atomicshop 2.15.11__py3-none-any.whl → 3.10.5__py3-none-any.whl

atomicshop/wrappers/socketw/sni.py

@@ -1,181 +1,350 @@
-import sys
 import ssl
+from dataclasses import dataclass
+from typing import Callable, Any
 
-from . import certificator, creator
+from ..loggingw import loggingw
 from ...domains import get_domain_without_first_subdomain_if_no_subdomain_return_as_is
 from ...print_api import print_api
 
+from . import certificator, creator
+
+
+@dataclass
+class SNIReceivedParameters:
+    ssl_socket: ssl.SSLSocket
+    destination_name: str
+    ssl_context: ssl.SSLContext
+
 
-def add_sni_callback_function_reference_to_ssl_context(
-        ssl_context, config: dict, dns_domain: str = None,
-        sni_function_name=None, use_default_sni_function: bool = False, use_sni_extended: bool = False,
-        print_kwargs: dict = None):
+class SNIDefaultCertificateCreationError(Exception):
+    pass
+
+
+class SNISetup:
     """
-    Add SNI callback function reference to SSLContext object. Inplace.
-
-    :param ssl_context:
-    :param config:
-    :param dns_domain: domain that was received from DNS Server that will be used if no SNI was passed.
-    :param sni_function_name: Reference to the function that will be called when SNI is present in the request.
-    :param use_default_sni_function: If True, will use default SNI function.
-    :param use_sni_extended: If True, will use extended SNI function.
-    :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
-    :return:
+    Class to handle setting up SNI related features in socket and context.
     """
+    def __init__(
+            self,
+            ca_certificate_name: str,
+            ca_certificate_filepath: str,
+            default_server_certificate_usage: bool,
+            default_server_certificate_name: str,
+            default_server_certificate_directory: str,
+            default_certificate_domain_list: list,
+            sni_custom_callback_function: Callable[..., Any],
+            sni_use_default_callback_function: bool,
+            sni_use_default_callback_function_extended: bool,
+            sni_add_new_domains_to_default_server_certificate: bool,
+            sni_create_server_certificate_for_each_domain: bool,
+            sni_server_certificates_cache_directory: str,
+            sni_get_server_certificate_from_server_socket: bool,
+            sni_server_certificate_from_server_socket_download_directory: str,
+            custom_server_certificate_usage: bool,
+            custom_server_certificate_path: str,
+            custom_private_key_path: str,
+            forwarding_dns_service_ipv4_list___only_for_localhost: list,
+            tls: bool,
+            domain_from_dns_server: str = None,
+            skip_extension_id_list: list = None,
+            exceptions_logger: loggingw.ExceptionCsvLogger = None,
+            enable_sslkeylogfile_env_to_client_ssl_context: bool = False,
+            sslkeylog_file_path: str = None
+    ):
+        self.ca_certificate_name = ca_certificate_name
+        self.ca_certificate_filepath = ca_certificate_filepath
+        self.default_server_certificate_usage = default_server_certificate_usage
+        self.default_server_certificate_name = default_server_certificate_name
+        self.default_server_certificate_directory = default_server_certificate_directory
+        self.default_certificate_domain_list = default_certificate_domain_list
+        self.sni_custom_callback_function: Callable[..., Any] = sni_custom_callback_function
+        self.sni_use_default_callback_function: bool = sni_use_default_callback_function
+        self.sni_use_default_callback_function_extended: bool = sni_use_default_callback_function_extended
+        self.sni_add_new_domains_to_default_server_certificate = sni_add_new_domains_to_default_server_certificate
+        self.sni_create_server_certificate_for_each_domain = sni_create_server_certificate_for_each_domain
+        self.sni_server_certificates_cache_directory = sni_server_certificates_cache_directory
+        self.sni_get_server_certificate_from_server_socket = sni_get_server_certificate_from_server_socket
+        self.sni_server_certificate_from_server_socket_download_directory = (
+            sni_server_certificate_from_server_socket_download_directory)
+        self.custom_server_certificate_usage = custom_server_certificate_usage
+        self.custom_server_certificate_path = custom_server_certificate_path
+        self.custom_private_key_path = custom_private_key_path
+        self.forwarding_dns_service_ipv4_list___only_for_localhost = (
+            forwarding_dns_service_ipv4_list___only_for_localhost)
+        self.domain_from_dns_server: str = domain_from_dns_server
+        self.skip_extension_id_list = skip_extension_id_list
+        self.tls = tls
+        self.exceptions_logger = exceptions_logger
+        self.certificator_instance = None
+        self.enable_sslkeylogfile_env_to_client_ssl_context: bool = enable_sslkeylogfile_env_to_client_ssl_context
+        self.sslkeylog_file_path: str = sslkeylog_file_path
+
+    def wrap_socket_with_ssl_context_server_sni_extended(
+            self,
+            socket_object,
+            print_kwargs: dict = None
+    ):
 
-    if sni_function_name and (use_default_sni_function or use_sni_extended):
-        raise ValueError("You can't use both custom and default SNI function at the same time.")
