diff options
Diffstat (limited to 'venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport')
3 files changed, 936 insertions, 0 deletions
diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/__init__.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/__init__.py | |||
diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/bindings.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/bindings.py new file mode 100644 index 0000000..9787b02 --- /dev/null +++ b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/bindings.py | |||
@@ -0,0 +1,593 @@ | |||
1 | """ | ||
2 | This module uses ctypes to bind a whole bunch of functions and constants from | ||
3 | SecureTransport. The goal here is to provide the low-level API to | ||
4 | SecureTransport. These are essentially the C-level functions and constants, and | ||
5 | they're pretty gross to work with. | ||
6 | |||
7 | This code is a bastardised version of the code found in Will Bond's oscrypto | ||
8 | library. An enormous debt is owed to him for blazing this trail for us. For | ||
9 | that reason, this code should be considered to be covered both by urllib3's | ||
10 | license and by oscrypto's: | ||
11 | |||
12 | Copyright (c) 2015-2016 Will Bond <will@wbond.net> | ||
13 | |||
14 | Permission is hereby granted, free of charge, to any person obtaining a | ||
15 | copy of this software and associated documentation files (the "Software"), | ||
16 | to deal in the Software without restriction, including without limitation | ||
17 | the rights to use, copy, modify, merge, publish, distribute, sublicense, | ||
18 | and/or sell copies of the Software, and to permit persons to whom the | ||
19 | Software is furnished to do so, subject to the following conditions: | ||
20 | |||
21 | The above copyright notice and this permission notice shall be included in | ||
22 | all copies or substantial portions of the Software. | ||
23 | |||
24 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
25 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
26 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
27 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
28 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING | ||
29 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER | ||
30 | DEALINGS IN THE SOFTWARE. | ||
31 | """ | ||
32 | from __future__ import absolute_import | ||
33 | |||
34 | import platform | ||
35 | from ctypes.util import find_library | ||
36 | from ctypes import ( | ||
37 | c_void_p, c_int32, c_char_p, c_size_t, c_byte, c_uint32, c_ulong, c_long, | ||
38 | c_bool | ||
39 | ) | ||
40 | from ctypes import CDLL, POINTER, CFUNCTYPE | ||
41 | |||
42 | |||
43 | security_path = find_library('Security') | ||
44 | if not security_path: | ||
45 | raise ImportError('The library Security could not be found') | ||
46 | |||
47 | |||
48 | core_foundation_path = find_library('CoreFoundation') | ||
49 | if not core_foundation_path: | ||
50 | raise ImportError('The library CoreFoundation could not be found') | ||
51 | |||
52 | |||
53 | version = platform.mac_ver()[0] | ||
54 | version_info = tuple(map(int, version.split('.'))) | ||
55 | if version_info < (10, 8): | ||
56 | raise OSError( | ||
57 | 'Only OS X 10.8 and newer are supported, not %s.%s' % ( | ||
58 | version_info[0], version_info[1] | ||
59 | ) | ||
60 | ) | ||
61 | |||
62 | Security = CDLL(security_path, use_errno=True) | ||
63 | CoreFoundation = CDLL(core_foundation_path, use_errno=True) | ||
64 | |||
65 | Boolean = c_bool | ||
66 | CFIndex = c_long | ||
67 | CFStringEncoding = c_uint32 | ||
68 | CFData = c_void_p | ||
69 | CFString = c_void_p | ||
70 | CFArray = c_void_p | ||
71 | CFMutableArray = c_void_p | ||
72 | CFDictionary = c_void_p | ||
73 | CFError = c_void_p | ||
74 | CFType = c_void_p | ||
75 | CFTypeID = c_ulong | ||
76 | |||
77 | CFTypeRef = POINTER(CFType) | ||
78 | CFAllocatorRef = c_void_p | ||
79 | |||
80 | OSStatus = c_int32 | ||
81 | |||
82 | CFDataRef = POINTER(CFData) | ||
83 | CFStringRef = POINTER(CFString) | ||
84 | CFArrayRef = POINTER(CFArray) | ||
85 | CFMutableArrayRef = POINTER(CFMutableArray) | ||
86 | CFDictionaryRef = POINTER(CFDictionary) | ||
87 | CFArrayCallBacks = c_void_p | ||
88 | CFDictionaryKeyCallBacks = c_void_p | ||
89 | CFDictionaryValueCallBacks = c_void_p | ||
90 | |||
91 | SecCertificateRef = POINTER(c_void_p) | ||
92 | SecExternalFormat = c_uint32 | ||
93 | SecExternalItemType = c_uint32 | ||
94 | SecIdentityRef = POINTER(c_void_p) | ||
95 | SecItemImportExportFlags = c_uint32 | ||
