
[XMc           @   s  d  d l  Z  d  d l m Z m Z d  d l m Z m Z d  d l m Z d  d l	 m
 Z
 d  d l m Z m Z e  j   j Z i d d 6d d 6d	 d
 6d	 d	 6d d 6d d 6d d 6d d 6d d 6d d 6d d 6d d 6d d 6Z d e f d     YZ e Z d d% d     YZ d   Z d e f d     YZ d e f d     YZ d e f d     YZ d d& d      YZ d! e f d"     YZ d# e f d$     YZ d S('   iN(   t   SSLt   crypto(   t   reflectt   util(   t   md5(   t   Deferred(   t   VerifyErrort   CertificateErrort
   commonNamet   CNt   organizationNamet   Ot   organizationalUnitNamet   OUt   localityNamet   Lt   stateOrProvinceNamet   STt   countryNamet   Ct   emailAddresst   DistinguishedNamec           B   sS   e  Z d  Z d Z d   Z d   Z d   Z d   Z d   Z d   Z	 d   Z
 RS(	   s  
    Identify and describe an entity.

    Distinguished names are used to provide a minimal amount of identifying
    information about a certificate issuer or subject.  They are commonly
    created with one or more of the following fields::

        commonName (CN)
        organizationName (O)
        organizationalUnitName (OU)
        localityName (L)
        stateOrProvinceName (ST)
        countryName (C)
        emailAddress
    c         K   s1   x* | j    D] \ } } t |  | |  q Wd  S(   N(   t	   iteritemst   setattr(   t   selft   kwt   kt   v(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __init__;   s    c         C   sL   i  } x? t  D]7 } t | | d   } | d  k	 r t |  | |  q q Wd  S(   N(   t
   _x509namest   getattrt   NoneR   (   R   t   x509namet   dt   namet   value(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	   _copyFrom@   s
    c         C   s1   x* |  j    D] \ } } t | | |  q Wd  S(   N(   R   R   (   R   R    R   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	   _copyIntoH   s    c         C   s   d t  j |   d d !S(   Ns   <DN %s>i   i(   t   dictt   __repr__(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'   M   s    c         C   s4   y |  t  | SWn t k
 r/ t |   n Xd  S(   N(   R   t   KeyErrort   AttributeError(   R   t   attr(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __getattr__Q   s    c         C   sy   t  |  t k s t  | t k r: t d | f   n  t | } | j d  } t  |  t k sk t  | |  | <d  S(   Ns)   %s is not a valid OpenSSL X509 name fieldt   ascii(   t   typet   strt   AssertionErrorR   R)   t   encode(   R   R*   R#   t   realAttr(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __setattr__X   s    
c   	      C   s   g  } d } d   } xl | t   D]^ } t j |  } t t |  |  } t |  | d  } | d k	 r" | j | | f  q" q" W| d 7} x; t |  D]- \ } \ } } | j	 |  d | | | <q Wd j
 |  S(   sP   
        Return a multi-line, human-readable representation of this DN.
        i    c         S   s   t  j |  j    j   S(   N(   R&   t   fromkeyst
   itervaluest   keys(   t   mapping(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   uniqueValuesh   s    i   s   : s   
N(   R   R   t   nameToLabelt   maxt   lenR   R   t   appendt	   enumeratet   rjustt   join(	   R   t   lt   lablenR7   R   t   labelR   t   nR*   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   inspectb   s    	
(    (   t   __name__t
   __module__t   __doc__t	   __slots__R   R$   R%   R'   R+   R2   RC   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   )   s   						
t   CertBasec           B   s#   e  Z d    Z d   Z d   Z RS(   c         C   s   | |  _  d  S(   N(   t   original(   R   RI   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   y   s    c         C   s-   t    } | j t |  j d |     | S(   Nt   get_(   R   R$   R   RI   (   R   t   suffixt   dn(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt	   _copyName|   s    	 c         C   s   |  j  d  S(   s   
        Retrieve the subject of this certificate.

