Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 1 | import collections |
Victor Stinner | 978a9af | 2015-01-29 17:50:58 +0100 | [diff] [blame] | 2 | import warnings |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 3 | try: |
| 4 | import ssl |
| 5 | except ImportError: # pragma: no cover |
| 6 | ssl = None |
| 7 | |
Yury Selivanov | 77bc04a | 2016-06-28 10:55:36 -0400 | [diff] [blame] | 8 | from . import base_events |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 9 | from . import constants |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 10 | from . import protocols |
| 11 | from . import transports |
| 12 | from .log import logger |
| 13 | |
| 14 | |
| 15 | def _create_transport_context(server_side, server_hostname): |
| 16 | if server_side: |
| 17 | raise ValueError('Server side SSL needs a valid SSLContext') |
| 18 | |
| 19 | # Client side may pass ssl=True to use a default |
| 20 | # context; in that case the sslcontext passed is None. |
| 21 | # The default is secure for client connections. |
Andrew Svetlov | 51d546a | 2017-11-18 18:54:05 +0200 | [diff] [blame] | 22 | # Python 3.4+: use up-to-date strong settings. |
| 23 | sslcontext = ssl.create_default_context() |
| 24 | if not server_hostname: |
| 25 | sslcontext.check_hostname = False |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 26 | return sslcontext |
| 27 | |
| 28 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 29 | # States of an _SSLPipe. |
| 30 | _UNWRAPPED = "UNWRAPPED" |
| 31 | _DO_HANDSHAKE = "DO_HANDSHAKE" |
| 32 | _WRAPPED = "WRAPPED" |
| 33 | _SHUTDOWN = "SHUTDOWN" |
| 34 | |
| 35 | |
| 36 | class _SSLPipe(object): |
| 37 | """An SSL "Pipe". |
| 38 | |
| 39 | An SSL pipe allows you to communicate with an SSL/TLS protocol instance |
| 40 | through memory buffers. It can be used to implement a security layer for an |
| 41 | existing connection where you don't have access to the connection's file |
| 42 | descriptor, or for some reason you don't want to use it. |
| 43 | |
| 44 | An SSL pipe can be in "wrapped" and "unwrapped" mode. In unwrapped mode, |
| 45 | data is passed through untransformed. In wrapped mode, application level |
| 46 | data is encrypted to SSL record level data and vice versa. The SSL record |
| 47 | level is the lowest level in the SSL protocol suite and is what travels |
| 48 | as-is over the wire. |
| 49 | |
| 50 | An SslPipe initially is in "unwrapped" mode. To start SSL, call |
| 51 | do_handshake(). To shutdown SSL again, call unwrap(). |
| 52 | """ |
| 53 | |
| 54 | max_size = 256 * 1024 # Buffer size passed to read() |
| 55 | |
| 56 | def __init__(self, context, server_side, server_hostname=None): |
| 57 | """ |
| 58 | The *context* argument specifies the ssl.SSLContext to use. |
| 59 | |
| 60 | The *server_side* argument indicates whether this is a server side or |
| 61 | client side transport. |
| 62 | |
| 63 | The optional *server_hostname* argument can be used to specify the |
| 64 | hostname you are connecting to. You may only specify this parameter if |
| 65 | the _ssl module supports Server Name Indication (SNI). |
| 66 | """ |
| 67 | self._context = context |
| 68 | self._server_side = server_side |
| 69 | self._server_hostname = server_hostname |
| 70 | self._state = _UNWRAPPED |
| 71 | self._incoming = ssl.MemoryBIO() |
| 72 | self._outgoing = ssl.MemoryBIO() |
| 73 | self._sslobj = None |
| 74 | self._need_ssldata = False |
| 75 | self._handshake_cb = None |
| 76 | self._shutdown_cb = None |
| 77 | |
| 78 | @property |
| 79 | def context(self): |
| 80 | """The SSL context passed to the constructor.""" |
| 81 | return self._context |
| 82 | |
| 83 | @property |
| 84 | def ssl_object(self): |
| 85 | """The internal ssl.SSLObject instance. |
| 86 | |
| 87 | Return None if the pipe is not wrapped. |
| 88 | """ |
| 89 | return self._sslobj |
| 90 | |
| 91 | @property |
| 92 | def need_ssldata(self): |
| 93 | """Whether more record level data is needed to complete a handshake |
| 94 | that is currently in progress.""" |
| 95 | return self._need_ssldata |
| 96 | |
| 97 | @property |
| 98 | def wrapped(self): |
| 99 | """ |
| 100 | Whether a security layer is currently in effect. |
| 101 | |
| 102 | Return False during handshake. |
| 103 | """ |
| 104 | return self._state == _WRAPPED |
| 105 | |
| 106 | def do_handshake(self, callback=None): |
| 107 | """Start the SSL handshake. |
| 108 | |