96 | SecItemImportExportKeyParameters = c_void_p | ||
97 | SecKeychainRef = POINTER(c_void_p) | ||
98 | SSLProtocol = c_uint32 | ||
99 | SSLCipherSuite = c_uint32 | ||
100 | SSLContextRef = POINTER(c_void_p) | ||
101 | SecTrustRef = POINTER(c_void_p) | ||
102 | SSLConnectionRef = c_uint32 | ||
103 | SecTrustResultType = c_uint32 | ||
104 | SecTrustOptionFlags = c_uint32 | ||
105 | SSLProtocolSide = c_uint32 | ||
106 | SSLConnectionType = c_uint32 | ||
107 | SSLSessionOption = c_uint32 | ||
108 | |||
109 | |||
110 | try: | ||
111 | Security.SecItemImport.argtypes = [ | ||
112 | CFDataRef, | ||
113 | CFStringRef, | ||
114 | POINTER(SecExternalFormat), | ||
115 | POINTER(SecExternalItemType), | ||
116 | SecItemImportExportFlags, | ||
117 | POINTER(SecItemImportExportKeyParameters), | ||
118 | SecKeychainRef, | ||
119 | POINTER(CFArrayRef), | ||
120 | ] | ||
121 | Security.SecItemImport.restype = OSStatus | ||
122 | |||
123 | Security.SecCertificateGetTypeID.argtypes = [] | ||
124 | Security.SecCertificateGetTypeID.restype = CFTypeID | ||
125 | |||
126 | Security.SecIdentityGetTypeID.argtypes = [] | ||
127 | Security.SecIdentityGetTypeID.restype = CFTypeID | ||
128 | |||
129 | Security.SecKeyGetTypeID.argtypes = [] | ||
130 | Security.SecKeyGetTypeID.restype = CFTypeID | ||
131 | |||
132 | Security.SecCertificateCreateWithData.argtypes = [ | ||
133 | CFAllocatorRef, | ||
134 | CFDataRef | ||
135 | ] | ||
136 | Security.SecCertificateCreateWithData.restype = SecCertificateRef | ||
137 | |||
138 | Security.SecCertificateCopyData.argtypes = [ | ||
139 | SecCertificateRef | ||
140 | ] | ||
141 | Security.SecCertificateCopyData.restype = CFDataRef | ||
142 | |||
143 | Security.SecCopyErrorMessageString.argtypes = [ | ||
144 | OSStatus, | ||
145 | c_void_p | ||
146 | ] | ||
147 | Security.SecCopyErrorMessageString.restype = CFStringRef | ||
148 | |||
149 | Security.SecIdentityCreateWithCertificate.argtypes = [ | ||
150 | CFTypeRef, | ||
151 | SecCertificateRef, | ||
152 | POINTER(SecIdentityRef) | ||
153 | ] | ||
154 | Security.SecIdentityCreateWithCertificate.restype = OSStatus | ||
155 | |||
156 | Security.SecKeychainCreate.argtypes = [ | ||
157 | c_char_p, | ||
158 | c_uint32, | ||
159 | c_void_p, | ||
160 | Boolean, | ||
161 | c_void_p, | ||
162 | POINTER(SecKeychainRef) | ||
163 | ] | ||
164 | Security.SecKeychainCreate.restype = OSStatus | ||
165 | |||
166 | Security.SecKeychainDelete.argtypes = [ | ||
167 | SecKeychainRef | ||
168 | ] | ||
169 | Security.SecKeychainDelete.restype = OSStatus | ||
170 | |||
171 | Security.SecPKCS12Import.argtypes = [ | ||
172 | CFDataRef, | ||
173 | CFDictionaryRef, | ||
174 | POINTER(CFArrayRef) | ||
175 | ] | ||
176 | Security.SecPKCS12Import.restype = OSStatus | ||
177 | |||
178 | SSLReadFunc = CFUNCTYPE(OSStatus, SSLConnectionRef, c_void_p, POINTER(c_size_t)) | ||
179 | SSLWriteFunc = CFUNCTYPE(OSStatus, SSLConnectionRef, POINTER(c_byte), POINTER(c_size_t)) | ||
180 | |||
181 | Security.SSLSetIOFuncs.argtypes = [ | ||
182 | SSLContextRef, | ||
183 | SSLReadFunc, | ||
184 | SSLWriteFunc | ||
185 | ] | ||
186 | Security.SSLSetIOFuncs.restype = OSStatus | ||
187 | |||
188 | Security.SSLSetPeerID.argtypes = [ | ||
189 | SSLContextRef, | ||
190 | c_char_p, | ||
191 | c_size_t | ||
192 | ] | ||
193 | Security.SSLSetPeerID.restype = OSStatus | ||
194 | |||
195 | Security.SSLSetCertificate.argtypes = [ | ||
196 | SSLContextRef, | ||
197 | CFArrayRef | ||
198 | ] | ||
199 | Security.SSLSetCertificate.restype = OSStatus | ||
200 | |||
201 | Security.SSLSetCertificateAuthorities.argtypes = [ | ||
202 | SSLContextRef, | ||
203 | CFTypeRef, | ||
204 | Boolean | ||
205 | ] | ||
206 | Security.SSLSetCertificateAuthorities.restype = OSStatus | ||
207 | |||
208 | Security.SSLSetConnection.argtypes = [ | ||
209 | SSLContextRef, | ||
210 | SSLConnectionRef | ||
211 | ] | ||
212 | Security.SSLSetConnection.restype = OSStatus | ||
213 | |||
214 | Security.SSLSetPeerDomainName.argtypes = [ | ||
215 | SSLContextRef, | ||
216 | c_char_p, | ||
217 | c_size_t | ||
218 | ] | ||
219 | Security.SSLSetPeerDomainName.restype = OSStatus | ||
220 | |||
221 | Security.SSLHandshake.argtypes = [ | ||
222 | SSLContextRef | ||
223 | ] | ||
224 | Security.SSLHandshake.restype = OSStatus | ||
225 | |||
226 | Security.SSLRead.argtypes = [ | ||
227 | SSLContextRef, | ||
228 | c_char_p, | ||
229 | c_size_t, | ||
230 | POINTER(c_size_t) | ||
231 | ] | ||
232 | Security.SSLRead.restype = OSStatus | ||
233 | |||
234 | Security.SSLWrite.argtypes = [ | ||
235 | SSLContextRef, | ||