        @rtype: L{DistinguishedName}
        @return: A copy of the subject of this certificate.
        t   subject(   RM   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt
   getSubject   s    (   RD   RE   R   RM   RO   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRH   x   s   		c         C   s|   t  | j   d | f d  } | d k rD t d | | f   n  |   } | d k rr t d | | f   n  |  |  S(   s  
    (private) Helper for L{Certificate.peerFromTransport} and
    L{Certificate.hostFromTransport} which checks for incompatible handle types
    and null certificates and raises the appropriate exception or returns the
    appropriate certificate object.
    s   get_%s_certificates0   non-TLS transport %r did not have %s certificates,   TLS transport %r did not have %s certificateN(   R   t	   getHandleR   R   (   t   Classt	   transportt
   methodNamet   methodt   cert(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   _handleattrhelper   s    	t   Certificatec           B   s   e  Z d  Z d   Z d   Z d   Z e j d d  Z e	 e  Z e Z
 d   Z d   Z e	 e  Z d   Z e	 e  Z d   Z e	 e  Z d	   Z e j d
  Z d   Z d d  Z d   Z d   Z d   Z d   Z RS(   s   
    An x509 certificate.
    c         C   s)   d |  j  j |  j   j |  j   j f S(   Ns   <%s Subject=%s Issuer=%s>(   t	   __class__RD   RO   R   t	   getIssuer(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'      s    c         C   s)   t  | t  r% |  j   | j   k St S(   N(   t
   isinstanceRW   t   dumpt   False(   R   t   other(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __eq__   s    c         C   s   |  j  |  S(   N(   R^   (   R   R]   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __ne__   s    c         C   s   |  t  j | |  |  S(   sc   
        Load a certificate from an ASN.1- or PEM-format string.

        @rtype: C{Class}
        (   R   t   load_certificate(   RQ   t   requestDatat   formatt   args(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   load   s    c         C   s   |  j  t j  S(   s\   
        Dump this certificate to a PEM-format data string.

        @rtype: C{str}
        (   R[   R   t   FILETYPE_PEM(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   dumpPEM   s    c         C   s   |  j  | t j  S(   s]   
        Load a certificate from a PEM-format data string.

        @rtype: C{Class}
        (   Rd   R   Re   (   RQ   t   data(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   loadPEM   s    c         C   s   t  |  | d  S(   s   
        Get the certificate for the remote end of the given transport.

        @type: L{ISystemHandle}
        @rtype: C{Class}

        @raise: L{CertificateError}, if the given transport does not have a peer
        certificate.
        t   peer(   RV   (   RQ   RR   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   peerFromTransport   s    
c         C   s   t  |  | d  S(   s  
        Get the certificate for the local end of the given transport.

        @param transport: an L{ISystemHandle} provider; the transport we will

        @rtype: C{Class}

        @raise: L{CertificateError}, if the given transport does not have a host
        certificate.
        t   host(   RV   (   RQ   RR   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   hostFromTransport   s    c         C   s   t  |  j j    S(   sX   
        Get the public key for this certificate.

        @rtype: L{PublicKey}
        (   t	   PublicKeyRI   t
   get_pubkey(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   getPublicKey   s    c         C   s   t  j | |  j  S(   N(   R   t   dump_certificateRI   (   R   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[      s    c         C   s   |  j  j   S(   sY   
        Retrieve the serial number of this certificate.

        @rtype: C{int}
        (   RI   t   get_serial_number(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   serialNumber   s    R   c         C   s   |  j  j |  S(   s   
        Return a digest hash of this certificate using the specified hash
        algorithm.

        @param method: One of C{'md5'} or C{'sha'}.
        @rtype: C{str}
        (   RI   t   digest(   R   RT   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRs     s    c         C   sK   d j  d |  j   j   d |  j   j   d |  j   d |  j   g  S(   Ns   
s   Certificate For Subject:s   
Issuer:s   
Serial Number: %ds
   Digest: %s(   R>   RO   RC   RY   Rr   Rs   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   _inspect  s    	c         C   s%   d j  |  j   |  j   j   f  S(   s   
        Return a multi-line, human-readable representation of this
        Certificate, including information about the subject, issuer, and
        public key.
        s   
(   R>   Rt   Ro   RC   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC     s    c         C   s   |  j  d  S(   s   
        Retrieve the issuer of this certificate.

        @rtype: L{DistinguishedName}
        @return: A copy of the issuer of this certificate.
        t   issuer(   RM   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRY      s    c         G   s   t  d   d  S(   Ns'   Possible, but doubtful we need this yet(   t   NotImplementedError(   R   t   authorities(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   options*  s    (    (   RD   RE   RF   R'   R^   R_   R   t   FILETYPE_ASN1Rd   t   classmethodt   _loadRf   Rh   Rj   Rl   Ro   R[   Rr   Rs   Rt   RC   RY   Rx   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRW      s,   																	
t   CertificateRequestc           B   s8   e  Z d  Z e j d  Z e e  Z e j d  Z RS(   s   
    An x509 certificate request.