| 109 | Return a list of ssldata. A ssldata element is a list of buffers |
| 110 | |
| 111 | The optional *callback* argument can be used to install a callback that |
| 112 | will be called when the handshake is complete. The callback will be |
| 113 | called with None if successful, else an exception instance. |
| 114 | """ |
| 115 | if self._state != _UNWRAPPED: |
| 116 | raise RuntimeError('handshake in progress or completed') |
| 117 | self._sslobj = self._context.wrap_bio( |
| 118 | self._incoming, self._outgoing, |
| 119 | server_side=self._server_side, |
| 120 | server_hostname=self._server_hostname) |
| 121 | self._state = _DO_HANDSHAKE |
| 122 | self._handshake_cb = callback |
| 123 | ssldata, appdata = self.feed_ssldata(b'', only_handshake=True) |
| 124 | assert len(appdata) == 0 |
| 125 | return ssldata |
| 126 | |
| 127 | def shutdown(self, callback=None): |
| 128 | """Start the SSL shutdown sequence. |
| 129 | |
| 130 | Return a list of ssldata. A ssldata element is a list of buffers |
| 131 | |
| 132 | The optional *callback* argument can be used to install a callback that |
| 133 | will be called when the shutdown is complete. The callback will be |
| 134 | called without arguments. |
| 135 | """ |
| 136 | if self._state == _UNWRAPPED: |
| 137 | raise RuntimeError('no security layer present') |
| 138 | if self._state == _SHUTDOWN: |
| 139 | raise RuntimeError('shutdown in progress') |
| 140 | assert self._state in (_WRAPPED, _DO_HANDSHAKE) |
| 141 | self._state = _SHUTDOWN |
| 142 | self._shutdown_cb = callback |
| 143 | ssldata, appdata = self.feed_ssldata(b'') |
| 144 | assert appdata == [] or appdata == [b''] |
| 145 | return ssldata |
| 146 | |
| 147 | def feed_eof(self): |
| 148 | """Send a potentially "ragged" EOF. |
| 149 | |
| 150 | This method will raise an SSL_ERROR_EOF exception if the EOF is |
| 151 | unexpected. |
| 152 | """ |
| 153 | self._incoming.write_eof() |
| 154 | ssldata, appdata = self.feed_ssldata(b'') |
| 155 | assert appdata == [] or appdata == [b''] |
| 156 | |
| 157 | def feed_ssldata(self, data, only_handshake=False): |
| 158 | """Feed SSL record level data into the pipe. |
| 159 | |
| 160 | The data must be a bytes instance. It is OK to send an empty bytes |
| 161 | instance. This can be used to get ssldata for a handshake initiated by |
| 162 | this endpoint. |
| 163 | |
| 164 | Return a (ssldata, appdata) tuple. The ssldata element is a list of |
| 165 | buffers containing SSL data that needs to be sent to the remote SSL. |
| 166 | |
| 167 | The appdata element is a list of buffers containing plaintext data that |
| 168 | needs to be forwarded to the application. The appdata list may contain |
| 169 | an empty buffer indicating an SSL "close_notify" alert. This alert must |
| 170 | be acknowledged by calling shutdown(). |
| 171 | """ |
| 172 | if self._state == _UNWRAPPED: |
| 173 | # If unwrapped, pass plaintext data straight through. |
| 174 | if data: |
| 175 | appdata = [data] |
| 176 | else: |
| 177 | appdata = [] |
| 178 | return ([], appdata) |
| 179 | |
| 180 | self._need_ssldata = False |
| 181 | if data: |
| 182 | self._incoming.write(data) |
| 183 | |
| 184 | ssldata = [] |
| 185 | appdata = [] |
| 186 | try: |
| 187 | if self._state == _DO_HANDSHAKE: |
| 188 | # Call do_handshake() until it doesn't raise anymore. |
| 189 | self._sslobj.do_handshake() |
| 190 | self._state = _WRAPPED |
| 191 | if self._handshake_cb: |
| 192 | self._handshake_cb(None) |
| 193 | if only_handshake: |
| 194 | return (ssldata, appdata) |
| 195 | # Handshake done: execute the wrapped block |
| 196 | |
| 197 | if self._state == _WRAPPED: |
| 198 | # Main state: read data from SSL until close_notify |
| 199 | while True: |
| 200 | chunk = self._sslobj.read(self.max_size) |
| 201 | appdata.append(chunk) |
| 202 | if not chunk: # close_notify |
| 203 | break |
| 204 | |
| 205 | elif self._state == _SHUTDOWN: |
| 206 | # Call shutdown() until it doesn't raise anymore. |
| 207 | self._sslobj.unwrap() |
| 208 | self._sslobj = None |
| 209 | self._state = _UNWRAPPED |
| 210 | if self._shutdown_cb: |
| 211 | self._shutdown_cb() |
| 212 | |
| 213 | elif self._state == _UNWRAPPED: |
| 214 | # Drain possible plaintext data after close_notify. |
| 215 | appdata.append(self._incoming.read()) |
| 216 | except (ssl.SSLError, ssl.CertificateError) as exc: |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 217 | exc_errno = getattr(exc, 'errno', None) |
