>d&k�r dd'lm?Z?m@Z@ dd(lAmAZAmBZBmCZC dd)lAmDZDmEZE ddlAZFddlGZGddlHZHddlIZIeJZKd*gZLeMed+�ZNe.ZOeZPd,d-� ZQd.d/� ZRd0d1� ZSd2d3� ZTed4d5�ZUd6d7� ZVG d8d9� d9ed9d:��ZWG d;d<� d<eWe�ZXG d=d>� d>e�ZYeXjZfdddd?�d@dA�Z[e3fe\dBeXjZddddddC�dDdE�Z]e[Z^e]Z_G dFdG� dG�Z`dHdI� ZaG dJdK� dKeA�ZbebeY_ce`eY_ddddBe\e3ddLdLdf dMdN�ZedOdP� ZfdQZgdRZhdSdT� ZidUdV� Zje3dfdWdX�ZkdYdZ� ZldS )[a�
This module provides some more Pythonic support for SSL.
Object types:
SSLSocket -- subtype of socket.socket which does SSL over the socket
Exceptions:
SSLError -- exception raised for I/O errors
Functions:
cert_time_to_seconds -- convert time string used for certificate
notBefore and notAfter functions to integer
seconds past the Epoch (the time values
returned from time.time())
get_server_certificate (addr, ssl_version, ca_certs, timeout) -- Retrieve the
certificate from the server at the specified
address and return it as a PEM-encoded string
Integer constants:
SSL_ERROR_ZERO_RETURN
SSL_ERROR_WANT_READ
SSL_ERROR_WANT_WRITE
SSL_ERROR_WANT_X509_LOOKUP
SSL_ERROR_SYSCALL
SSL_ERROR_SSL
SSL_ERROR_WANT_CONNECT
SSL_ERROR_EOF
SSL_ERROR_INVALID_ERROR_CODE
The following group define certificate requirements that one side is
allowing/requiring from the other side:
CERT_NONE - no certificates from the other side are required (or will
be looked at if provided)
CERT_OPTIONAL - certificates are not required, but if provided will be
validated, and if validation fails, the connection will
also fail
CERT_REQUIRED - certificates are required, and will be validated, and
if validation fails, the connection will also fail
The following constants identify various SSL protocol variants:
PROTOCOL_SSLv2
PROTOCOL_SSLv3
PROTOCOL_SSLv23
PROTOCOL_TLS
PROTOCOL_TLS_CLIENT
PROTOCOL_TLS_SERVER
PROTOCOL_TLSv1
PROTOCOL_TLSv1_1
PROTOCOL_TLSv1_2
The following constants identify various SSL alert message descriptions as per
http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
ALERT_DESCRIPTION_CLOSE_NOTIFY
ALERT_DESCRIPTION_UNEXPECTED_MESSAGE
ALERT_DESCRIPTION_BAD_RECORD_MAC
ALERT_DESCRIPTION_RECORD_OVERFLOW
ALERT_DESCRIPTION_DECOMPRESSION_FAILURE
ALERT_DESCRIPTION_HANDSHAKE_FAILURE
ALERT_DESCRIPTION_BAD_CERTIFICATE
ALERT_DESCRIPTION_UNSUPPORTED_CERTIFICATE
ALERT_DESCRIPTION_CERTIFICATE_REVOKED
ALERT_DESCRIPTION_CERTIFICATE_EXPIRED
ALERT_DESCRIPTION_CERTIFICATE_UNKNOWN
