o
    +i<  ã                   @  sÒ  U d dl mZ dZd dlZd dlZd dlZd dlZd dlmZm	Z	 d dl
mZ d dlmZ d dlmZ d dlmZmZ d	d
lmZmZmZmZmZ d	dlmZmZ d	dlmZmZmZmZm Z m!Z! ej"dkrmd dlm#Z# nd dl$m#Z# ej"dkrd dlm%Z%m&Z& nd dl$m%Z%m&Z& ej"dkr•d dlm'Z' nd dl$m'Z' edƒZ(e%dƒZ)e*e*e+e+f df Z,de-d< e*e,df Z.de-d< G dd„ deƒZ/eddG dd„ deƒƒZ0eddG dd „ d e e0 ƒƒZ1G d!d"„ d"eƒZ2dS )#é    )Úannotations)ÚTLSAttributeÚTLSConnectableÚTLSListenerÚ	TLSStreamN)ÚCallableÚMapping)Ú	dataclass)Úwraps)Ú
SSLContext)ÚAnyÚTypeVaré   )ÚBrokenResourceErrorÚEndOfStreamÚaclose_forcefullyÚget_cancelled_exc_classÚ	to_thread)ÚTypedAttributeSetÚtyped_attribute)ÚAnyByteStreamÚAnyByteStreamConnectableÚ
ByteStreamÚByteStreamConnectableÚListenerÚ	TaskGroup)é   é
   )Ú	TypeAlias)r   é   )ÚTypeVarTupleÚUnpack)r   é   )ÚoverrideÚT_RetvalÚPosArgsT.r   Ú_PCTRTTÚ_PCTRTTTc                   @  sž   e Zd ZU dZeƒ Zded< eƒ Zded< eƒ Zded< eƒ Z	ded	< eƒ Z
d
ed< eƒ Zded< eƒ Zded< eƒ Zded< eƒ Zded< eƒ Zded< dS )r   z5Contains Transport Layer Security related attributes.ú
str | NoneÚalpn_protocolÚbytesÚchannel_binding_tls_uniqueztuple[str, str, int]Úcipherz*None | dict[str, str | _PCTRTTT | _PCTRTT]Úpeer_certificatezbytes | NoneÚpeer_certificate_binaryÚboolÚserver_sidez!list[tuple[str, str, int]] | NoneÚshared_ciphersússl.SSLObjectÚ
ssl_objectÚstandard_compatibleÚstrÚtls_versionN)Ú__name__Ú
__module__Ú__qualname__Ú__doc__r   r)   Ú__annotations__r+   r,   r-   r.   r0   r1   r3   r4   r6   © r<   r<   úD/var/www/html/venv/lib/python3.10/site-packages/anyio/streams/tls.pyr   :   s   
 r   F)Úeqc                   @  s    e Zd ZU dZded< ded< ded< ded	< ded
< edddddœd2dd„ƒZd3dd„Zd4dd „Zd5d"d#„Z	d6d7d(d)„Z
d8d+d,„Zd5d-d.„Zed9d0d1„ƒZdS ):r   a  
    A stream wrapper that encrypts all sent data and decrypts received data.

    This class has no public initializer; use :meth:`wrap` instead.
    All extra attributes from :class:`~TLSAttribute` are supported.

    :var AnyByteStream transport_stream: the wrapped stream

    r   Útransport_streamr/   r4   r2   Ú_ssl_objectzssl.MemoryBIOÚ	_read_bioÚ
_write_bioNT)r0   ÚhostnameÚssl_contextr4   r0   úbool | NonerC   r(   rD   ússl.SSLContext | NoneÚreturnc                Ã  sÄ   |du r| }|s'|rt jjnt jj}t  |¡}tt dƒr'| jt j M  _t  ¡ }t  ¡ }t	|ƒt j
u r@|j||||d}	nt |j||||d¡I dH }	| |||	||d}
|
 |	j¡I dH  |
S )aÔ  
        Wrap an existing stream with Transport Layer Security.