| 218 | if exc_errno not in ( |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 219 | ssl.SSL_ERROR_WANT_READ, ssl.SSL_ERROR_WANT_WRITE, |
| 220 | ssl.SSL_ERROR_SYSCALL): |
| 221 | if self._state == _DO_HANDSHAKE and self._handshake_cb: |
| 222 | self._handshake_cb(exc) |
| 223 | raise |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 224 | self._need_ssldata = (exc_errno == ssl.SSL_ERROR_WANT_READ) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 225 | |
| 226 | # Check for record level data that needs to be sent back. |
| 227 | # Happens for the initial handshake and renegotiations. |
| 228 | if self._outgoing.pending: |
| 229 | ssldata.append(self._outgoing.read()) |
| 230 | return (ssldata, appdata) |
| 231 | |
| 232 | def feed_appdata(self, data, offset=0): |
| 233 | """Feed plaintext data into the pipe. |
| 234 | |
| 235 | Return an (ssldata, offset) tuple. The ssldata element is a list of |
| 236 | buffers containing record level data that needs to be sent to the |
| 237 | remote SSL instance. The offset is the number of plaintext bytes that |
| 238 | were processed, which may be less than the length of data. |
| 239 | |
| 240 | NOTE: In case of short writes, this call MUST be retried with the SAME |
| 241 | buffer passed into the *data* argument (i.e. the id() must be the |
| 242 | same). This is an OpenSSL requirement. A further particularity is that |
| 243 | a short write will always have offset == 0, because the _ssl module |
| 244 | does not enable partial writes. And even though the offset is zero, |
| 245 | there will still be encrypted data in ssldata. |
| 246 | """ |
| 247 | assert 0 <= offset <= len(data) |
| 248 | if self._state == _UNWRAPPED: |
| 249 | # pass through data in unwrapped mode |
| 250 | if offset < len(data): |
| 251 | ssldata = [data[offset:]] |
| 252 | else: |
| 253 | ssldata = [] |
| 254 | return (ssldata, len(data)) |
| 255 | |
| 256 | ssldata = [] |
| 257 | view = memoryview(data) |
| 258 | while True: |
| 259 | self._need_ssldata = False |
| 260 | try: |
| 261 | if offset < len(view): |
| 262 | offset += self._sslobj.write(view[offset:]) |
| 263 | except ssl.SSLError as exc: |
| 264 | # It is not allowed to call write() after unwrap() until the |
| 265 | # close_notify is acknowledged. We return the condition to the |
| 266 | # caller as a short write. |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 267 | exc_errno = getattr(exc, 'errno', None) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 268 | if exc.reason == 'PROTOCOL_IS_SHUTDOWN': |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 269 | exc_errno = exc.errno = ssl.SSL_ERROR_WANT_READ |
| 270 | if exc_errno not in (ssl.SSL_ERROR_WANT_READ, |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 271 | ssl.SSL_ERROR_WANT_WRITE, |
| 272 | ssl.SSL_ERROR_SYSCALL): |
| 273 | raise |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 274 | self._need_ssldata = (exc_errno == ssl.SSL_ERROR_WANT_READ) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 275 | |
| 276 | # See if there's any record level data back for us. |
| 277 | if self._outgoing.pending: |
| 278 | ssldata.append(self._outgoing.read()) |
| 279 | if offset == len(view) or self._need_ssldata: |
| 280 | break |
| 281 | return (ssldata, offset) |
| 282 | |
| 283 | |
| 284 | class _SSLProtocolTransport(transports._FlowControlMixin, |
| 285 | transports.Transport): |
| 286 | |
Andrew Svetlov | 7c68407 | 2018-01-27 21:22:47 +0200 | [diff] [blame] | 287 | _sendfile_compatible = constants._SendfileMode.FALLBACK |
| 288 | |
jlacoline | ea2ef5d | 2017-10-19 19:49:57 +0200 | [diff] [blame] | 289 | def __init__(self, loop, ssl_protocol): |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 290 | self._loop = loop |
Victor Stinner | f7dc7fb | 2015-09-21 18:06:17 +0200 | [diff] [blame] | 291 | # SSLProtocol instance |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 292 | self._ssl_protocol = ssl_protocol |
Victor Stinner | 978a9af | 2015-01-29 17:50:58 +0100 | [diff] [blame] | 293 | self._closed = False |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 294 | |
| 295 | def get_extra_info(self, name, default=None): |
| 296 | """Get optional transport information.""" |
| 297 | return self._ssl_protocol._get_extra_info(name, default) |
| 298 | |
Yury Selivanov | a05a6ef | 2016-09-11 21:11:02 -0400 | [diff] [blame] | 299 | def set_protocol(self, protocol): |