236 | c_char_p, | ||
237 | c_size_t, | ||
238 | POINTER(c_size_t) | ||
239 | ] | ||
240 | Security.SSLWrite.restype = OSStatus | ||
241 | |||
242 | Security.SSLClose.argtypes = [ | ||
243 | SSLContextRef | ||
244 | ] | ||
245 | Security.SSLClose.restype = OSStatus | ||
246 | |||
247 | Security.SSLGetNumberSupportedCiphers.argtypes = [ | ||
248 | SSLContextRef, | ||
249 | POINTER(c_size_t) | ||
250 | ] | ||
251 | Security.SSLGetNumberSupportedCiphers.restype = OSStatus | ||
252 | |||
253 | Security.SSLGetSupportedCiphers.argtypes = [ | ||
254 | SSLContextRef, | ||
255 | POINTER(SSLCipherSuite), | ||
256 | POINTER(c_size_t) | ||
257 | ] | ||
258 | Security.SSLGetSupportedCiphers.restype = OSStatus | ||
259 | |||
260 | Security.SSLSetEnabledCiphers.argtypes = [ | ||
261 | SSLContextRef, | ||
262 | POINTER(SSLCipherSuite), | ||
263 | c_size_t | ||
264 | ] | ||
265 | Security.SSLSetEnabledCiphers.restype = OSStatus | ||
266 | |||
267 | Security.SSLGetNumberEnabledCiphers.argtype = [ | ||
268 | SSLContextRef, | ||
269 | POINTER(c_size_t) | ||
270 | ] | ||
271 | Security.SSLGetNumberEnabledCiphers.restype = OSStatus | ||
272 | |||
273 | Security.SSLGetEnabledCiphers.argtypes = [ | ||
274 | SSLContextRef, | ||
275 | POINTER(SSLCipherSuite), | ||
276 | POINTER(c_size_t) | ||
277 | ] | ||
278 | Security.SSLGetEnabledCiphers.restype = OSStatus | ||
279 | |||
280 | Security.SSLGetNegotiatedCipher.argtypes = [ | ||
281 | SSLContextRef, | ||
282 | POINTER(SSLCipherSuite) | ||
283 | ] | ||
284 | Security.SSLGetNegotiatedCipher.restype = OSStatus | ||
285 | |||
286 | Security.SSLGetNegotiatedProtocolVersion.argtypes = [ | ||
287 | SSLContextRef, | ||
288 | POINTER(SSLProtocol) | ||
289 | ] | ||
290 | Security.SSLGetNegotiatedProtocolVersion.restype = OSStatus | ||
291 | |||
292 | Security.SSLCopyPeerTrust.argtypes = [ | ||
293 | SSLContextRef, | ||
294 | POINTER(SecTrustRef) | ||
295 | ] | ||
296 | Security.SSLCopyPeerTrust.restype = OSStatus | ||
297 | |||
298 | Security.SecTrustSetAnchorCertificates.argtypes = [ | ||
299 | SecTrustRef, | ||
300 | CFArrayRef | ||
301 | ] | ||
302 | Security.SecTrustSetAnchorCertificates.restype = OSStatus | ||
303 | |||
304 | Security.SecTrustSetAnchorCertificatesOnly.argstypes = [ | ||
305 | SecTrustRef, | ||
306 | Boolean | ||
307 | ] | ||
308 | Security.SecTrustSetAnchorCertificatesOnly.restype = OSStatus | ||
309 | |||
310 | Security.SecTrustEvaluate.argtypes = [ | ||
311 | SecTrustRef, | ||
312 | POINTER(SecTrustResultType) | ||
313 | ] | ||
314 | Security.SecTrustEvaluate.restype = OSStatus | ||
315 | |||
316 | Security.SecTrustGetCertificateCount.argtypes = [ | ||
317 | SecTrustRef | ||
318 | ] | ||
319 | Security.SecTrustGetCertificateCount.restype = CFIndex | ||
320 | |||
321 | Security.SecTrustGetCertificateAtIndex.argtypes = [ | ||
322 | SecTrustRef, | ||
323 | CFIndex | ||
324 | ] | ||
325 | Security.SecTrustGetCertificateAtIndex.restype = SecCertificateRef | ||
326 | |||
327 | Security.SSLCreateContext.argtypes = [ | ||
328 | CFAllocatorRef, | ||
329 | SSLProtocolSide, | ||
330 | SSLConnectionType | ||
331 | ] | ||
332 | Security.SSLCreateContext.restype = SSLContextRef | ||
333 | |||
334 | Security.SSLSetSessionOption.argtypes = [ | ||
335 | SSLContextRef, | ||
336 | SSLSessionOption, | ||
337 | Boolean | ||
338 | ] | ||
339 | Security.SSLSetSessionOption.restype = OSStatus | ||
340 | |||
341 | Security.SSLSetProtocolVersionMin.argtypes = [ | ||
342 | SSLContextRef, | ||
343 | SSLProtocol | ||
344 | ] | ||
345 | Security.SSLSetProtocolVersionMin.restype = OSStatus | ||
346 | |||
347 | Security.SSLSetProtocolVersionMax.argtypes = [ | ||
348 | SSLContextRef, | ||
349 | SSLProtocol | ||
350 | ] | ||
351 | Security.SSLSetProtocolVersionMax.restype = OSStatus | ||
352 | |||
353 | Security.SecCopyErrorMessageString.argtypes = [ | ||
354 | OSStatus, | ||
355 | c_void_p | ||
356 | ] | ||
357 | Security.SecCopyErrorMessageString.restype = CFStringRef | ||
358 | |||
359 | Security.SSLReadFunc = SSLReadFunc | ||
360 | Security.SSLWriteFunc = SSLWriteFunc | ||
361 | Security.SSLContextRef = SSLContextRef | ||
362 | Security.SSLProtocol = SSLProtocol | ||
363 | Security.SSLCipherSuite = SSLCipherSuite | ||
364 | Security.SecIdentityRef = SecIdentityRef | ||
365 | Security.SecKeychainRef = SecKeychainRef | ||
366 | Security.SecTrustRef = SecTrustRef | ||
367 | Security.SecTrustResultType = SecTrustResultType | ||
368 | Security.SecExternalFormat = SecExternalFormat | ||
369 | Security.OSStatus = OSStatus | ||
370 | |||