-
-    if use_sni_extended and not use_default_sni_function:
-        raise ValueError("You can't use extended SNI function without default SNI function.")
-
-    # SNI - Server Name Indication: https://en.wikipedia.org/wiki/Server_Name_Indication
-    # SNI is extension to TLS protocol to tell the Server what is destination domain that the client is trying to
-    # connect. The server knowing the destination domain then can present to the client the appropriate certificate.
-    # "sni_callback" method: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.sni_callback
-    # The method calls your custom function. If there is SNI present in the TLS request from the client, then the
-    # function will be called. Automatically providing 3 parameters from the system: ssl.SSLSocket, The destination
-    # server name, current ssl.SSLContext object.
-    # If you check the custom function it has all these variables mandatory, since this is what system provides and
-    # handled by the system, if SNI is existent.
-    # The function is actually called at "accept()" method of the "ssl.SSLSocket"
-    # This needs to be set only once on the listening socket
-    if sni_function_name:
-        ssl_context.sni_callback = sni_function_name
-
-    if use_default_sni_function:
-        ssl_context.set_servername_callback(
-            setup_sni_callback(
-                use_sni_extended=use_sni_extended, config=config, dns_domain=dns_domain, print_kwargs=print_kwargs)
+        # Create SSL Socket to wrap the raw socket with.
+        ssl_context: ssl.SSLContext = creator.create_ssl_context_for_server(
+            allow_legacy=True, enable_sslkeylogfile_env_to_client_ssl_context=self.enable_sslkeylogfile_env_to_client_ssl_context,
+            sslkeylog_file_path=self.sslkeylog_file_path)
+
+        self.certificator_instance = certificator.Certificator(
+            ca_certificate_name=self.ca_certificate_name,
+            ca_certificate_filepath=self.ca_certificate_filepath,
+            default_server_certificate_usage=self.default_server_certificate_usage,
+            default_server_certificate_name=self.default_server_certificate_name,
+            default_server_certificate_directory=self.default_server_certificate_directory,
+            default_certificate_domain_list=self.default_certificate_domain_list,
+            sni_server_certificates_cache_directory=self.sni_server_certificates_cache_directory,
+            sni_get_server_certificate_from_server_socket=self.sni_get_server_certificate_from_server_socket,
+            sni_server_certificate_from_server_socket_download_directory=(
+                self.sni_server_certificate_from_server_socket_download_directory),
+            custom_server_certificate_usage=self.custom_server_certificate_usage,
+            custom_server_certificate_path=self.custom_server_certificate_path,
+            custom_private_key_path=self.custom_private_key_path,
+            forwarding_dns_service_ipv4_list___only_for_localhost=(
+                self.forwarding_dns_service_ipv4_list___only_for_localhost),
+            skip_extension_id_list=self.skip_extension_id_list,
+            tls=self.tls,
+            enable_sslkeylogfile_env_to_client_ssl_context=self.enable_sslkeylogfile_env_to_client_ssl_context,
+            sslkeylog_file_path=self.sslkeylog_file_path
         )
 
+        # Add SNI callback function to the SSL context.
+        self.add_sni_callback_function_to_ssl_context(ssl_context=ssl_context, print_kwargs=print_kwargs)
+
+        server_certificate_file_path, server_private_key_file_path = \
+            self.certificator_instance.select_server_ssl_context_certificate(print_kwargs=print_kwargs)
 
-# Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol.
-# Function to handle server's SSLContext's SNI callback function.
-# This is actually called first during "accept()" method of the "ssl.SSLSocket" then comes accept itself.