Yury Selivanov | 2179022 | 2018-05-29 05:02:40 -0400 | [diff] [blame] | 300 | self._ssl_protocol._set_app_protocol(protocol) |
Yury Selivanov | a05a6ef | 2016-09-11 21:11:02 -0400 | [diff] [blame] | 301 | |
| 302 | def get_protocol(self): |
jlacoline | ea2ef5d | 2017-10-19 19:49:57 +0200 | [diff] [blame] | 303 | return self._ssl_protocol._app_protocol |
Yury Selivanov | a05a6ef | 2016-09-11 21:11:02 -0400 | [diff] [blame] | 304 | |
Yury Selivanov | 5bb1afb | 2015-11-16 12:43:21 -0500 | [diff] [blame] | 305 | def is_closing(self): |
| 306 | return self._closed |
| 307 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 308 | def close(self): |
| 309 | """Close the transport. |
| 310 | |
| 311 | Buffered data will be flushed asynchronously. No more data |
| 312 | will be received. After all buffered data is flushed, the |
| 313 | protocol's connection_lost() method will (eventually) called |
| 314 | with None as its argument. |
| 315 | """ |
Victor Stinner | 978a9af | 2015-01-29 17:50:58 +0100 | [diff] [blame] | 316 | self._closed = True |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 317 | self._ssl_protocol._start_shutdown() |
| 318 | |
Victor Stinner | fb2c346 | 2019-01-10 11:24:40 +0100 | [diff] [blame] | 319 | def __del__(self, _warn=warnings.warn): |
INADA Naoki | 3e2ad8e | 2017-04-25 10:57:18 +0900 | [diff] [blame] | 320 | if not self._closed: |
Victor Stinner | fb2c346 | 2019-01-10 11:24:40 +0100 | [diff] [blame] | 321 | _warn(f"unclosed transport {self!r}", ResourceWarning, source=self) |
INADA Naoki | 3e2ad8e | 2017-04-25 10:57:18 +0900 | [diff] [blame] | 322 | self.close() |
Victor Stinner | 978a9af | 2015-01-29 17:50:58 +0100 | [diff] [blame] | 323 | |
Yury Selivanov | d757aaf | 2017-12-18 17:03:23 -0500 | [diff] [blame] | 324 | def is_reading(self): |
| 325 | tr = self._ssl_protocol._transport |
| 326 | if tr is None: |
| 327 | raise RuntimeError('SSL transport has not been initialized yet') |
| 328 | return tr.is_reading() |
| 329 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 330 | def pause_reading(self): |
| 331 | """Pause the receiving end. |
| 332 | |
| 333 | No data will be passed to the protocol's data_received() |
| 334 | method until resume_reading() is called. |
| 335 | """ |
| 336 | self._ssl_protocol._transport.pause_reading() |
| 337 | |
| 338 | def resume_reading(self): |
| 339 | """Resume the receiving end. |
| 340 | |
| 341 | Data received will once again be passed to the protocol's |
| 342 | data_received() method. |
| 343 | """ |
| 344 | self._ssl_protocol._transport.resume_reading() |
| 345 | |
| 346 | def set_write_buffer_limits(self, high=None, low=None): |
| 347 | """Set the high- and low-water limits for write flow control. |
| 348 | |
| 349 | These two values control when to call the protocol's |
| 350 | pause_writing() and resume_writing() methods. If specified, |
| 351 | the low-water limit must be less than or equal to the |
| 352 | high-water limit. Neither value can be negative. |
| 353 | |
| 354 | The defaults are implementation-specific. If only the |
Serhiy Storchaka | d65c949 | 2015-11-02 14:10:23 +0200 | [diff] [blame] | 355 | high-water limit is given, the low-water limit defaults to an |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 356 | implementation-specific value less than or equal to the |
| 357 | high-water limit. Setting high to zero forces low to zero as |
| 358 | well, and causes pause_writing() to be called whenever the |
| 359 | buffer becomes non-empty. Setting low to zero causes |
| 360 | resume_writing() to be called only once the buffer is empty. |
| 361 | Use of zero for either limit is generally sub-optimal as it |
| 362 | reduces opportunities for doing I/O and computation |
| 363 | concurrently. |
| 364 | """ |
| 365 | self._ssl_protocol._transport.set_write_buffer_limits(high, low) |
| 366 | |
| 367 | def get_write_buffer_size(self): |
| 368 | """Return the current size of the write buffer.""" |
| 369 | return self._ssl_protocol._transport.get_write_buffer_size() |
| 370 | |
Andrew Svetlov | 7c68407 | 2018-01-27 21:22:47 +0200 | [diff] [blame] | 371 | @property |
| 372 | def _protocol_paused(self): |
| 373 | # Required for sendfile fallback pause_writing/resume_writing logic |
| 374 | return self._ssl_protocol._transport._protocol_paused |
| 375 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 376 | def write(self, data): |
| 377 | """Write some data bytes to the transport. |
| 378 | |