371 | Security.kSecImportExportPassphrase = CFStringRef.in_dll( | ||
372 | Security, 'kSecImportExportPassphrase' | ||
373 | ) | ||
374 | Security.kSecImportItemIdentity = CFStringRef.in_dll( | ||
375 | Security, 'kSecImportItemIdentity' | ||
376 | ) | ||
377 | |||
378 | # CoreFoundation time! | ||
379 | CoreFoundation.CFRetain.argtypes = [ | ||
380 | CFTypeRef | ||
381 | ] | ||
382 | CoreFoundation.CFRetain.restype = CFTypeRef | ||
383 | |||
384 | CoreFoundation.CFRelease.argtypes = [ | ||
385 | CFTypeRef | ||
386 | ] | ||
387 | CoreFoundation.CFRelease.restype = None | ||
388 | |||
389 | CoreFoundation.CFGetTypeID.argtypes = [ | ||
390 | CFTypeRef | ||
391 | ] | ||
392 | CoreFoundation.CFGetTypeID.restype = CFTypeID | ||
393 | |||
394 | CoreFoundation.CFStringCreateWithCString.argtypes = [ | ||
395 | CFAllocatorRef, | ||
396 | c_char_p, | ||
397 | CFStringEncoding | ||
398 | ] | ||
399 | CoreFoundation.CFStringCreateWithCString.restype = CFStringRef | ||
400 | |||
401 | CoreFoundation.CFStringGetCStringPtr.argtypes = [ | ||
402 | CFStringRef, | ||
403 | CFStringEncoding | ||
404 | ] | ||
405 | CoreFoundation.CFStringGetCStringPtr.restype = c_char_p | ||
406 | |||
407 | CoreFoundation.CFStringGetCString.argtypes = [ | ||
408 | CFStringRef, | ||
409 | c_char_p, | ||
410 | CFIndex, | ||
411 | CFStringEncoding | ||
412 | ] | ||
413 | CoreFoundation.CFStringGetCString.restype = c_bool | ||
414 | |||
415 | CoreFoundation.CFDataCreate.argtypes = [ | ||
416 | CFAllocatorRef, | ||
417 | c_char_p, | ||
418 | CFIndex | ||
419 | ] | ||
420 | CoreFoundation.CFDataCreate.restype = CFDataRef | ||
421 | |||
422 | CoreFoundation.CFDataGetLength.argtypes = [ | ||
423 | CFDataRef | ||
424 | ] | ||
425 | CoreFoundation.CFDataGetLength.restype = CFIndex | ||
426 | |||
427 | CoreFoundation.CFDataGetBytePtr.argtypes = [ | ||
428 | CFDataRef | ||
429 | ] | ||
430 | CoreFoundation.CFDataGetBytePtr.restype = c_void_p | ||
431 | |||
432 | CoreFoundation.CFDictionaryCreate.argtypes = [ | ||
433 | CFAllocatorRef, | ||
434 | POINTER(CFTypeRef), | ||
435 | POINTER(CFTypeRef), | ||
436 | CFIndex, | ||
437 | CFDictionaryKeyCallBacks, | ||
438 | CFDictionaryValueCallBacks | ||
439 | ] | ||
440 | CoreFoundation.CFDictionaryCreate.restype = CFDictionaryRef | ||
441 | |||
442 | CoreFoundation.CFDictionaryGetValue.argtypes = [ | ||
443 | CFDictionaryRef, | ||
444 | CFTypeRef | ||
445 | ] | ||
446 | CoreFoundation.CFDictionaryGetValue.restype = CFTypeRef | ||
447 | |||
448 | CoreFoundation.CFArrayCreate.argtypes = [ | ||
449 | CFAllocatorRef, | ||
450 | POINTER(CFTypeRef), | ||
451 | CFIndex, | ||
452 | CFArrayCallBacks, | ||
453 | ] | ||
454 | CoreFoundation.CFArrayCreate.restype = CFArrayRef | ||
455 | |||
456 | CoreFoundation.CFArrayCreateMutable.argtypes = [ | ||
457 | CFAllocatorRef, | ||
458 | CFIndex, | ||
459 | CFArrayCallBacks | ||
460 | ] | ||
461 | CoreFoundation.CFArrayCreateMutable.restype = CFMutableArrayRef | ||
462 | |||
463 | CoreFoundation.CFArrayAppendValue.argtypes = [ | ||
464 | CFMutableArrayRef, | ||
465 | c_void_p | ||
466 | ] | ||
467 | CoreFoundation.CFArrayAppendValue.restype = None | ||
468 | |||
469 | CoreFoundation.CFArrayGetCount.argtypes = [ | ||
470 | CFArrayRef | ||
471 | ] | ||
472 | CoreFoundation.CFArrayGetCount.restype = CFIndex | ||
473 | |||
474 | CoreFoundation.CFArrayGetValueAtIndex.argtypes = [ | ||
475 | CFArrayRef, | ||
476 | CFIndex | ||
477 | ] | ||
478 | CoreFoundation.CFArrayGetValueAtIndex.restype = c_void_p | ||
479 | |||
480 | CoreFoundation.kCFAllocatorDefault = CFAllocatorRef.in_dll( | ||
481 | CoreFoundation, 'kCFAllocatorDefault' | ||
482 | ) | ||
483 | CoreFoundation.kCFTypeArrayCallBacks = c_void_p.in_dll(CoreFoundation, 'kCFTypeArrayCallBacks') | ||
484 | CoreFoundation.kCFTypeDictionaryKeyCallBacks = c_void_p.in_dll( | ||
485 | CoreFoundation, 'kCFTypeDictionaryKeyCallBacks' | ||
486 | ) | ||
487 | CoreFoundation.kCFTypeDictionaryValueCallBacks = c_void_p.in_dll( | ||
488 | CoreFoundation, 'kCFTypeDictionaryValueCallBacks' | ||
489 | ) | ||
490 | |||
491 | CoreFoundation.CFTypeRef = CFTypeRef | ||
492 | CoreFoundation.CFArrayRef = CFArrayRef | ||
493 | CoreFoundation.CFStringRef = CFStringRef | ||
494 | CoreFoundation.CFDictionaryRef = CFDictionaryRef | ||
495 | |||
496 | except (AttributeError): | ||
497 | raise ImportError('Error initializing ctypes') | ||
498 | |||
499 | |||
500 | class CFConst(object): | ||
501 | """ | ||
502 | A class object that acts as essentially a namespace for CoreFoundation | ||
503 | constants. | ||
504 | """ | ||
