ó ñ1Mc@s\dZdddddgZddljjZddlZddlmZdd lm Z dd l m Z ddl Z dd l m Z mZdd lmZd „Zddejjejƒd„Zddejjejƒd„Zddejjed„Zddejjdd„Zddd„ƒYZddd„ƒYZdefd„ƒYZdS(sv Make Twisted use M2Crypto for SSL Copyright (c) 2004-2007 Open Source Applications Foundation. All rights reserved. t connectSSLt connectTCPt listenSSLt listenTCPtTLSProtocolWrapperiÿÿÿÿN(tProtocolWrapper(t ITLSTransport(t implements(tm2tX509(tCheckercCsdS(Ni((tpeerX509t expectedHost((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyt"_alwaysSucceedsPostConnectionChecksic s=tj|ƒ}‡‡fd†|_|j|||||ƒS(s~ A convenience function to start an SSL/TLS connection using Twisted. See IReactorSSL interface in Twisted. c s%t||dddddˆdˆƒS(NtstartPassThroughitclientitcontextFactorytpostConnectionCheck(R(tfactorytwrappedProtocol(RR(sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyt$s (tpoliciestWrappingFactorytprotocolR( thosttportRRttimeoutt bindAddresstreactorRtwrappingFactory((RRsI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRs cs:tj|ƒ}‡fd†|_|j|||||ƒS(s¶ A convenience function to start a TCP connection using Twisted. NOTE: You must call startTLS(ctx) to go into SSL/TLS mode. See IReactorTCP interface in Twisted. c s%t||dddddddˆƒS(NRiRRR(RtNone(RR(R(sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR9s (RRRR(RRRRRRRR((RsI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR.s itcs:tj|ƒ}‡‡fd†|_|j||||ƒS(s~ A convenience function to listen for SSL/TLS connections using Twisted. See IReactorSSL interface in Twisted. c s%t||dddddˆdˆƒS(NRiRRR(R(RR(RR(sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRLs (RRRR(RRRtbacklogt interfaceRRR((RRsI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRCscs7tj|ƒ}‡fd†|_|j||||ƒS(s¾ A convenience function to listen for TCP connections using Twisted. NOTE: You must call startTLS(ctx) to go into SSL/TLS mode. See IReactorTCP interface in Twisted. c s%t||dddddddˆƒS(NRiRiRR(RR(RR(R(sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRas (RRRR(RRR R!RRR((RsI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRVs t _BioProxycBs2eZdZejZd„Zd„Zd„ZRS(s The purpose of this class is to eliminate the __del__ method from TLSProtocolWrapper, and thus letting it be garbage collected. cCs ||_dS(N(tbio(tselfR#((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyt__init__sscCs|jS(N(R#(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyt_ptrvscCs&|jdk r"|j|jƒndS(N(R#Rtm2_bio_free_all(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyt__del__ys( t__name__t __module__t__doc__Rt bio_free_allR'R%R&R((((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR"ks    t _SSLProxycBs2eZdZejZd„Zd„Zd„ZRS(s The purpose of this class is to eliminate the __del__ method from TLSProtocolWrapper, and thus letting it be garbage collected. cCs ||_dS(N(tssl(R$R.((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR%†scCs|jS(N(R.(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR&‰scCs&|jdk r"|j|jƒndS(N(R.Rt m2_ssl_free(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR(Œs( R)R*R+Rtssl_freeR/R%R&R((((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR-~s    cBs–eZdZeeƒd„Zd„Zd„Zd„Zd„Z d„Z d„Z d„Z d „Z d „Zd „Zd d d„Zd d„ZRS(sä A SSL/TLS protocol wrapper to be used with Twisted. Typically you would not use this class directly. Use connectTCP, connectSSL, listenTCP, listenSSL functions defined above, which will hook in this class. cCs‰||_||_d|_d|_d|_d|_||_d|_|dkr`t |_ n ||_ |s…|j |j ƒƒndS(sŽ @param factory: @param wrappedProtocol: @param startPassThrough: If true we won't encrypt at all. Need to call startTLS() later to switch to SSL/TLS. @param client: True if this should be a client protocol. @param contextFactory: Factory that creates SSL.Context objects. The called function is