| 379 | This does not block; it buffers the data and arranges for it |
| 380 | to be sent out asynchronously. |
| 381 | """ |
| 382 | if not isinstance(data, (bytes, bytearray, memoryview)): |
Yury Selivanov | 6370f34 | 2017-12-10 18:36:12 -0500 | [diff] [blame] | 383 | raise TypeError(f"data: expecting a bytes-like instance, " |
| 384 | f"got {type(data).__name__}") |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 385 | if not data: |
| 386 | return |
| 387 | self._ssl_protocol._write_appdata(data) |
| 388 | |
| 389 | def can_write_eof(self): |
| 390 | """Return True if this transport supports write_eof(), False if not.""" |
| 391 | return False |
| 392 | |
| 393 | def abort(self): |
| 394 | """Close the transport immediately. |
| 395 | |
| 396 | Buffered data will be lost. No more data will be received. |
| 397 | The protocol's connection_lost() method will (eventually) be |
| 398 | called with None as its argument. |
| 399 | """ |
| 400 | self._ssl_protocol._abort() |
Yury Selivanov | 415bc46 | 2018-06-05 08:59:58 -0400 | [diff] [blame] | 401 | self._closed = True |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 402 | |
| 403 | |
| 404 | class SSLProtocol(protocols.Protocol): |
| 405 | """SSL protocol. |
| 406 | |
| 407 | Implementation of SSL on top of a socket using incoming and outgoing |
| 408 | buffers which are ssl.MemoryBIO objects. |
| 409 | """ |
| 410 | |
| 411 | def __init__(self, loop, app_protocol, sslcontext, waiter, |
Yury Selivanov | 92e7c7f | 2016-10-05 19:39:54 -0400 | [diff] [blame] | 412 | server_side=False, server_hostname=None, |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 413 | call_connection_made=True, |
Andrew Svetlov | 51eb1c6 | 2017-12-20 20:24:43 +0200 | [diff] [blame] | 414 | ssl_handshake_timeout=None): |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 415 | if ssl is None: |
| 416 | raise RuntimeError('stdlib ssl module not available') |
| 417 | |
Andrew Svetlov | 51eb1c6 | 2017-12-20 20:24:43 +0200 | [diff] [blame] | 418 | if ssl_handshake_timeout is None: |
| 419 | ssl_handshake_timeout = constants.SSL_HANDSHAKE_TIMEOUT |
| 420 | elif ssl_handshake_timeout <= 0: |
| 421 | raise ValueError( |
| 422 | f"ssl_handshake_timeout should be a positive number, " |
| 423 | f"got {ssl_handshake_timeout}") |
| 424 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 425 | if not sslcontext: |
Yury Selivanov | 6370f34 | 2017-12-10 18:36:12 -0500 | [diff] [blame] | 426 | sslcontext = _create_transport_context( |
| 427 | server_side, server_hostname) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 428 | |
| 429 | self._server_side = server_side |
| 430 | if server_hostname and not server_side: |
| 431 | self._server_hostname = server_hostname |
| 432 | else: |
| 433 | self._server_hostname = None |
| 434 | self._sslcontext = sslcontext |
| 435 | # SSL-specific extra info. More info are set when the handshake |
| 436 | # completes. |
| 437 | self._extra = dict(sslcontext=sslcontext) |
| 438 | |
| 439 | # App data write buffering |
| 440 | self._write_backlog = collections.deque() |
| 441 | self._write_buffer_size = 0 |
| 442 | |
| 443 | self._waiter = waiter |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 444 | self._loop = loop |
Yury Selivanov | 2179022 | 2018-05-29 05:02:40 -0400 | [diff] [blame] | 445 | self._set_app_protocol(app_protocol) |
jlacoline | ea2ef5d | 2017-10-19 19:49:57 +0200 | [diff] [blame] | 446 | self._app_transport = _SSLProtocolTransport(self._loop, self) |
Victor Stinner | f7dc7fb | 2015-09-21 18:06:17 +0200 | [diff] [blame] | 447 | # _SSLPipe instance (None until the connection is made) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 448 | self._sslpipe = None |
| 449 | self._session_established = False |
| 450 | self._in_handshake = False |
| 451 | self._in_shutdown = False |
Victor Stinner | f7dc7fb | 2015-09-21 18:06:17 +0200 | [diff] [blame] | 452 | # transport, ex: SelectorSocketTransport |
Victor Stinner | 7e222f4 | 2015-01-15 13:16:27 +0100 | [diff] [blame] | 453 | self._transport = None |
Yury Selivanov | 92e7c7f | 2016-10-05 19:39:54 -0400 | [diff] [blame] | 454 | self._call_connection_made = call_connection_made |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 455 | self._ssl_handshake_timeout = ssl_handshake_timeout |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 456 | |
Yury Selivanov | 2179022 | 2018-05-29 05:02:40 -0400 | [diff] [blame] | 457 | def _set_app_protocol(self, app_protocol): |
