mbiA4 UddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z ddl m Z ddlmZmZddlmZddlmZmZddlmZdd lmZmZmZmZmZmZmZd d l m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m4Z4m5Z5m6Z6m7Z7m8Z8d d l m9Z:ej;d ZdZ?edZ@ddDZAdddZBGddeZCGddeDZEGddeEZFGd d!eEZGGd"d#eEZHGd$d%eEZIGd&d'eEZJGd(d)eEZKGd*d+eEZLGd,d-eEZMGd.d/eZNGd0d1eZOGd2d3eZPGd4d5ZQdd;ZRdd>ZSddAZT dddFZUddHZVddKZWedLM dddRZX dddZZYGd[d\eZZGd]d^eZ[Gd_d`eZ\GdadbeZ]GdcddeZ^GdedfeZ_GdgdheZ`e ddmZae ddnZbddrZcddvZdddwZeddyZfe dd{ZgeeheifZjdd}Zkdd~ZlddZmddZneeiehfZoddZpddZqddZrddZseeheifZteGddZueGddZvddZwddZxeGddZyddZzddZ{eGddZ|ddZ}ddZ~eGddZddZddZeeieifZeGddZ9eGddZddZddZddZeGddZddZddZeGddZddZddZGddZGddZeZjdeZjdeZjdiZe`jde`jde`jde`jde`jde`jde`jde`jde`jdi Zded<ddZ dddɄZdd̄Ze ddτZeGdЄdѦZeegdfZeeigeefZeegdfZGd҄dӦZdS() annotationsN) unhexlify)contextmanager) dataclassfield)IntEnum) lru_cachepartial)HMAC)AnyCallable GeneratorOptionalSequenceTupleTypeVar)BufferBufferReadError CryptoError DsaPrivateKeyECDHP256KeyExchangeECDHP384KeyExchangeECDHP521KeyExchange EcPrivateKeyEd25519PrivateKeyExpiredCertificateErrorInvalidNameCertificateErrorKeyTypePrivateKeyInfo RsaPrivateKeySelfSignedCertificateErrorServerVerifierSignatureError TlsCertUsageUnacceptableCertificateErrorX25519KeyExchangeX25519ML768KeyExchange idna_encode rebuild_chainverify_with_public_key) Certificatez^[0-9a-fA-F]{8}\.[0-9]$ iiTcBi|]\}}|tt|dSN)getattrhashlib).0length algorithms W/var/www/html/mdtn/previsions/meteo_cartes/venv/lib/python3.11/site-packages/qh3/tls.py r7:s:  GGY - -)) md5)(sha1)@sha256T remove_tzboolreturndatetime.datetimectjtjj}|r|dn|S)N)tzinfo)datetimenowtimezoneutcreplace)r?dts r6utcnowrKEs<    x04 5 5B&/ 72::T: " " "R7r8czeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdS)AlertDescriptionr r;*+,-./0123FGPVZmnpqstxN)__name__ __module__ __qualname__ close_notifyunexpected_messagebad_record_macrecord_overflowhandshake_failurebad_certificateunsupported_certificatecertificate_revokedcertificate_expiredcertificate_unknownillegal_parameter unknown_ca access_denied decode_error decrypt_errorprotocol_versioninsufficient_securityinternal_errorinappropriate_fallback user_canceledmissing_extensionunsupported_extensionunrecognized_namebad_certificate_status_responseunknown_psk_identitycertificate_requiredno_application_protocolr8r6rMrMJsLNOO JMLMNM&)#!r8rMceZdZUded<dS)AlertrM descriptionNrgrhri__annotations__rr8r6rrhs!!!!!!r8rceZdZejZdS)AlertBadCertificateN)rgrhrirMrorrr8r6rrls"2KKKr8rceZdZejZdS)AlertCertificateExpiredN)rgrhrirMrrrrr8r6rrps"6KKKr8rceZdZejZdS)AlertDecryptErrorN)rgrhrirMrxrrr8r6rrts"0KKKr8rceZdZejZdS)AlertHandshakeFailureN)rgrhrirMrnrrr8r6rrx"4KKKr8rceZdZejZdS)AlertIllegalParameterN)rgrhrirMrtrrr8r6rr|rr8rceZdZejZdS)AlertInternalErrorN)rgrhrirMr{rrr8r6rrs"1KKKr8rceZdZejZdS)AlertProtocolVersionN)rgrhrirMryrrr8r6rrs"3KKKr8rceZdZejZdS)AlertUnexpectedMessageN)rgrhrirMrkrrr8r6rrs"5KKKr8rceZdZdZdZdS) DirectionrrN)rgrhriDECRYPTENCRYPTrr8r6rrsGGGGr8rceZdZdZdZdZdZdS)EpochrrN)rgrhriINITIALZERO_RTT HANDSHAKEONE_RTTrr8r6rrs"GHIGGGr8rc:eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) Staterrrr rNN)rgrhriCLIENT_HANDSHAKE_STARTCLIENT_EXPECT_SERVER_HELLO"CLIENT_EXPECT_ENCRYPTED_EXTENSIONS0CLIENT_EXPECT_CERTIFICATE_REQUEST_OR_CERTIFICATE%CLIENT_EXPECT_CERTIFICATE_CERTIFICATE CLIENT_EXPECT_CERTIFICATE_VERIFYCLIENT_EXPECT_FINISHEDCLIENT_POST_HANDSHAKESERVER_EXPECT_CLIENT_HELLOSERVER_EXPECT_FINISHEDSERVER_POST_HANDSHAKErr8r6rrsR!")*&784,-)'($!"r8rc&eZdZd dZdd Zdd Zd S) HKDFExpandr5intr4info bytes | Nonec||_t|dz |_d|jz}||krtd|d||_|d}||_d|_dS)NrzCannot derive keys larger than z octets.r8F) _algorithmr _digest_size ValueError_length_info_used)selfr5r4r max_lengths r6__init__zHKDFExpand.