getContext(). @param postConnectionCheck: The post connection check callback that will be called just after connection has been established but before any real data has been exchanged. The first argument to this function is an X509 object, the second is the expected host name string. RiN( RRtdatat encryptedt tlsStartedtcheckedtisClientt helloDoneRR RtstartTLSt getContext(R$RRRRRR((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR%›s           cCsst|ddƒr9d|_d|_d|_d|_nd|_d|_d|_d|_ d|_ d|_ dS(sI Clear this instance, after which it is ready for reuse. R3iRiN( tgetattrRtsslBioR.t internalBiot networkBioR1R2R3R4R5R6(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pytclearÇs         cCs¦|jrtd‚n||_tjtjƒƒ|_tj|jdƒttjtjƒƒƒ|_ tj|j j ƒdƒtj |j|j j ƒƒttjtj ƒƒƒ|_ ttj|jjƒƒ|_|jrútj|jj ƒƒntj|jj ƒƒtj|jj ƒ|j|jƒtj|j j ƒ|jj ƒtjƒtj|jj ƒƒ}tj|jj ƒ|tjBtjBƒd|_dS(sq Start SSL/TLS. If this is not called, this instance just passes data through untouched. sTLS already startediiN(R3t ExceptiontctxRtbio_newt bio_s_bioR;tbio_set_write_buf_sizeR"R<R&tbio_make_bio_pairt bio_f_sslR:R-tssl_newR.R5tssl_set_connect_statetssl_set_accept_statet ssl_set_biot bio_set_sslt bio_nocloset ssl_get_modet ssl_set_modetSSL_MODE_ENABLE_PARTIAL_WRITEt#SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER(R$R?tmode((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR7Ùs(    "(  cCs—|jstj||ƒdSy,|j|ƒ}tj||ƒd|_WnGtjjk r’}tj |j j ƒƒ|j df|_ |‚nXdS(Nii( R3Rtwritet_encryptR6tM2CryptotBIOtBIOErrorRtssl_get_verify_resultR.R&targs(R$R1t encryptedDatate((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRPs  (cCs@|js&tj|dj|ƒƒdS|jdj|ƒƒdS(NR(R3Rt writeSequencetjoinRP(R$R1((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRYs cCstj|ƒdS(N(RtloseConnection(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR[scCs:tj|ƒ|jr6|jr6|j r6|jƒndS(N(RtconnectionMadeR3R5R6t _clientHello(R$((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR\s cCsâ|jstj||ƒdS|j|7_yhxa|jƒ}|jƒ|jƒ}tj||ƒtj||ƒ|dkr2|dkr2Pq2q2WnGtj j k rÝ}t j |j jƒƒ|jdf|_|‚nXdS(NRi(R3Rt dataReceivedR2t_decryptt_checkRQRPRRRSRTRRUR.R&RV(R$R1t decryptedDataRWRX((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR^ s      (cCs|jƒtj||ƒdS(N(R=RtconnectionLost(R$treason((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRb:s cCsº|j r¶tj|jjƒƒr¶tj|jjƒƒ}|dk r[tj|dƒ}n|jrw|j j d}n|j j ƒj }|j ||ƒsªtjd‚nd|_ndS(Niispost connection check(R4Rtssl_is_init_finishedR.R&tssl_get_peer_certRR R5t transporttaddrtgetPeerRRR tSSLVerificationError(R$tx509R((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR`>s"  cCs}y/|jddƒ}tj||ƒd|_WnGtjjk rx}tj|j j ƒƒ|j df|_ |‚nXdS(Nt clientHelloii( RQRRPR6RRRSRTRRUR.R&RV(R$RWRX((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR]Ks (RicCs d}|j|7_|jjƒ}|jjƒ}tj}tj}tj}tj} tj } x¢||ƒ} | dkrŠ|jdks|rÄ|||jƒ} | dkr±qÄ|j| |_n| |ƒ} | r| || ƒ}|dk r||7}qqcPqc|S(NRi( R1R:R&R<Rtbio_ctrl_get_write_guaranteet bio_writetbio_should_retrytbio_ctrl_pendingtbio_readR(R$R1RkRWt sslBioPtrR<tm2bio_ctrl_get_write_guaranteet m2bio_writetm2bio_should_retrytm2bio_ctrl_pendingt m2bio_readtgtrtpendingtd((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyRQXs0      !    cCs|j|7_d}|jjƒ}|jjƒ}tj}tj}tj}tj}tj } xœ||ƒ} | dkr¾|jdkr¾|||jƒ} | dkr«q¾|j| |_n||ƒ} | rû| || ƒ} | dk rü|| 7}qüqcPqc|S(NRi( R2R:R&R<RRlRmRnRoRpR(R$R1RaRqR<RrRsRtRuRvRwRxRyRz((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR_zs0          (R)R*R+RRR%R=R7RPRYR[R\R^RbR`R]RQR_(((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyR‘s  ,  (       "(((R+t__all__ttwisted.protocols.policiest protocolsRttwisted.internet.reactorttwistedRttwisted.internet.interfacesRtzope.interfaceRRRRR t M2Crypto.SSLR R RtinternetRRRRRR"R-R(((sI/usr/lib64/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyts6