def _create_socket(self):
ssl_enable_renegotiation = getattr(
ssl, 'SSL_ENABLE_RENEGOTIATION', 20)
ssl_require_safe_negotiation = getattr(
ssl,'SSL_REQUIRE_SAFE_NEGOTIATION', 21)
ssl_renegotiate_requires_xtn = getattr(
ssl, 'SSL_RENEGOTIATE_REQUIRES_XTN', 2)
# Create the socket here so we can do things like let the caller
# override the NSS callbacks
self.sock = ssl.SSLSocket(family=self.family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
try:
self.sock.set_ssl_version_range(self.tls_version_min, self.tls_version_max)
except NSPRError:
root_logger.error('Failed to set TLS range to %s, %s' % (self.tls_version_min, self.tls_version_max))
raise
self.sock.set_ssl_option(ssl_require_safe_negotiation, False)
self.sock.set_ssl_option(ssl_enable_renegotiation, ssl_renegotiate_requires_xtn)
# Provide a callback which notifies us when the SSL handshake is complete
self.sock.set_handshake_callback(self.handshake_callback)
# Provide a callback to verify the servers certificate
self.sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
self.sock.set_hostname(self.host)
def _create_socket(self):
# TODO: remove the try block once python-nss is guaranteed to contain
# these values
try:
#pylint: disable=E1101
ssl_enable_renegotiation = ssl.SSL_ENABLE_RENEGOTIATION
ssl_require_safe_negotiation = ssl.SSL_REQUIRE_SAFE_NEGOTIATION
ssl_renegotiate_requires_xtn = ssl.SSL_RENEGOTIATE_REQUIRES_XTN
except:
ssl_enable_renegotiation = 20
ssl_require_safe_negotiation = 21
ssl_renegotiate_requires_xtn = 2
# Create the socket here so we can do things like let the caller
# override the NSS callbacks
self.sock = ssl.SSLSocket(family=self.family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
try:
self.sock.set_ssl_version_range(self.tls_version_min,
self.tls_version_max)
except NSPRError as e:
root_logger.error('Failed to set TLS range to %s, %s' %
(self.tls_version_min, self.tls_version_max))
raise
self.sock.set_ssl_option(ssl_require_safe_negotiation, False)
self.sock.set_ssl_option(ssl_enable_renegotiation,
ssl_renegotiate_requires_xtn)
# Provide a callback which notifies us when the SSL handshake is complete
self.sock.set_handshake_callback(self.handshake_callback)
# Provide a callback to verify the servers certificate
self.sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
self.sock.set_hostname(self.host)
def ssl_connect():
print("SSL connect to: %s" % options.hostname)
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except:
print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
return
for net_addr in addr_info:
net_addr.port = options.port
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
try:
sock.set_ssl_version_range("tls1.0", "tls1.3")
except NSPRError as e:
print("Cannot enable TLS 1.3, {}".format(e))
# Provide a callback which notifies us when the SSL handshake is
# complete
sock.set_handshake_callback(handshake_callback)
try:
print("try connecting to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(TIMEOUT_SECS))
print("connected to: %s" % (net_addr))
valid_addr = True
break
except:
continue
if not valid_addr:
print("ERROR: could not connect to \"%s\"" % options.hostname)
return
try:
# Talk to the server
n_received = 0
sock.send(REQUEST.encode('utf-8'))
while True:
buf = sock.recv(1024)
n_received += len(buf)
if not buf:
break
except Exception as e:
print(e)
sock.shutdown()
return
sock.shutdown()
return
def client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except:
print("ERROR: could not resolve hostname \"%s\"" % options.hostname)
return
for net_addr in addr_info:
net_addr.port = options.port
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
# Provide a callback which notifies us when the SSL handshake is
# complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
try:
print("try connecting to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
print("connected to: %s" % (net_addr))
valid_addr = True
break
except:
continue
if not valid_addr:
print("ERROR: could not connect to \"%s\"" % options.hostname)
return
try:
# Talk to the server
n_received = 0
sock.send(request.encode('utf-8'))
while True:
buf = sock.recv(1024)
n_received += len(buf)
if not buf:
print("\nclient lost connection, received %d bytes" %
(n_received))
break
except Exception as e:
print(e)
sock.shutdown()
return
sock.shutdown()
return
def _create_socket(self, family):
self.sock = ssl.SSLSocket(family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
self.sock.set_hostname(self.host)
# Provide a callback to verify the servers certificate
self.sock.set_auth_certificate_callback(
self._auth_certificate_callback, self._certdb)
self.sock.set_client_auth_data_callback(
self._client_auth_data_callback, '', '', self._certdb)
def _create_socket(self, family):
self.sock = ssl.SSLSocket(family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
self.sock.set_hostname(self.host)
# Provide a callback which notifies us when the SSL handshake is complete
self.sock.set_handshake_callback(handshake_callback)
# Provide a callback to verify the servers certificate
self.sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
def _create_socket(self):
# TODO: remove the try block once python-nss is guaranteed to contain
# these values
try :
ssl_enable_renegotiation = SSL_ENABLE_RENEGOTIATION #pylint: disable=E0602
ssl_require_safe_negotiation = SSL_REQUIRE_SAFE_NEGOTIATION #pylint: disable=E0602