505 | kCFStringEncodingUTF8 = CFStringEncoding(0x08000100) | ||
506 | |||
507 | |||
508 | class SecurityConst(object): | ||
509 | """ | ||
510 | A class object that acts as essentially a namespace for Security constants. | ||
511 | """ | ||
512 | kSSLSessionOptionBreakOnServerAuth = 0 | ||
513 | |||
514 | kSSLProtocol2 = 1 | ||
515 | kSSLProtocol3 = 2 | ||
516 | kTLSProtocol1 = 4 | ||
517 | kTLSProtocol11 = 7 | ||
518 | kTLSProtocol12 = 8 | ||
519 | |||
520 | kSSLClientSide = 1 | ||
521 | kSSLStreamType = 0 | ||
522 | |||
523 | kSecFormatPEMSequence = 10 | ||
524 | |||
525 | kSecTrustResultInvalid = 0 | ||
526 | kSecTrustResultProceed = 1 | ||
527 | # This gap is present on purpose: this was kSecTrustResultConfirm, which | ||
528 | # is deprecated. | ||
529 | kSecTrustResultDeny = 3 | ||
530 | kSecTrustResultUnspecified = 4 | ||
531 | kSecTrustResultRecoverableTrustFailure = 5 | ||
532 | kSecTrustResultFatalTrustFailure = 6 | ||
533 | kSecTrustResultOtherError = 7 | ||
534 | |||
535 | errSSLProtocol = -9800 | ||
536 | errSSLWouldBlock = -9803 | ||
537 | errSSLClosedGraceful = -9805 | ||
538 | errSSLClosedNoNotify = -9816 | ||
539 | errSSLClosedAbort = -9806 | ||
540 | |||
541 | errSSLXCertChainInvalid = -9807 | ||
542 | errSSLCrypto = -9809 | ||
543 | errSSLInternal = -9810 | ||
544 | errSSLCertExpired = -9814 | ||
545 | errSSLCertNotYetValid = -9815 | ||
546 | errSSLUnknownRootCert = -9812 | ||
547 | errSSLNoRootCert = -9813 | ||
548 | errSSLHostNameMismatch = -9843 | ||
549 | errSSLPeerHandshakeFail = -9824 | ||
550 | errSSLPeerUserCancelled = -9839 | ||
551 | errSSLWeakPeerEphemeralDHKey = -9850 | ||
552 | errSSLServerAuthCompleted = -9841 | ||
553 | errSSLRecordOverflow = -9847 | ||
554 | |||
555 | errSecVerifyFailed = -67808 | ||
556 | errSecNoTrustSettings = -25263 | ||
557 | errSecItemNotFound = -25300 | ||
558 | errSecInvalidTrustSettings = -25262 | ||
559 | |||
560 | # Cipher suites. We only pick the ones our default cipher string allows. | ||
561 | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C | ||
562 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030 | ||
563 | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B | ||
564 | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F | ||
565 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3 | ||
566 | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F | ||
567 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2 | ||
568 | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E | ||
569 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024 | ||
570 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028 | ||
571 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A | ||
572 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014 | ||
573 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B | ||
574 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A | ||
575 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039 | ||
576 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038 | ||
577 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023 | ||
578 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027 | ||
579 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009 | ||
580 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013 | ||
581 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067 | ||
582 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040 | ||
583 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033 | ||
584 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032 | ||
585 | TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D | ||
586 | TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C | ||
587 | TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D | ||
588 | TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C | ||
589 | TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035 | ||
590 | TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F | ||
591 | TLS_AES_128_GCM_SHA256 = 0x1301 | ||
592 | TLS_AES_256_GCM_SHA384 = 0x1302 | ||
593 | TLS_CHACHA20_POLY1305_SHA256 = 0x1303 | ||
diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/low_level.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/low_level.py new file mode 100644 index 0000000..4e5c0db --- /dev/null +++ b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/contrib/_securetransport/low_level.py | |||
@@ -0,0 +1,343 @@ | |||
1 | """ | ||
2 | Low-level helpers for the SecureTransport bindings. | ||
3 | |||
4 | These are Python functions that are not directly related to the high-level APIs | ||
