E gP`ddlmZddlmZddlmZddlmZddlm Z idddddd d d d d ddddddddddddddddddd d!d"d#d$d%id&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;dd?d@dAdBdCdDdEdFdGidHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdcdddedfdgdhdiidjdkdldmdndodpdqdrdsdtdudvdwdxdydzd{d|d}d~dddddddddddddiddddddddddddddddddddddddddddddddddidddddddddddddddddddddd“ddēddƓddȓddʓdd̓ddΓiddГddғddԓdd֓ddؓddړddܓddޓddddddddddddddddddiddddddddddddddddddddddddd d d d d dddddidddddddddddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4id5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSd dTd dUddVdWdXdYdZZ d[Z Gd\d]e j Z d^S(_)Optional)Union) exceptions)tls)basezNULL-MD5zNULL-SHAz EXP-RC4-MD5zRC4-MD5zRC4-SHAzEXP-RC2-CBC-MD5z IDEA-CBC-SHAzEXP-DES-CBC-SHA z DES-CBC-SHA z DES-CBC3-SHA zEXP-DH-DSS-DES-CBC-SHA zDH-DSS-DES-CBC-SHA zDH-DSS-DES-CBC3-SHAzEXP-DH-RSA-DES-CBC-SHAzDH-RSA-DES-CBC-SHAzDH-RSA-DES-CBC3-SHAzEXP-EDH-DSS-DES-CBC-SHAzEDH-DSS-DES-CBC-SHAzEDH-DSS-DES-CBC3-SHAzEXP-EDH-RSA-DES-CBC-SHAzEDH-RSA-DES-CBC-SHAzEDH-RSA-DES-CBC3-SHAzEXP-ADH-RC4-MD5z ADH-RC4-MD5zEXP-ADH-DES-CBC-SHAzADH-DES-CBC-SHAzADH-DES-CBC3-SHAzKRB5-DES-CBC-SHAzKRB5-DES-CBC3-SHA z KRB5-RC4-SHA!zKRB5-IDEA-CBC-SHA"zKRB5-DES-CBC-MD5#zKRB5-DES-CBC3-MD5$z KRB5-RC4-MD5%zKRB5-IDEA-CBC-MD5&zEXP-KRB5-DES-CBC-SHA'zEXP-KRB5-RC2-CBC-SHA(zEXP-KRB5-RC4-SHA)zEXP-KRB5-DES-CBC-MD5*zEXP-KRB5-RC2-CBC-MD5+zEXP-KRB5-RC4-MD5/z AES128-SHA0zDH-DSS-AES128-SHA1zDH-RSA-AES128-SHA2zDHE-DSS-AES128-SHA3zDHE-RSA-AES128-SHA4zADH-AES128-SHA5z AES256-SHA6zDH-DSS-AES256-SHA7zDH-RSA-AES256-SHA8zDHE-DSS-AES256-SHA9zDHE-RSA-AES256-SHA:zADH-AES256-SHA;z NULL-SHA256<z AES128-SHA256=z AES256-SHA256>zDH-DSS-AES128-SHA256?zDH-RSA-AES128-SHA256@zDHE-DSS-AES128-SHA256AzCAMELLIA128-SHABzDH-DSS-CAMELLIA128-SHACzDH-RSA-CAMELLIA128-SHADzDHE-DSS-CAMELLIA128-SHAEzDHE-RSA-CAMELLIA128-SHAFzADH-CAMELLIA128-SHAbzEXP1024-DES-CBC-SHAczEXP1024-DHE-DSS-DES-CBC-SHAdzEXP1024-RC4-SHAezEXP1024-DHE-DSS-RC4-SHAfzDHE-DSS-RC4-SHAgzDHE-RSA-AES128-SHA256hzDH-DSS-AES256-SHA256izDH-RSA-AES256-SHA256jzDHE-DSS-AES256-SHA256kzDHE-RSA-AES256-SHA256lzADH-AES128-SHA256mzADH-AES256-SHA256zGOST94-GOST89-GOST89zGOST2001-GOST89-GOST89zGOST94-NULL-GOST94zCAMELLIA256-SHAzDH-DSS-CAMELLIA256-SHAzDH-RSA-CAMELLIA256-SHAzDHE-DSS-CAMELLIA256-SHAzDHE-RSA-CAMELLIA256-SHAzADH-CAMELLIA256-SHAz PSK-RC4-SHAzPSK-3DES-EDE-CBC-SHAzPSK-AES128-CBC-SHAzPSK-AES256-CBC-SHAzSEED-SHAzDH-DSS-SEED-SHAzDH-RSA-SEED-SHAzDHE-DSS-SEED-SHAzDHE-RSA-SEED-SHAz