ssl_renegotiate_requires_xtn = SSL_RENEGOTIATE_REQUIRES_XTN #pylint: disable=E0602
except :
ssl_enable_renegotiation = 20
ssl_require_safe_negotiation = 21
ssl_renegotiate_requires_xtn = 2
# Create the socket here so we can do things like let the caller
# override the NSS callbacks
self.sock = ssl.SSLSocket(family=self.family)
self.sock.set_ssl_option(ssl.SSL_SECURITY, True)
self.sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
try:
self.sock.set_ssl_version_range(self.tls_version_min, self.tls_version_max)
except NSPRError, e:
root_logger.error('Failed to set TLS range to %s, %s' % (self.tls_version_min, self.tls_version_max))
raise
print("supported ssl version (asEnum): %s" %
(ssl.get_supported_ssl_version_range(), ))
# Query and print default SSL Library Versions
print()
print("default ssl version (asString): %s" %
(ssl.get_default_ssl_version_range(repr_kind=nss.AsString), ))
print("default ssl version (asEnumName): %s" %
(ssl.get_default_ssl_version_range(repr_kind=nss.AsEnumName), ))
print("default ssl version (asEnum): %s" %
(ssl.get_default_ssl_version_range(), ))
# Equivalent calls on a SSL Socket
sock = ssl.SSLSocket()
sock.set_ssl_option(ssl.SSL_SECURITY, True)
print()
print("Initial Socket version range")
print("socket ssl version (asString): %s" %
(sock.get_ssl_version_range(repr_kind=nss.AsString), ))
print("socket ssl version (asEnumName): %s" %
(sock.get_ssl_version_range(repr_kind=nss.AsEnumName), ))
print("socket ssl version (asEnum): %s" % (sock.get_ssl_version_range(), ))
# Note, setting the version range can be done either with an
# enumeration constant (e.g. ssl.SSL_LIBRARY_VERSION_TLS_1_1)
# or with a friendly name (e.g. 'tls1.1')
# Set with enumeration constants
def server():
if verbose:
print("starting server:")
# Initialize
# Setup an IP Address to listen on any of our interfaces
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port)
if use_ssl:
if info:
print("server: using SSL")
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
#if verbose:
# print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose:
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose:
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline(
) # newline is protocol record separator
if not buf:
print("server: lost lost connection to %s" % (client_addr),
file=sys.stderr)
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("server: received \"%s\"" % (buf))
reply = "{%s}" % buf # echo embedded inside braces
if info:
print("server: sending \"%s\"" % (reply))
data = reply + "\n" # send echo with record separator
client_sock.send(data.encode('utf-8'))
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception as e:
print("server: %s" % e, file=sys.stderr)
break
break
# Clean up
sock.shutdown()
sock.close()
if use_ssl:
ssl.shutdown_server_session_id_cache()
def client(request):
if use_ssl:
if info:
print("client: using SSL")
ssl.set_domestic_policy()
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(hostname)
except Exception as e:
print("client: could not resolve host address \"%s\"" % hostname,
file=sys.stderr)
return
for net_addr in addr_info:
net_addr.port = port
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback,
client_nickname, password,
nss.get_default_certdb())
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
if verbose:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
if verbose:
print("client connected to: %s" % (net_addr))
break
except Exception as e:
sock.close()
print("client: connection to: %s failed (%s)" % (net_addr, e),
file=sys.stderr)
# Talk to the server
try:
if info:
print("client: sending \"%s\"" % (request))
data = request + "\n"
# newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client: lost connection", file=sys.stderr)
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
if info:
print("client: received \"%s\"" % (buf))
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
except:
pass
return
try:
sock.shutdown()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
try:
sock.close()
if use_ssl:
ssl.clear_session_cache()
except Exception as e:
print("client: %s" % e, file=sys.stderr)
return buf
def server():
global family
if verbose: print "starting server:"
# Initialize
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
if info: print "server: using SSL"
ssl.set_domestic_policy()
nss.set_password_callback(password_callback)
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
#if verbose: print "server cert:\n%s" % server_cert
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
if verbose: print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
if verbose: print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print >> sys.stderr, "server: lost lost connection to %s" % (
client_addr)
break
if info: print "server: received \"%s\"" % (buf)
reply = "{%s}" % buf # echo
if info: print "server: sending \"%s\"" % (reply)
client_sock.send(reply) # echo
time.sleep(sleep_time)
client_sock.shutdown()
client_sock.close()
break
except Exception, e:
print >> sys.stderr, "server: %s" % e
break
break
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(hostname)
except Exception, e:
print >> sys.stderr, "client: could not resolve host address \"%s\"" % hostname
return
for net_addr in addr_info:
if family != io.PR_AF_UNSPEC:
if net_addr.family != family: continue
net_addr.port = port
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(client_auth_data_callback,