__init__st $ A ..4,, J  SzSSSTT T <D  r8 key_materialbytesrAcdg}d}|jt|dz z|jkrt|d|j}||d||j|t|g|| |dz }|jt|dz z|jkd |d|jS)Nr8rsha digestmod) rlenrr rupdaterrappenddigestjoin)rroutputcounterhs r6_expandzHKDFExpand._expands3v;;?3dlBB\-D4?-D-DEEEA HHVBZ HHTZ HHUG9%% & & & MM!((** % % % qLG 3v;;?3dlBBxx$,//r8cV|jrtd|_||S)NT)rrrrrs r6derivezHKDFExpand.derives+ :   ||L)))r8N)r5rr4rrr)rrrAr)rgrhrirrrrr8r6rrsP, 0 0 0 0******r8rlabelr hash_valuer4rcd|z}tjd|t||ztjdt|z|zS)Nstls13 z!HBz!B)structpackr)rrr4 full_labels r6 hkdf_labelrsTU"J E63z??33   +dC OO , , -  r8r5secretc jt||t||||S)N)r5r4r)rrrr5rrrr4s r6hkdf_expand_labelrs=  z6 2 2    fVnn r8saltrc|t|d|}|||S)Nrr)r rr)r5rrrs r6 hkdf_extractrs= T.9..///AHH\ 88::r8datapasswordr@EcPrivateKey | DsaPrivateKey | RsaPrivateKey | Ed25519PrivateKeyc|t||}|tjtjtjfvrd}|tjkrd}nI|tjkrd}n$|tjkrd}|Jt ||d|vS|tjkr!t|S|tj kr!t|S|tj kr!t|Stjd)z) Load a PEM-encoded private key. N sBEGIN EC PRIVATE KEYzUnsupported private key format)r get_typer ECDSA_P256 ECDSA_P384 ECDSA_P521r public_bytesDSArRSAr!ED25519rsslSSLError)rr pkey_info curve_types r6load_pem_private_keyrs tX..I       7#5 5 5JJ    ! !W%7 7 7JJ    ! !W%7 7 7J%%%  " " $ $j2IQU2U         , ,Y3355666      , ,Y3355666      0 0 !7!7!9!9::: ,7 8 88r8list[X509Certificate]cdd|vrdnd}d|z}g}||D]}|r|d|z}|dkrngd||d|gd }|t t j||S) z8 Load a chain of PEM-encoded X509 certificates. s-----  s s-----END CERTIFICATE-----s-----BEGIN CERTIFICATE-----rr8Nascii)splitfindrdecoderX509CertificaterPEM_cert_to_DER_cert)r line_endingboundary certificateschunk start_markerpem_reconstructeds r6load_pem_x509_certificatesrs(t33%%K+k9HLH%%     ::&D{&RSSLr!! #% *>)I J J Q Q!!     89J K KLL    r8capathstrctj|sdStj|D]}t|rdS dS)zFCheck whether capath exists and contains certs in the expected format.FT)ospathisdirlistdir_HASHED_CERT_FILENAME_REmatch)rnames r6_capath_contains_certsr+s] 7== u 6"" # ) )$ / / 44  5r8r=)maxsizecadatacafile str | NoneJtuple[list[X509Certificate], list[X509Certificate], list[X509Certificate]]c g g g d fd }|t|D] }|||||rXt|d5}t|D] }|| dddn #1swxYwY|rt|rrt j|dD]Z}t|d5}t|D] }|| dddn #1swxYwY[|\|Z|Xt j}||dD]}|t| fS) a> Given cadata, cafile and capath load X509 certificates and sort them into three distinct list: - Trust anchors (ca self-signed) - Intermediates (ca signed by other ca) - Others (not suitable for our purposes) This function consumes a lot of CPU times, so we want to cache it. rANonec|jrC|jtjkr|dS|dS|dSr0) self_signedusager%Otherr)cintermediariesothers trust_anchorss r6_sort_cert_in_appropriate_listz;load_store_and_sort.._sort_cert_in_appropriate_listHsm = %w,,,, a     $$Q'''''  ! !! $ $ $ $ $r8Nrbz/*T) binary_formrAr!) ropenreadrglobrcreate_default_contextload_default_certs get_ca_certsr) rrrr*certfpr default_ctxcar'r(r)s @@@r6load_store_and_sortr85slMN F % % % % % % % %.v66 1 1D * *4 0 0 0 0 V/  9fd## 9r6rwwyyAA99D22488889 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9  =,V44 = V---00 = =$%%= :27799 E E==66t<<<<================~&.V^022 &&(((**t*<< @ @B * *?2+>+> ? ? ? ? .& 00s$0BB B 0DD D certificaterchain server_nameassert_server_name ocsp_responser!c|g}t|||\}} } ||dur|D]} | } | | ddz| d} | ddd| vrGt | d kr3d d | dD}n| }|td |std |ss| rqt| d| D} t | dkr0| ddD]$}| t|%ng} td|D}n"#t$r}td|d}~wwxYw || d|D||pddS#t t"t$t&f$r>}t)|t"r |durYd}~dSt|jdd}~wwxYw)N)rrrF(r)z*.z unverified.: .c3NK|] }tt|V!dSr0)rr)r3ps r6 z%verify_certificate..s?++()CFF ++++++r8z&unable to determine server name targetz7unable to get local issuer certificate (empty CA store)c6g|]}|Srrr3r&s r6 z&verify_certificate..s" 6 6 6!Q^^   6 6 6r8rc6g|]}|SrrHrIs r6rJz&verify_certificate..s"HHHQ 0 0HHHr8z(unable to create the verifier x509 storec6g|]}|SrrHrIs r6rJz&verify_certificate..s" - - -!Q^^   - - -r8r8r)r8get_subject_alt_namesrrrIrrrrr*rrrr#rverifyr"rrr& isinstanceargs)r9r:rrrr;r<r=r)r'_alt_nameserver_name_candidate raw_chainistoreeexcs r6verify_certificaterYos  }':((($M>1 0E99 $99;;  H$,OO$5$5 !$9%**3//!36K6P6PQT6U6UU% ! " ) )$ > > >+++,--33"%((++-B-H-H-M-M+++##KK4 !"JKKK  ! E     ^ !  $ $ & & 6 6~ 6 6 6  y>>Q  qrr] 1 1 _Q//0000 1EUHH-HHHII UUU!"LMMSTTU/  $ $ & & - -u - - -   S       ##$  /// c6 7 7 eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd S) HandshakeTyperrrrrrBrfrOr|r}N)rgrhri CLIENT_HELLO SERVER_HELLONEW_SESSION_TICKETEND_OF_EARLY_DATAENCRYPTED_EXTENSIONS CERTIFICATECERTIFICATE_REQUESTCERTIFICATE_VERIFYFINISHED KEY_UPDATECOMPRESSED_CERTIFICATE MESSAGE_HASHrr8r6rrsPLLKHJLLLr8rceZdZdZdZdS)PskKeyExchangeModerrN)rgrhriPSK_KE PSK_DHE_KErr8r6rrs FJJJr8rcReZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdS)SignatureAlgorithmiiiiiiiii i i iiiiiiN)rgrhriECDSA_SECP256R1_SHA256ECDSA_SECP384R1_SHA384ECDSA_SECP521R1_SHA512rED448RSA_PKCS1_SHA256RSA_PKCS1_SHA384RSA_PKCS1_SHA512RSA_PSS_PSS_SHA256RSA_PSS_PSS_SHA384RSA_PSS_PSS_SHA512RSA_PSS_RSAE_SHA256RSA_PSS_RSAE_SHA384RSA_PSS_RSAE_SHA512RSA_PKCS1_SHA1SHA1_DSA ECDSA_SHA1rr8r6rrsq###G E   NHJJJr8rbufrcapacityrc#Kt||d}||z}|V||ksJdS)Nbig byteorder)r from_bytes pull_bytestell)rrr4ends r6 pull_blockr sa ^^CNN844^ F FF ((**v C LLL 88::      r8c#JK||z}||dV|}||z }|||z |||d||dS)zi Context manager to push a variable-length block, with `capacity` bytes to write the length. Nrr)rseek push_bytesto_bytes)rrstartrr4s r6 push_blockr(s HHJJ !EHHUOOO EEE ((**C 5[FHHUX NN6??8u?==>>>HHSMMMMMr8funcCallable[[], T]list[T]c"g}t||5}||z}||kr5||||k5dddn #1swxYwY|S)z Pull a list of items. N)rrr)rrritemsr4rs r6 pull_listr;s E C " "!fhhjj6!hhjj3 LL hhjj3!!!!!!!!!!!!!!! LsA%BB BCallable[[T], None]values Sequence[T]czt||5|D] }|| ddddS#1swxYwYdS)z Push a list of items. N)r)rrrrvalues r6 push_listrGs C " "  E DKKKK s 044ct||5}||cdddS#1swxYwYdS)z4 Pull an opaque value prefixed by a length. N)rr)rrr4s r6 pull_opaquerRs C " "&f~~f%%&&&&&&&&&&&&&&&&&&s 377rct||5||ddddS#1swxYwYdS)z2 Push an opaque value prefix by a length. N)rr)rrrs r6 push_opaquerZs C " " us 488extension_typec#K||t|d5dVddddS#1swxYwYdSNr) push_uint16r)rrs r6push_extensionrbsOON### C   s :>> KeyShareEntrycR|}t|d}||fSr) pull_uint16r)rgrouprs r6pull_key_shareros* OO  E sA  D 4=r8cj||dt|d|ddS)Nrrr)rr)rrs r6push_key_sharerus4OOE!HQa!!!!!r8cHt|ddSNrr)rrrs r6pull_alpn_protocolr}s sA   % %g . ..r8protocolcNt|d|ddSr)rencode)rrs r6push_alpn_protocolrs&Q0011111r8 PskIdentitycRt|d}|}||fSr)r pull_uint32)ridentityobfuscated_ticket_ages r6pull_psk_identityrs-3""HOO-- + ,,r8entrycjt|d|d||ddS)Nrrr)r push_uint32rrs r6push_psk_identityrs4Qa!!!OOE!Hr8c"t|dSNrrrs r6pull_psk_binderrs sA  r8binderc(t|d|dSrr)rrs r6push_psk_binderrsQr8c$eZdZUded<ded<dS) OfferedPskszlist[PskIdentity] identitiesz list[bytes]bindersNrrr8r6rrs*!!!!r8rceZdZUded<ded<ded<ded<dZded <d Zd ed <dZd ed<dZded<dZded<dZ ded<dZ ded<dZ ded<dZ ded<e eZded<dS) ClientHellorrandomlegacy_session_idz list[int] cipher_suiteslegacy_compression_methodsNlist[str] | Nonealpn_protocolsFr@ early_datazlist[KeyShareEntry] | None key_sharezOfferedPsks | Nonepre_shared_keylist[int] | Nonepsk_key_exchange_modesrr;signature_algorithmssupported_groupssupported_versionsdefault_factorylist[Extension]other_extensions)rgrhrirrrrrrr;rrrrlistr rr8r6rrsMMM))))(,N++++J,0I0000)-N----/33333"K""""-11111)-----+/////(-d(C(C(CCCCCCCr8rc tjksJtd5t ksJt dtdtdjtdjdd fd }td|dddn #1swxYwYS) Nrr9rr)rrrrFrAr!c rJ}}|tjkr+tdt t _dS|tjkrtdj_dS|tj krtdj_ dS|tj krtdj_ dS|tj krtdj_dS|tjkrmt#d5dksJt%dd_ddddS#1swxYwYdS|tjkr+tdt t,_dS|tjkr d_dS|tjkr^t7tdt t8tdt t:_ddS|tjkr |dS|tj!krdSj"#| |fdS)NrrrrTrr)$rrervrr rrrsrrnrrmrru pull_uint8rrkrrrr;rorrrrrrqrrrrrlrr`r r)rextension_length after_pskrhellos r6pull_extensionz)pull_client_hello..pull_extensions!  __..N"00 !888"+CGNC4P4P"Q"Q=#CCC+4S!S_+M+M(((=#EEE-6sAs-O-O***=#AAA)233?)K)K&&&=#GGG/8a/P/P,,,=#<<<Q''LL>>++q0000(3C(;(;(B(B7(K(KE%LLLLLLLLLLLLLLLLLL =#555'0G$6<<(($$$ =#;;;#'   =#???'2(a9JC1P1PQQ%c1gos.K.KLL((($! =#???$ =#777&--#S^^4D%E%EFs=AF  FFr-) rrrrrTLS_VERSION_1_2rrrr)rrrrs` @@r6pull_client_hellorsB >>  }9 9 9 9 9 C  9*9*  O3333>>"%%)#q11#CCO<<'0a'H'H     * * * * * * * * X #q.)))s9*9*9*9*9*9*9*9*9*9*9*9*9*9*9*v LsBCC"Crc  |tjt|d5|t ||jt|d|j t|d|j|j t|d|j|j t|d5t|tj5 dddn #1swxYwYt|tj5t|dt#t$||jdddn #1swxYwYt|tj5t|d|j|jdddn #1swxYwYt|tj5t|d|j|jdddn #1swxYwYt|tj5t|d|j|jdddn #1swxYwY|jNt|tj5t|d|j|jdddn #1swxYwY|jt|tj5t|d5|dt|d|jddddn #1swxYwYdddn #1swxYwY|j\t|tj 5t|dt#tB||jdddn #1swxYwY|j"D]B\}}t||5||dddn #1swxYwYC|j#r3t|tj$5 dddn #1swxYwYt|tj%5|dt|d5 dddn #1swxYwYt|d5 dddn #1swxYwYdddn #1swxYwY|j&t|tj'5t|dt#tP||j&j)t|dt#tT||j&j+dddn #1swxYwYdddn #1swxYwYddddS#1swxYwYdS)Nrrrrr), push_uint8rrrrrrrrrrrrrrer`rvr rrrsrrnrrmrrrur;rkrrrorr rrrrlrrqrrrrrrrextension_values r6push_client_hellors NN=-... C  EE ((( u|$$$CE3444#q#/5+>???#q#.%*JKKKQ  = = ]%9::                  ]%<== Q Q#q'.#">">PPP Q Q Q Q Q Q Q Q Q Q Q Q Q Q Q ]%EFF M M#q#/53KLLL M M M M M M M M M M M M M M M ]%GHH O O#q#/53MNNN O O O O O O O O O O O O O O O ]%CDD K K#q#/53IJJJ K K K K K K K K K K K K K K K+7#C)MNNTTc1cne6RSSSTTTTTTTTTTTTTTT ,#C)BCCOO#C++OOq)))#CE,=,D,DW,M,MNNNOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO #/#C);<<Q(:C @ @%BV 493I 4 4/#C8844NN?333444444444444444 #C)ABB ]%ABB  q!!!Q''Q''                #/#C)EFF   1377,7  55,4                c= = = = = = = = = = = = = = = EEEEEEEEEEEEEEEEEEsSBU,UC, U,C0 0U3C0 4U+E< UE UE U-F UF UF U;G$ U$G( (U+G( ,U H2& U2H6 6U9H6 :$UJ; UJ UJ $U3L&?L  L&L L&L L& U&L* *U-L* .$U+N = U N UN U0O  UO UO %U?P  U P UP U2&R&Q&  R&&Q* *R&-Q* .R&R  R&R R&R R& U&R* *U-R* .$UAT=1 U=U UU U U,U U,U U,,U03U0ceZdZUded<ded<ded<ded<dZded <dZd ed <dZd ed <ee Z ded<dS) ServerHellorrrr cipher_suitecompression_methodNzKeyShareEntry | Noner int | Nonersupported_versionr list[tuple[int, bytes]]r ) rgrhrirrrr"rr r rr8r6rrGsMMM'+I****!%N%%%%$(((((05d0K0K0KKKKKKKr8rctjksJtd5t ksJt dtdd fd }td|dddn #1swxYwYS) Nrr9r)rrrr rAr!c}}|tjkr_dS|tjkrt _dS|tjkr_dSj | |fdSr0) rrersr"rvrrrqrr rr)rrrrs r6rz)pull_server_hello..pull_extensionbs __..N"00 !AAA*-//*;*;'''=#:::"0"5"5=#???'*'8'8$$$&--#S^^4D%E%EFr8rr-) rrrrrrrrrr)rrrs` @r6pull_server_hellor&Us* >>  }9 9 9 9 9 C  **  O3333>>"%%)#q11**"~~//            #q.)))3***************6 LsBCCCc `|tjt|d5|t ||jt|d|j ||j ||j t|d5|j Lt|tj5||j dddn #1swxYwY|jGt|tj5t%||jdddn #1swxYwY|jLt|tj5||jdddn #1swxYwY|jD]B\}}t||5||dddn #1swxYwYC dddn #1swxYwYddddS#1swxYwYdSNrrr)rrrrrrrrrrrr r"rrersrrvrrrqr rs r6push_server_hellor)usNN=-... C  44 ((( u|$$$CE3444 *+++ u/000Q   4 4&2#C)IJJ==OOE$;<<<===============*#C)@AA99"3888999999999999999#/#C)EFF::OOE$8999:::::::::::::::493I 4 4/#C8844NN?333444444444444444 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4444444444444444444sBH#?"H !D< H D H D $H 4E H E H E $H F) H )F- -H 0F- 1H G2 & H 2G6 6H 9G6 :H ? H# H H#H H##H'*H'cxeZdZUdZded<dZded<dZded<dZded<d Zd ed <e e Z d ed<d S)NewSessionTicketrrticket_lifetimeticket_age_addr8r ticket_nonceticketNr!max_early_data_sizer r#r ) rgrhrir,rr-r.r/r0rr r rr8r6r+r+sONLF'+****05d0K0K0KKKKKKKr8r+cttjksJt d5__td_ td_ dfd }td|dddn #1swxYwYS)NrrrrAr!c }}|tjkr_dSj||fdSr0)rrerrrr0r rr)rrrnew_session_tickets r6rz/pull_new_session_ticket..pull_extensions __..N"00 !9999<9J9J"666"3::#S^^4D%E%EFr8r-) r+rrrrrr,r-rr.r/r)rrr3s` @r6pull_new_session_ticketr4s)++ >>  }? ? ? ? ? C  **-0__->->*,/OO,=,=)*5c1*=*='$/Q$7$7!        #q.)))!***************$ sA5CC  C r3c |tjt|d5||j||jt|d|jt|d|j t|d5|j Lt|tj 5||j dddn #1swxYwY|jD]B\}}t||5||dddn #1swxYwYC dddn #1swxYwYddddS#1swxYwYdSr()rrrrrr,r-rr.r/r0rrerrr r)rr3rrs r6push_new_session_ticketr6swNN=3444 C   4 4 *:;;; *9:::C.;<<<C.5666 Q   4 4!5A#C)ABBLLOO$6$JKKKLLLLLLLLLLLLLLL4F3V 4 4/#C8844NN?333444444444444444 4  4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4s~A1E$!"E C* E *C. .E 1C. 2E D3 ' E 3D7 7E :D7 ;E  E$ E E$E E$$E(+E(cNeZdZUdZded<dZded<eeZded <dS) EncryptedExtensionsNr alpn_protocolFr@rr r#r ) rgrhrir9rrrr r rr8r6r8r8sS $M$$$$J05d0K0K0KKKKKKKr8r8cttjksJt d5dfd }t d|dddn #1swxYwYS)NrrAr!cj}}|tjkr1tdt t d_dS|tjkr d_dSj | |fdS)NrrT) rrerorr rr9rrrr rr)rrr extensionss r6rz1pull_encrypted_extensions..pull_extensions __..N"00 !333+4G$6<<,,, ((( =#;;;(, %%%+22#S^^4D%E%EFr8rr-)r8rrrrr)rrr<s` @r6pull_encrypted_extensionsr=s$&&J >>  }A A A A A C  **        #q.)))!***************$ sA**A.1A.r<c |tjt|d5t|d5|j]t |t j5t|dtt||jgdddn #1swxYwY|j r3t |t j 5 dddn #1swxYwY|j D]B\}}t ||5||dddn #1swxYwYC dddn #1swxYwYddddS#1swxYwYdSNrr)rrrrr9rrerorr rrrrr r)rr<rrs r6push_encrypted_extensionsr@sNN=5666 C  44 Q   4 4'3#C);<< 2C88#12 $ #C)ABB4>3N 4 4/#C8844NN?333444444444444444 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4444444444444444444sE"D7#,B D7B D7"B #$D7C D7C D7C D7<D  D7D" "D7%D" &D7+ E7D; ;E>D; ?EEEc@eZdZUdZded<eeZded<dS)r,r8rrequest_contextr zlist[CertificateEntry]r N)rgrhrirBrrr r rr8r6r,r,sA O    +05+F+F+FLFFFFFFr8r,cNeZdZUdZded<dZded<eeZded <dS) CertificateRequestr8rrBNrrr r#r ) rgrhrirBrrrr r rr8r6rDrD sT O    -1111105d0K0K0KKKKKKKr8rDc 4t}|tjksJt |d5t |d|_dd}t|dt|||_ dddn #1swxYwY|S) NrrrrrACertificateEntrycJt|d}t|d}||fSr?r)rrr<s r6pull_certificate_entryz0pull_certificate..pull_certificate_entrys+sA&&D$S!,,J*% %r8)rrrArF) r,rrrrrrBrr r )rr9rHs r6pull_certificaterIs--K >>  }8 8 8 8 8 C     &1#q&9&9 # & & & & $- G2C88$ $                   s>B  BBcttjksJt d5t d_dfd }td|dddn #1swxYwYS)NrrrAr!c}}|tjkrtdj_dSj||fdSr)rrernrrr rr)rrrcertificate_requests r6rz0pull_certificate_request..pull_extension*s __..N"00 !CCC;DCO<<#888$4;;#S^^4D%E%EFr8rr-)rDrrrrrrBr)rrrLs` @r6pull_certificate_requestrM#s,.. >>  }@ @ @ @ @ C  **.9#q.A.A+        #q.)))***************" s.A??BBc |tjt|d5t |d|jd d }t |dt|||jddddS#1swxYwYdS) NrrrrrrFrAr!cbt|d|dt|d|ddS)Nrrrrrrs r6push_certificate_entryz0push_certificate..push_certificate_entry@s4 Qa ) ) ) Qa ) ) ) ) )r8)rrrrFrAr!) rrrrrrBrr r )rr9rPs r6push_certificaterQ;sNN=,--- C     CK7888 * * * *  G2C88+:R                      sAA==BBc$eZdZUded<ded<dS)CertificateVerifyrr5r signatureNrrr8r6rSrSIs'NNNr8rSc|tjksJt|d5|}t |d}dddn #1swxYwYt ||S)Nrrr5rT)rrrrrrrS)rr5rTs r6pull_certificate_verifyrWOs >>  }? ? ? ? ? C  ((OO%% Q'' ((((((((((((((( yI F F FFs%A&&A*-A*rNc|tjt|d5||jt |d|jddddS#1swxYwYdSr?)rrrrrr5rrT)rrNs r6push_certificate_verifyrYXsNN=3444 C  .. ()))CF,---..................s1A..A25A2ceZdZUdZded<dS)Finishedr8r verify_dataN)rgrhrir\rrr8r6r[r[_s#Kr8r[ct}|tjksJt |d|_|SNr)r[rrrrr\rfinisheds r6 pull_finishedrads@zzH >>  }5 5 5 5 5&sA..H Or8r`cp|tjt|d|jdSr^)rrrrr\r_s r6 push_finishedrcms2NN=)***Q,-----r8c@eZdZddZddZdd Zdd ZdddZddZd S) KeySchedulerr[cVt||_t|jdz |_||_d|_t jd|j|_|j |_ t|j|_ dS)Nrrr)cipher_suite_hashr5r digest_sizer generationr2newhashcopyrhash_empty_valuerrrrs r6rzKeySchedule.__init__ss*<88t~122(K 6dn 6 677 $  0 0 7 7 9 9D,-- r8context_stringrrAcjd|zdz|jzS)Ns@ )rkrlr)rros r6certificate_verify_dataz#KeySchedule.certificate_verify_data|s/>)G3dinn6F6F6M6M6O6OOOr8rct|j|dd|j}t|d|j}||j|S)Nsfinishedr8rrr)rr5rhr rrkrlr)rrhmac_keyrs r6finished_verify_dataz KeySchedule.finished_verify_datas$n#     %;4>%;%; < < < !!((**+++xxzzr8rct|j|j||j|jS)Nr)rr5rrkrlrrh)rrs r6 derive_secretzKeySchedule.derive_secretsG n;y~~''..00#     r8Nrrr!c|t|j}|jr-t|j|jd|j|j|_|xjdz c_t|j|j||_dS)Nsderivedrr)r5rr)rrhrirr5rrmrrs r6extractzKeySchedule.extracts   !122L ? +.{ 0' DK 1"n4;\    r8rc:|j|dSr0)rkr)rrs r6 update_hashzKeySchedule.update_hashs r8)rr[)rorrAr)rrrAr)rrrArr0rrrAr!rrrAr!) rgrhrirrrrurwryr{rr8r6rerers....PPPP             $r8rec0eZdZddZddd Zdd ZddZdS)KeyScheduleProxyrlist[CipherSuite]cLttd||_dS)Nc$|t|fSr0)re)r&s r6z+KeyScheduleProxy.__init__..sq+a...Ar8)dictmap_KeyScheduleProxy__schedules)rrs r6rzKeyScheduleProxy.__init__s&$A$A= Q QRRr8NrrrAr!ch|jD]}||dSr0)rrry)rrks r6ryzKeyScheduleProxy.extracts?!((** $ $A IIl # # # # $ $r8rr[rec|j|Sr0)rrns r6selectzKeyScheduleProxy.selects --r8rrch|jD]}||dSr0)rrr{)rrrs r6r{zKeyScheduleProxy.update_hashs?!((**  A MM$      r8)rrr0r|)rr[rArer})rgrhrirryrr{rr8r6rrsmSSSS$$$$$....      r8rrr)Nr)Nr)N)Fr)Fr)Fr)Tr)Tr)Trz1dict[SignatureAlgorithm, tuple[bool | None, int]]rnrct|Sr0) CIPHER_SUITES)rs r6rgrgs  &&r8 supportedofferedlist[Any] | NonerX Alert | NoneexclT | Nonec>||D]}||vr |||kr|cS||dSr0r)rrrXrr&s r6 negotiatersR   AG||#    4r8signature_algorithmtuple[Any, ...]c|tjtjfvrdStt|\}}|dS||fS)Nr)rrrrn)ris_pss hash_sizes r6signature_algorithm_paramsrsT19;M;STTTr,-?@S-T-TUFI ~r  r8 key_scheduleKeySchedule | KeyScheduleProxyc#K|}dV||||dSr0)rr{ data_slice)rr hash_starts r6 push_messagersNJ EEES^^J CCDDDDDr8ceZdZUdZded<ded<ded<ded<d ed <d ed <d ed <dZded<eeZded<e ddZ e ddZ dS) SessionTicketz6 A TLS session ticket for session resumption. rage_addr[rrBnot_valid_afternot_valid_beforerresumption_secretrr;r/Nr!r0r r#r rAr@cJt}||jko ||jkSr0)rKrr)rrFs r6is_validzSessionTicket.is_valids&hhd++Kt7K0KKr8ctt|jz dz}||jzdzS)Nil)rrKr total_secondsr)rages r6obfuscated_agezSessionTicket.obfuscated_ages>688d33BBDDtKLLdl"w//r8rAr@)rAr) rgrhri__doc__rr0rr r propertyrrrr8r6rrsLLL&&&&''''MMM&*****05d0K0K0KKKKK LLLXL000X000r8rceZdZ dCdDdZedEdZedFdZedGdZdHd$ZdId*Z dJd,Z dKd.Z dLd/Z dLd0Z dLd1ZdLd2ZdKd3ZdLd4ZdMd8ZdKd9ZdNd?ZdOdBZdS)PContextNFT is_clientr@rrrrrrrrlist[CipherSuite] | Nonelogger-logging.Logger | logging.LoggerAdapter | Nonemax_early_datar!r; verify_modehostname_checks_common_nameassert_fingerprintverify_hostnamec ||_||_||_||_| |_| |_| |_d|_g|_d|_ g|_ ||_ d|_ | 5| s!t| } | |_| | |_n|r t$jn t$j|_d|_d|_d|_d|_|||_n3t4jt4jt4jt4jg|_t>j g|_!tDj#g|_$tJj&tJj'tJj(tJj)tJj*tJj+tJj,tJj-tJj.g |_/t`jt`j1t`j2t`j3t`j4g|_5tltng|_8d|_9d|_:d|_;d|_<d|_=d|_>d|_?d|_@g|_Ad|_Bd|_Cd|_Dd|_Ed|_Fd|_G||_Hd|_Id|_Jd|_Kd|_Ld|_M|r3tjOd|_Pd|_QtjS|_TdSd|_Pd|_QtjU|_TdS)NcdSr0r)drWr&ss r6rz"Context.__init__..Sstr8Fr8r9)V_alpn_protocols_cadata_cafile_capath_hostname_checks_common_name_assert_fingerprint_verify_hostnamer9certificate_chaincertificate_private_keyhandshake_extensions_max_early_datasession_ticketisasciir)r _server_name _verify_moder CERT_REQUIRED CERT_NONEalpn_cbget_session_ticket_cbnew_session_ticket_cbupdate_traffic_key_cb_cipher_suitesr[r`r\r^r]rbrc_legacy_compression_methodsrr_psk_key_exchange_modesrrrrrrrrrr_signature_algorithmsrzrrrr_supported_groupsTLS_VERSION_GREASETLS_VERSION_1_3_supported_versionsalpn_negotiatedearly_data_acceptedrreceived_extensions_key_schedule_psk_key_schedule_proxy_new_session_ticket_peer_certificate_peer_certificate_chain_ocsp_response_receive_buffer_session_resumed_enc_key_dec_key_certificate_request_Context__logger_ec_p256_private_key_ec_p384_private_key_ec_p521_private_key_x25519_private_key_x25519_kyber_768_private_keyrurandom client_randomrrrstater)rrrrrrrrrr;rrrrs r6rzContext.__init__!s" .   ,G)#5 /378:  $68!-48  ";+>+>+@+@ "%k2299;;K'  " +D  5> Q 1 1CMD ,0 BF"BF" $ # "  $"/D  ".4. #D  8I7M6N(3E3P2Q$  5  2  /  5  2  /  2  /  & 1 " L   L O O " %7#H ,0). 04;? 59<@ <@ 9=>@$,0" %&* &* ?C! AE!@D!@D!=A LP*  :!#BD %(D "5DJJJ!%D %)D "9DJJJr8rAX509Certificate | Nonec|jSr0)rrs r6peer_certificatezContext.peer_certificates %%r8rc|jSr0)rrs r6peer_certificate_chainzContext.peer_certificate_chains ++r8c|jS)zK Returns True if session resumption was successfully used. )rrs r6session_resumedzContext.session_resumeds $$r8 input_datar output_bufdict[Epoch, Buffer]r!c|jtjkr'||tjdS|xj|z c_t|jdkru|jd}dt |jdddz}t|j|krdS|jd|}|j|d|_t|}|jtj kr?|tj kr(|||tjnqt|jtjkr.|tjkr||n.t|jtjkrU|tjkr||n|tjkr||nt|jtjkr.|tjkr||nt|jtjkr?|tjkr(|||tjn-t|jtjkr-|tj kr|!|nt|jtj"kr`|tj#krI|$||tj|tj|tj%nvt|jtj&kr>|tjkr'|'||tj%n#t|jtj(krt|)sJt|jdksdSdS)Nrrrrrr)*rrr_client_send_hellorrrrrrrrrr_client_handle_hellorrr#_client_handle_encrypted_extensionsrr_client_handle_certificater"_client_handle_certificate_requestrr!_client_handle_certificate_verifyrr_client_handle_finishedrrr!_client_handle_new_session_ticketrr_server_handle_hellorr_server_handle_finishedreof)rrr message_typemessage_lengthmessage input_bufs r6handle_messagezContext.handle_messages :5 5 5  # #Ju}$= > > > F  *$&''1,,/2L$QqS)U"0""N 4'((>99*?N?;G#'#7#HD G,,,IzU====#===--iEM9RSSSS00uGGG=#EEE<>>>!]%FFF;;IFFFF00uEEE=#CCC::9EEEE00u;;;=#99900Ju|j'j&| td|jD|_@|j@(dt|j@|5ti||dddn #1swxYwY|BtjDdS)NzJTLS: Advertising to peer post-quantum algorithm using X25519ML768 (0x11EC)rqzno key share entriesc,g|]}t|Sr)rr3xs r6rJz.Context._client_send_hello..Ds???a3q66???r8) rrrrrrrr;rrrr  res binderTrirrr c e trafficc2g|]}|tjk|Sr)r[r`)r3css r6rJz.Context._client_send_hello..}s% J J JB{7I1I1IR1I1I1Ir8)Errzrrrr public_keyrrrrrrrr'rrr(rrdebugr`rrrrrrrrrrrrrrrrerrryrrwrhr0rrr/rrrrrrr{rrurrrrrrrrr _set_staterr) rrrrrr binder_key binder_lengthtmp_buf hash_offsetr early_keys r6rzContext._client_send_hellos)+ &(+' 6' 6E'',?,A,A)  _d&?&J&J&L&LM!''8888%/)),?,A,A)  _d&?&J&J&L&LM!''8888%/)),?,A,A)  _d&?&J&J&L&LM!''8888%,&&+<+>+>(  %,0H0S0S0U0U!VWWW '' 5555%+++5K5M5M2  ):EEGG !''(9:::=,M''5%,&&  %,!8999 '' 5559~~555555%"4??4+>???'+'G/'+/+E+Q,,)!%!;-#7!6!   (  % 4#6#?% %01D1Q%R%RD "  " * *4+>+P Q Q Q/==mLLJ 2>M"6B#' #.(/1D1ST}--. $$$E d+++G gu - - -",,..=81t|tjdd} |s|}|}|t jkrb|}|dkr/|}| ||_ n.| |dz nn|n#t$rYnwxYwtjdd|_ fdtdtjD|_|j|j|t*jdS)NrrrcPg|]"}tj|d#S)r)rr )r3rUr9s r6rJz6Context._client_handle_certificate..s>( ( (  K4Q7: ; ;( ( ( r8)rIrr r rrerlr pull_uint24rrrrrrangerrrr{rr#rr)rrext_bufext_typeext_len status_typeresp_lenr9s @r6rz"Context._client_handle_certificates&y11 k6q9!<=== kkmm "..00!--//};;;")"4"4"6"6K"a''#*#6#6#8#8.5.@.@.J.J+**7Q;7777kkmm     D "11I!1LQ1O!P!P( ( ( ( 1c+":;;<<( ( ( $ %%in555 >?????sCC77 DDct||_|j|j|t jdSr0)rMrrr{rr#rr)rrs r6rz*Context._client_handle_certificate_requestsF$(K(K(M(MNNUUWW #555)6!3!7!7!9!966,0022666 %%in555 455555sA A-- B7BBc >t|}|j|j}|j|krt |j|j|jjdksJ|j d| tj tjd|jd}|jt#|j|5t%|t'|jjd|jg|jzDdddn #1swxYwYd|j|jfvr|g}t1|jt2rt4jt4jg}nt1|jt:rZ|jjdkrt4jg}nc|jjdkrt4j g}nE|jjdkr t4j!g}n't1|jtDr t4j#g}tI||jj%tMd }|jj'|j(d gtS|R}t#|j|5tU|tW|| dddn #1swxYwYt#|j|5tY|t[|j|j. dddn #1swxYwY||_.|/tj0tj|jj1|j.|2tfj4dS) Nr s ap traffic c ap trafficc>g|]}||dfS)Nr8rH)r3r4s r6rJz3Context._client_handle_finished..Ws9&&& $#/"..00#6///r8rBr rrr No supported signature algorithms!TLS 1.3, client CertificateVerifyrVr\)5rarrurr\rr{rriryr-rrrrrwrrrQr,rBr9rrrOr!rrrrrrrrrrrrrsignrrrrYrSrcr[rrrrr#rr) rrrr`expected_verify_data next_enc_keyrrrTs r6rzContext._client_handle_finished@s ++ $0EEdmTT  #7 7 7# # %%in555 +q0000 !!$''' &&  u}o   (66GG  $ 0d/<<   (,(A(Q&&)-)9(:T=S(S&&&                  D,d.JKKKAC$d:MJJH*>*;,((  #EE.E0,,5@CGG.E0,,5@CGG.E0,  <>OPPH,>,F+G(&/(-B)*LMM''# >D8=%==<00CDD  "$"3Z@@+")&9Y$+Z 8 8    $ 1 F Ft} U U                  %  ""   M   * M     344444s7.AD<<EE K  K K )t~j@|j0j.|d } | Mt_||_0|j01d|j07|jAd}d}d}|jBD]}|d }|d tjDkrUt|_F|jFG}|jFH|}tjD}n|d tjIkrUt|_K|jKH|}|jKL}tjI}n@|d tjMkrTt|_O|jOG}|jOH|}tjM}n|d tjPkrTt|_R|jRG}|jRH|}tjP}nl|d tjSkrTt|_U|jUG}|jUH|}tjS}n!