ADH-SEED-SHAzAES128-GCM-SHA256zAES256-GCM-SHA384zDHE-RSA-AES128-GCM-SHA256zDHE-RSA-AES256-GCM-SHA384zDH-RSA-AES128-GCM-SHA256zDH-RSA-AES256-GCM-SHA384zDHE-DSS-AES128-GCM-SHA256zDHE-DSS-AES256-GCM-SHA384zDH-DSS-AES128-GCM-SHA256zDH-DSS-AES256-GCM-SHA384zADH-AES128-GCM-SHA256zADH-AES256-GCM-SHA384iVTLS_FALLBACK_SCSVizECDH-ECDSA-NULL-SHAizECDH-ECDSA-RC4-SHAizECDH-ECDSA-DES-CBC3-SHAizECDH-ECDSA-AES128-SHAizECDH-ECDSA-AES256-SHAizECDHE-ECDSA-NULL-SHAizECDHE-ECDSA-RC4-SHAizECDHE-ECDSA-DES-CBC3-SHAi zECDHE-ECDSA-AES128-SHAi zECDHE-ECDSA-AES256-SHAi zECDH-RSA-NULL-SHAi zECDH-RSA-RC4-SHAi zECDH-RSA-DES-CBC3-SHAizECDH-RSA-AES128-SHAizECDH-RSA-AES256-SHAizECDHE-RSA-NULL-SHAizECDHE-RSA-RC4-SHAizECDHE-RSA-DES-CBC3-SHAizECDHE-RSA-AES128-SHAizECDHE-RSA-AES256-SHAizAECDH-NULL-SHAiz AECDH-RC4-SHAizAECDH-DES-CBC3-SHAizAECDH-AES128-SHAizAECDH-AES256-SHAizSRP-3DES-EDE-CBC-SHAizSRP-RSA-3DES-EDE-CBC-SHAizSRP-DSS-3DES-EDE-CBC-SHAizSRP-AES-128-CBC-SHAizSRP-RSA-AES-128-CBC-SHAizSRP-DSS-AES-128-CBC-SHAi zSRP-AES-256-CBC-SHAi!zSRP-RSA-AES-256-CBC-SHAi"zSRP-DSS-AES-256-CBC-SHAi#zECDHE-ECDSA-AES128-SHA256i$zECDHE-ECDSA-AES256-SHA384i%zECDH-ECDSA-AES128-SHA256i&zECDH-ECDSA-AES256-SHA384i'zECDHE-RSA-AES128-SHA256i(zECDHE-RSA-AES256-SHA384i)zECDH-RSA-AES128-SHA256i*zECDH-RSA-AES256-SHA384i+zECDHE-ECDSA-AES128-GCM-SHA256i,zECDHE-ECDSA-AES256-GCM-SHA384i-zECDH-ECDSA-AES128-GCM-SHA256i.zECDH-ECDSA-AES256-GCM-SHA384i/zECDHE-RSA-AES128-GCM-SHA256i0zECDHE-RSA-AES256-GCM-SHA384i1zECDH-RSA-AES128-GCM-SHA256i2zECDH-RSA-AES256-GCM-SHA384izECDHE-RSA-CHACHA20-POLY1305izECDHE-ECDSA-CHACHA20-POLY1305izDHE-RSA-CHACHA20-POLY1305izGOST-MD5iz GOST-GOST94izGOST-GOST89MACizGOST-GOST89STREAMiiz RC2-CBC-MD5z IDEA-CBC-MD5z DES-CBC-MD5z DES-CBC3-MD5z RC4-64-MD5)iiii@iiaFECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHAceZdZdZdfd ZdZdZdZddede e defd dfd Z e d Z e d ee fd Ze d ZdZdZdZdZdZxZS)TlsLayeraa The TLS layer implements transparent TLS connections. It exposes the following API to child layers: - :py:meth:`set_server_tls` to modify TLS settings for the server connection. - :py:attr:`server_tls`, :py:attr:`server_sni` as read-only attributes describing the current TLS settings for the server connection. Nct|||_||_||_d|_dSN)super__init__ _client_tls _server_tls_custom_server_sni _client_hello)selfctx client_tls server_tlscustom_server_sni __class__s j/var/www/sysmax/venv/lib/python3.11/site-packages/seleniumwire/thirdparty/mitmproxy/server/protocol/tls.pyr{zTlsLayer.