-# This happens in 'ssl.py' module in 'self._sslobj.do_handshake()' function.
-def setup_sni_callback(
-        use_sni_extended: bool = False, config: dict = None, dns_domain: str = None, print_kwargs: dict = None):
+        # If the user chose 'sni_create_server_certificate_for_each_domain = 1' in the configuration file,
+        # it means that 'self.server_certificate_file_path' will be empty, which is OK, since we'll inject
+        # dynamically created certificate from certs folder through SNI.
+        if server_certificate_file_path:
+            creator.load_certificate_and_key_into_server_ssl_context(
+                ssl_context, server_certificate_file_path, server_private_key_file_path,
+                print_kwargs=print_kwargs)
+
+        ssl_socket, error_message = creator.wrap_socket_with_ssl_context_server_with_error_message(
+            socket_object=socket_object, ssl_context=ssl_context, domain_from_dns_server=self.domain_from_dns_server,
+            print_kwargs=print_kwargs)
+
+        return ssl_socket, error_message
+
+    def add_sni_callback_function_to_ssl_context(
+            self,
+            ssl_context,
+            print_kwargs: dict = None
+    ):
+        """
+        Add SNI callback function reference to SSLContext object. Inplace.
+
+        :param ssl_context: SSLContext object.
+        :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
+        :return:
+        """
+
+        # SNI - Server Name Indication: https://en.wikipedia.org/wiki/Server_Name_Indication
+        # SNI is extension to TLS protocol to tell the Server what is destination domain that the client is trying to
+        # connect. The server knowing the destination domain then can present to the client the appropriate certificate.
+        # "sni_callback" method: https://docs.python.org/3/library/ssl.html#ssl.SSLContext.sni_callback
+        # The method calls your custom function. If there is SNI present in the TLS request from the client, then the
+        # function will be called. Automatically providing 3 parameters from the system: ssl.SSLSocket, The destination
+        # server name, current ssl.SSLContext object.
+        # If you check the custom function it has all these variables mandatory, since this is what system provides and
+        # handled by the system, if SNI is existent.
+        # The function is actually called at "accept()" method of the "ssl.SSLSocket"
+        # This needs to be set only once on the listening socket
+        if self.sni_custom_callback_function:
+            # ssl_context.sni_callback = self.sni_custom_callback_function
+            ssl_context.set_servername_callback(self.sni_custom_callback_function)
+
+        if self.sni_use_default_callback_function:
+            sni_handler_instance = SNIHandler(
+                sni_use_default_callback_function_extended=self.sni_use_default_callback_function_extended,
+                sni_add_new_domains_to_default_server_certificate=self.sni_add_new_domains_to_default_server_certificate,
+                sni_create_server_certificate_for_each_domain=self.sni_create_server_certificate_for_each_domain,
+                certificator_instance=self.certificator_instance,
+                domain_from_dns_server=self.domain_from_dns_server,
+                default_certificate_domain_list=self.default_certificate_domain_list,
+                exceptions_logger=self.exceptions_logger,
+                enable_sslkeylogfile_env_to_client_ssl_context=(
+                    self.certificator_instance.enable_sslkeylogfile_env_to_client_ssl_context),
+                sslkeylog_file_path=self.certificator_instance.sslkeylog_file_path)
+            ssl_context.set_servername_callback(
+                sni_handler_instance.setup_sni_callback(print_kwargs=print_kwargs))
+
+
+class SNIHandler:
     """
-    Setup SNI callback function.
-    :param use_sni_extended: Use extended SNI function, besides the default one.
-    :param config:
-    :param dns_domain: domain that was received from DNS Server that will be used if no SNI was passed.
-    :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
-    :return:
+    THe class is responsible for handling SNI callback execution.
     """
 
-    def sni_handle(
-            sni_ssl_socket: ssl.SSLSocket,
-            sni_destination_name: str,
-            sni_ssl_context: ssl.SSLContext):
-
-        if use_sni_extended and not config:
-            raise ValueError("You can't use extended SNI function without config.")
-
-        sni_received_dict = {
-            'ssl_socket': sni_ssl_socket,
-            'destination_name': sni_destination_name,
-            'ssl_context': sni_ssl_context
-        }
-
-        # If 'sni_execute_extended' was set to True.
-        if use_sni_extended:
-            sni_handle_extended(sni_received_dict, config=config, dns_domain=dns_domain, print_kwargs=print_kwargs)
-        # Just set the server_hostname in current socket.