5 | but are necessary to get them to work. They include a whole bunch of low-level | ||
6 | CoreFoundation messing about and memory management. The concerns in this module | ||
7 | are almost entirely about trying to avoid memory leaks and providing | ||
8 | appropriate and useful assistance to the higher-level code. | ||
9 | """ | ||
10 | import base64 | ||
11 | import ctypes | ||
12 | import itertools | ||
13 | import re | ||
14 | import os | ||
15 | import ssl | ||
16 | import tempfile | ||
17 | |||
18 | from .bindings import Security, CoreFoundation, CFConst | ||
19 | |||
20 | |||
21 | # This regular expression is used to grab PEM data out of a PEM bundle. | ||
22 | _PEM_CERTS_RE = re.compile( | ||
23 | b"-----BEGIN CERTIFICATE-----\n(.*?)\n-----END CERTIFICATE-----", re.DOTALL | ||
24 | ) | ||
25 | |||
26 | |||
27 | def _cf_data_from_bytes(bytestring): | ||
28 | """ | ||
29 | Given a bytestring, create a CFData object from it. This CFData object must | ||
30 | be CFReleased by the caller. | ||
31 | """ | ||
32 | return CoreFoundation.CFDataCreate( | ||
33 | CoreFoundation.kCFAllocatorDefault, bytestring, len(bytestring) | ||
34 | ) | ||
35 | |||
36 | |||
37 | def _cf_dictionary_from_tuples(tuples): | ||
38 | """ | ||
39 | Given a list of Python tuples, create an associated CFDictionary. | ||
40 | """ | ||
41 | dictionary_size = len(tuples) | ||
42 | |||
43 | # We need to get the dictionary keys and values out in the same order. | ||
44 | keys = (t[0] for t in tuples) | ||
45 | values = (t[1] for t in tuples) | ||
46 | cf_keys = (CoreFoundation.CFTypeRef * dictionary_size)(*keys) | ||
47 | cf_values = (CoreFoundation.CFTypeRef * dictionary_size)(*values) | ||
48 | |||
49 | return CoreFoundation.CFDictionaryCreate( | ||
50 | CoreFoundation.kCFAllocatorDefault, | ||
51 | cf_keys, | ||
52 | cf_values, | ||
53 | dictionary_size, | ||
54 | CoreFoundation.kCFTypeDictionaryKeyCallBacks, | ||
55 | CoreFoundation.kCFTypeDictionaryValueCallBacks, | ||
56 | ) | ||
57 | |||
58 | |||
59 | def _cf_string_to_unicode(value): | ||
60 | """ | ||
61 | Creates a Unicode string from a CFString object. Used entirely for error | ||
62 | reporting. | ||
63 | |||
64 | Yes, it annoys me quite a lot that this function is this complex. | ||
65 | """ | ||
66 | value_as_void_p = ctypes.cast(value, ctypes.POINTER(ctypes.c_void_p)) | ||
67 | |||
68 | string = CoreFoundation.CFStringGetCStringPtr( | ||
69 | value_as_void_p, | ||
70 | CFConst.kCFStringEncodingUTF8 | ||
71 | ) | ||
72 | if string is None: | ||
73 | buffer = ctypes.create_string_buffer(1024) | ||
74 | result = CoreFoundation.CFStringGetCString( | ||
75 | value_as_void_p, | ||
76 | buffer, | ||
77 | 1024, | ||
78 | CFConst.kCFStringEncodingUTF8 | ||
79 | ) | ||
80 | if not result: | ||
81 | raise OSError('Error copying C string from CFStringRef') | ||
82 | string = buffer.value | ||
83 | if string is not None: | ||
84 | string = string.decode('utf-8') | ||
85 | return string | ||
86 | |||
87 | |||
88 | def _assert_no_error(error, exception_class=None): | ||
89 | """ | ||
90 | Checks the return code and throws an exception if there is an error to | ||
91 | report | ||
92 | """ | ||
93 | if error == 0: | ||
94 | return | ||
95 | |||
96 | cf_error_string = Security.SecCopyErrorMessageString(error, None) | ||
97 | output = _cf_string_to_unicode(cf_error_string) | ||
98 | CoreFoundation.CFRelease(cf_error_string) | ||
99 | |||
100 | if output is None or output == u'': | ||
101 | output = u'OSStatus %s' % error | ||
102 | |||
103 | if exception_class is None: | ||
104 | exception_class = ssl.SSLError | ||
105 | |||
106 | raise exception_class(output) | ||
107 | |||
108 | |||
109 | def _cert_array_from_pem(pem_bundle): | ||
110 | """ | ||
111 | Given a bundle of certs in PEM format, turns them into a CFArray of certs | ||
112 | that can be used to validate a cert chain. | ||
113 | """ | ||
114 | der_certs = [ | ||
115 | base64.b64decode(match.group(1)) | ||
116 | for match in _PEM_CERTS_RE.finditer(pem_bundle) | ||
117 | ] | ||
118 | if not der_certs: | ||
119 | raise ssl.SSLError("No root certificates specified") | ||
120 | |||
121 | cert_array = CoreFoundation.CFArrayCreateMutable( | ||
122 | CoreFoundation.kCFAllocatorDefault, | ||
123 | 0, | ||
124 | ctypes.byref(CoreFoundation.kCFTypeArrayCallBacks) | ||
125 | ) | ||
126 | if not cert_array: | ||
127 | raise ssl.SSLError("Unable to allocate memory!") | ||
128 | |||
129 | try: | ||
130 | for der_bytes in der_certs: | ||
131 | certdata = _cf_data_from_bytes(der_bytes) | ||