| 458 | self._app_protocol = app_protocol |
| 459 | self._app_protocol_is_buffer = \ |
| 460 | isinstance(app_protocol, protocols.BufferedProtocol) |
| 461 | |
Victor Stinner | f07801b | 2015-01-29 00:36:35 +0100 | [diff] [blame] | 462 | def _wakeup_waiter(self, exc=None): |
| 463 | if self._waiter is None: |
| 464 | return |
| 465 | if not self._waiter.cancelled(): |
| 466 | if exc is not None: |
| 467 | self._waiter.set_exception(exc) |
| 468 | else: |
| 469 | self._waiter.set_result(None) |
| 470 | self._waiter = None |
| 471 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 472 | def connection_made(self, transport): |
| 473 | """Called when the low-level connection is made. |
| 474 | |
| 475 | Start the SSL handshake. |
| 476 | """ |
| 477 | self._transport = transport |
| 478 | self._sslpipe = _SSLPipe(self._sslcontext, |
| 479 | self._server_side, |
| 480 | self._server_hostname) |
| 481 | self._start_handshake() |
| 482 | |
| 483 | def connection_lost(self, exc): |
| 484 | """Called when the low-level connection is lost or closed. |
| 485 | |
| 486 | The argument is an exception object or None (the latter |
| 487 | meaning a regular EOF is received or the connection was |
| 488 | aborted or closed). |
| 489 | """ |
| 490 | if self._session_established: |
| 491 | self._session_established = False |
| 492 | self._loop.call_soon(self._app_protocol.connection_lost, exc) |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 493 | else: |
| 494 | # Most likely an exception occurred while in SSL handshake. |
| 495 | # Just mark the app transport as closed so that its __del__ |
| 496 | # doesn't complain. |
| 497 | if self._app_transport is not None: |
| 498 | self._app_transport._closed = True |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 499 | self._transport = None |
| 500 | self._app_transport = None |
Yury Selivanov | b1461aa | 2016-12-16 11:50:41 -0500 | [diff] [blame] | 501 | self._wakeup_waiter(exc) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 502 | |
| 503 | def pause_writing(self): |
| 504 | """Called when the low-level transport's buffer goes over |
| 505 | the high-water mark. |
| 506 | """ |
| 507 | self._app_protocol.pause_writing() |
| 508 | |
| 509 | def resume_writing(self): |
| 510 | """Called when the low-level transport's buffer drains below |
| 511 | the low-water mark. |
| 512 | """ |
| 513 | self._app_protocol.resume_writing() |
| 514 | |
| 515 | def data_received(self, data): |
| 516 | """Called when some SSL data is received. |
| 517 | |
| 518 | The argument is a bytes object. |
| 519 | """ |
Andrew Svetlov | 5e80a71 | 2018-03-10 17:48:35 +0200 | [diff] [blame] | 520 | if self._sslpipe is None: |
| 521 | # transport closing, sslpipe is destroyed |
| 522 | return |
| 523 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 524 | try: |
| 525 | ssldata, appdata = self._sslpipe.feed_ssldata(data) |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 526 | except Exception as e: |
| 527 | self._fatal_error(e, 'SSL error in data received') |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 528 | return |
| 529 | |
| 530 | for chunk in ssldata: |
| 531 | self._transport.write(chunk) |
| 532 | |
| 533 | for chunk in appdata: |
| 534 | if chunk: |
Yury Selivanov | dbf1022 | 2018-05-28 14:31:28 -0400 | [diff] [blame] | 535 | try: |
| 536 | if self._app_protocol_is_buffer: |
Victor Stinner | ff6c077 | 2018-06-08 10:32:06 +0200 | [diff] [blame] | 537 | protocols._feed_data_to_buffered_proto( |
Yury Selivanov | dbf1022 | 2018-05-28 14:31:28 -0400 | [diff] [blame] | 538 | self._app_protocol, chunk) |
| 539 | else: |
| 540 | self._app_protocol.data_received(chunk) |
| 541 | except Exception as ex: |
| 542 | self._fatal_error( |
| 543 | ex, 'application protocol failed to receive SSL data') |
| 544 | return |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 545 | else: |
| 546 | self._start_shutdown() |
| 547 | break |
| 548 | |
| 549 | def eof_received(self): |
| 550 | """Called when the other end of the low-level stream |
| 551 | is half-closed. |
| 552 | |
| 553 | If this returns a false value (including None), the transport |
| 554 | will close itself. If it returns a true value, closing the |
| 555 | transport is up to the protocol. |
| 556 | """ |
| 557 | try: |
| 558 | if self._loop.get_debug(): |
| 559 | logger.debug("%r received EOF", self) |
Victor Stinner | b507cba | 2015-01-29 00:35:56 +0100 | [diff] [blame] | 560 | |
