ó >´­_c@saddlZddlZddlZddlmZddlmZdZddd„ƒYZdS(iÿÿÿÿN(tProxySchemeUnsupported(tsixi@t SSLTransportcBs(eZdZed„ƒZded„Zd„Zd„Z d„Z ddd„Z ddd „Z ddd „Z dd „Zdd „Zd ddddd„Zd„Zd„Zed„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zdd„Zd„ZRS(sL The SSLTransport wraps an existing socket and establishes an SSL connection. Contrary to Python's implementation of SSLSocket, it allows you to chain multiple TLS connections together. It's particularly useful if you need to implement TLS within TLS. The class supports most of the socket API operations. cCs:t|dƒs6tjr'tdƒ‚q6tdƒ‚ndS(sÒ Raises a ProxySchemeUnsupported if the provided ssl_context can't be used for TLS in TLS. The only requirement is that the ssl_context provides the 'wrap_bio' methods. twrap_biosKTLS in TLS requires SSLContext.wrap_bio() which isn't supported on Python 2sXTLS in TLS requires SSLContext.wrap_bio() which isn't available on non-native SSLContextN(thasattrRtPY2R(t ssl_context((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyt$_validate_ssl_context_for_tls_in_tlss   cCshtjƒ|_tjƒ|_||_||_|j|j|jd|ƒ|_|j|jj ƒdS(sV Create an SSLTransport around socket using the provided ssl_context. tserver_hostnameN( tsslt MemoryBIOtincomingtoutgoingtsuppress_ragged_eofstsocketRtsslobjt _ssl_io_loopt do_handshake(tselfRRRR ((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyt__init__,s  cCs|S(N((R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyt __enter__?scGs|jƒdS(N(tclose(Rt_((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyt__exit__BscCs |jjƒS(N(Rtfileno(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyREsicCs|j||ƒS(N(t_wrap_ssl_read(Rtlentbuffer((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pytreadHsicCs(|dkrtdƒ‚n|j|ƒS(Nis+non-zero flags not allowed in calls to recv(t ValueErrorR(RRtflags((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pytrecvKs cCsa|dkrtdƒ‚n|r<|dkr<t|ƒ}n|dkrQd}n|j||ƒS(Nis0non-zero flags not allowed in calls to recv_intoi(RtNoneRR(RRtnbytesR((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyt recv_intoPs   c CsŽ|dkrtdƒ‚nd}t|ƒ[}|jdƒC}t|ƒ}x-||kr}|j||ƒ}||7}qQWWdQXWdQXdS(Nis.non-zero flags not allowed in calls to sendalltB(Rt memoryviewtcastRtsend(RtdataRtcounttviewt byte_viewtamounttv((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pytsendallYs  cCs7|dkrtdƒ‚n|j|jj|ƒ}|S(Nis+non-zero flags not allowed in calls to send(RRRtwrite(RR'Rtresponse((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyR&cs trc Csœt|ƒdddhks1td|fƒ‚nd|k}d|kpM| }|sb|sbt‚d|k}d} |r‡| d7} n|rš| d7} ntj|| ƒ} |jjd7_|d krÓd}n|dkrëtj}n|dkr|s td ƒ‚n| S|r4|r4tj | | |ƒ} n9|rOtj | |ƒ} n|s[t‚tj | |ƒ} |rw| Stj | |||ƒ} || _ | S( s Python's httpclient uses makefile and buffered io when reading HTTP messages and we need to support it. This is unfortunately a copy and paste of socket.py makefile with small changes to point to the socket directly. R0twtbs&invalid mode %r (only r, w, b allowed)tiiÿÿÿÿis!unbuffered streams must be binaryN(tsetRtAssertionErrorRtSocketIOt_io_refsR tiotDEFAULT_BUFFER_SIZEtBufferedRWPairtBufferedReadertBufferedWritert TextIOWrappertmode( RR>t bufferingtencodingterrorstnewlinetwritingtreadingtbinarytrawmodetrawRttext((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pytmakefileis@             cCs|j|jjƒdS(N(RRtunwrap(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRJ–scCs|jjƒdS(N(RR(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyR™scCs|jj|ƒS(N(Rt getpeercert(Rt binary_form((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRKœscCs |jjƒS(N(Rtversion(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRMŸscCs |jjƒS(N(Rtcipher(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRN¢scCs |jjƒS(N(Rtselected_alpn_protocol(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRO¥scCs |jjƒS(N(Rtselected_npn_protocol(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRP¨scCs |jjƒS(N(Rtshared_ciphers(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRQ«scCs |jjƒS(N(Rt compression(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRR®scCs|jj|ƒdS(N(Rt settimeout(Rtvalue((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRS±scCs |jjƒS(N(Rt gettimeout(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRU´scCs|jjƒdS(N(Rt_decref_socketios(R((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRV·scCs\y|j|jj||ƒSWn8tjk rW}|jtjkrQ|jrQdS‚nXdS(Ni(RRRR tSSLErrorterrnot SSL_ERROR_EOFR (RRRte((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRºs cGs÷t}d}xä|ròd}y||Œ}WnCtjk rp}|jtjtjfkrd|‚n|j}nX|jjƒ}|j j |ƒ|dkr¥t }q|tjkr|j j t ƒ}|rß|jj|ƒqï|jjƒqqW|S(s? Performs an I/O loop between incoming/outgoing and the socket.N(tTrueR R RWRXtSSL_ERROR_WANT_READtSSL_ERROR_WANT_WRITER RRR-tFalseRt SSL_BLOCKSIZER R.t write_eof(Rtfunctargst should_looptretRXRZtbuf((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyRÃs(     N( t__name__t __module__t__doc__t staticmethodRR R[RRRRRRR"R-R&RIRJRR^RKRMRNRORPRQRRRSRURVRR(((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyR s4     ,             (( R8RR turllib3.exceptionsRturllib3.packagesRR_R(((sD/opt/awscli/lib/python2.7/site-packages/urllib3/util/ssltransport.pyts