-        else:
-            sni_received_dict['ssl_socket'].server_hostname = sni_destination_name
-    return sni_handle
-
-
-def sni_handle_extended(sni_received_dict: dict, config: dict, dns_domain: str = None, print_kwargs: dict = None):
-    # Set 'server_hostname' for the socket.
-    set_socket_server_hostname(sni_received_dict=sni_received_dict, dns_domain=dns_domain, print_kwargs=print_kwargs)
-
-    # If 'sni_default_server_certificates_addons' was set to 'True' in the 'config.ini'.
-    # This section will add all the new domains that hit the server to default certificate SAN with wildcard.
-    if config['certificates']['sni_default_server_certificate_addons']:
-        sni_add_domain_to_default_server_certificate(sni_received_dict=sni_received_dict, config=config,
-                                                     print_kwargs=print_kwargs)
-
-    # If SNI server certificate creation was set to 'True', we'll create certificate for each incoming domain if
-    # non-existent in certificates cache folder.
-    if config['certificates']['sni_create_server_certificate_for_each_domain']:
-        certificator.create_use_sni_server_certificate_ca_signed(
-            sni_received_dict=sni_received_dict, config=config, print_kwargs=print_kwargs)
-
-
-def set_socket_server_hostname(sni_received_dict: dict, dns_domain: str = None, print_kwargs: dict = None):
-    service_name_from_sni = None
-
-    # Try on general settings in the SNI function.
-    try:
-        # Check if SNI was passed.
-        if sni_received_dict['destination_name']:
-            service_name_from_sni = sni_received_dict['destination_name']
-        # If no SNI was passed.
-        else:
-            # If DNS server is enabled we'll get the domain from dns server.
-            if dns_domain:
-                service_name_from_sni = dns_domain
-                message = f"SNI Handler: No SNI was passed, using domain from DNS Server: {service_name_from_sni}"
-                print_api(message, **print_kwargs)
-            # If DNS server is disabled, the domain from dns server will be empty.
+    def __init__(
+            self,
+            sni_use_default_callback_function_extended: bool,
+            sni_add_new_domains_to_default_server_certificate: bool,
+            sni_create_server_certificate_for_each_domain: bool,
+            certificator_instance: certificator.Certificator,
+            domain_from_dns_server: str,
+            default_certificate_domain_list: list,
+            exceptions_logger: loggingw.ExceptionCsvLogger,
+            enable_sslkeylogfile_env_to_client_ssl_context: bool,
+            sslkeylog_file_path: str
+    ):
+        self.sni_use_default_callback_function_extended = sni_use_default_callback_function_extended
+        self.sni_add_new_domains_to_default_server_certificate = sni_add_new_domains_to_default_server_certificate
+        self.sni_create_server_certificate_for_each_domain = sni_create_server_certificate_for_each_domain
+        self.certificator_instance = certificator_instance
+        self.domain_from_dns_server: str = domain_from_dns_server
+        self.default_certificate_domain_list = default_certificate_domain_list
+        self.exceptions_logger = exceptions_logger
+        self.enable_sslkeylogfile_env_to_client_ssl_context: bool = enable_sslkeylogfile_env_to_client_ssl_context
+        self.sslkeylog_file_path: str = sslkeylog_file_path
+
+        # noinspection PyTypeChecker
+        self.sni_received_parameters: SNIReceivedParameters = None
+
+    # Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol.
+    # Function to handle server's SSLContext's SNI callback function.
+    # This is actually called first during "accept()" method of the "ssl.SSLSocket" then comes accept itself.
+    # This happens in 'ssl.py' module in 'self._sslobj.do_handshake()' function.
+    def setup_sni_callback(
+            self,
+            print_kwargs: dict = None
+    ):
+        """
+        Setup SNI callback function.
+        :param print_kwargs: dict, that contains all the arguments for 'print_api' function.
+        :return:
+        """
+
+        def sni_handle(
+                sni_ssl_socket: ssl.SSLSocket,
+                sni_destination_name: str,
+                sni_ssl_context: ssl.SSLContext):
+
+            try:
+                # Set 'server_hostname' for the socket.
+                sni_ssl_socket.server_hostname = sni_destination_name
+
+                # If 'sni_execute_extended' was set to True.