        This performs a TLS handshake with the peer.

        :param transport_stream: a bytes-transporting stream to wrap
        :param server_side: ``True`` if this is the server side of the connection,
            ``False`` if this is the client side (if omitted, will be set to ``False``
            if ``hostname`` has been provided, ``False`` otherwise). Used only to create
            a default context when an explicit context has not been provided.
        :param hostname: host name of the peer (if host name checking is desired)
        :param ssl_context: the SSLContext object to use (if not provided, a secure
            default will be created)
        :param standard_compatible: if ``False``, skip the closing handshake when
            closing the connection, and don't raise an exception if the peer does the
            same
        :raises ~ssl.SSLError: if the TLS handshake fails

        NÚOP_IGNORE_UNEXPECTED_EOF)r0   Úserver_hostname)r?   r4   r@   rA   rB   )ÚsslÚPurposeÚCLIENT_AUTHÚSERVER_AUTHÚcreate_default_contextÚhasattrÚoptionsrH   Ú	MemoryBIOÚtyper   Úwrap_bior   Úrun_syncÚ_call_sslobject_methodÚdo_handshake)Úclsr?   r0   rC   rD   r4   ÚpurposeÚbio_inÚbio_outr3   Úwrapperr<   r<   r=   Úwraph   s@   €ÿ

ÿ
ú	ûzTLSStream.wrapÚfuncú&Callable[[Unpack[PosArgsT]], T_Retval]ÚargsúUnpack[PosArgsT]r$   c                 Ç  s’  	 z||Ž }W n­ t jyY   z| jjr!| j | j ¡ ¡I d H  | j ¡ I d H }W n& ty8   | j	 
¡  Y n tyP } z| j	 
¡  | j 
¡  t|‚d }~ww | j	 |¡ Y no t jyn   | j | j ¡ ¡I d H  Y nZ t jy‡ } z| j	 
¡  | j 
¡  t|‚d }~w t jyµ } z"| j	 
¡  | j 
¡  t|t jƒs§|jr°d|jv r°| jr­t|‚td ‚‚ d }~ww | jjrÆ| j | j ¡ ¡I d H  |S q)NTÚUNEXPECTED_EOF_WHILE_READING)rJ   ÚSSLWantReadErrorrB   Úpendingr?   ÚsendÚreadÚreceiver   rA   Ú	write_eofÚOSErrorr   ÚwriteÚSSLWantWriteErrorÚSSLSyscallErrorÚSSLErrorÚ
isinstanceÚSSLEOFErrorÚstrerrorr4   )Úselfr]   r_   ÚresultÚdataÚexcr<   r<   r=   rU   ¯   sV   €

€ý€

€

ÿ
€õ×z TLSStream._call_sslobject_methodútuple[AnyByteStream, bytes]c                 Ã  s:   |   | jj¡I dH  | j ¡  | j ¡  | j| j ¡ fS )z„
        Does the TLS closing handshake.

        :return: a tuple of (wrapped byte stream, bytes left in the read buffer)