|Jt|j#|j$||||f| | }t|j0|5t||dddn #1swxYwY|j01||YtzjZt~j[d|Ytzj>t~j[dt|j0|5t|t|j|j;|j^dddn #1swxYwY| t|j0|5t|tdd|jag|jbzDdddn #1swxYwY|jjc|j0ddgt| R}t|j0|5t|t| |dddn #1swxYwYt|j0|5t|t|j08|jjdddn #1swxYwY|j0jkdksJ|j01d|YtzjZt~jld|j03d|_m|j08|jn|_otd }t|t|jo|j07|jA|jq| td!tjtd"tCj"d#d dtCj"d|ju$|_vt||jv|x|jv|j^}|q||ytj{dS)%NrrrzNo supported cipher suiter*zNo supported compression methodrPzNo supported protocol versionzNo common ALPN protocolsr9rrrrzPSK validation failedTr)rrrr rrr"r+r2)r9rr r8c:g|]}|dfS)r8rHrs r6rJz0Context._server_handle_hello..~s7&&& !^^--s3&&&r8rOr?rVrQrrLrMr=riQIr)r,r-r.r/r0)|rrOrr!rrrrrrrrrrrrrrr[r`rrrrrrrrrrrrrrr server_randomrr rrrrrrrrrrerryrrwrhrrr{rurrrrrrrrrrrzrr'rr!r,rr(rshared_ciphertextrrrrrrrrrrrr)r-rrr@r8rrQr,r9rrRrrrrYrSrcr[rrir _next_dec_keyr_expected_verify_datarrr+runpackrrr6rr#rr)rrrVrWrXr.rrr psk_key_exchange_moderr"rrrr$r%r'rexpected_binderr(r!group_kxr0rr/rrTrr/s r6r zContext._server_handle_hellos( 'y11 :< d2M B B @"6"3$ 4l C C @+6#==(:(Q'R$$-8C??(:(Q'R$$-8C??(:(Q'R$ 46G H H @$6$>#? !    $ !"= > >#    '  ,  1 !"C D D   !*  (**K! ! (  + !"D E E   &  $  ) !@ A A     +#,$)%&@AA$$D (.Z^^!+!=#-#> < / LL- . . .  & 2%1)5J-899Q>>J-566!;;"0;A>H!77 DDN*"++"/<??$/ $=$=!!)).*JKKK!.<<]KK $ 1 = 'nn..>B "--!O[1_}%D!--i.B.B1k.R.RSSS"&"3"H"H"T"T_,,/0GHHH!--((kAo 6UVV)-%( $ 1 ? ? O OI/3D,..!))6! "#  ! +L 9 9D    % %d + + +   ) )). 9 9 9$( !%#' #-" " I'lO|u|+++<+>+>(!5@@BB !5>>OO  <1!2225K5M5M2!?HH# "?QQSS  ,100,?,A,A)!6AACC !6??PP  ?100,?,A,A)!6AACC !6??PP  ?100,?,A,A)!6AACC !6??PP  ? 1%%%%"4%1,)/   $+[ 9 9 2 2 k5 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 !!*--- &&  u    &&  u   $+] ; ;   %#"&"6#7%)%>                    !d/??   !(+&&&*&6%7$:P%P&&&                  :49!998,,?@@ I d/??  '!%"5               $+] ; ;    $ 1 F Ft} U U                   +q0000 !!$''' &&  u}o   ".<<_MM&*%6%K%K M& & "b!!!c80JKKKLLL %%ch///  % 16K6W'7 %%}S"*Q--@@C z"~~$($8 (((D $ $J0H I I I//($*CF  & &v . . . 455555sZ \''\+.\+70_33_7:_78aa a1 cc!$c!= %s)rr"rr)rrs r6r#zContext._set_states8 = M M    L L L r8) NNNNNNNNNFNT)rr@rrrrrrrrrrrrrr!r;rrr!rr@rrrr@)rAr)rArr)rrrrrAr!)r3r+r r rAr)rrrAr!)rrrrrAr!)rrrAr!) rrrVrrWrrXrrAr!)rerrfrrrrAr!)rrrAr!)rgrhrirrrrrrrrrrrrrrr r r r-r#rr8r6rr s,0#!!26@D%)"&"&,1)- $v:v:v:v:v:p&&&X&,,,X,%%%X% N#N#N#N#`    4r:r:r:r:hCBCBCBCBJTTTT(#@#@#@#@JPPPP 56565656n_5_5_5_5B////U6U6U6U6n5555&     r8r)T)r?r@rArB)rrrrr4rrAr) r5rrrrrrrr4rrAr)r5rrrrrrArr0)rrrrrAr)rrrAr)rrrAr@)NNN)rrrrrrrAr)NNNNNTN)r9rr:rrrrrrrr;rr<r@r=rrAr!)rrrrrAr)rrrrrrrAr) rrrrrrrrrAr!)rrrrrAr)rrrrrrrAr!)rrrrrAr)rrrAr)rrrrrAr!)rrrAr)rrrrrAr!)rrrAr)rrrrrAr!)rrrAr)rrrrrAr!)rrrAr)rrrrrAr!)rrrAr)rrrrrAr!)rrrAr+)rrr3r+rAr!)rrrAr8)rrr<r8rAr!)rrrAr,)rrrArD)rrr9r,rAr!)rrrArS)rrrNrSrAr!)rrrAr[)rrr`r[rAr!)rr[rAr)NN) rrrrrXrrrrAr.)rrrAr)rrrrrAr) __future__rrEr0r2loggingrrerrbinasciir contextlibr dataclassesrrenumr functoolsr r hmacr typingr r rrrrr_hazmatrrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,rcompilerrrrr.rCrKrM Exceptionrrrrrrrrrrrrrrrrrrrr8rYr[rbrerzrrrrrrrrrrrrrrrrrrrrrr Extensionrrrrrr&r)r+r4r6r8r=r@rFrDrIrMrQrSrWrYr[rarcrerr\r]r^rrrrrrrrrrrnrrgrrrrr AlpnHandlerSessionTicketFetcherSessionTicketHandlerrrr8r6r{s """""""  %%%%%%((((((((((((((((OOOOOOOOOOOOOOOOOO4&2:&@AA GCLL 88888 """""w"""<"""""I"""33333%33377777e7771111111155555E55555555E5552222222244444544466666U666 G     G   ****************Z    +/!9!9!9!9!9H* 26161616161v$("#"&X/X/X/X/X/v'        G$G     G    2    $    &&&&c5j!  """"////2222 E3J ----      #u*      DDDDDDD D(====@GGGGT  L L L L L L L  L@4444: LLLLLLL L24444$ LLLLLLL L24444,& GGGGGGG G  LLLLLLL L &0        GGGG....  .... 66666666r         ""C"C(# -{-{-{'''*K*K*K K    '''' $    EEEE 0000000 06ud{# -)@ @A 56FFFFFFFFFFr8