    Certificate requests are given to certificate authorities to be signed and
    returned resulting in an actual certificate.
    c         C   sc   t  j | |  } t   } | j | j    | j | j    sY t d | f   n  |  |  S(   Ns0   Can't verify that request for %r is self-signed.(   R   t   load_certificate_requestR   R$   t   get_subjectt   verifyRn   R   (   RQ   Ra   t   requestFormatt   reqRL   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd   6  s    	c         C   s   t  j | |  j  S(   N(   R   t   dump_certificate_requestRI   (   R   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[   @  s    (   RD   RE   RF   R   Ry   Rd   Rz   R[   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR|   /  s   t   PrivateCertificatec           B   s   e  Z d  Z d   Z d   Z e j d  Z e j d  Z e	 e  Z d   Z
 d   Z d   Z e	 e  Z d   Z e	 e  Z d	   Z e j d
 d  Z e j e j d  Z d d
 d  Z RS(   s.   
    An x509 certificate and private key.
    c         C   s   t  j |   d t |  j  S(   Ns    with (   RW   R'   t   reprt
   privateKey(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'   I  s    c         C   s1   | j  |  j    s$ t d   n  | |  _ |  S(   Ns1   Certificate public and private keys do not match.(   t   matchesRo   R   R   (   R   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   _setPrivateKeyM  s
    	c         C   s   |  j  | |  j |  S(   s}   
        Create a new L{PrivateCertificate} from the given certificate data and
        this instance's private key.
        (   Rd   R   (   R   t   newCertDataRb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   newCertificateU  s    c         C   s   |  j  | |  j |  S(   N(   R{   R   (   RQ   Rg   R   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd   ]  s    c         C   s%   d j  t j |   |  j j   g  S(   Ns   
(   R>   RW   Rt   R   RC   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC   b  s    c         C   s#   |  j  t j  |  j j  t j  S(   si   
        Dump both public and private parts of a private certificate to
        PEM-format data.
        (   R[   R   Re   R   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRf   g  s    c         C   s%   |  j  | t j  | t j  t j  S(   sv   
        Load both private and public parts of a private certificate from a
        chunk of PEM-format data.
        (   Rd   t   KeyPairR   Re   (   RQ   Rg   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRh   o  s    c         C   s   |  | j   } | j |  S(   N(   RI   R   (   RQ   t   certificateInstanceR   t   privcert(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   fromCertificateAndKeyPairy  s    c      
   G   si   t  d |  j j d |  j  } | r_ | j t  d t d t d g  | D] } | j ^ qC   n  t |   S(   NR   t   certificateR   t   requireCertificatet   caCerts(   R&   R   RI   t   updatet   Truet   OpenSSLCertificateOptions(   R   Rw   Rx   t   auth(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRx     s    #R   c         C   s   |  j  j |  j   | |  S(   N(   R   t   certificateRequestRO   (   R   Rb   t   digestAlgorithm(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    		c         C   s+   |  j    } |  j j | | | | | |  S(   N(   RO   R   t   signCertificateRequest(   R   Ra   t   verifyDNCallbackRr   R   t   certificateFormatRu   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    	i<   i   im  c         C   s"   |  j  j |  j   | | | |  S(   N(   R   t   signRequestObjectRO   (   R   R   Rr   t   secondsToExpiryR   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s
    i  iQ i3(   RD   RE   RF   R'   R   R   Ry   R   Rd   Rz   RC   Rf   Rh   R   Rx   R   R   R   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   E  s&   							
Rm   c           B   s5   e  Z d    Z d   Z d   Z d   Z d   Z RS(   c         C   s>   | |  _  t j   } | j |  t j t j |  |  _ d  S(   N(   RI   R   t   X509Reqt
   set_pubkeyR   Ry   t	   _emptyReq(   R   t   osslpkeyt   req1(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    	c         C   s   |  j  | j  k S(   N(   R   (   R   t   otherKey(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    c         C   s   d |  j  j |  j   f S(   Ns   <%s %s>(   RX   RD   t   keyHash(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR'     s    c         C   s   t  |  j  j   S(   sd   
        MD5 hex digest of signature on an empty certificate request with this
        key.
        (   R   R   t	   hexdigest(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    c         C   s   d |  j    f S(   Ns   Public Key with Hash: %s(   R   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC     s    (   RD   RE   R   R   R'   R   RC   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRm     s
   				R   c           B   s   e  Z e j d   Z e e  Z e j d  Z d   Z d   Z d   Z	 e j
 d d  Z e j d  Z e e  Z d d	  Z e j d d
  Z e j e j d d d  Z d d d  Z d   Z RS(   c         C   s   |  t  j | |   S(   N(   R   t   load_privatekey(   RQ   Rg   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRd     s    c         C   s   t  j | |  j  S(   N(   R   t   dump_privatekeyRI   (   R   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR[     s    c         C   s
   |  j    S(   N(   R[   (   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __getstate__  s    c         C   s    |  j  t j t j |   d  S(   N(   R   R   R   Ry   (   R   t   state(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   __setstate__  s    c         C   sk   |  j  j   } | t j k r' d } n | t j k r? d } n d } |  j  j   | |  j   f } d | S(   Nt   RSAt   DSAs   (Unknown Type!)s    %s-bit %s Key Pair with Hash: %s(   RI   R-   R   t   TYPE_RSAt   TYPE_DSAt   bitsR   (   R   t   tt   tsR   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyRC     s    		i   c         C   s&   t  j   } | j | |  |  |  S(   N(   R   t   PKeyt   generate_key(   RQ   t   kindt   sizet   pkey(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   generate  s    c         C   s   t  j | |  |  S(   N(   R   Rd   (   R   R   Rb   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    R   c         C   sL   t  j   } | j |  j  | j | j    | j |  j |  t |  S(   N(   R   R   R   RI   R%   R~   t   signR|   (   R   t   distinguishedNameR   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   requestObject  s
    c         C   s   |  j  | |  j |  S(   s   Create a certificate request signed with this key.