Victor Stinner | f07801b | 2015-01-29 00:36:35 +0100 | [diff] [blame] | 561 | self._wakeup_waiter(ConnectionResetError) |
Victor Stinner | b507cba | 2015-01-29 00:35:56 +0100 | [diff] [blame] | 562 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 563 | if not self._in_handshake: |
| 564 | keep_open = self._app_protocol.eof_received() |
| 565 | if keep_open: |
| 566 | logger.warning('returning true from eof_received() ' |
| 567 | 'has no effect when using ssl') |
| 568 | finally: |
| 569 | self._transport.close() |
| 570 | |
| 571 | def _get_extra_info(self, name, default=None): |
| 572 | if name in self._extra: |
| 573 | return self._extra[name] |
Nikolay Kim | 2b27e2e | 2017-03-12 12:23:30 -0700 | [diff] [blame] | 574 | elif self._transport is not None: |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 575 | return self._transport.get_extra_info(name, default) |
Nikolay Kim | 2b27e2e | 2017-03-12 12:23:30 -0700 | [diff] [blame] | 576 | else: |
| 577 | return default |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 578 | |
| 579 | def _start_shutdown(self): |
| 580 | if self._in_shutdown: |
| 581 | return |
Nikolay Kim | a0e3d2d | 2017-06-09 14:46:14 -0700 | [diff] [blame] | 582 | if self._in_handshake: |
| 583 | self._abort() |
| 584 | else: |
| 585 | self._in_shutdown = True |
| 586 | self._write_appdata(b'') |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 587 | |
| 588 | def _write_appdata(self, data): |
| 589 | self._write_backlog.append((data, 0)) |
| 590 | self._write_buffer_size += len(data) |
| 591 | self._process_write_backlog() |
| 592 | |
| 593 | def _start_handshake(self): |
| 594 | if self._loop.get_debug(): |
| 595 | logger.debug("%r starts SSL handshake", self) |
| 596 | self._handshake_start_time = self._loop.time() |
| 597 | else: |
| 598 | self._handshake_start_time = None |
| 599 | self._in_handshake = True |
| 600 | # (b'', 1) is a special value in _process_write_backlog() to do |
| 601 | # the SSL handshake |
| 602 | self._write_backlog.append((b'', 1)) |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 603 | self._handshake_timeout_handle = \ |
| 604 | self._loop.call_later(self._ssl_handshake_timeout, |
| 605 | self._check_handshake_timeout) |
Victor Stinner | be00a55 | 2018-05-29 01:33:35 +0200 | [diff] [blame] | 606 | self._process_write_backlog() |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 607 | |
| 608 | def _check_handshake_timeout(self): |
| 609 | if self._in_handshake is True: |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 610 | msg = ( |
| 611 | f"SSL handshake is taking longer than " |
| 612 | f"{self._ssl_handshake_timeout} seconds: " |
| 613 | f"aborting the connection" |
| 614 | ) |
| 615 | self._fatal_error(ConnectionAbortedError(msg)) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 616 | |
| 617 | def _on_handshake_complete(self, handshake_exc): |
| 618 | self._in_handshake = False |
Neil Aspinall | f7686c1 | 2017-12-19 19:45:42 +0000 | [diff] [blame] | 619 | self._handshake_timeout_handle.cancel() |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 620 | |
| 621 | sslobj = self._sslpipe.ssl_object |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 622 | try: |
| 623 | if handshake_exc is not None: |
| 624 | raise handshake_exc |
Victor Stinner | 177e9f0 | 2015-01-14 16:56:20 +0100 | [diff] [blame] | 625 | |
| 626 | peercert = sslobj.getpeercert() |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 627 | except Exception as exc: |
| 628 | if isinstance(exc, ssl.CertificateError): |
| 629 | msg = 'SSL handshake failed on verifying the certificate' |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 630 | else: |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 631 | msg = 'SSL handshake failed' |
| 632 | self._fatal_error(exc, msg) |
| 633 | return |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 634 | |
| 635 | if self._loop.get_debug(): |
| 636 | dt = self._loop.time() - self._handshake_start_time |
| 637 | logger.debug("%r: SSL handshake took %.1f ms", self, dt * 1e3) |
| 638 | |
| 639 | # Add extra info that becomes available after handshake. |
| 640 | self._extra.update(peercert=peercert, |
| 641 | cipher=sslobj.cipher(), |
| 642 | compression=sslobj.compression(), |
Victor Stinner | f7dc7fb | 2015-09-21 18:06:17 +0200 | [diff] [blame] | 643 | ssl_object=sslobj, |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 644 | ) |
