o ¯bÅ#ã@s|dZddlmZddlmZddlmZddlmZm Z Gdd„dƒZ dd „Z Gd d „d ƒZ Gd d „d ƒZ Gdd„dƒZdS)zÚ This module implements memory BIO based TLS support. It is the preferred implementation and will be used whenever pyOpenSSL 0.10 or newer is installed (whenever L{twisted.protocols.tls} is importable). @since: 11.1 é)ÚdirectlyProvides)ÚFileDescriptor)Ú ISSLTransport)ÚTLSMemoryBIOFactoryÚTLSMemoryBIOProtocolc@sHeZdZdZdd„Zdd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dS)Ú _BypassTLSa L{_BypassTLS} is used as the transport object for the TLS protocol object used to implement C{startTLS}. Its methods skip any TLS logic which C{startTLS} enables. @ivar _base: A transport class L{_BypassTLS} has been mixed in with to which methods will be forwarded. This class is only responsible for sending bytes over the connection, not doing TLS. @ivar _connection: A L{Connection} which TLS has been started on which will be proxied to by this object. Any method which has its behavior altered after C{startTLS} will be skipped in favor of the base class's implementation. This allows the TLS protocol object to have direct access to the transport, necessary to actually implement TLS. cCs||_||_dS)N)Ú_baseÚ _connection)ÚselfÚbaseÚ connection©r ú:/usr/lib/python3/dist-packages/twisted/internet/_newtls.pyÚ__init__&s z_BypassTLS.__init__cCs t|j|ƒS)zÈ Forward any extra attribute access to the original transport object. For example, this exposes C{getHost}, the behavior of which does not change after TLS is enabled. )Úgetattrr )r Únamer r rÚ __getattr__*s z_BypassTLS.__getattr__cCó|j |j|¡S)z> Write some bytes directly to the connection. )rÚwriter )r Údatar r rr2óz_BypassTLS.writecCr)z@ Write a some bytes directly to the connection. )rÚ writeSequencer ©r Úiovecr r rr8rz_BypassTLS.writeSequencecOs|jj|jg|¢Ri|¤ŽS)z2 Close the underlying connection. )rÚloseConnectionr )r ÚargsÚkwargsr r rr>sz_BypassTLS.loseConnectioncCs|j |j||¡S)zE Register a producer with the underlying connection. )rÚregisterProducerr ©r ÚproducerÚ streamingr r rrDóz_BypassTLS.registerProducercCs|j |j¡S)zG Unregister a producer with the underlying connection. )rÚunregisterProducerr ©r r r rr"Jsz_BypassTLS.unregisterProducerN) Ú__name__Ú __module__Ú __qualname__Ú__doc__rrrrrrr"r r r rrs rc Cs¦|r|j}n|j }d\}}|jdur|j|j}}| ¡t||dƒ}t||jdƒ}||_|j|_|j|_t |t ƒd|_ |j  t ||ƒ¡|rQ| ||¡dSdS)a` Add a layer of SSL to a transport. @param transport: The transport which will be modified. This can either by a L{FileDescriptor} or a L{FileHandle}. The actual requirements of this instance are that it have: - a C{_tlsClientDefault} attribute indicating whether the transport is a client (C{True}) or a server (C{False}) - a settable C{TLS} attribute which can be used to mark the fact that SSL has been started - settable C{getHandle} and C{getPeerCertificate} attributes so these L{ISSLTransport} methods can be added to it - a C{protocol} attribute referring to the L{IProtocol} currently connected to the transport, which can also be set to a new L{IProtocol} for the transport to deliver data to @param contextFactory: An SSL context factory defining SSL parameters for the new SSL layer. @type contextFactory: L{twisted.internet.interfaces.IOpenSSLContextFactory} @param normal: A flag indicating whether SSL will go in the same direction as the underlying transport goes. That is, if the SSL client will be the underlying client and the SSL server will be the underlying server. C{True} means it is the same, C{False} means they are switched. @type normal: L{bool} @param bypass: A transport base class to call methods on to bypass the new SSL layer (so that the SSL layer itself can send its bytes). @type bypass: L{type} )NNNFT)Ú_tlsClientDefaultrÚstreamingProducerr"rrÚprotocolÚ getHandleÚgetPeerCertificaterrÚTLSÚmakeConnectionrr) Ú transportÚcontextFactoryÚnormalÚbypassÚclientrr Ú tlsFactoryÚ tlsProtocolr r rÚstartTLSQs$%   ÿr6c@sFeZdZdZdZddd„Zdd„Zdd „Zd d „Zd d „Z dd„Z dS)ÚConnectionMixinaN A mixin for L{twisted.internet.abstract.FileDescriptor} which adds an L{ITLSTransport} implementation. @ivar TLS: A flag indicating whether TLS is currently in use on this transport. This is not a good way for applications to check for TLS, instead use L{twisted.internet.interfaces.ISSLTransport}. FTcCst|||tƒdS)z1 @see: L{ITLSTransport.startTLS} N)r6r)r Úctxr1r r rr6¤r!zConnectionMixin.startTLScCó0|jr|jr|j |¡dSdSt ||¡dS)z© Write some bytes to this connection, passing them through a TLS layer if necessary, or discarding them if the connection has already been lost. N)r-Ú connectedr*rr)r Úbytesr r rrªs ÿzConnectionMixin.writecCr9)zÇ Write some bytes to this connection, scatter/gather-style, passing them through a TLS layer if necessary, or discarding them if the connection has already been lost. N)r-r:r*rrrr r rrµs ÿzConnectionMixin.writeSequencecCs6|jr|jr|js|j ¡dSdSdSt |¡dS)z„ Close this connection after writing all pending data. If TLS has been negotiated, perform a TLS shutdown. N)r-r:Ú disconnectingr*rrr#r r rrÁs  ÿzConnectionMixin.loseConnectioncCs*|jr |j ||¡dSt |||¡dS)zc Register a producer. If TLS is enabled, the TLS connection handles this. N)r-r*rrrr r rrÍsz ConnectionMixin.registerProducercCs"|jr |j ¡dSt |¡dS)ze Unregister a producer. If TLS is enabled, the TLS connection handles this. N)r-r*r"rr#r r rr"Üsz"ConnectionMixin.unregisterProducerN)T) r$r%r&r'r-r6rrrrr"r r r rr7˜s    r7c@óeZdZdZdZdS)Ú ClientMixina= A mixin for L{twisted.internet.tcp.Client} which just marks it as a client for the purposes of the default TLS handshake. @ivar _tlsClientDefault: Always C{True}, indicating that this is a client connection, and by default when TLS is negotiated this class will act as a TLS client. TN©r$r%r&r'r(r r r rr>èó r>c@r=)Ú ServerMixina> A mixin for L{twisted.internet.tcp.Server} which just marks it as a server for the purposes of the default TLS handshake. @ivar _tlsClientDefault: Always C{False}, indicating that this is a server connection, and by default when TLS is negotiated this class will act as a TLS server. FNr?r r r rrAõr@rAN)r'Úzope.interfacerÚtwisted.internet.abstractrÚtwisted.internet.interfacesrÚtwisted.protocols.tlsrrrr6r7r>rAr r r rÚs  <GP