Current File : //backups/router/usr/local/lib/python3.11/site-packages/aioquic/quic/configuration.py
from dataclasses import dataclass, field
from os import PathLike
from re import split
from typing import Any, List, Optional, TextIO, Union
from ..tls import (
CipherSuite,
SessionTicket,
load_pem_private_key,
load_pem_x509_certificates,
)
from .logger import QuicLogger
from .packet import QuicProtocolVersion
SMALLEST_MAX_DATAGRAM_SIZE = 1200
@dataclass
class QuicConfiguration:
"""
A QUIC configuration.
"""
alpn_protocols: Optional[List[str]] = None
"""
A list of supported ALPN protocols.
"""
congestion_control_algorithm: str = "reno"
"""
The name of the congestion control algorithm to use.
Currently supported algorithms: `"reno", `"cubic"`.
"""
connection_id_length: int = 8
"""
The length in bytes of local connection IDs.
"""
idle_timeout: float = 60.0
"""
The idle timeout in seconds.
The connection is terminated if nothing is received for the given duration.
"""
is_client: bool = True
"""
Whether this is the client side of the QUIC connection.
"""
max_data: int = 1048576
"""
Connection-wide flow control limit.
"""
max_datagram_size: int = SMALLEST_MAX_DATAGRAM_SIZE
"""
The maximum QUIC payload size in bytes to send, excluding UDP or IP overhead.
"""
max_stream_data: int = 1048576
"""
Per-stream flow control limit.
"""
quic_logger: Optional[QuicLogger] = None
"""
The :class:`~aioquic.quic.logger.QuicLogger` instance to log events to.
"""
secrets_log_file: TextIO = None
"""
A file-like object in which to log traffic secrets.
This is useful to analyze traffic captures with Wireshark.
"""
server_name: Optional[str] = None
"""
The server name to use when verifying the server's TLS certificate, which
can either be a DNS name or an IP address.
If it is a DNS name, it is also sent during the TLS handshake in the
Server Name Indication (SNI) extension.
.. note:: This is only used by clients.
"""
session_ticket: Optional[SessionTicket] = None
"""
The TLS session ticket which should be used for session resumption.
"""
token: bytes = b""
"""
The address validation token that can be used to validate future connections.
.. note:: This is only used by clients.
"""
# For internal purposes, not guaranteed to be stable.
cadata: Optional[bytes] = None
cafile: Optional[str] = None
capath: Optional[str] = None
certificate: Any = None
certificate_chain: List[Any] = field(default_factory=list)
cipher_suites: Optional[List[CipherSuite]] = None
initial_rtt: float = 0.1
max_datagram_frame_size: Optional[int] = None
original_version: Optional[int] = None
private_key: Any = None
quantum_readiness_test: bool = False
supported_versions: List[int] = field(
default_factory=lambda: [
QuicProtocolVersion.VERSION_1,
QuicProtocolVersion.VERSION_2,
]
)
verify_mode: Optional[int] = None
def load_cert_chain(
self,
certfile: PathLike,
keyfile: Optional[PathLike] = None,
password: Optional[Union[bytes, str]] = None,
) -> None:
"""
Load a private key and the corresponding certificate.
"""
with open(certfile, "rb") as fp:
boundary = b"-----BEGIN PRIVATE KEY-----\n"
chunks = split(b"\n" + boundary, fp.read())
certificates = load_pem_x509_certificates(chunks[0])
if len(chunks) == 2:
private_key = boundary + chunks[1]
self.private_key = load_pem_private_key(private_key)
self.certificate = certificates[0]
self.certificate_chain = certificates[1:]
if keyfile is not None:
with open(keyfile, "rb") as fp:
self.private_key = load_pem_private_key(
fp.read(),
password=password.encode("utf8")
if isinstance(password, str)
else password,
)
def load_verify_locations(
self,
cafile: Optional[str] = None,
capath: Optional[str] = None,
cadata: Optional[bytes] = None,
) -> None:
"""
Load a set of "certification authority" (CA) certificates used to
validate other peers' certificates.
"""
self.cafile = cafile
self.capath = capath
self.cadata = cadata
Mini Shell