ext/stem/control.py

# Copyright 2011-2015, Damian Johnson and The Tor Project
# See LICENSE for licensing information

"""
Module for interacting with the Tor control socket. The
:class:`~stem.control.Controller` is a wrapper around a
:class:`~stem.socket.ControlSocket`, retaining many of its methods (connect,
close, is_alive, etc) in addition to providing its own for working with the
socket at a higher level.

Stem has `several ways <../faq.html#how-do-i-connect-to-tor>`_ of getting a
:class:`~stem.control.Controller`, but the most flexible are
:func:`~stem.control.Controller.from_port` and
:func:`~stem.control.Controller.from_socket_file`. These static
:class:`~stem.control.Controller` methods give you an **unauthenticated**
Controller you can then authenticate yourself using its
:func:`~stem.control.Controller.authenticate` method. For example...

::

  import getpass
  import sys

  import stem
  import stem.connection

  from stem.control import Controller

  if __name__ == '__main__':
    try:
      controller = Controller.from_port()
    except stem.SocketError as exc:
      print("Unable to connect to tor on port 9051: %s" % exc)
      sys.exit(1)

    try:
      controller.authenticate()
    except stem.connection.MissingPassword:
      pw = getpass.getpass("Controller password: ")

      try:
        controller.authenticate(password = pw)
      except stem.connection.PasswordAuthFailed:
        print("Unable to authenticate, password is incorrect")
        sys.exit(1)
    except stem.connection.AuthenticationFailure as exc:
      print("Unable to authenticate: %s" % exc)
      sys.exit(1)

    print("Tor is running version %s" % controller.get_version())
    controller.close()

If you're fine with allowing your script to raise exceptions then this can be more nicely done as...

::

  from stem.control import Controller

  if __name__ == '__main__':
    with Controller.from_port() as controller:
      controller.authenticate()

      print("Tor is running version %s" % controller.get_version())

**Module Overview:**

::

  Controller - General controller class intended for direct use
    | |- from_port - Provides a Controller based on a port connection.
    | +- from_socket_file - Provides a Controller based on a socket file connection.
    |
    |- authenticate - authenticates this controller with tor
    |
    |- get_info - issues a GETINFO query for a parameter
    |- get_version - provides our tor version
    |- get_exit_policy - provides our exit policy
    |- get_ports - provides the local ports where tor is listening for connections
    |- get_listeners - provides the addresses and ports where tor is listening for connections
    |- get_accounting_stats - provides stats related to relaying limits
    |- get_protocolinfo - information about the controller interface
    |- get_user - provides the user tor is running as
    |- get_pid - provides the pid of our tor process
    |
    |- get_microdescriptor - querying the microdescriptor for a relay
    |- get_microdescriptors - provides all currently available microdescriptors
    |- get_server_descriptor - querying the server descriptor for a relay
    |- get_server_descriptors - provides all currently available server descriptors
    |- get_network_status - querying the router status entry for a relay
    |- get_network_statuses - provides all preently available router status entries
    |- get_hidden_service_descriptor - queries the given hidden service descriptor
    |
    |- get_conf - gets the value of a configuration option
    |- get_conf_map - gets the values of multiple configuration options
    |- set_conf - sets the value of a configuration option
    |- reset_conf - reverts configuration options to their default values
    |- set_options - sets or resets the values of multiple configuration options
    |
    |- get_hidden_service_conf - provides our hidden service configuration
    |- set_hidden_service_conf - sets our hidden service configuration
    |- create_hidden_service - creates a new hidden service or adds a new port
    |- remove_hidden_service - removes a hidden service or drops a port
    |
    |- list_ephemeral_hidden_services - list ephemeral hidden serivces
    |- create_ephemeral_hidden_service - create a new ephemeral hidden service
    |- remove_ephemeral_hidden_service - removes an ephemeral hidden service
    |
    |- add_event_listener - attaches an event listener to be notified of tor events
    |- remove_event_listener - removes a listener so it isn't notified of further events
    |
    |- is_caching_enabled - true if the controller has enabled caching
    |- set_caching - enables or disables caching
    |- clear_cache - clears any cached results
    |
    |- load_conf - loads configuration information as if it was in the torrc
    |- save_conf - saves configuration information to the torrc
    |
    |- is_feature_enabled - checks if a given controller feature is enabled
    |- enable_feature - enables a controller feature that has been disabled by default
    |
    |- get_circuit - provides an active circuit
    |- get_circuits - provides a list of active circuits
    |- new_circuit - create new circuits
    |- extend_circuit - create new circuits and extend existing ones
    |- repurpose_circuit - change a circuit's purpose
    |- close_circuit - close a circuit
    |
    |- get_streams - provides a list of active streams
    |- attach_stream - attach a stream to a circuit
    |- close_stream - close a stream
    |
    |- signal - sends a signal to the tor client
    |- is_newnym_available - true if tor would currently accept a NEWNYM signal
    |- get_newnym_wait - seconds until tor would accept a NEWNYM signal
    |- get_effective_rate - provides our effective relaying rate limit
    |- is_geoip_unavailable - true if we've discovered our geoip db to be unavailable
    |- map_address - maps one address to another such that connections to the original are replaced with the other
    +- drop_guards - drops our set of guard relays and picks a new set

  BaseController - Base controller class asynchronous message handling
    |- msg - communicates with the tor process
    |- is_alive - reports if our connection to tor is open or closed
    |- is_localhost - returns if the connection is for the local system or not
    |- connection_time - time when we last connected or disconnected
    |- is_authenticated - checks if we're authenticated to tor
    |- connect - connects or reconnects to tor
    |- close - shuts down our connection to the tor process
    |- get_socket - provides the socket used for control communication
    |- get_latest_heartbeat - timestamp for when we last heard from tor
    |- add_status_listener - notifies a callback of changes in our status
    |- remove_status_listener - prevents further notification of status changes
    +- __enter__ / __exit__ - manages socket connection

.. data:: State (enum)

  Enumeration for states that a controller can have.

  ========== ===========
  State      Description
  ========== ===========
  **INIT**   new control connection
  **RESET**  received a reset/sighup signal
  **CLOSED** control connection closed
  ========== ===========

.. data:: EventType (enum)

  Known types of events that the
  :func:`~stem.control.Controller.add_event_listener` method of the
  :class:`~stem.control.Controller` can listen for.

  The most frequently listened for event types tend to be the logging events
  (**DEBUG**, **INFO**, **NOTICE**, **WARN**, and **ERR**), bandwidth usage
  (**BW**), and circuit or stream changes (**CIRC** and **STREAM**).

  Enums are mapped to :class:`~stem.response.events.Event` subclasses as
  follows...