Yury Selivanov | 92e7c7f | 2016-10-05 19:39:54 -0400 | [diff] [blame] | 645 | if self._call_connection_made: |
| 646 | self._app_protocol.connection_made(self._app_transport) |
Victor Stinner | f07801b | 2015-01-29 00:36:35 +0100 | [diff] [blame] | 647 | self._wakeup_waiter() |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 648 | self._session_established = True |
Victor Stinner | 042dad7 | 2015-01-15 09:41:48 +0100 | [diff] [blame] | 649 | # In case transport.write() was already called. Don't call |
Martin Panter | 46f5072 | 2016-05-26 05:35:26 +0000 | [diff] [blame] | 650 | # immediately _process_write_backlog(), but schedule it: |
Victor Stinner | 042dad7 | 2015-01-15 09:41:48 +0100 | [diff] [blame] | 651 | # _on_handshake_complete() can be called indirectly from |
| 652 | # _process_write_backlog(), and _process_write_backlog() is not |
| 653 | # reentrant. |
Victor Stinner | 72bdefb | 2015-01-15 09:44:13 +0100 | [diff] [blame] | 654 | self._loop.call_soon(self._process_write_backlog) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 655 | |
| 656 | def _process_write_backlog(self): |
| 657 | # Try to make progress on the write backlog. |
Andrew Svetlov | 5e80a71 | 2018-03-10 17:48:35 +0200 | [diff] [blame] | 658 | if self._transport is None or self._sslpipe is None: |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 659 | return |
| 660 | |
| 661 | try: |
| 662 | for i in range(len(self._write_backlog)): |
| 663 | data, offset = self._write_backlog[0] |
| 664 | if data: |
| 665 | ssldata, offset = self._sslpipe.feed_appdata(data, offset) |
| 666 | elif offset: |
Yury Selivanov | 8c125eb | 2015-08-05 14:06:23 -0400 | [diff] [blame] | 667 | ssldata = self._sslpipe.do_handshake( |
| 668 | self._on_handshake_complete) |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 669 | offset = 1 |
| 670 | else: |
| 671 | ssldata = self._sslpipe.shutdown(self._finalize) |
| 672 | offset = 1 |
| 673 | |
| 674 | for chunk in ssldata: |
| 675 | self._transport.write(chunk) |
| 676 | |
| 677 | if offset < len(data): |
| 678 | self._write_backlog[0] = (data, offset) |
| 679 | # A short write means that a write is blocked on a read |
| 680 | # We need to enable reading if it is paused! |
| 681 | assert self._sslpipe.need_ssldata |
| 682 | if self._transport._paused: |
| 683 | self._transport.resume_reading() |
| 684 | break |
| 685 | |
| 686 | # An entire chunk from the backlog was processed. We can |
| 687 | # delete it and reduce the outstanding buffer size. |
| 688 | del self._write_backlog[0] |
| 689 | self._write_buffer_size -= len(data) |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 690 | except Exception as exc: |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 691 | if self._in_handshake: |
Yury Selivanov | 9602643 | 2018-06-04 11:32:35 -0400 | [diff] [blame] | 692 | # Exceptions will be re-raised in _on_handshake_complete. |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 693 | self._on_handshake_complete(exc) |
| 694 | else: |
| 695 | self._fatal_error(exc, 'Fatal error on SSL transport') |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 696 | |
| 697 | def _fatal_error(self, exc, message='Fatal error on transport'): |
Victor Stinner | c94a93a | 2016-04-01 21:43:39 +0200 | [diff] [blame] | 698 | if isinstance(exc, base_events._FATAL_ERROR_IGNORE): |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 699 | if self._loop.get_debug(): |
| 700 | logger.debug("%r: %s", self, message, exc_info=True) |
| 701 | else: |
| 702 | self._loop.call_exception_handler({ |
| 703 | 'message': message, |
| 704 | 'exception': exc, |
| 705 | 'transport': self._transport, |
| 706 | 'protocol': self, |
| 707 | }) |
| 708 | if self._transport: |
| 709 | self._transport._force_close(exc) |
| 710 | |
| 711 | def _finalize(self): |
Michaël Sghaïer | d1f5751 | 2017-06-09 18:29:46 -0400 | [diff] [blame] | 712 | self._sslpipe = None |
| 713 | |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 714 | if self._transport is not None: |
| 715 | self._transport.close() |
| 716 | |
| 717 | def _abort(self): |
Michaël Sghaïer | d1f5751 | 2017-06-09 18:29:46 -0400 | [diff] [blame] | 718 | try: |
| 719 | if self._transport is not None: |
Victor Stinner | 231b404 | 2015-01-14 00:19:09 +0100 | [diff] [blame] | 720 | self._transport.abort() |
Michaël Sghaïer | d1f5751 | 2017-06-09 18:29:46 -0400 | [diff] [blame] | 721 | finally: |
| 722 | self._finalize() |