client_nickname, password,
nss.get_default_certdb())
# Provide a callback to verify the servers certificate
def Server():
global family
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(server_nickname, password)
priv_key = nss.find_key_by_any_cert(server_cert, password)
server_cert_kea = server_cert.find_kea_type()
print "server cert:\n%s" % server_cert
# Setup an IP Address to listen on any of our interfaces
if family == io.PR_AF_UNSPEC:
family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, port, family)
if use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print "listening on: %s" % (net_addr)
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print "client connect from: %s" % (client_addr)
while True:
try:
# Handle the client connection
buf = client_sock.recv(1024)
if not buf:
print "server lost lost connection to %s" % (client_addr)
break
print "server received: %s" % (buf)
client_sock.send("Goodbye")
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception, e:
print e.strerror
break
break
def Server():
# Setup an IP Address to listen on any of our interfaces
if options.family == io.PR_AF_UNSPEC:
options.family = io.PR_AF_INET
net_addr = io.NetworkAddress(io.PR_IpAddrAny, options.port, options.family)
if options.use_ssl:
# Perform basic SSL server configuration
ssl.set_default_cipher_pref(ssl.SSL_RSA_WITH_NULL_MD5, True)
ssl.config_server_session_id_cache()
# Get our certificate and private key
server_cert = nss.find_cert_from_nickname(options.server_nickname,
options.password)
priv_key = nss.find_key_by_any_cert(server_cert, options.password)
server_cert_kea = server_cert.find_kea_type()
print("server cert:\n%s" % server_cert)
sock = ssl.SSLSocket(net_addr.family)
# Set server SSL socket options
sock.set_pkcs11_pin_arg(options.password)
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_SERVER, True)
# If we're doing client authentication then set it up
if options.client_cert_action >= REQUEST_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUEST_CERTIFICATE, True)
if options.client_cert_action == REQUIRE_CLIENT_CERT_ONCE:
sock.set_ssl_option(ssl.SSL_REQUIRE_CERTIFICATE, True)
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
# Configure the server SSL socket
sock.config_secure_server(server_cert, priv_key, server_cert_kea)
else:
sock = io.Socket(net_addr.family)
# Bind to our network address and listen for clients
sock.bind(net_addr)
print("listening on: %s" % (net_addr))
sock.listen()
while True:
# Accept a connection from a client
client_sock, client_addr = sock.accept()
if options.use_ssl:
client_sock.set_handshake_callback(handshake_callback)
print("client connect from: %s" % (client_addr))
while True:
try:
# Handle the client connection
buf = client_sock.readline()
if not buf:
print("server lost lost connection to %s" % (client_addr))
break
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("server received: %s" % (buf))
data = 'Goodbye' + '\n' # newline is protocol record separator
client_sock.send(data.encode('utf-8'))
try:
client_sock.shutdown(io.PR_SHUTDOWN_RCV)
client_sock.close()
except:
pass
break
except Exception as e:
print(e.strerror)
break
break
try:
sock.shutdown()
sock.close()
if options.use_ssl:
ssl.shutdown_server_session_id_cache()
except Exception as e:
print(e)
pass
def Client():
valid_addr = False
# Get the IP Address of our server
try:
addr_info = io.AddrInfo(options.hostname)
except Exception as e:
print("could not resolve host address \"%s\"" % options.hostname)
return
for net_addr in addr_info:
if options.family != io.PR_AF_UNSPEC:
if net_addr.family != options.family:
continue
net_addr.port = options.port
if options.use_ssl:
sock = ssl.SSLSocket(net_addr.family)
# Set client SSL socket options
sock.set_ssl_option(ssl.SSL_SECURITY, True)
sock.set_ssl_option(ssl.SSL_HANDSHAKE_AS_CLIENT, True)
sock.set_hostname(options.hostname)
# Provide a callback which notifies us when the SSL handshake is complete
sock.set_handshake_callback(handshake_callback)
# Provide a callback to supply our client certificate info
sock.set_client_auth_data_callback(
client_auth_data_callback,
options.client_nickname,
options.password,
nss.get_default_certdb(),
)
# Provide a callback to verify the servers certificate
sock.set_auth_certificate_callback(auth_certificate_callback,
nss.get_default_certdb())
else:
sock = io.Socket(net_addr.family)
try:
print("client trying connection to: %s" % (net_addr))
sock.connect(net_addr,
timeout=io.seconds_to_interval(timeout_secs))
print("client connected to: %s" % (net_addr))
valid_addr = True
break
except Exception as e:
sock.close()
print("client connection to: %s failed (%s)" % (net_addr, e))
if not valid_addr:
print("Could not establish valid address for \"%s\" in family %s" %
(options.hostname, io.addr_family_name(options.family)))
return
# Talk to the server
try:
data = 'Hello' + '\n' # newline is protocol record separator
sock.send(data.encode('utf-8'))
buf = sock.readline()
if not buf:
print("client lost connection")
sock.close()
return
buf = buf.decode('utf-8')
buf = buf.rstrip() # remove newline record separator
print("client received: %s" % (buf))
except Exception as e:
print(e.strerror)
try:
sock.close()
except:
pass
return
# End of (simple) protocol session?
if buf == 'Goodbye':
try:
sock.shutdown()
except:
pass
try:
sock.close()
if options.use_ssl:
ssl.clear_session_cache()
except Exception as e:
print(e)