  ======================= ===========
  EventType               Event Class
  ======================= ===========
  **ADDRMAP**             :class:`stem.response.events.AddrMapEvent`
  **AUTHDIR_NEWDESCS**    :class:`stem.response.events.AuthDirNewDescEvent`
  **BUILDTIMEOUT_SET**    :class:`stem.response.events.BuildTimeoutSetEvent`
  **BW**                  :class:`stem.response.events.BandwidthEvent`
  **CELL_STATS**          :class:`stem.response.events.CellStatsEvent`
  **CIRC**                :class:`stem.response.events.CircuitEvent`
  **CIRC_BW**             :class:`stem.response.events.CircuitBandwidthEvent`
  **CIRC_MINOR**          :class:`stem.response.events.CircMinorEvent`
  **CLIENTS_SEEN**        :class:`stem.response.events.ClientsSeenEvent`
  **CONF_CHANGED**        :class:`stem.response.events.ConfChangedEvent`
  **CONN_BW**             :class:`stem.response.events.ConnectionBandwidthEvent`
  **DEBUG**               :class:`stem.response.events.LogEvent`
  **DESCCHANGED**         :class:`stem.response.events.DescChangedEvent`
  **ERR**                 :class:`stem.response.events.LogEvent`
  **GUARD**               :class:`stem.response.events.GuardEvent`
  **HS_DESC**             :class:`stem.response.events.HSDescEvent`
  **HS_DESC_CONTENT**     :class:`stem.response.events.HSDescContentEvent`
  **INFO**                :class:`stem.response.events.LogEvent`
  **NEWCONSENSUS**        :class:`stem.response.events.NewConsensusEvent`
  **NEWDESC**             :class:`stem.response.events.NewDescEvent`
  **NOTICE**              :class:`stem.response.events.LogEvent`
  **NS**                  :class:`stem.response.events.NetworkStatusEvent`
  **ORCONN**              :class:`stem.response.events.ORConnEvent`
  **SIGNAL**              :class:`stem.response.events.SignalEvent`
  **STATUS_CLIENT**       :class:`stem.response.events.StatusEvent`
  **STATUS_GENERAL**      :class:`stem.response.events.StatusEvent`
  **STATUS_SERVER**       :class:`stem.response.events.StatusEvent`
  **STREAM**              :class:`stem.response.events.StreamEvent`
  **STREAM_BW**           :class:`stem.response.events.StreamBwEvent`
  **TB_EMPTY**            :class:`stem.response.events.TokenBucketEmptyEvent`
  **TRANSPORT_LAUNCHED**  :class:`stem.response.events.TransportLaunchedEvent`
  **WARN**                :class:`stem.response.events.LogEvent`
  ======================= ===========

.. data:: Listener (enum)

  Purposes for inbound connections that Tor handles.

  ============= ===========
  Listener      Description
  ============= ===========
  **OR**        traffic we're relaying as a member of the network (torrc's **ORPort** and **ORListenAddress**)
  **DIR**       mirroring for tor descriptor content (torrc's **DirPort** and **DirListenAddress**)
  **SOCKS**     client traffic we're sending over Tor (torrc's **SocksPort** and **SocksListenAddress**)
  **TRANS**     transparent proxy handling (torrc's **TransPort** and **TransListenAddress**)
  **NATD**      forwarding for ipfw NATD connections (torrc's **NatdPort** and **NatdListenAddress**)
  **DNS**       DNS lookups for our traffic (torrc's **DNSPort** and **DNSListenAddress**)
  **CONTROL**   controller applications (torrc's **ControlPort** and **ControlListenAddress**)
  ============= ===========
"""

import calendar
import collections
import functools
import inspect
import io
import os
import threading
import time

try:
  # Added in 2.7
  from collections import OrderedDict
except ImportError:
  from stem.util.ordereddict import OrderedDict

try:
  import queue
  from io import StringIO
except ImportError:
  import Queue as queue
  from StringIO import StringIO

import stem.descriptor.microdescriptor
import stem.descriptor.reader
import stem.descriptor.router_status_entry
import stem.descriptor.server_descriptor
import stem.exit_policy
import stem.response
import stem.response.events
import stem.socket
import stem.util.connection
import stem.util.enum
import stem.util.str_tools
import stem.util.system
import stem.util.tor_tools
import stem.version

from stem import UNDEFINED, CircStatus, Signal, str_type
from stem.util import log

# state changes a control socket can have

State = stem.util.enum.Enum('INIT', 'RESET', 'CLOSED')

EventType = stem.util.enum.UppercaseEnum(
  'ADDRMAP',
  'AUTHDIR_NEWDESCS',
  'BUILDTIMEOUT_SET',
  'BW',
  'CELL_STATS',
  'CIRC',
  'CIRC_BW',
  'CIRC_MINOR',
  'CONF_CHANGED',
  'CONN_BW',
  'CLIENTS_SEEN',
  'DEBUG',
  'DESCCHANGED',
  'ERR',
  'GUARD',
  'HS_DESC',
  'HS_DESC_CONTENT',
  'INFO',
  'NEWCONSENSUS',
  'NEWDESC',
  'NOTICE',
  'NS',
  'ORCONN',
  'SIGNAL',
  'STATUS_CLIENT',
  'STATUS_GENERAL',
  'STATUS_SERVER',
  'STREAM',
  'STREAM_BW',
  'TB_EMPTY',
  'TRANSPORT_LAUNCHED',
  'WARN',
)

Listener = stem.util.enum.UppercaseEnum(
  'OR',
  'DIR',
  'SOCKS',
  'TRANS',
  'NATD',
  'DNS',
  'CONTROL',
)

# Configuration options that are fetched by a special key. The keys are
# lowercase to make case insensitive lookups easier.

MAPPED_CONFIG_KEYS = {
  'hiddenservicedir': 'HiddenServiceOptions',
  'hiddenserviceport': 'HiddenServiceOptions',
  'hiddenserviceversion': 'HiddenServiceOptions',
  'hiddenserviceauthorizeclient': 'HiddenServiceOptions',
  'hiddenserviceoptions': 'HiddenServiceOptions',
}

# unchangeable GETINFO parameters

CACHEABLE_GETINFO_PARAMS = (
  'version',
  'config-file',
  'exit-policy/default',
  'fingerprint',
  'config/names',
  'config/defaults',
  'info/names',
  'events/names',
  'features/names',
  'process/descriptor-limit',
)

# GETCONF parameters we shouldn't cache. This includes hidden service
# perameters due to the funky way they're set and retrieved (for instance,
# 'SETCONF HiddenServiceDir' effects 'GETCONF HiddenServiceOptions').

UNCACHEABLE_GETCONF_PARAMS = (
  'hiddenserviceoptions',
  'hiddenservicedir',
  'hiddenserviceport',
  'hiddenserviceversion',
  'hiddenserviceauthorizeclient',
)

# number of sequential attempts before we decide that the Tor geoip database
# is unavailable
GEOIP_FAILURE_THRESHOLD = 5

SERVER_DESCRIPTORS_UNSUPPORTED = "Tor is currently not configured to retrieve \
server descriptors. As of Tor version 0.2.3.25 it downloads microdescriptors \
instead unless you set 'UseMicrodescriptors 0' in your torrc."

