U dRfQ@stddlmZddlZddlZddlZddlZddlmZmZm Z ddlm Z m Z Gddde Z Gdd d e Z dS) )absolute_importN)create_thriftpy_contextRESTRICTED_SERVER_CIPHERSDEFAULT_CIPHERS)TSocket TServerSocketc s@eZdZdZejddddddddef fdd ZddZZ S) TSSLSocketz.SSL socket implementation for client side NTc sztt|j|||||d|r&||_nPtd| d|_|s<| rL|jj|| d| r`|jj| | d|svd|j_tj |j_ dS)uInitialize a TSSLSocket @param validate(bool) Set to False to disable SSL certificate validation and hostname validation. Default enabled. @param cafile(str) Path to a file of concatenated CA certificates in PEM format. @param capath(str) path to a directory containing several CA certificates in PEM format, following an OpenSSL specific layout. @param certfile(str) The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate’s authenticity. @param keyfile(str) The keyfile string, if not present, the private key will be taken from certfile as well. @param ciphers(list) The cipher suites to allow @param ssl_context(SSLContext) Customize the SSLContext, can be used to persist SSLContext object. Caution it's easy to get wrong, only use if you know what you're doing. The `host` must be the same with server if validate enabled. )hostport socket_familyconnect_timeoutsocket_timeoutF server_sideciphers)cafilecapath)keyfileN) superr __init__ ssl_contextrload_verify_locationsload_cert_chaincheck_hostnamessl CERT_NONE verify_mode) selfr r r rrrvalidaterrcertfilerr __class__A/tmp/pip-unpacked-wheel-jqs7l_7o/thriftpy2/transport/sslsocket.pyrs* zTSSLSocket.__init__cCspt|jtj}|jj||jd}tddd}|tj tj ||tj tj d|tj tj d||_dS)N)server_hostnameiirr)socketr SOCK_STREAMr wrap_socketr structpack setsockopt SOL_SOCKET SO_LINGER SO_KEEPALIVE IPPROTO_TCP TCP_NODELAYsock)r_sockZlingerr$r$r% _init_sockEszTSSLSocket._init_sock) __name__ __module__ __qualname____doc__r(AF_INETrrr5 __classcell__r$r$r"r%r s/r cs8eZdZdZejddddeffdd Zdd ZZ S) TSSLServerSocketz(SSL implementation of TServerSocket r Nzcert.pemc s`tt|j|||||d|r&||_n6t|tjs@td|td|d|_|jj |ddS)asInitialize a TSSLServerSocket @param certfile(str) The server cert pem filename @param ciphers(list) The cipher suites to allow @param ssl_context(SSLContext) Customize the SSLContext, can be used to persist SSLContext object. Caution it's easy to get wrong, only use if you know what you're doing. )r r r client_timeoutbacklogzNo such certfile found: %sTr)r!N) rr<rrosaccessR_OKIOErrorrr) rr r r r>r?rr!rr"r$r%rUs  zTSSLServerSocket.__init__cCsp|j\}}z|jj|dd}Wn,tjk rN|tj| YnX|j rb| |j t |dSdS)NT)r)r3) r3acceptrr*rSSLErrorshutdownr( SHUT_RDWRcloser> settimeoutr)rr3_Zssl_sockr$r$r%rDos  zTSSLServerSocket.accept) r6r7r8r9r(r:rrrDr;r$r$r"r%r<Qsr<) __future__rr@r(rr+_sslrrrrrr r<r$r$r$r%s ?