+                if self.sni_use_default_callback_function_extended:
+                    self.sni_received_parameters = SNIReceivedParameters(
+                        ssl_socket=sni_ssl_socket,
+                        destination_name=sni_destination_name,
+                        ssl_context=sni_ssl_context
+                    )
+
+                    self.sni_handle_extended(print_kwargs=print_kwargs)
+            except Exception as e:
+                self.exceptions_logger.write(e)
+
+        return sni_handle
+
+    def sni_handle_extended(
+            self,
+            print_kwargs: dict = None
+    ):
+        # Set 'server_hostname' for the socket.
+        self.set_socket_server_hostname(print_kwargs=print_kwargs)
+
+        # If 'sni_default_server_certificates_addons' was set to 'True' in the 'config.ini'.
+        # This section will add all the new domains that hit the server to default certificate SAN with wildcard.
+        if self.sni_add_new_domains_to_default_server_certificate:
+            self.sni_add_domain_to_default_server_certificate(print_kwargs=print_kwargs)
+
+        # If SNI server certificate creation was set to 'True', we'll create certificate for each incoming domain if
+        # non-existent in certificates cache folder.
+        if self.sni_create_server_certificate_for_each_domain:
+            self.certificator_instance.create_use_sni_server_certificate_ca_signed(
+                sni_received_parameters=self.sni_received_parameters, print_kwargs=print_kwargs)
+
+    def set_socket_server_hostname(
+            self,
+            print_kwargs: dict = None
+    ):
+        service_name_from_sni = None
+
+        # Try on general settings in the SNI function.
+        try:
+            # Check if SNI was passed. If no SNI was passed.
+            if not self.sni_received_parameters.destination_name:
+                # If DNS server is enabled we'll get the domain from dns server.
+                if self.domain_from_dns_server:
+                    self.sni_received_parameters.destination_name = self.domain_from_dns_server
+                    print_api("SNI Passed: False", color="yellow", **(print_kwargs or {}))
+
+                    message = f"SNI Handler: No SNI was passed, using domain from DNS Server: {self.domain_from_dns_server}"
+                    print_api(message, color="yellow", **(print_kwargs or {}))
+                # If DNS server is disabled, the domain from dns server will be empty.
+                else:
+                    print_api("SNI Passed: False", color="yellow", **(print_kwargs or {}))
+
+                    message = (
+                        f"SNI Handler: No SNI was passed, No domain passed from DNS Server. Service name will be 'None'.")
+                    print_api(message, color="yellow", **(print_kwargs or {}))
+
+            # Setting "server_hostname" as a domain.
+            self.sni_received_parameters.ssl_socket.server_hostname = self.sni_received_parameters.destination_name
+            print_api("SNI Passed: True", **(print_kwargs or {}))
+            message = (
+                f"SNI Handler: port {self.sni_received_parameters.ssl_socket.getsockname()[1]}: "
+                f"Incoming connection for [{self.sni_received_parameters.ssl_socket.server_hostname}]")
+            print_api(message, **(print_kwargs or {}))
+        except Exception as exception_object:
+            message = f"SNI Handler: Undocumented exception general settings section: {exception_object}"
+            print_api(message, error_type=True, logger_method="error", traceback_string=True,
+                      **(print_kwargs or {}))
+            pass
+
+    def sni_add_domain_to_default_server_certificate(
+            self,
+            print_kwargs: dict = None
+    ):
+        # Check if incoming domain is already in the parent domains of 'domains_all_times' list.
+        if not any(x in self.sni_received_parameters.ssl_socket.server_hostname for x in
+                   self.default_certificate_domain_list):
+            message = f"SNI Handler: Current domain is not in known domains list. Adding."
+            print_api(message, **(print_kwargs or {}))
+            # In the past was using 'certauth' to extract tlds, but it works only in online mode, so rewrote
+            # the function to disable online fetching of TLD snapshot.
+            # Initialize 'certauth' object.
+            # certificate_object = CertificateAuthority(certificate_ca_name, certificate_ca_filepath)
+            # Extract parent domain from the current SNI domain.
+            # parent_domain = certificate_object.get_wildcard_domain(service_name_from_sni)
+
+            # Extract parent domain from the current SNI domain.
+            parent_domain = get_domain_without_first_subdomain_if_no_subdomain_return_as_is(
+                self.sni_received_parameters.ssl_socket.server_hostname)
+            # Add the parent domain to the known domains list.
+            self.default_certificate_domain_list.append(parent_domain)
+
+            default_server_certificate_path, subject_alternate_names = \
+                self.certificator_instance.create_overwrite_default_server_certificate_ca_signed()
+
+            if default_server_certificate_path:
+                message = f"SNI Handler: Default Server Certificate was created / overwritten: " \
+                            f"{default_server_certificate_path}"
+                print_api(message, **(print_kwargs or {}))
+
+                message = f"SNI Handler: Server Certificate current 'Subject Alternative Names': " \
+                          f"{subject_alternate_names}"
+                print_api(message, **(print_kwargs or {}))
+
+                # Since new default certificate was created we need to create new SSLContext and add the certificate.
+                # You need to build new context and exchange the context that being inherited from the main socket,
+                # or else the context will receive previous certificate each time.
+                self.sni_received_parameters.ssl_socket.context = (
+                    creator.create_server_ssl_context___load_certificate_and_key(
+                        default_server_certificate_path,
+                        None,
+                        inherit_from=self.sni_received_parameters.ssl_socket.context,
+                        enable_sslkeylogfile_env_to_client_ssl_context=self.enable_sslkeylogfile_env_to_client_ssl_context,
+                        sslkeylog_file_path=self.sslkeylog_file_path
+                    )
+                )
             else:
-                message = f"SNI Handler: No SNI was passed, No domain passed from DNS Server. " \
-                            f"Service name will be 'None'."
-                print_api(message, **print_kwargs)
-
-        # Setting "server_hostname" as a domain.
-        sni_received_dict['ssl_socket'].server_hostname = service_name_from_sni
-        message = \
-            f"SNI Handler: port {sni_received_dict['ssl_socket'].getsockname()[1]}: " \
-            f"Incoming connection for [{sni_received_dict['ssl_socket'].server_hostname}]"
-        print_api(message, **print_kwargs)
-    except Exception as exception_object:
-        message = f"SNI Handler: Undocumented exception general settings section: {exception_object}"
-        print_api(message, error_type=True, logger_method="error", traceback_string=True, oneline=True,
-                  **print_kwargs)
-        pass
-
-
-def sni_add_domain_to_default_server_certificate(sni_received_dict: dict, config: dict, print_kwargs: dict = None):
-    # Check if incoming domain is already in the parent domains of 'domains_all_times' list.
-    if not any(x in sni_received_dict['ssl_socket'].server_hostname for x in
-               config['certificates']['domains_all_times']):
-        message = f"SNI Handler: Current domain is not in known domains list. Adding."
-        print_api(message, **print_kwargs)
-        # In the past was using 'certauth' to extract tlds, but it works only in online mode, so rewrote
-        # the function to disable online fetching of TLD snapshot.
-        # Initialize 'certauth' object.
-        # certificate_object = CertificateAuthority(certificate_ca_name, certificate_ca_filepath)
-        # Extract parent domain from the current SNI domain.
-        # parent_domain = certificate_object.get_wildcard_domain(service_name_from_sni)
-
-        # Extract parent domain from the current SNI domain.
-        parent_domain = get_domain_without_first_subdomain_if_no_subdomain_return_as_is(
-            sni_received_dict['ssl_socket'].server_hostname)
-        # Add the parent domain to the known domains list.
-        config['certificates']['domains_all_times'].append(parent_domain)
-
-        default_server_certificate_path, subject_alternate_names = \
-            certificator.create_overwrite_default_server_certificate_ca_signed(config=config)
-
-        if default_server_certificate_path:
-            message = f"SNI Handler: Default Server Certificate was created / overwritten: " \
-                        f"{default_server_certificate_path}"
-            print_api(message, **print_kwargs)
-
-            message = f"SNI Handler: Server Certificate current 'Subject Alternative Names': " \
-                      f"{subject_alternate_names}"
-            print_api(message, **print_kwargs)
-
-            # Since new default certificate was created we need to create new SSLContext and add the certificate.
-            # You need to build new context and exchange the context that being inherited from the main socket,
-            # or else the context will receive previous certificate each time.