        N)rU   r@   ÚunwraprA   rg   rB   r?   re   ©rp   r<   r<   r=   ru   Ý   s
   €

zTLSStream.unwrapÚNonec                 Ã  sP   | j rz	|  ¡ I d H  W n ty   t| jƒI d H  ‚ w | j ¡ I d H  d S ©N)r4   ru   ÚBaseExceptionr   r?   Úacloserv   r<   r<   r=   rz   é   s   €þzTLSStream.acloseé   Ú	max_bytesÚintr*   c                 Ã  s$   |   | jj|¡I d H }|st‚|S rx   )rU   r@   re   r   )rp   r|   rr   r<   r<   r=   rf   ó   s
   €zTLSStream.receiveÚitemc                 Ã  s   |   | jj|¡I d H  d S rx   )rU   r@   ri   )rp   r~   r<   r<   r=   rd   ú   s   €zTLSStream.sendc                 Ã  sb   |   tj¡}t d|¡}|r-t| d¡ƒt| d¡pdƒ}}||fdk r-td|› ƒ‚tdƒ‚)NzTLSv(\d+)(?:\.(\d+))?é   r   r   )r   r   z;send_eof() requires at least TLSv1.3; current session uses z7send_eof() has not yet been implemented for TLS streams)Úextrar   r6   ÚreÚmatchr}   ÚgroupÚNotImplementedError)rp   r6   r‚   ÚmajorÚminorr<   r<   r=   Úsend_eofý   s   €"ÿÿÿzTLSStream.send_eofúMapping[Any, Callable[[], Any]]c                   sŒ   i ˆ j j¥tjˆ jjtjˆ jjtjˆ jjtj	‡ fdd„tj
‡ fdd„tj‡ fdd„tj‡ fdd„tj‡ fdd„tj‡ fdd„tjˆ jji
¥S )Nc                     ó   ˆ j  d¡S )NF©r@   Úgetpeercertr<   rv   r<   r=   Ú<lambda>  s    z,TLSStream.extra_attributes.<locals>.<lambda>c                     r‰   )NTrŠ   r<   rv   r<   r=   rŒ     s    ÿc                     s   ˆ j jS rx   )r@   r0   r<   rv   r<   r=   rŒ     s    c                     s   ˆ j jr	ˆ j  ¡ S d S rx   )r@   r0   r1   r<   rv   r<   r=   rŒ     s   ÿc                     ó   ˆ j S rx   ©r4   r<   rv   r<   r=   rŒ     ó    c                     r   rx   )r@   r<   rv   r<   r=   rŒ     r   )r?   Úextra_attributesr   r)   r@   Úselected_alpn_protocolr+   Úget_channel_bindingr,   r-   r.   r0   r1   r4   r3   r6   Úversionrv   r<   rv   r=   r     s   ÿ


ïzTLSStream.extra_attributes)r?   r   r0   rE   rC   r(   rD   rF   r4   r/   rG   r   )r]   r^   r_   r`   rG   r$   )rG   rt   ©rG   rw   )r{   )r|   r}   rG   r*   )r~   r*   rG   rw   ©rG   rˆ   )r7   r8   r9   r:   r;   Úclassmethodr\   rU   ru   rz   rf   rd   r‡   Úpropertyr   r<   r<   r<   r=   r   V   s*   
 
ù
F
.



r   c                   @  sn   e Zd ZU dZded< ded< dZded< d	Zd
ed< ed dd„ƒZ	d!d"dd„Z	d#dd„Z
ed$dd„ƒZdS )%r   aš  
    A convenience listener that wraps another listener and auto-negotiates a TLS session
    on every accepted connection.

    If the TLS handshake times out or raises an exception,
    :meth:`handle_handshake_error` is called to do whatever post-mortem processing is
    deemed necessary.

    Supports only the :attr:`~TLSAttribute.standard_compatible` extra attribute.

    :param Listener listener: the listener to wrap
    :param ssl_context: the SSL context object
    :param standard_compatible: a flag passed through to :meth:`TLSStream.wrap`
    :param handshake_timeout: time limit for the TLS handshake
        (passed to :func:`~anyio.fail_after`)
    zListener[Any]Úlistenerzssl.SSLContextrD   Tr/   r4   é   ÚfloatÚhandshake_timeoutrs   ry   Ústreamr   rG   rw   c                 Ã  sL   t |ƒI dH  t| tƒ ƒst t¡jd| d t| tƒr#t| tƒ ƒr$‚ dS )a½  
        Handle an exception raised during the TLS handshake.