AccountingStats = collections.namedtuple('AccountingStats', [
  'retrieved',
  'status',
  'interval_end',
  'time_until_reset',
  'read_bytes',
  'read_bytes_left',
  'read_limit',
  'written_bytes',
  'write_bytes_left',
  'write_limit',
])

CreateHiddenServiceOutput = collections.namedtuple('CreateHiddenServiceOutput', [
  'path',
  'hostname',
  'hostname_for_client',
  'config',
])


def with_default(yields = False):
  """
  Provides a decorator to support having a default value. This should be
  treated as private.
  """

  def decorator(func):
    def get_default(func, args, kwargs):
      arg_names = inspect.getargspec(func).args[1:]  # drop 'self'
      default_position = arg_names.index('default') if 'default' in arg_names else None

      if default_position is not None and default_position < len(args):
        return args[default_position]
      else:
        return kwargs.get('default', UNDEFINED)

    if not yields:
      @functools.wraps(func)
      def wrapped(self, *args, **kwargs):
        try:
          return func(self, *args, **kwargs)
        except Exception as exc:
          default = get_default(func, args, kwargs)

          if default == UNDEFINED:
            raise exc
          else:
            return default
    else:
      @functools.wraps(func)
      def wrapped(self, *args, **kwargs):
        try:
          for val in func(self, *args, **kwargs):
            yield val
        except Exception as exc:
          default = get_default(func, args, kwargs)

          if default == UNDEFINED:
            raise exc
          else:
            if default is not None:
              for val in default:
                yield val

    return wrapped

  return decorator


class BaseController(object):
  """
  Controller for the tor process. This is a minimal base class for other
  controllers, providing basic process communication and event listing. Don't
  use this directly - subclasses like the :class:`~stem.control.Controller`
  provide higher level functionality.

  It's highly suggested that you don't interact directly with the
  :class:`~stem.socket.ControlSocket` that we're constructed from - use our
  wrapper methods instead.

  If the **control_socket** is already authenticated to Tor then the caller
  should provide the **is_authenticated** flag. Otherwise, we will treat the
  socket as though it hasn't yet been authenticated.
  """

  def __init__(self, control_socket, is_authenticated = False):
    self._socket = control_socket
    self._msg_lock = threading.RLock()

    self._status_listeners = []  # tuples of the form (callback, spawn_thread)
    self._status_listeners_lock = threading.RLock()

    # queues where incoming messages are directed
    self._reply_queue = queue.Queue()
    self._event_queue = queue.Queue()

    # thread to continually pull from the control socket
    self._reader_thread = None

    # thread to pull from the _event_queue and call handle_event
    self._event_notice = threading.Event()
    self._event_thread = None

    # saves our socket's prior _connect() and _close() methods so they can be
    # called along with ours

    self._socket_connect = self._socket._connect
    self._socket_close = self._socket._close

    self._socket._connect = self._connect
    self._socket._close = self._close

    self._last_heartbeat = 0.0  # timestamp for when we last heard from tor
    self._is_authenticated = False

    self._state_change_threads = []  # threads we've spawned to notify of state changes

    if self._socket.is_alive():
      self._launch_threads()

    if is_authenticated:
      self._post_authentication()

  def msg(self, message):
    """
    Sends a message to our control socket and provides back its reply.

    :param str message: message to be formatted and sent to tor

    :returns: :class:`~stem.response.ControlMessage` with the response

    :raises:
      * :class:`stem.ProtocolError` the content from the socket is
        malformed
      * :class:`stem.SocketError` if a problem arises in using the
        socket
      * :class:`stem.SocketClosed` if the socket is shut down
    """

    with self._msg_lock:
      # If our _reply_queue isn't empty then one of a few things happened...
      #
      # - Our connection was closed and probably re-restablished. This was
      #   in reply to pulling for an asynchronous event and getting this is
      #   expected - ignore it.
      #
      # - Pulling for asynchronous events produced an error. If this was a
      #   ProtocolError then it's a tor bug, and if a non-closure SocketError
      #   then it was probably a socket glitch. Deserves an INFO level log
      #   message.
      #
      # - This is a leftover response for a msg() call. We can't tell who an
      #   exception was earmarked for, so we only know that this was the case
      #   if it's a ControlMessage.
      #
      #   This is the most concerning situation since it indicates that one of
      #   our callers didn't get their reply. However, this is still a
      #   perfectly viable use case. For instance...
      #
      #   1. We send a request.
      #   2. The reader thread encounters an exception, for instance a socket
      #      error. We enqueue the exception.
      #   3. The reader thread receives the reply.
      #   4. We raise the socket error, and have an undelivered message.
      #
      #   Thankfully this only seems to arise in edge cases around rapidly
      #   closing/reconnecting the socket.

      while not self._reply_queue.empty():
        try:
          response = self._reply_queue.get_nowait()

          if isinstance(response, stem.SocketClosed):
            pass  # this is fine
          elif isinstance(response, stem.ProtocolError):
            log.info('Tor provided a malformed message (%s)' % response)
          elif isinstance(response, stem.ControllerError):
            log.info('Socket experienced a problem (%s)' % response)
          elif isinstance(response, stem.response.ControlMessage):
            log.info('Failed to deliver a response: %s' % response)
        except queue.Empty:
          # the empty() method is documented to not be fully reliable so this
          # isn't entirely surprising

          break

      try:
        self._socket.send(message)
        response = self._reply_queue.get()

        # If the message we received back had an exception then re-raise it to the
        # caller. Otherwise return the response.

        if isinstance(response, stem.ControllerError):
          raise response
        else:
          # I really, really don't like putting hooks into this method, but
          # this is the most reliable method I can think of for taking actions
          # immediately after successfully authenticating to a connection.

          if message.upper().startswith('AUTHENTICATE'):
            self._post_authentication()

          return response
      except stem.SocketClosed as exc:
        # If the recv() thread caused the SocketClosed then we could still be
        # in the process of closing. Calling close() here so that we can
        # provide an assurance to the caller that when we raise a SocketClosed
        # exception we are shut down afterward for realz.

        self.close()
        raise exc

  def is_alive(self):
    """
    Checks if our socket is currently connected. This is a pass-through for our
    socket's :func:`~stem.socket.ControlSocket.is_alive` method.

    :returns: **bool** that's **True** if our socket is connected and **False** otherwise
    """

    return self._socket.is_alive()

  def is_localhost(self):
    """
    Returns if the connection is for the local system or not.

    .. versionadded:: 1.3.0

    :returns: **bool** that's **True** if the connection is for the local host and **False** otherwise
    """

    return self._socket.is_localhost()

  def connection_time(self):
    """
    Provides the unix timestamp for when our socket was either connected or
    disconnected. That is to say, the time we connected if we're currently
    connected and the time we disconnected if we're not connected.

    .. versionadded:: 1.3.0

    :returns: **float** for when we last connected or disconnected, zero if
      we've never connected
    """

    return self._socket.connection_time()

  def is_authenticated(self):
    """
    Checks if our socket is both connected and authenticated.