132 | if not certdata: | ||
133 | raise ssl.SSLError("Unable to allocate memory!") | ||
134 | cert = Security.SecCertificateCreateWithData( | ||
135 | CoreFoundation.kCFAllocatorDefault, certdata | ||
136 | ) | ||
137 | CoreFoundation.CFRelease(certdata) | ||
138 | if not cert: | ||
139 | raise ssl.SSLError("Unable to build cert object!") | ||
140 | |||
141 | CoreFoundation.CFArrayAppendValue(cert_array, cert) | ||
142 | CoreFoundation.CFRelease(cert) | ||
143 | except Exception: | ||
144 | # We need to free the array before the exception bubbles further. | ||
145 | # We only want to do that if an error occurs: otherwise, the caller | ||
146 | # should free. | ||
147 | CoreFoundation.CFRelease(cert_array) | ||
148 | |||
149 | return cert_array | ||
150 | |||
151 | |||
152 | def _is_cert(item): | ||
153 | """ | ||
154 | Returns True if a given CFTypeRef is a certificate. | ||
155 | """ | ||
156 | expected = Security.SecCertificateGetTypeID() | ||
157 | return CoreFoundation.CFGetTypeID(item) == expected | ||
158 | |||
159 | |||
160 | def _is_identity(item): | ||
161 | """ | ||
162 | Returns True if a given CFTypeRef is an identity. | ||
163 | """ | ||
164 | expected = Security.SecIdentityGetTypeID() | ||
165 | return CoreFoundation.CFGetTypeID(item) == expected | ||
166 | |||
167 | |||
168 | def _temporary_keychain(): | ||
169 | """ | ||
170 | This function creates a temporary Mac keychain that we can use to work with | ||
171 | credentials. This keychain uses a one-time password and a temporary file to | ||
172 | store the data. We expect to have one keychain per socket. The returned | ||
173 | SecKeychainRef must be freed by the caller, including calling | ||
174 | SecKeychainDelete. | ||
175 | |||
176 | Returns a tuple of the SecKeychainRef and the path to the temporary | ||
177 | directory that contains it. | ||
178 | """ | ||
179 | # Unfortunately, SecKeychainCreate requires a path to a keychain. This | ||
180 | # means we cannot use mkstemp to use a generic temporary file. Instead, | ||
181 | # we're going to create a temporary directory and a filename to use there. | ||
182 | # This filename will be 8 random bytes expanded into base64. We also need | ||
183 | # some random bytes to password-protect the keychain we're creating, so we | ||
184 | # ask for 40 random bytes. | ||
185 | random_bytes = os.urandom(40) | ||
186 | filename = base64.b64encode(random_bytes[:8]).decode('utf-8') | ||
187 | password = base64.b64encode(random_bytes[8:]) # Must be valid UTF-8 | ||
188 | tempdirectory = tempfile.mkdtemp() | ||
189 | |||
190 | keychain_path = os.path.join(tempdirectory, filename).encode('utf-8') | ||
191 | |||
192 | # We now want to create the keychain itself. | ||
193 | keychain = Security.SecKeychainRef() | ||
194 | status = Security.SecKeychainCreate( | ||
195 | keychain_path, | ||
196 | len(password), | ||
197 | password, | ||
198 | False, | ||
199 | None, | ||
200 | ctypes.byref(keychain) | ||
201 | ) | ||
202 | _assert_no_error(status) | ||
203 | |||
204 | # Having created the keychain, we want to pass it off to the caller. | ||
205 | return keychain, tempdirectory | ||
206 | |||
207 | |||
208 | def _load_items_from_file(keychain, path): | ||
209 | """ | ||
210 | Given a single file, loads all the trust objects from it into arrays and | ||
211 | the keychain. | ||
212 | Returns a tuple of lists: the first list is a list of identities, the | ||
213 | second a list of certs. | ||
214 | """ | ||
215 | certificates = [] | ||
216 | identities = [] | ||
217 | result_array = None | ||
218 | |||
219 | with open(path, 'rb') as f: | ||
220 | raw_filedata = f.read() | ||
221 | |||
222 | try: | ||
223 | filedata = CoreFoundation.CFDataCreate( | ||
224 | CoreFoundation.kCFAllocatorDefault, | ||
225 | raw_filedata, | ||
226 | len(raw_filedata) | ||
227 | ) | ||
228 | result_array = CoreFoundation.CFArrayRef() | ||
229 | result = Security.SecItemImport( | ||
230 | filedata, # cert data | ||
231 | None, # Filename, leaving it out for now | ||
232 | None, # What the type of the file is, we don't care | ||
233 | None, # what's in the file, we don't care | ||
234 | 0, # import flags | ||
235 | None, # key params, can include passphrase in the future | ||
236 | keychain, # The keychain to insert into | ||
237 | ctypes.byref(result_array) # Results | ||
238 | ) | ||
239 | _assert_no_error(result) | ||
240 | |||
241 | # A CFArray is not very useful to us as an intermediary | ||
242 | # representation, so we are going to extract the objects we want | ||
