|  | """ | 
|  | websocket - WebSocket client library for Python | 
|  |  | 
|  | Copyright (C) 2010 Hiroki Ohtani(liris) | 
|  |  | 
|  | This library is free software; you can redistribute it and/or | 
|  | modify it under the terms of the GNU Lesser General Public | 
|  | License as published by the Free Software Foundation; either | 
|  | version 2.1 of the License, or (at your option) any later version. | 
|  |  | 
|  | This library is distributed in the hope that it will be useful, | 
|  | but WITHOUT ANY WARRANTY; without even the implied warranty of | 
|  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU | 
|  | Lesser General Public License for more details. | 
|  |  | 
|  | You should have received a copy of the GNU Lesser General Public | 
|  | License along with this library; if not, write to the Free Software | 
|  | Foundation, Inc., 51 Franklin Street, Fifth Floor, | 
|  | Boston, MA  02110-1335  USA | 
|  |  | 
|  | """ | 
|  | import errno | 
|  | import os | 
|  | import socket | 
|  | import sys | 
|  |  | 
|  | import six | 
|  |  | 
|  | from ._exceptions import * | 
|  | from ._logging import * | 
|  | from ._socket import* | 
|  | from ._ssl_compat import * | 
|  | from ._url import * | 
|  |  | 
|  | if six.PY3: | 
|  | from base64 import encodebytes as base64encode | 
|  | else: | 
|  | from base64 import encodestring as base64encode | 
|  |  | 
|  | __all__ = ["proxy_info", "connect", "read_headers"] | 
|  |  | 
|  | try: | 
|  | import socks | 
|  | ProxyConnectionError = socks.ProxyConnectionError | 
|  | HAS_PYSOCKS = True | 
|  | except: | 
|  | class ProxyConnectionError(BaseException): | 
|  | pass | 
|  | HAS_PYSOCKS = False | 
|  |  | 
|  | class proxy_info(object): | 
|  |  | 
|  | def __init__(self, **options): | 
|  | self.type = options.get("proxy_type") or "http" | 
|  | if not(self.type in ['http', 'socks4', 'socks5', 'socks5h']): | 
|  | raise ValueError("proxy_type must be 'http', 'socks4', 'socks5' or 'socks5h'") | 
|  | self.host = options.get("http_proxy_host", None) | 
|  | if self.host: | 
|  | self.port = options.get("http_proxy_port", 0) | 
|  | self.auth = options.get("http_proxy_auth", None) | 
|  | self.no_proxy = options.get("http_no_proxy", None) | 
|  | else: | 
|  | self.port = 0 | 
|  | self.auth = None | 
|  | self.no_proxy = None | 
|  |  | 
|  | def _open_proxied_socket(url, options, proxy): | 
|  | hostname, port, resource, is_secure = parse_url(url) | 
|  |  | 
|  | if not HAS_PYSOCKS: | 
|  | raise WebSocketException("PySocks module not found.") | 
|  |  | 
|  | ptype = socks.SOCKS5 | 
|  | rdns = False | 
|  | if proxy.type == "socks4": | 
|  | ptype = socks.SOCKS4 | 
|  | if proxy.type == "http": | 
|  | ptype = socks.HTTP | 
|  | if proxy.type[-1] == "h": | 
|  | rdns = True | 
|  |  | 
|  | sock = socks.create_connection( | 
|  | (hostname, port), | 
|  | proxy_type = ptype, | 
|  | proxy_addr = proxy.host, | 
|  | proxy_port = proxy.port, | 
|  | proxy_rdns = rdns, | 
|  | proxy_username = proxy.auth[0] if proxy.auth else None, | 
|  | proxy_password = proxy.auth[1] if proxy.auth else None, | 
|  | timeout = options.timeout, | 
|  | socket_options = DEFAULT_SOCKET_OPTION + options.sockopt | 
|  | ) | 
|  |  | 
|  | if is_secure: | 
|  | if HAVE_SSL: | 
|  | sock = _ssl_socket(sock, options.sslopt, hostname) | 
|  | else: | 
|  | raise WebSocketException("SSL not available.") | 
|  |  | 
|  | return sock, (hostname, port, resource) | 
|  |  | 
|  |  | 
|  | def connect(url, options, proxy, socket): | 
|  | if proxy.host and not socket and not (proxy.type == 'http'): | 
|  | return _open_proxied_socket(url, options, proxy) | 
|  |  | 
|  | hostname, port, resource, is_secure = parse_url(url) | 