__init__sA %%"3<@c|jrs tj|jj|_nC#tj$r1}| dt|zdYd}~dSd}~wwxYw|j oA|j j jo0|j j jp|jo|jjp |jj }|jr|j p|}|jr|r|n2|jr|n|r||j|}|dS)a# The strategy for establishing TLS is as follows: First, we determine whether we need the server cert to establish ssl with the client. If so, we first connect to the server and then to the client. If not, we only connect to the client and do the server handshake lazily. An additional complexity is that we need to mirror SNI and ALPN from the client when connecting to the server. We manually peek into the connection and parse the ClientHello message to obtain these values. zCannot parse Client Hello: %serrorN)r|net_tls ClientHello from_file client_connrfilerrTlsProtocolExceptionlogreprr}configoptions upstream_cert"add_upstream_certs_to_client_chainalpn_protocolssni server_conn connected%_establish_tls_with_client_and_server_establish_tls_with_client_establish_tls_with_serverr next_layer)re%client_tls_requires_server_connectionestablish_server_tls_nowlayers r__call__zTlsLayer.__call__s    %,%8%B%B4CSCY%Z%Z""2   8477BGLLL &    K  -  #F &5/*.. .  ' ' ) ) >d.> 2 1 !   . 8 .  6 6 8 8 8 8   .  + + - - - - % .  + + - - -##D)) s.8A8&A33A8cJ|jr |jrdS|jrdS|jrdSdS)NzTlsLayer(client and server)zTlsLayer(client)zTlsLayer(server)zTlsLayer(inactive))r|r}rs r__repr__zTlsLayer.__repr__sE   ( 0 (00   (%%   (%%''rc|js|j|jr"|jjs|dSdSdSry)rrrconnectr}tls_establishedrrs rrzTlsLayer.connect)sq))++  H        .D$4$D .  + + - - - - - . . . .rrrreturnc"||_||_dS)a Set the TLS settings for the next server connection that will be established. This function will not alter an existing connection. Args: server_tls: Shall we establish TLS with the server? sni: ``str`` for a custom SNI value, ``None`` for the client SNI value, ``False`` if no SNI value should be sent. N)r}r~)rrrs rset_server_tlszTlsLayer.set_server_tls/s&"%rc|jS)zm ``True``, if the next server connection that will be established should be upgraded to TLS. )r}rs rrzTlsLayer.server_tls=s rc|jdurdS|jr|jS|jr+|jjr|jjdSdS)z` The Server Name Indication we want to send with the next server TLS handshake. FNidna)r~rrdecoders r server_snizTlsLayer.server_sniDsb  "e + +4  $ * *   D$6$: %)0088 84rc4|jSry)rget_alpn_proto_negotiatedrs ralpn_for_client_connectionz#TlsLayer.alpn_for_client_connectionRs99;;;rcd}|j|vrt|j}n||vrt|}n|d}|d|zd|S)Nshttp/1.1rzALPN for client: %sdebug)rbytesr)rconn_r default_alpnchoices r__alpn_select_callbackzTlsLayer.__alpn_select_callbackVsi"  *g 5 54:;;FF W $ $<((FFQZF &/999 rc |j|n,#t$r |n#YnxYwwxYw|dSry)rrr Exceptionrrs rrz.TlsLayer._establish_tls_with_client_and_servercs  H       + + - - - -    //1111    '')))))s -0 AAAAAc |dd|\}}}|jjjr |jj}nd} tj|jjj \}}|j |||||jjj pt|jjj||j| |j jddS#t&j$r}|jjo|jjd}t'jd|t5||pt5|jjd}~wwxYw)NzEstablish TLS with clientr)methodr cipher_listdhparams chain_filealpn_select_callbackextra_chain_certsrrz2Cannot establish TLS with client (sni: {sni}): {e})rr)r _find_certrrrr server_certsrVERSION_CHOICESssl_version_clientrconvert_to_tlsciphers_clientDEFAULT_CLIENT_CIPHERS certstorer_TlsLayer__alpn_select_callbackrpeekr TlsExceptionrrrClientHandshakeExceptionformatraddress) rcertkeyr extra_certs tls_method tls_optionsrsni_strs rrz#TlsLayer._establish_tls_with_clientrsz ,g666 $ 1 1c: ;  A *7KKK &-&=dk>Q>d&e #J   + +c!