243 | # and then free the array. We don't need to keep hold of keys: the | ||
244 | # keychain already has them! | ||
245 | result_count = CoreFoundation.CFArrayGetCount(result_array) | ||
246 | for index in range(result_count): | ||
247 | item = CoreFoundation.CFArrayGetValueAtIndex( | ||
248 | result_array, index | ||
249 | ) | ||
250 | item = ctypes.cast(item, CoreFoundation.CFTypeRef) | ||
251 | |||
252 | if _is_cert(item): | ||
253 | CoreFoundation.CFRetain(item) | ||
254 | certificates.append(item) | ||
255 | elif _is_identity(item): | ||
256 | CoreFoundation.CFRetain(item) | ||
257 | identities.append(item) | ||
258 | finally: | ||
259 | if result_array: | ||
260 | CoreFoundation.CFRelease(result_array) | ||
261 | |||
262 | CoreFoundation.CFRelease(filedata) | ||
263 | |||
264 | return (identities, certificates) | ||
265 | |||
266 | |||
267 | def _load_client_cert_chain(keychain, *paths): | ||
268 | """ | ||
269 | Load certificates and maybe keys from a number of files. Has the end goal | ||
270 | of returning a CFArray containing one SecIdentityRef, and then zero or more | ||
271 | SecCertificateRef objects, suitable for use as a client certificate trust | ||
272 | chain. | ||
273 | """ | ||
274 | # Ok, the strategy. | ||
275 | # | ||
276 | # This relies on knowing that macOS will not give you a SecIdentityRef | ||
277 | # unless you have imported a key into a keychain. This is a somewhat | ||
278 | # artificial limitation of macOS (for example, it doesn't necessarily | ||
279 | # affect iOS), but there is nothing inside Security.framework that lets you | ||
280 | # get a SecIdentityRef without having a key in a keychain. | ||
281 | # | ||
282 | # So the policy here is we take all the files and iterate them in order. | ||
283 | # Each one will use SecItemImport to have one or more objects loaded from | ||
284 | # it. We will also point at a keychain that macOS can use to work with the | ||
285 | # private key. | ||
286 | # | ||
287 | # Once we have all the objects, we'll check what we actually have. If we | ||
288 | # already have a SecIdentityRef in hand, fab: we'll use that. Otherwise, | ||
289 | # we'll take the first certificate (which we assume to be our leaf) and | ||
290 | # ask the keychain to give us a SecIdentityRef with that cert's associated | ||
291 | # key. | ||
292 | # | ||
293 | # We'll then return a CFArray containing the trust chain: one | ||
294 | # SecIdentityRef and then zero-or-more SecCertificateRef objects. The | ||
295 | # responsibility for freeing this CFArray will be with the caller. This | ||
296 | # CFArray must remain alive for the entire connection, so in practice it | ||
297 | # will be stored with a single SSLSocket, along with the reference to the | ||
298 | # keychain. | ||
299 | certificates = [] | ||
300 | identities = [] | ||
301 | |||
302 | # Filter out bad paths. | ||
303 | paths = (path for path in paths if path) | ||
304 | |||
305 | try: | ||
306 | for file_path in paths: | ||
307 | new_identities, new_certs = _load_items_from_file( | ||
308 | keychain, file_path | ||
309 | ) | ||
310 | identities.extend(new_identities) | ||
311 | certificates.extend(new_certs) | ||
312 | |||
313 | # Ok, we have everything. The question is: do we have an identity? If | ||
314 | # not, we want to grab one from the first cert we have. | ||
315 | if not identities: | ||
316 | new_identity = Security.SecIdentityRef() | ||
317 | status = Security.SecIdentityCreateWithCertificate( | ||
318 | keychain, | ||
319 | certificates[0], | ||
320 | ctypes.byref(new_identity) | ||
321 | ) | ||
322 | _assert_no_error(status) | ||
323 | identities.append(new_identity) | ||
324 | |||
325 | # We now want to release the original certificate, as we no longer | ||
326 | # need it. | ||
327 | CoreFoundation.CFRelease(certificates.pop(0)) | ||
328 | |||
329 | # We now need to build a new CFArray that holds the trust chain. | ||
330 | trust_chain = CoreFoundation.CFArrayCreateMutable( | ||
331 | CoreFoundation.kCFAllocatorDefault, | ||
332 | 0, | ||
333 | ctypes.byref(CoreFoundation.kCFTypeArrayCallBacks), | ||
334 | ) | ||
335 | for item in itertools.chain(identities, certificates): | ||
336 | # ArrayAppendValue does a CFRetain on the item. That's fine, | ||
337 | # because the finally block will release our other refs to them. | ||
338 | CoreFoundation.CFArrayAppendValue(trust_chain, item) | ||
339 | |||
340 | return trust_chain | ||
341 | finally: | ||
342 | for obj in itertools.chain(identities, certificates): | ||
343 | CoreFoundation.CFRelease(obj) | ||