|  |  | 
|  | if socket: | 
|  | return socket, (hostname, port, resource) | 
|  |  | 
|  | addrinfo_list, need_tunnel, auth = _get_addrinfo_list( | 
|  | hostname, port, is_secure, proxy) | 
|  | if not addrinfo_list: | 
|  | raise WebSocketException( | 
|  | "Host not found.: " + hostname + ":" + str(port)) | 
|  |  | 
|  | sock = None | 
|  | try: | 
|  | sock = _open_socket(addrinfo_list, options.sockopt, options.timeout) | 
|  | if need_tunnel: | 
|  | sock = _tunnel(sock, hostname, port, auth) | 
|  |  | 
|  | if is_secure: | 
|  | if HAVE_SSL: | 
|  | sock = _ssl_socket(sock, options.sslopt, hostname) | 
|  | else: | 
|  | raise WebSocketException("SSL not available.") | 
|  |  | 
|  | return sock, (hostname, port, resource) | 
|  | except: | 
|  | if sock: | 
|  | sock.close() | 
|  | raise | 
|  |  | 
|  |  | 
|  | def _get_addrinfo_list(hostname, port, is_secure, proxy): | 
|  | phost, pport, pauth = get_proxy_info( | 
|  | hostname, is_secure, proxy.host, proxy.port, proxy.auth, proxy.no_proxy) | 
|  | try: | 
|  | if not phost: | 
|  | addrinfo_list = socket.getaddrinfo( | 
|  | hostname, port, 0, 0, socket.SOL_TCP) | 
|  | return addrinfo_list, False, None | 
|  | else: | 
|  | pport = pport and pport or 80 | 
|  | # when running on windows 10, the getaddrinfo used above | 
|  | # returns a socktype 0. This generates an error exception: | 
|  | #_on_error: exception Socket type must be stream or datagram, not 0 | 
|  | # Force the socket type to SOCK_STREAM | 
|  | addrinfo_list = socket.getaddrinfo(phost, pport, 0, socket.SOCK_STREAM, socket.SOL_TCP) | 
|  | return addrinfo_list, True, pauth | 
|  | except socket.gaierror as e: | 
|  | raise WebSocketAddressException(e) | 
|  |  | 
|  |  | 
|  | def _open_socket(addrinfo_list, sockopt, timeout): | 
|  | err = None | 
|  | for addrinfo in addrinfo_list: | 
|  | family, socktype, proto = addrinfo[:3] | 
|  | sock = socket.socket(family, socktype, proto) | 
|  | sock.settimeout(timeout) | 
|  | for opts in DEFAULT_SOCKET_OPTION: | 
|  | sock.setsockopt(*opts) | 
|  | for opts in sockopt: | 
|  | sock.setsockopt(*opts) | 
|  |  | 
|  | address = addrinfo[4] | 
|  | err = None | 
|  | while not err: | 
|  | try: | 
|  | sock.connect(address) | 
|  | except ProxyConnectionError as error: | 
|  | err = WebSocketProxyException(str(error)) | 
|  | err.remote_ip = str(address[0]) | 
|  | continue | 
|  | except socket.error as error: | 
|  | error.remote_ip = str(address[0]) | 
|  | try: | 
|  | eConnRefused = (errno.ECONNREFUSED, errno.WSAECONNREFUSED) | 
|  | except: | 
|  | eConnRefused = (errno.ECONNREFUSED, ) | 
|  | if error.errno == errno.EINTR: | 
|  | continue | 
|  | elif error.errno in eConnRefused: | 
|  | err = error | 
|  | continue | 
|  | else: | 
|  | raise error | 
|  | else: | 
|  | break | 
|  | else: | 
|  | continue | 
|  | break | 
|  | else: | 
|  | if err: | 
|  | raise err | 
|  |  | 
|  | return sock | 
|  |  | 
|  |  | 
|  | def _can_use_sni(): | 
|  | return six.PY2 and sys.version_info >= (2, 7, 9) or sys.version_info >= (3, 2) | 
|  |  | 
|  |  | 
|  | def _wrap_sni_socket(sock, sslopt, hostname, check_hostname): | 
|  | context = ssl.SSLContext(sslopt.get('ssl_version', ssl.PROTOCOL_SSLv23)) | 
|  |  | 
|  | if sslopt.get('cert_reqs', ssl.CERT_NONE) != ssl.CERT_NONE: | 
|  | cafile = sslopt.get('ca_certs', None) | 
|  | capath = sslopt.get('ca_cert_path', None) | 
|  | if cafile or capath: | 
|  | context.load_verify_locations(cafile=cafile, capath=capath) | 
|  | elif hasattr(context, 'load_default_certs'): | 
|  | context.load_default_certs(ssl.Purpose.SERVER_AUTH) | 
|  | if sslopt.get('certfile', None): | 
|  | context.load_cert_chain( | 
|  | sslopt['certfile'], | 