    :returns: **bool** that's **True** if our socket is authenticated to tor
      and **False** otherwise
    """

    if self.is_alive():
      return self._is_authenticated

    return False

  def connect(self):
    """
    Reconnects our control socket. This is a pass-through for our socket's
    :func:`~stem.socket.ControlSocket.connect` method.

    :raises: :class:`stem.SocketError` if unable to make a socket
    """

    self._socket.connect()

  def close(self):
    """
    Closes our socket connection. This is a pass-through for our socket's
    :func:`~stem.socket.ControlSocket.close` method.
    """

    self._socket.close()

    # Join on any outstanding state change listeners. Closing is a state change
    # of its own, so if we have any listeners it's quite likely there's some
    # work in progress.
    #
    # It's important that we do this outside of our locks so those daemons have
    # access to us. This is why we're doing this here rather than _close().

    for t in self._state_change_threads:
      if t.is_alive() and threading.current_thread() != t:
        t.join()

  def get_socket(self):
    """
    Provides the socket used to speak with the tor process. Communicating with
    the socket directly isn't advised since it may confuse this controller.

    :returns: :class:`~stem.socket.ControlSocket` we're communicating with
    """

    return self._socket

  def get_latest_heartbeat(self):
    """
    Provides the unix timestamp for when we last heard from tor. This is zero
    if we've never received a message.

    :returns: float for the unix timestamp of when we last heard from tor
    """

    return self._last_heartbeat

  def add_status_listener(self, callback, spawn = True):
    """
    Notifies a given function when the state of our socket changes. Functions
    are expected to be of the form...

    ::

      my_function(controller, state, timestamp)

    The state is a value from the :data:`stem.control.State` enum. Functions
    **must** allow for new values. The timestamp is a float for the unix time
    when the change occurred.

    This class only provides **State.INIT** and **State.CLOSED** notifications.
    Subclasses may provide others.

    If spawn is **True** then the callback is notified via a new daemon thread.
    If **False** then the notice is under our locks, within the thread where
    the change occurred. In general this isn't advised, especially if your
    callback could block for a while. If still outstanding these threads are
    joined on as part of closing this controller.

    :param function callback: function to be notified when our state changes
    :param bool spawn: calls function via a new thread if **True**, otherwise
      it's part of the connect/close method call
    """

    with self._status_listeners_lock:
      self._status_listeners.append((callback, spawn))

  def remove_status_listener(self, callback):
    """
    Stops listener from being notified of further events.

    :param function callback: function to be removed from our listeners

    :returns: **bool** that's **True** if we removed one or more occurrences of
      the callback, **False** otherwise
    """

    with self._status_listeners_lock:
      new_listeners, is_changed = [], False

      for listener, spawn in self._status_listeners:
        if listener != callback:
          new_listeners.append((listener, spawn))
        else:
          is_changed = True

      self._status_listeners = new_listeners
      return is_changed

  def __enter__(self):
    return self

  def __exit__(self, exit_type, value, traceback):
    self.close()

  def _handle_event(self, event_message):
    """
    Callback to be overwritten by subclasses for event listening. This is
    notified whenever we receive an event from the control socket.

    :param stem.response.ControlMessage event_message: message received from
      the control socket
    """

    pass

  def _connect(self):
    self._launch_threads()
    self._notify_status_listeners(State.INIT)
    self._socket_connect()
    self._is_authenticated = False

  def _close(self):
    # Our is_alive() state is now false. Our reader thread should already be
    # awake from recv() raising a closure exception. Wake up the event thread
    # too so it can end.

    self._event_notice.set()
    self._is_authenticated = False

    # joins on our threads if it's safe to do so

    for t in (self._reader_thread, self._event_thread):
      if t and t.is_alive() and threading.current_thread() != t:
        t.join()

    self._notify_status_listeners(State.CLOSED)

    self._socket_close()

  def _post_authentication(self):
    # actions to be taken after we have a newly authenticated connection

    self._is_authenticated = True

  def _notify_status_listeners(self, state):
    """
    Informs our status listeners that a state change occurred.

    :param stem.control.State state: state change that has occurred
    """

    # Any changes to our is_alive() state happen under the send lock, so we
    # need to have it to ensure it doesn't change beneath us.

    with self._socket._get_send_lock():
      with self._status_listeners_lock:
        # States imply that our socket is either alive or not, which may not
        # hold true when multiple events occur in quick succession. For
        # instance, a sighup could cause two events (State.RESET for the sighup
        # and State.CLOSE if it causes tor to crash). However, there's no
        # guarantee of the order in which they occur, and it would be bad if
        # listeners got the State.RESET last, implying that we were alive.

        expect_alive = None

        if state in (State.INIT, State.RESET):
          expect_alive = True
        elif state == State.CLOSED:
          expect_alive = False

        change_timestamp = time.time()

        if expect_alive is not None and expect_alive != self.is_alive():
          return

        self._state_change_threads = list(filter(lambda t: t.is_alive(), self._state_change_threads))

        for listener, spawn in self._status_listeners:
          if spawn:
            name = '%s notification' % state
            args = (self, state, change_timestamp)

            notice_thread = threading.Thread(target = listener, args = args, name = name)
            notice_thread.setDaemon(True)
            notice_thread.start()
            self._state_change_threads.append(notice_thread)
          else:
            listener(self, state, change_timestamp)

  def _launch_threads(self):
    """
    Initializes daemon threads. Threads can't be reused so we need to recreate
    them if we're restarted.
    """

    # In theory concurrent calls could result in multiple start() calls on a
    # single thread, which would cause an unexpected exception. Best be safe.

    with self._socket._get_send_lock():
      if not self._reader_thread or not self._reader_thread.is_alive():
        self._reader_thread = threading.Thread(target = self._reader_loop, name = 'Tor Listener')
        self._reader_thread.setDaemon(True)
        self._reader_thread.start()

      if not self._event_thread or not self._event_thread.is_alive():
        self._event_thread = threading.Thread(target = self._event_loop, name = 'Event Notifier')
        self._event_thread.setDaemon(True)
        self._event_thread.start()

  def _reader_loop(self):
    """
    Continually pulls from the control socket, directing the messages into
    queues based on their type. Controller messages come in two varieties...

