|
48 | 48 | import hashlib |
49 | 49 | import logging |
50 | 50 | import secrets |
| 51 | +import ssl |
51 | 52 | import struct |
52 | 53 | import time |
53 | 54 | from asyncio import Future |
@@ -94,6 +95,17 @@ class KlapTransport(BaseTransport): |
94 | 95 | DEFAULT_PORT: int = 80 |
95 | 96 | SESSION_COOKIE_NAME = "TP_SESSIONID" |
96 | 97 | TIMEOUT_COOKIE_NAME = "TIMEOUT" |
| 98 | + # Copy & paste from sslaestransport |
| 99 | + CIPHERS = ":".join( |
| 100 | + [ |
| 101 | + "AES256-GCM-SHA384", |
| 102 | + "AES256-SHA256", |
| 103 | + "AES128-GCM-SHA256", |
| 104 | + "AES128-SHA256", |
| 105 | + "AES256-SHA", |
| 106 | + ] |
| 107 | + ) |
| 108 | + _ssl_context: ssl.SSLContext | None = None |
97 | 109 |
|
98 | 110 | def __init__( |
99 | 111 | self, |
@@ -153,7 +165,9 @@ async def perform_handshake1(self) -> tuple[bytes, bytes, bytes]: |
153 | 165 |
|
154 | 166 | url = self._app_url / "handshake1" |
155 | 167 |
|
156 | | - response_status, response_data = await self._http_client.post(url, data=payload) |
| 168 | + response_status, response_data = await self._http_client.post( |
| 169 | + url, data=payload, ssl=await self._get_ssl_context() |
| 170 | + ) |
157 | 171 |
|
158 | 172 | if _LOGGER.isEnabledFor(logging.DEBUG): |
159 | 173 | _LOGGER.debug( |
@@ -264,6 +278,7 @@ async def perform_handshake2( |
264 | 278 | url, |
265 | 279 | data=payload, |
266 | 280 | cookies_dict=self._session_cookie, |
| 281 | + ssl=await self._get_ssl_context(), |
267 | 282 | ) |
268 | 283 |
|
269 | 284 | if _LOGGER.isEnabledFor(logging.DEBUG): |
@@ -338,6 +353,7 @@ async def send(self, request: str) -> Generator[Future, None, dict[str, str]]: |
338 | 353 | params={"seq": seq}, |
339 | 354 | data=payload, |
340 | 355 | cookies_dict=self._session_cookie, |
| 356 | + ssl=await self._get_ssl_context(), |
341 | 357 | ) |
342 | 358 |
|
343 | 359 | msg = ( |
@@ -414,6 +430,23 @@ def generate_owner_hash(creds: Credentials) -> bytes: |
414 | 430 | un = creds.username |
415 | 431 | return md5(un.encode()) |
416 | 432 |
|
| 433 | + # Copy & paste from sslaestransport. |
| 434 | + def _create_ssl_context(self) -> ssl.SSLContext: |
| 435 | + context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 436 | + context.set_ciphers(self.CIPHERS) |
| 437 | + context.check_hostname = False |
| 438 | + context.verify_mode = ssl.CERT_NONE |
| 439 | + return context |
| 440 | + |
| 441 | + # Copy & paste from sslaestransport. |
| 442 | + async def _get_ssl_context(self) -> ssl.SSLContext: |
| 443 | + if not self._ssl_context: |
| 444 | + loop = asyncio.get_running_loop() |
| 445 | + self._ssl_context = await loop.run_in_executor( |
| 446 | + None, self._create_ssl_context |
| 447 | + ) |
| 448 | + return self._ssl_context |
| 449 | + |
417 | 450 |
|
418 | 451 | class KlapTransportV2(KlapTransport): |
419 | 452 | """Implementation of the KLAP encryption protocol with v2 hanshake hashes.""" |
|
0 commit comments