-            sni_received_dict['ssl_socket'].context = \
-                creator.create_server_ssl_context___load_certificate_and_key(default_server_certificate_path, None)
-        else:
-            message = f"Couldn't create / overwrite Default Server Certificate: {default_server_certificate_path}"
-            print_api(message, error_type=True, logger_method="critical", **print_kwargs)
-            sys.exit()
+                message = f"Couldn't create / overwrite Default Server Certificate: {default_server_certificate_path}"
+                raise SNIDefaultCertificateCreationError(message)

atomicshop/wrappers/socketw/socket_base.py

@@ -0,0 +1,134 @@
+import socket
+import time
+
+
+LOCALHOST_IPV4: str = '127.0.0.1'
+DEFAULT_IPV4: str = socket.gethostbyname(socket.gethostname())
+THIS_DEVICE_IP_LIST: list = [LOCALHOST_IPV4, DEFAULT_IPV4]
+
+
+def get_local_network_interfaces_ip_address(family_type: str = None, ip_only: bool = False) -> list:
+    """
+    Return list of IP addresses of local network interfaces.
+
+    :param family_type: string, available options:
+        None: default, returns both ipv4 and ipv6 addresses.
+        "ipv4": returns only ipv4 addresses.
+        "ipv6": returns only ipv6 addresses.
+    :param ip_only: bool, if True, returns only IP addresses, if False, returns tuples with all objects.
+    :return: list.
+    """
+    family: int = 0
+    if not family_type:
+        family = 0
+    elif family_type == "ipv4":
+        family = socket.AF_INET
+    elif family_type == "ipv6":
+        family = socket.AF_INET6
+
+    network_interfaces_tuples = list(socket.getaddrinfo(socket.gethostname(), None, family=family))
+
+    if not ip_only:
+        return network_interfaces_tuples
+    else:
+        return [i[4][0] for i in network_interfaces_tuples]
+
+
+def get_destination_address_from_socket(socket_object):
+    """
+    Return destination IP and port.
+
+    :param socket_object:
+    :return:
+    """
+    # return ip_address, port
+    return socket_object.getsockname()[0], socket_object.getsockname()[1]
+
+
+def get_source_address_from_socket(socket_object):
+    """
+    Return source IP and port.
+
+    :param socket_object:
+    :return:
+    """
+    # return ip_address, port
+    return socket_object.getpeername()[0], socket_object.getpeername()[1]
+
+
+def get_source_destination(socket_object):
+    return get_source_address_from_socket(socket_object), get_destination_address_from_socket(socket_object)
+
+
+def set_socket_timeout(socket_object, seconds: int = 1):
+    # Setting timeout on the socket before "accept()" drastically slows down connections.
+    socket_object.settimeout(seconds)
+
+
+def get_default_ip_address() -> str:
+    """
+    Get the default IP address of the system (in other words the interface IPv4 that is used for internet connection).
+    :return: string.
+    """
+    return socket.gethostbyname(socket.gethostname())
+
+
+def is_socket_closed(socket_object) -> bool:
+    """
+    Check if the socket is closed.
+    :param socket_object: socket object or ssl socket object.
+    :return: bool.
+    """
+    try:
+        # If the socket is closed, the fileno() method will raise an exception or return -1.
+
+        if socket_object.fileno() == -1:
+            return True
+        else:
+            return False
+    except socket.error:
+        return False
+
+
+def get_host_name_from_ip_address(ip_address: str) -> str:
+    """
+    Get the host name from the IP address.
+    :param ip_address: string, IP address.
+    :return: string, host name.
+    """
+
+    host_name, alias_list, ipaddr_list = socket.gethostbyaddr(ip_address)
+    _ = alias_list, ipaddr_list
+
+    return host_name
+
+
+def wait_for_ip_bindable(
+    ip: str,
+    port: int = 0,
+    timeout: float = 15.0,
+    interval: float = 0.5,
+) -> None:
+    """
+    Wait until a single IP is bindable (or timeout).
+
+    Raises TimeoutError if the IP cannot be bound within 'timeout' seconds.
+    """
+    deadline = time.time() + timeout
+    last_err: OSError | None = None
+
+    while time.time() < deadline:
+        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        try:
+            s.bind((ip, port))
+            s.close()
+            return  # success
+        except OSError as e:
+            last_err = e
+            s.close()
+            time.sleep(interval)
+
+    raise TimeoutError(
+        f"IP {ip} not bindable within {timeout} seconds; "
+        f"last error: {last_err}"
+    )