    * Responses to messages we've sent (GETINFO, SETCONF, etc).
    * Asynchronous events, identified by a status code of 650.
    """

    while self.is_alive():
      try:
        control_message = self._socket.recv()
        self._last_heartbeat = time.time()

        if control_message.content()[-1][0] == '650':
          # asynchronous message, adds to the event queue and wakes up its handler
          self._event_queue.put(control_message)
          self._event_notice.set()
        else:
          # response to a msg() call
          self._reply_queue.put(control_message)
      except stem.ControllerError as exc:
        # Assume that all exceptions belong to the reader. This isn't always
        # true, but the msg() call can do a better job of sorting it out.
        #
        # Be aware that the msg() method relies on this to unblock callers.

        self._reply_queue.put(exc)

  def _event_loop(self):
    """
    Continually pulls messages from the _event_queue and sends them to our
    handle_event callback. This is done via its own thread so subclasses with a
    lengthy handle_event implementation don't block further reading from the
    socket.
    """

    while True:
      try:
        event_message = self._event_queue.get_nowait()
        self._handle_event(event_message)
      except queue.Empty:
        if not self.is_alive():
          break

        self._event_notice.wait()
        self._event_notice.clear()


class Controller(BaseController):
  """
  Communicates with a control socket. This is built on top of the
  BaseController and provides a more user friendly API for library users.
  """

  @staticmethod
  def from_port(address = '127.0.0.1', port = 9051):
    """
    Constructs a :class:`~stem.socket.ControlPort` based Controller.

    :param str address: ip address of the controller
    :param int port: port number of the controller

    :returns: :class:`~stem.control.Controller` attached to the given port

    :raises: :class:`stem.SocketError` if we're unable to establish a connection
    """

    if not stem.util.connection.is_valid_ipv4_address(address):
      raise ValueError('Invalid IP address: %s' % address)
    elif not stem.util.connection.is_valid_port(port):
      raise ValueError('Invalid port: %s' % port)

    control_port = stem.socket.ControlPort(address, port)
    return Controller(control_port)

  @staticmethod
  def from_socket_file(path = '/var/run/tor/control'):
    """
    Constructs a :class:`~stem.socket.ControlSocketFile` based Controller.

    :param str path: path where the control socket is located

    :returns: :class:`~stem.control.Controller` attached to the given socket file

    :raises: :class:`stem.SocketError` if we're unable to establish a connection
    """

    control_socket = stem.socket.ControlSocketFile(path)
    return Controller(control_socket)

  def __init__(self, control_socket, is_authenticated = False):
    self._is_caching_enabled = True
    self._request_cache = {}
    self._last_newnym = 0.0

    self._cache_lock = threading.RLock()

    # mapping of event types to their listeners

    self._event_listeners = {}
    self._event_listeners_lock = threading.RLock()

    # number of sequential 'GETINFO ip-to-country/*' lookups that have failed

    self._geoip_failure_count = 0
    self._enabled_features = []

    super(Controller, self).__init__(control_socket, is_authenticated)

    def _sighup_listener(event):
      if event.signal == Signal.RELOAD:
        self.clear_cache()
        self._notify_status_listeners(State.RESET)

    self.add_event_listener(_sighup_listener, EventType.SIGNAL)

    def _confchanged_listener(event):
      if self.is_caching_enabled():
        self._set_cache(dict((k, None) for k in event.config), 'getconf')

        if 'exitpolicy' in event.config.keys():
          self._set_cache({'exitpolicy': None})

    self.add_event_listener(_confchanged_listener, EventType.CONF_CHANGED)

  def connect(self):
    super(Controller, self).connect()
    self.clear_cache()

  def close(self):
    # making a best-effort attempt to quit before detaching the socket
    if self.is_alive():
      try:
        self.msg('QUIT')
      except:
        pass

      self.clear_cache()

    super(Controller, self).close()

  def authenticate(self, *args, **kwargs):
    """
    A convenience method to authenticate the controller. This is just a
    pass-through to :func:`stem.connection.authenticate`.
    """

    import stem.connection
    stem.connection.authenticate(self, *args, **kwargs)

  @with_default()
  def get_info(self, params, default = UNDEFINED, get_bytes = False):
    """
    get_info(params, default = UNDEFINED, get_bytes = False)

    Queries the control socket for the given GETINFO option. If provided a
    default then that's returned if the GETINFO option is undefined or the
    call fails for any reason (error response, control port closed, initiated,
    etc).

    .. versionchanged:: 1.1.0
       Added the get_bytes argument.

    :param str,list params: GETINFO option or options to be queried
    :param object default: response if the query fails
    :param bool get_bytes: provides **bytes** values rather than a **str** under python 3.x

    :returns:
      Response depends upon how we were called as follows...

      * **str** with the response if our param was a **str**
      * **dict** with the 'param => response' mapping if our param was a **list**
      * default if one was provided and our call failed

    :raises:
      * :class:`stem.ControllerError` if the call fails and we weren't
        provided a default response
      * :class:`stem.InvalidArguments` if the 'params' requested was
        invalid
      * :class:`stem.ProtocolError` if the geoip database is known to be
        unavailable
    """

    start_time = time.time()
    reply = {}

    if isinstance(params, (bytes, str_type)):
      is_multiple = False
      params = set([params])
    else:
      if not params:
        return {}

      is_multiple = True
      params = set(params)

    # check for cached results

    from_cache = [param.lower() for param in params]
    cached_results = self._get_cache_map(from_cache, 'getinfo')

    for key in cached_results:
      user_expected_key = _case_insensitive_lookup(params, key)
      reply[user_expected_key] = cached_results[key]
      params.remove(user_expected_key)

    for param in params:
      if param.startswith('ip-to-country/') and self.is_geoip_unavailable():
        # the geoip database already looks to be unavailable - abort the request

        raise stem.ProtocolError('Tor geoip database is unavailable')

    # if everything was cached then short circuit making the query
    if not params:
      log.trace('GETINFO %s (cache fetch)' % ' '.join(reply.keys()))

      if is_multiple:
        return reply
      else:
        return list(reply.values())[0]

    try:
      response = self.msg('GETINFO %s' % ' '.join(params))
      stem.response.convert('GETINFO', response)
      response._assert_matches(params)

      # usually we want unicode values under python 3.x

      if stem.prereq.is_python_3() and not get_bytes:
        response.entries = dict((k, stem.util.str_tools._to_unicode(v)) for (k, v) in response.entries.items())

      reply.update(response.entries)

      if self.is_caching_enabled():
        to_cache = {}

        for key, value in response.entries.items():
          key = key.lower()  # make case insensitive

          if key in CACHEABLE_GETINFO_PARAMS:
            to_cache[key] = value
          elif key.startswith('ip-to-country/'):
            # both cache-able and means that we should reset the geoip failure count
            to_cache[key] = value
            self._geoip_failure_count = -1

        self._set_cache(to_cache, 'getinfo')

      log.debug('GETINFO %s (runtime: %0.4f)' % (' '.join(params), time.time() - start_time))

      if is_multiple:
        return reply
      else:
        return list(reply.values())[0]
    except stem.ControllerError as exc:
      # bump geoip failure count if...
      # * we're caching results
      # * this was soley a geoip lookup
      # * we've never had a successful geoip lookup (failure count isn't -1)

      is_geoip_request = len(params) == 1 and list(params)[0].startswith('ip-to-country/')

      if is_geoip_request and self.is_caching_enabled() and self._geoip_failure_count != -1:
        self._geoip_failure_count += 1

        if self.is_geoip_unavailable():
          log.warn("Tor's geoip database is unavailable.")

      log.debug('GETINFO %s (failed: %s)' % (' '.join(params), exc))

      raise exc

  @with_default()
  def get_version(self, default = UNDEFINED):
    """
    get_version(default = UNDEFINED)

    A convenience method to get tor version that current controller is
    connected to.