        @return: a string, formatted according to the 'format' argument.
        (   R   R[   (   R   R   Rb   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    i<   i   im  c	      	      s{   t  j | |    j       }	           f	 d   }
 t |	 t  rm |	 j |
  S|
 |	  Sd S(   s&  
        Given a blob of certificate request data and a certificate authority's
        DistinguishedName, return a blob of signed certificate data.

        If verifyDNCallback returns a Deferred, I will return a Deferred which
        fires the data when that Deferred has completed.
        c            sA   |  s t  d    f   n   j       j   S(   Ns%   DN callback %r rejected request DN %r(   R   R   R[   (   R#   (	   RL   t   issuerDistinguishedNameR   R   R   Rr   R   t   hlreqR   (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   verified#  s    N(   R|   Rd   RO   RZ   R   t   addCallback(   R   R   Ra   R   Rr   R   R   R   R   t   vvalR   (    (	   R   R   R   R   Rr   RL   R   R   R   s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    'c   	      C   s   | j  } | j   } t j   } | j | j    | j | j    | j | j	    | j
 d  | j |  | j |  | j |  j  |  t |  S(   sW   
        Sign a CertificateRequest instance, returning a Certificate instance.
        i    (   RI   RO   R   t   X509R%   t
   get_issuert   set_subjectR~   R   Rn   t   gmtime_adj_notBeforet   gmtime_adj_notAftert   set_serial_numberR   RW   (	   R   R   R   Rr   R   R   R   RL   RU   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   /  s    		c         K   s4   t  |   } t j |  j | |  j |  |  |   S(   N(   t   DNR   R   R   R   (   R   Rr   R   RL   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   selfSignedCertE  s    i  iQ i3i  iQ i3(   RD   RE   R   Ry   Rd   Rz   R[   R   R   RC   R   R   R   R   R   R   R   R   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s&   				R   c           B   s   e  Z d  Z d
 Z e e d d  Z d Z e j	 Z
 d
 d
 d
 e d
 d e e e e e e d  Z d   Z d   Z d   Z d	   Z RS(   sM   
    A factory for SSL context objects for both SSL servers and clients.
    t   OP_ALLi  i @  i	   c         C   s   | d k | d k k s! t d  | |  _ | |  _ | d k	 rK | |  _ n  | |  _ | r` | sp | sp t d  | |  _ | |  _ | |  _ | |  _	 |	 |  _
 |
 |  _ | |  _ | |  _ d S(   s  
        Create an OpenSSL context SSL connection context factory.

        @param privateKey: A PKey object holding the private key.

        @param certificate: An X509 object holding the certificate.

        @param method: The SSL protocol to use, one of SSLv23_METHOD,
        SSLv2_METHOD, SSLv3_METHOD, TLSv1_METHOD.  Defaults to TLSv1_METHOD.