        This method does 3 things:

        #. Forcefully closes the original stream
        #. Logs the exception (unless it was a cancellation exception) using the
           ``anyio.streams.tls`` logger
        #. Reraises the exception if it was a base exception or a cancellation exception

        :param exc: the exception
        :param stream: the original stream

        NzError during TLS handshake)Úexc_info)r   rm   r   ÚloggingÚ	getLoggerr7   Ú	exceptionÚ	Exception)rs   rœ   r<   r<   r=   Úhandle_handshake_error;  s   €
ÿÿz"TLSListener.handle_handshake_errorNÚhandlerúCallable[[TLSStream], Any]Ú
task_groupúTaskGroup | Nonec                 ƒ  s2   t ˆ ƒd‡ ‡fdd„ƒ}ˆj ||¡I d H  d S )Nrœ   r   rG   rw   c              
   “  s¢   ddl m} z$|ˆjƒ tj| ˆjˆjdI d H }W d   ƒ n1 s%w   Y  W n tyG } zˆ || ¡I d H  W Y d }~d S d }~ww ˆ |ƒI d H  d S )Nr   )Ú
fail_after)rD   r4   )	Ú r§   r›   r   r\   rD   r4   ry   r¢   )rœ   r§   Úwrapped_streamrs   ©r£   rp   r<   r=   Úhandler_wrapper`  s    €ýÿ€ €ÿz*TLSListener.serve.<locals>.handler_wrapper)rœ   r   rG   rw   )r
   r˜   Úserve)rp   r£   r¥   r«   r<   rª   r=   r¬   [  s   €zTLSListener.servec                 Ã  s   | j  ¡ I d H  d S rx   )r˜   rz   rv   r<   r<   r=   rz   r  s   €zTLSListener.acloserˆ   c                   s   t j‡ fdd„iS )Nc                     r   rx   rŽ   r<   rv   r<   r=   rŒ   x  r   z.TLSListener.extra_attributes.<locals>.<lambda>)r   r4   rv   r<   rv   r=   r   u  s   ÿzTLSListener.extra_attributes)rs   ry   rœ   r   rG   rw   rx   )r£   r¤   r¥   r¦   rG   rw   r”   r•   )r7   r8   r9   r:   r;   r4   r›   Ústaticmethodr¢   r¬   rz   r—   r   r<   r<   r<   r=   r   #  s   
 "ý
r   c                   @  s2   e Zd ZdZddddœddd„Zeddd„ƒZdS )r   aô  
    Wraps another connectable and does TLS negotiation after a successful connection.

    :param connectable: the connectable to wrap
    :param hostname: host name of the server (if host name checking is desired)
    :param ssl_context: the SSLContext object to use (if not provided, a secure default
        will be created)
    :param standard_compatible: if ``False``, skip the closing handshake when closing
        the connection, and don't raise an exception if the server does the same
    NT©rC   rD   r4   Úconnectabler   rC   r(   rD   rF   r4   r/   rG   rw   c                C  sN   || _ |pt tjj¡| _t| jtjƒstdt	| jƒj
› ƒ‚|| _|| _d S )Nz7ssl_context must be an instance of ssl.SSLContext, not )r¯   rJ   rN   rK   rM   rD   rm   r   Ú	TypeErrorrR   r7   rC   r4   )rp   r¯   rC   rD   r4   r<   r<   r=   Ú__init__ˆ  s   ÿ
ÿÿ
zTLSConnectable.__init__r   c                 Ã  sR   | j  ¡ I d H }ztj|| j| j| jdI d H W S  ty(   t|ƒI d H  ‚ w )Nr®   )	r¯   Úconnectr   r\   rC   rD   r4   ry   r   )rp   rœ   r<   r<   r=   r²   œ  s   €üþzTLSConnectable.connect)
r¯   r   rC   r(   rD   rF   r4   r/   rG   rw   )rG   r   )r7   r8   r9   r:   r±   r#   r²   r<   r<   r<   r=   r   |  s    úr   )3Ú
__future__r   Ú__all__rž   r   rJ   ÚsysÚcollections.abcr   r   Údataclassesr	   Ú	functoolsr
   r   Útypingr   r   r¨   r   r   r   r   r   Ú_core._typedattrr   r   Úabcr   r   r   r   r   r   Úversion_infor   Útyping_extensionsr    r!   r#   r$   r%   Útupler5   r&   r;   r'   r   r   r   r   r<   r<   r<   r=   Ú<module>   sD     
	

 MX