    :param object default: response if the query fails

    :returns: :class:`~stem.version.Version` of the tor instance that we're
      connected to

    :raises:
      * :class:`stem.ControllerError` if unable to query the version
      * **ValueError** if unable to parse the version

      An exception is only raised if we weren't provided a default response.
    """

    version = self._get_cache('version')

    if not version:
      version = stem.version.Version(self.get_info('version'))
      self._set_cache({'version': version})

    return version

  @with_default()
  def get_exit_policy(self, default = UNDEFINED):
    """
    get_exit_policy(default = UNDEFINED)

    Effective ExitPolicy for our relay. This accounts for
    ExitPolicyRejectPrivate and default policies.

    :param object default: response if the query fails

    :returns: :class:`~stem.exit_policy.ExitPolicy` of the tor instance that
      we're connected to

    :raises:
      * :class:`stem.ControllerError` if unable to query the policy
      * **ValueError** if unable to parse the policy

      An exception is only raised if we weren't provided a default response.
    """

    with self._msg_lock:
      config_policy = self._get_cache('exit_policy')

      if not config_policy:
        policy = []

        if self.get_conf('ExitPolicyRejectPrivate') == '1':
          policy.append('reject private:*')

        for policy_line in self.get_conf('ExitPolicy', multiple = True):
          policy += policy_line.split(',')

        policy += self.get_info('exit-policy/default').split(',')

        config_policy = stem.exit_policy.get_config_policy(policy, self.get_info('address', None))
        self._set_cache({'exit_policy': config_policy})

      return config_policy

  @with_default()
  def get_ports(self, listener_type, default = UNDEFINED):
    """
    get_ports(listener_type, default = UNDEFINED)

    Provides the local ports where tor is listening for the given type of
    connections. This is similar to
    :func:`~stem.control.Controller.get_listeners`, but doesn't provide
    addresses nor include non-local endpoints.

    .. versionadded:: 1.2.0

    :param stem.control.Listener listener_type: connection type being handled
      by the ports we return
    :param object default: response if the query fails

    :returns: **list** of **ints** for the local ports where tor handles
      connections of the given type

    :raises: :class:`stem.ControllerError` if unable to determine the ports
      and no default was provided
    """

    return [port for (addr, port) in self.get_listeners(listener_type) if addr == '127.0.0.1']

  @with_default()
  def get_listeners(self, listener_type, default = UNDEFINED):
    """
    get_listeners(listener_type, default = UNDEFINED)

    Provides the addresses and ports where tor is listening for connections of
    the given type. This is similar to
    :func:`~stem.control.Controller.get_ports` but includes listener addresses
    and non-local endpoints.

    .. versionadded:: 1.2.0

    :param stem.control.Listener listener_type: connection type being handled
      by the listeners we return
    :param object default: response if the query fails

    :returns: **list** of **(address, port)** tuples for the available
      listeners

    :raises: :class:`stem.ControllerError` if unable to determine the listeners
      and no default was provided
    """

    proxy_addrs = []
    query = 'net/listeners/%s' % listener_type.lower()

    try:
      for listener in self.get_info(query).split():
        if not (listener.startswith('"') and listener.endswith('"')):
          raise stem.ProtocolError("'GETINFO %s' responses are expected to be quoted: %s" % (query, listener))
        elif ':' not in listener:
          raise stem.ProtocolError("'GETINFO %s' had a listener without a colon: %s" % (query, listener))

        listener = listener[1:-1]  # strip quotes
        addr, port = listener.split(':')

        # Skip unix sockets, for instance...
        #
        # GETINFO net/listeners/control
        # 250-net/listeners/control="unix:/tmp/tor/socket"
        # 250 OK

        if addr == 'unix':
          continue

        proxy_addrs.append((addr, port))
    except stem.InvalidArguments:
      # Tor version is old (pre-tor-0.2.2.26-beta), use get_conf() instead.
      # Some options (like the ORPort) can have optional attributes after the
      # actual port number.

      port_option = {
        Listener.OR: 'ORPort',
        Listener.DIR: 'DirPort',
        Listener.SOCKS: 'SocksPort',
        Listener.TRANS: 'TransPort',
        Listener.NATD: 'NatdPort',
        Listener.DNS: 'DNSPort',
        Listener.CONTROL: 'ControlPort',
      }[listener_type]

      listener_option = {
        Listener.OR: 'ORListenAddress',
        Listener.DIR: 'DirListenAddress',
        Listener.SOCKS: 'SocksListenAddress',
        Listener.TRANS: 'TransListenAddress',
        Listener.NATD: 'NatdListenAddress',
        Listener.DNS: 'DNSListenAddress',
        Listener.CONTROL: 'ControlListenAddress',
      }[listener_type]

      port_value = self.get_conf(port_option).split()[0]

      for listener in self.get_conf(listener_option, multiple = True):
        if ':' in listener:
          addr, port = listener.split(':')
          proxy_addrs.append((addr, port))
        else:
          proxy_addrs.append((listener, port_value))

    # validate that address/ports are valid, and convert ports to ints

    for addr, port in proxy_addrs:
      if not stem.util.connection.is_valid_ipv4_address(addr):
        raise stem.ProtocolError('Invalid address for a %s listener: %s' % (listener_type, addr))
      elif not stem.util.connection.is_valid_port(port):
        raise stem.ProtocolError('Invalid port for a %s listener: %s' % (listener_type, port))

    return [(addr, int(port)) for (addr, port) in proxy_addrs]

  @with_default()
  def get_accounting_stats(self, default = UNDEFINED):
    """
    get_accounting_stats(default = UNDEFINED)

    Provides stats related to our relaying limitations if AccountingMax was set
    in our torrc. This provides a **namedtuple** with the following
    attributes...

      * retrieved (float) - unix timestamp for when this was fetched
      * status (str) - hibernation status of 'awake', 'soft', or 'hard'
      * interval_end (datetime)
      * time_until_reset (int) - seconds until our limits reset
      * read_bytes (int)
      * read_bytes_left (int)
      * read_limit (int)
      * written_bytes (int)
      * write_bytes_left (int)
      * write_limit (int)

    .. versionadded:: 1.3.0

    :param object default: response if the query fails

    :returns: **namedtuple** with our accounting stats

    :raises: :class:`stem.ControllerError` if unable to determine the listeners
      and no default was provided
    """

    if self.get_info('accounting/enabled') != '1':
      raise stem.ControllerError("Accounting isn't enabled")

    retrieved = time.time()
    status = self.get_info('accounting/hibernating')
    interval_end = self.get_info('accounting/interval-end')
    used = self.get_info('accounting/bytes')
    left = self.get_info('accounting/bytes-left')

    interval_end = stem.util.str_tools._parse_timestamp(interval_end)
    used_read, used_written = [int(val) for val in used.split(' ', 1)]
    left_read, left_written = [int(val) for val in left.split(' ', 1)]

    return AccountingStats(
      retrieved = retrieved,
      status = status,
      interval_end = interval_end,
      time_until_reset = calendar.timegm(interval_end.timetuple()) - int(retrieved),
      read_bytes = used_read,
      read_bytes_left = left_read,
      read_limit = used_read + left_read,
      written_bytes = used_written,
      write_bytes_left = left_written,
      write_limit = used_written + left_written,
    )

  def get_socks_listeners(self, default = UNDEFINED):
    """
    Provides the SOCKS **(address, port)** tuples that tor has open.