|  | sslopt.get('keyfile', None), | 
|  | sslopt.get('password', None), | 
|  | ) | 
|  | # see | 
|  | # https://github.com/liris/websocket-client/commit/b96a2e8fa765753e82eea531adb19716b52ca3ca#commitcomment-10803153 | 
|  | context.verify_mode = sslopt['cert_reqs'] | 
|  | if HAVE_CONTEXT_CHECK_HOSTNAME: | 
|  | context.check_hostname = check_hostname | 
|  | if 'ciphers' in sslopt: | 
|  | context.set_ciphers(sslopt['ciphers']) | 
|  | if 'cert_chain' in sslopt: | 
|  | certfile, keyfile, password = sslopt['cert_chain'] | 
|  | context.load_cert_chain(certfile, keyfile, password) | 
|  | if 'ecdh_curve' in sslopt: | 
|  | context.set_ecdh_curve(sslopt['ecdh_curve']) | 
|  |  | 
|  | return context.wrap_socket( | 
|  | sock, | 
|  | do_handshake_on_connect=sslopt.get('do_handshake_on_connect', True), | 
|  | suppress_ragged_eofs=sslopt.get('suppress_ragged_eofs', True), | 
|  | server_hostname=hostname, | 
|  | ) | 
|  |  | 
|  |  | 
|  | def _ssl_socket(sock, user_sslopt, hostname): | 
|  | sslopt = dict(cert_reqs=ssl.CERT_REQUIRED) | 
|  | sslopt.update(user_sslopt) | 
|  |  | 
|  | certPath = os.environ.get('WEBSOCKET_CLIENT_CA_BUNDLE') | 
|  | if certPath and os.path.isfile(certPath) \ | 
|  | and user_sslopt.get('ca_certs', None) is None \ | 
|  | and user_sslopt.get('ca_cert', None) is None: | 
|  | sslopt['ca_certs'] = certPath | 
|  | elif certPath and os.path.isdir(certPath) \ | 
|  | and user_sslopt.get('ca_cert_path', None) is None: | 
|  | sslopt['ca_cert_path'] = certPath | 
|  |  | 
|  | check_hostname = sslopt["cert_reqs"] != ssl.CERT_NONE and sslopt.pop( | 
|  | 'check_hostname', True) | 
|  |  | 
|  | if _can_use_sni(): | 
|  | sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname) | 
|  | else: | 
|  | sslopt.pop('check_hostname', True) | 
|  | sock = ssl.wrap_socket(sock, **sslopt) | 
|  |  | 
|  | if not HAVE_CONTEXT_CHECK_HOSTNAME and check_hostname: | 
|  | match_hostname(sock.getpeercert(), hostname) | 
|  |  | 
|  | return sock | 
|  |  | 
|  |  | 
|  | def _tunnel(sock, host, port, auth): | 
|  | debug("Connecting proxy...") | 
|  | connect_header = "CONNECT %s:%d HTTP/1.0\r\n" % (host, port) | 
|  | # TODO: support digest auth. | 
|  | if auth and auth[0]: | 
|  | auth_str = auth[0] | 
|  | if auth[1]: | 
|  | auth_str += ":" + auth[1] | 
|  | encoded_str = base64encode(auth_str.encode()).strip().decode() | 
|  | connect_header += "Proxy-Authorization: Basic %s\r\n" % encoded_str | 
|  | connect_header += "\r\n" | 
|  | dump("request header", connect_header) | 
|  |  | 
|  | send(sock, connect_header) | 
|  |  | 
|  | try: | 
|  | status, resp_headers, status_message = read_headers(sock) | 
|  | except Exception as e: | 
|  | raise WebSocketProxyException(str(e)) | 
|  |  | 
|  | if status != 200: | 
|  | raise WebSocketProxyException( | 
|  | "failed CONNECT via proxy status: %r" % status) | 
|  |  | 
|  | return sock | 
|  |  | 
|  |  | 
|  | def read_headers(sock): | 
|  | status = None | 
|  | status_message = None | 
|  | headers = {} | 
|  | trace("--- response header ---") | 
|  |  | 
|  | while True: | 
|  | line = recv_line(sock) | 
|  | line = line.decode('utf-8').strip() | 
|  | if not line: | 
|  | break | 
|  | trace(line) | 
|  | if not status: | 
|  |  | 
|  | status_info = line.split(" ", 2) | 
|  | status = int(status_info[1]) | 
|  | if len(status_info) > 2: | 
|  | status_message = status_info[2] | 
|  | else: | 
|  | kv = line.split(":", 1) | 
|  | if len(kv) == 2: | 
|  | key, value = kv | 
|  | headers[key.lower()] = value.strip() | 
|  | else: | 
|  | raise WebSocketException("Invalid header") | 
|  |  | 
|  | trace("-----------------------") | 
|  |  | 
|  | return status, headers, status_message |