ALERT_DESCRIPTION_ILLEGAL_PARAMETER
ALERT_DESCRIPTION_UNKNOWN_CA
ALERT_DESCRIPTION_ACCESS_DENIED
ALERT_DESCRIPTION_DECODE_ERROR
ALERT_DESCRIPTION_DECRYPT_ERROR
ALERT_DESCRIPTION_PROTOCOL_VERSION
ALERT_DESCRIPTION_INSUFFICIENT_SECURITY
ALERT_DESCRIPTION_INTERNAL_ERROR
ALERT_DESCRIPTION_USER_CANCELLED
ALERT_DESCRIPTION_NO_RENEGOTIATION
ALERT_DESCRIPTION_UNSUPPORTED_EXTENSION
ALERT_DESCRIPTION_CERTIFICATE_UNOBTAINABLE
ALERT_DESCRIPTION_UNRECOGNIZED_NAME
ALERT_DESCRIPTION_BAD_CERTIFICATE_STATUS_RESPONSE
ALERT_DESCRIPTION_BAD_CERTIFICATE_HASH_VALUE
ALERT_DESCRIPTION_UNKNOWN_PSK_IDENTITY
� N)�
namedtuple)�Enum�IntEnum�IntFlag)�OPENSSL_VERSION_NUMBER�OPENSSL_VERSION_INFO�OPENSSL_VERSION)�_SSLContext� MemoryBIO�
SSLSession)�SSLError�SSLZeroReturnError�SSLWantReadError�SSLWantWriteError�SSLSyscallError�SSLEOFError�SSLCertVerificationError)�txt2obj�nid2obj)�RAND_status�RAND_add�
RAND_bytes�RAND_pseudo_bytes)�RAND_egd)
�HAS_SNI�HAS_ECDH�HAS_NPN�HAS_ALPN� HAS_SSLv2� HAS_SSLv3� HAS_TLSv1�HAS_TLSv1_1�HAS_TLSv1_2�HAS_TLSv1_3)�_DEFAULT_CIPHERS�_OPENSSL_API_VERSION�
_SSLMethodc C s | � d�o| dkS )NZ PROTOCOL_�PROTOCOL_SSLv23��
startswith��name� r, �/usr/lib64/python3.9/ssl.py�<lambda>} � r. )�source�Optionsc C s
| � d�S )NZOP_r( r* r, r, r- r. � r/ ZAlertDescriptionc C s
| � d�S )NZALERT_DESCRIPTION_r( r* r, r, r- r. � r/ ZSSLErrorNumberc C s
| � d�S )NZ
SSL_ERROR_r( r* r, r, r- r. � r/ �VerifyFlagsc C s
| � d�S )NZVERIFY_r( r* r, r, r- r. � r/ �
VerifyModec C s
| � d�S )NZCERT_r( r* r, r, r- r. � r/ c C s i | ]\}}||�qS r, r, )�.0r+ �valuer, r, r- �
<dictcomp>� r/ r6 ZPROTOCOL_SSLv2c @ s6 e Zd ZejZejZejZ ej
ZejZ
ejZejZdS )�
TLSVersionN)�__name__�
__module__�__qualname__�_sslZPROTO_MINIMUM_SUPPORTEDZMINIMUM_SUPPORTEDZPROTO_SSLv3�SSLv3ZPROTO_TLSv1ZTLSv1Z
PROTO_TLSv1_1ZTLSv1_1Z
PROTO_TLSv1_2ZTLSv1_2Z
PROTO_TLSv1_3ZTLSv1_3ZPROTO_MAXIMUM_SUPPORTEDZMAXIMUM_SUPPORTEDr, r, r, r- r7 � s r7 c @ s( e Zd ZdZdZdZdZdZdZdZ dS ) �_TLSContentTypez@Content types (record layer)
See RFC 8446, section B.1
� � � � � � N)
r8 r9 r: �__doc__�CHANGE_CIPHER_SPEC�ALERTZ HANDSHAKEZAPPLICATION_DATA�HEADERZINNER_CONTENT_TYPEr, r, r, r- r= � s r= c @ s� e Zd ZdZdZdZdZdZdZdZ dZ
d Zd
ZdZ
dZd
ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!d Z"d!Z#d"Z$d#Z%d$S )%�
_TLSAlertTypezQAlert types for TLSContentType.ALERT messages
See RFC 8466, section B.2
r �
r>