    .. deprecated:: 1.2.0
       Use :func:`~stem.control.Controller.get_listeners` with
       **Listener.SOCKS** instead.

    :param object default: response if the query fails

    :returns: list of **(address, port)** tuples for the available SOCKS
      listeners

    :raises: :class:`stem.ControllerError` if unable to determine the listeners
      and no default was provided
    """

    return self.get_listeners(Listener.SOCKS, default)

  @with_default()
  def get_protocolinfo(self, default = UNDEFINED):
    """
    get_protocolinfo(default = UNDEFINED)

    A convenience method to get the protocol info of the controller.

    :param object default: response if the query fails

    :returns: :class:`~stem.response.protocolinfo.ProtocolInfoResponse` provided by tor

    :raises:
      * :class:`stem.ProtocolError` if the PROTOCOLINFO response is
        malformed
      * :class:`stem.SocketError` if problems arise in establishing or
        using the socket

      An exception is only raised if we weren't provided a default response.
    """

    import stem.connection
    return stem.connection.get_protocolinfo(self)

  @with_default()
  def get_user(self, default = UNDEFINED):
    """
    get_user(default = UNDEFINED)

    Provides the user tor is running as. This often only works if tor is
    running locally. Also, most of its checks are platform dependent, and hence
    are not entirely reliable.

    .. versionadded:: 1.1.0

    :param object default: response if the query fails

    :returns: str with the username tor is running as
    """

    user = self._get_cache('user')

    if not user:
      user = self.get_info('process/user', None)

    if not user and self.is_localhost():
      pid = self.get_pid(None)

      if pid:
        user = stem.util.system.user(pid)

    if user:
      self._set_cache({'user': user})
      return user
    else:
      raise ValueError("Unable to resolve tor's user" if self.is_localhost() else "Tor isn't running locally")

  @with_default()
  def get_pid(self, default = UNDEFINED):
    """
    get_pid(default = UNDEFINED)

    Provides the process id of tor. This often only works if tor is running
    locally. Also, most of its checks are platform dependent, and hence are not
    entirely reliable.

    .. versionadded:: 1.1.0

    :param object default: response if the query fails

    :returns: **int** for tor's pid

    :raises: **ValueError** if unable to determine the pid and no default was
      provided
    """

    pid = self._get_cache('pid')

    if not pid:
      getinfo_pid = self.get_info('process/pid', None)

      if getinfo_pid and getinfo_pid.isdigit():
        pid = int(getinfo_pid)

    if not pid and self.is_localhost():
      pid_file_path = self.get_conf('PidFile', None)

      if pid_file_path is not None:
        with open(pid_file_path) as pid_file:
          pid_file_contents = pid_file.read().strip()

          if pid_file_contents.isdigit():
            pid = int(pid_file_contents)

      if not pid:
        pid = stem.util.system.pid_by_name('tor')

      if not pid:
        control_socket = self.get_socket()

        if isinstance(control_socket, stem.socket.ControlPort):
          pid = stem.util.system.pid_by_port(control_socket.get_port())
        elif isinstance(control_socket, stem.socket.ControlSocketFile):
          pid = stem.util.system.pid_by_open_file(control_socket.get_socket_path())

    if pid:
      self._set_cache({'pid': pid})
      return pid
    else:
      raise ValueError("Unable to resolve tor's pid" if self.is_localhost() else "Tor isn't running locally")

  @with_default()
  def get_microdescriptor(self, relay = None, default = UNDEFINED):
    """
    get_microdescriptor(relay = None, default = UNDEFINED)

    Provides the microdescriptor for the relay with the given fingerprint or
    nickname. If the relay identifier could be either a fingerprint *or*
    nickname then it's queried as a fingerprint.

    If no **relay** is provided then this defaults to ourselves. Remember that
    this requires that we've retrieved our own descriptor from remote
    authorities so this both won't be available for newly started relays and
    may be up to around an hour out of date.

    .. versionchanged:: 1.3.0
       Changed so we'd fetch our own descriptor if no 'relay' is provided.

    :param str relay: fingerprint or nickname of the relay to be queried
    :param object default: response if the query fails

    :returns: :class:`~stem.descriptor.microdescriptor.Microdescriptor` for the given relay

    :raises:
      * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
        for the given relay
      * :class:`stem.ControllerError` if unable to query the descriptor
      * **ValueError** if **relay** doesn't conform with the pattern for being
        a fingerprint or nickname

      An exception is only raised if we weren't provided a default response.
    """

    if relay is None:
      try:
        relay = self.get_info('fingerprint')
      except stem.ControllerError as exc:
        raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)

    if stem.util.tor_tools.is_valid_fingerprint(relay):
      query = 'md/id/%s' % relay
    elif stem.util.tor_tools.is_valid_nickname(relay):
      query = 'md/name/%s' % relay
    else:
      raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)

    try:
      desc_content = self.get_info(query, get_bytes = True)
    except stem.InvalidArguments as exc:
      if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
        raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
      else:
        raise exc

    if not desc_content:
      raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')

    return stem.descriptor.microdescriptor.Microdescriptor(desc_content)

  @with_default(yields = True)
  def get_microdescriptors(self, default = UNDEFINED):
    """
    get_microdescriptors(default = UNDEFINED)

    Provides an iterator for all of the microdescriptors that tor currently
    knows about.

    **Tor does not expose this information via the control protocol**
    (:trac:`8323`). Until it does this reads the microdescriptors from disk,
    and hence won't work remotely or if we lack read permissions.

    :param list default: items to provide if the query fails

    :returns: iterates over
      :class:`~stem.descriptor.microdescriptor.Microdescriptor` for relays in
      the tor network

    :raises: :class:`stem.ControllerError` if unable to query tor and no
      default was provided
    """

    try:
      data_directory = self.get_conf('DataDirectory')
    except stem.ControllerError as exc:
      raise stem.OperationFailed(message = 'Unable to determine the data directory (%s)' % exc)

    cached_descriptor_path = os.path.join(data_directory, 'cached-microdescs')

    if not os.path.exists(data_directory):
      raise stem.OperationFailed(message = "Data directory reported by tor doesn't exist (%s)" % data_directory)
    elif not os.path.exists(cached_descriptor_path):
      raise stem.OperationFailed(message = "Data directory doens't contain cached microescriptors (%s)" % cached_descriptor_path)

    with stem.descriptor.reader.DescriptorReader([cached_descriptor_path]) as reader:
      for desc in reader:
        # It shouldn't be possible for these to be something other than
        # microdescriptors but as the saying goes: trust but verify.

        if not isinstance(desc, stem.descriptor.microdescriptor.Microdescriptor):
          raise stem.OperationFailed(message = 'BUG: Descriptor reader provided non-microdescriptor content (%s)' % type(desc))

        yield desc

  @with_default()
  def get_server_descriptor(self, relay = None, default = UNDEFINED):
    """
    get_server_descriptor(relay = None, default = UNDEFINED)

    Provides the server descriptor for the relay with the given fingerprint or
    nickname. If the relay identifier could be either a fingerprint *or*
    nickname then it's queried as a fingerprint.