        @param verify: If True, verify certificates received from the peer and
        fail the handshake if verification fails.  Otherwise, allow anonymous
        sessions and sessions with certificates which fail validation.  By
        default this is False.

        @param caCerts: List of certificate authority certificate objects to
            use to verify the peer's certificate.  Only used if verify is
            C{True}, and if verify is C{True}, this must be specified.  Since
            verify is C{False} by default, this is C{None} by default.

        @type caCerts: C{list} of L{OpenSSL.crypto.X509}

        @param verifyDepth: Depth in certificate chain down to which to verify.
        If unspecified, use the underlying default (9).

        @param requireCertificate: If True, do not allow anonymous sessions.

        @param verifyOnce: If True, do not re-verify the certificate
        on session resumption.

        @param enableSingleUseKeys: If True, generate a new key whenever
        ephemeral DH parameters are used to prevent small subgroup attacks.

        @param enableSessions: If True, set a session ID on each context.  This
        allows a shortened handshake to be used when a known client reconnects.

        @param fixBrokenPeers: If True, enable various non-spec protocol fixes
        for broken SSL implementations.  This should be entirely safe,
        according to the OpenSSL documentation, but YMMV.  This option is now
        off by default, because it causes problems with connections between
        peers using OpenSSL 0.9.8a.

        @param enableSessionTickets: If True, enable session ticket extension
        for session resumption per RFC 5077. Note there is no support for
        controlling session tickets. This option is off by default, as some
        server implementations don't correctly process incoming empty session
        ticket extensions in the hello.
        s5   Specify neither or both of privateKey and certificatesZ   Specify client CA certificate information if and only if enabling certificate verificationN(   R   R/   R   R   RT   R   R   t   verifyDepthR   t
   verifyOncet   enableSingleUseKeyst   enableSessionst   fixBrokenPeerst   enableSessionTickets(   R   R   R   RT   R   R   R   R   R   R   R   R   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   Z  s     >!										c         C   s2   |  j  j   } y | d =Wn t k
 r- n X| S(   Nt   _context(   t   __dict__t   copyR(   (   R   R!   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    c         C   s   | |  _  d  S(   N(   R   (   R   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s    c         C   s(   |  j  d k r! |  j   |  _  n  |  j  S(   s%   Return a SSL.Context object.
        N(   R   R   t   _makeContext(   R   (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt
   getContext  s    c         C   s  t  j |  j  } |  j d  k	 r] |  j d  k	 r] | j |  j  | j |  j  | j   n  t  j	 } |  j
 r t  j } |  j r | t  j O} n  |  j r | t  j O} n  |  j r | j   } x! |  j D] } | j |  q Wq n  d   } | j | |  |  j d  k	 r!| j |  j  n  |  j r=| j t  j  n  |  j rY| j |  j  n  |  j rt d t j |  j  t    f  j!   } | j" |  n  |  j# s| j |  j$  n  | S(   Nc         S   s   | S(   N(    (   t   connRU   t   errnot   deptht   preverify_ok(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   _verifyCallback  s    s   %s-%d(%   R    t   ContextRT   R   R   R   t   use_certificatet   use_privatekeyt   check_privatekeyt   VERIFY_NONER   t   VERIFY_PEERR   t   VERIFY_FAIL_IF_NO_PEER_CERTR   t   VERIFY_CLIENT_ONCER   t   get_cert_storet   add_certt
   set_verifyR   t   set_verify_depthR   t   set_optionst   OP_SINGLE_DH_USER   t   _OP_ALLR   R   R   t   qualRX   t   _sessionCounterR   t   set_session_idR   t   _OP_NO_TICKET(   R   t   ctxt   verifyFlagst   storeRU   R   t   sessionName(    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR     s<    										+	N(   RD   RE   RF   R   R   R   R    R   R   t   TLSv1_METHODRT   R\   R   R   R   R   R   R   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyR   M  s*   	F				(    (    (   t	   itertoolst   OpenSSLR    R   t   twisted.pythonR   R   t   twisted.python.hashlibR   t   twisted.internet.deferR   t   twisted.internet.errorR   R   t   countt   nextR   R   R&   R   R   RH   RV   RW   R|   R   Rm   R   t   objectR   (    (    (    s?   /usr/lib/python2.7/dist-packages/twisted/internet/_sslverify.pyt   <module>   s<   
L	f'{