# K/>XBX.7%%)%@"- ,      " ' ' * * * * *&   (,V1C1G1N1Nv1V1VG5DKK477L94 0 899   sBC""E11A;E,,E1c D|dd d}|jrN|jjrd|jjD}|r*d|vr&|jjjs|d|jj r3|j r|j g}|jjj }|sh|jrag}|jj D]=}|tvr |t|>d|}t#j|jj}||d<|jjd|j|d||jj}|9|t/|d|ddn#t0j$r&}t1jt/|d}~wt0j$rb}t1jd |jjd |jjd |jt?| d}~wwxYw|j r|j !nd }|d|ddS)NzEstablish TLS with serverrcfg|].}|d|d,|/S)sh2-sspdy) startswith).0xs r z7TlsLayer._establish_tls_with_server..sN\\&1156\\'5J5Jrsh2:r)r alpn_protosz>Ignoring server verification error, continuing with connectionz9Cannot establish TLS with {host}:{port} (sni: {sni}): {e}rr)hostportrr-zALPN selected by server: {})"rr|rrrrhttp2removerrrciphers_server cipher_suitesCIPHER_ID_NAME_MAPkeysappendjoinrclient_arguments_from_optionsr establish_tlsrssl_verification_errorstrrInvalidCertificateExceptionInvalidServerCertificaterrrrrrr)ralpnridargs tls_cert_errrprotos rrz#TlsLayer._establish_tls_with_servers ,g6669 D '%4#'#5#DD'ETMM$+2E2KMKK&&&/ FD4D4^4^4`4` F(BBDDE "[0?N! :d&6 :!#,:FFB/446666&--.@.DEEE!$.!9!989LMMD"0D  *D  * O        +BL'\**G444Y[bccc5 > > >5c!ff== =&   1KRR)1!4)1!41gg S  =A<[d/66888ad .55e<#+A.55f==D   .   , . K  -   : ,1M KK . / / / F$'..v66==fEE) :,9   ! - HHT'+ , , ,  " = HHT,33F;; < < <   HHTNNN{$--dDJJ MMMrry)__name__ __module__ __qualname____doc__r{rrrboolrrrpropertyrrrrrrrrr __classcell__)rs@rrwrwsmAAAAAA888t(((... & & &E#tT/4J &VZ & & & &  X  HSM   X <<X<    * * *!!!F>G>G>G@'N'N'N'N'N'N'NrrwN)typingrr!seleniumwire.thirdparty.mitmproxyr%seleniumwire.thirdparty.mitmproxy.netrr1seleniumwire.thirdparty.mitmproxy.server.protocolrrrLayerrwrrrrs 888888@@@@@@BBBBBB{*{*{ *{ - {  ) {  ) { { .{ { -{ .{ "{ { { "{  !{" #{{$ #%{& '{( ){* #+{, -{. /{0 1{2 -3{4 5{6 7{8 9{> ?{@ A{B .C{D E{F G{H I{{{J .K{L M{N O{P Q{R S{T U{V W{X Y{Z ,[{\ ]{^ _{` a{b c{d e{f ,g{h i{j k{{{l m{n o{p q{r -s{t /u{v /w{x y{z {{| !}{~ {@ "A{B "C{D #E{F #G{H I{J K{L 'M{{{N O{P #Q{R S{T !U{V W{X Y{Z ![{\ !]{^ _{` a{b c{d "e{f g{h "i{j k{l "m{n "o{{{p #q{r #s{t u{v -w{x y{z {{| }{N *O{P Q{R S{T U{V W{X .Y{Z [{\ ]{^ %_{` %a{{{b $c{d $e{f %g{h %i{j $k{l $m{n !o{p !q{r s{t !u{v w{x %y{z #{{| #}{~ "{@ !A{B &C{{{D $E{F $G{H I{J K{L #M{N !O{P !Q{R S{T U{V $W{X "Y{Z "[{\ ]{^ O_{` a{b c{d e{{{f "g{h &i{j &k{l !m{n %o{p %q{r !s{t %u{v %w{x 'y{z '{{| &}{~ &{@ %A{B %C{D $E{F $G{{{H +I{J +K{L *M{N *O{P )Q{R )S{T (U{V (W{X )Y{Z +[{\ ']{^ J_{` Ma{b c{d e{f ig{h mi{{ju{{{@WjNjNjNjNjNtzjNjNjNjNjNr