    If no **relay** is provided then this defaults to ourselves. Remember that
    this requires that we've retrieved our own descriptor from remote
    authorities so this both won't be available for newly started relays and
    may be up to around an hour out of date.

    **As of Tor version 0.2.3.25 relays no longer get server descriptors by
    default.** It's advised that you use microdescriptors instead, but if you
    really need server descriptors then you can get them by setting
    'UseMicrodescriptors 0'.

    .. versionchanged:: 1.3.0
       Changed so we'd fetch our own descriptor if no 'relay' is provided.

    :param str relay: fingerprint or nickname of the relay to be queried
    :param object default: response if the query fails

    :returns: :class:`~stem.descriptor.server_descriptor.RelayDescriptor` for the given relay

    :raises:
      * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
        for the given relay
      * :class:`stem.ControllerError` if unable to query the descriptor
      * **ValueError** if **relay** doesn't conform with the pattern for being
        a fingerprint or nickname

      An exception is only raised if we weren't provided a default response.
    """

    try:
      if relay is None:
        try:
          relay = self.get_info('fingerprint')
        except stem.ControllerError as exc:
          raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)

      if stem.util.tor_tools.is_valid_fingerprint(relay):
        query = 'desc/id/%s' % relay
      elif stem.util.tor_tools.is_valid_nickname(relay):
        query = 'desc/name/%s' % relay
      else:
        raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)

      try:
        desc_content = self.get_info(query, get_bytes = True)
      except stem.InvalidArguments as exc:
        if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
          raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
        else:
          raise exc

      if not desc_content:
        raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')

      return stem.descriptor.server_descriptor.RelayDescriptor(desc_content)
    except Exception as exc:
      if not self._is_server_descriptors_available():
        raise ValueError(SERVER_DESCRIPTORS_UNSUPPORTED)

      raise exc

  @with_default(yields = True)
  def get_server_descriptors(self, default = UNDEFINED):
    """
    get_server_descriptors(default = UNDEFINED)

    Provides an iterator for all of the server descriptors that tor currently
    knows about.

    **As of Tor version 0.2.3.25 relays no longer get server descriptors by
    default.** It's advised that you use microdescriptors instead, but if you
    really need server descriptors then you can get them by setting
    'UseMicrodescriptors 0'.

    :param list default: items to provide if the query fails

    :returns: iterates over
      :class:`~stem.descriptor.server_descriptor.RelayDescriptor` for relays in
      the tor network

    :raises: :class:`stem.ControllerError` if unable to query tor and no
      default was provided
    """

    # TODO: We should iterate over the descriptors as they're read from the
    # socket rather than reading the whole thing into memory.
    #
    # https://trac.torproject.org/8248

    desc_content = self.get_info('desc/all-recent', get_bytes = True)

    if not desc_content:
      if not self._is_server_descriptors_available():
        raise stem.ControllerError(SERVER_DESCRIPTORS_UNSUPPORTED)
      else:
        raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')

    for desc in stem.descriptor.server_descriptor._parse_file(io.BytesIO(desc_content)):
      yield desc

  def _is_server_descriptors_available(self):
    """
    Checks to see if tor server descriptors should be available or not.
    """

    return self.get_version() < stem.version.Requirement.MICRODESCRIPTOR_IS_DEFAULT or \
           self.get_conf('UseMicrodescriptors', None) == '0'

  @with_default()
  def get_network_status(self, relay = None, default = UNDEFINED):
    """
    get_network_status(relay = None, default = UNDEFINED)

    Provides the router status entry for the relay with the given fingerprint
    or nickname. If the relay identifier could be either a fingerprint *or*
    nickname then it's queried as a fingerprint.

    This provides
    :class:`~stem.descriptor.router_status_entry.RouterStatusEntryMicroV3`
    instances if tor is using microdescriptors...

    ::

      controller.get_conf('UseMicrodescriptors', '0') == '1'

    ... and :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3`
    otherwise.

    If no **relay** is provided then this defaults to ourselves. Remember that
    this requires that we've retrieved our own descriptor from remote
    authorities so this both won't be available for newly started relays and
    may be up to around an hour out of date.

    .. versionchanged:: 1.3.0
       Changed so we'd fetch our own descriptor if no 'relay' is provided.

    :param str relay: fingerprint or nickname of the relay to be queried
    :param object default: response if the query fails

    :returns: :class:`~stem.descriptor.router_status_entry.RouterStatusEntry`
      for the given relay

    :raises:
      * :class:`stem.DescriptorUnavailable` if unable to provide a descriptor
        for the given relay
      * :class:`stem.ControllerError` if unable to query the descriptor
      * **ValueError** if **relay** doesn't conform with the pattern for being
        a fingerprint or nickname

      An exception is only raised if we weren't provided a default response.
    """

    if relay is None:
      try:
        relay = self.get_info('fingerprint')
      except stem.ControllerError as exc:
        raise stem.ControllerError('Unable to determine our own fingerprint: %s' % exc)

    if stem.util.tor_tools.is_valid_fingerprint(relay):
      query = 'ns/id/%s' % relay
    elif stem.util.tor_tools.is_valid_nickname(relay):
      query = 'ns/name/%s' % relay
    else:
      raise ValueError("'%s' isn't a valid fingerprint or nickname" % relay)

    try:
      desc_content = self.get_info(query, get_bytes = True)
    except stem.InvalidArguments as exc:
      if str(exc).startswith('GETINFO request contained unrecognized keywords:'):
        raise stem.DescriptorUnavailable("Tor was unable to provide the descriptor for '%s'" % relay)
      else:
        raise exc

    if not desc_content:
      raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')

    if self.get_conf('UseMicrodescriptors', '0') == '1':
      return stem.descriptor.router_status_entry.RouterStatusEntryMicroV3(desc_content)
    else:
      return stem.descriptor.router_status_entry.RouterStatusEntryV3(desc_content)

  @with_default(yields = True)
  def get_network_statuses(self, default = UNDEFINED):
    """
    get_network_statuses(default = UNDEFINED)

    Provides an iterator for all of the router status entries that tor
    currently knows about.

    This provides
    :class:`~stem.descriptor.router_status_entry.RouterStatusEntryMicroV3`
    instances if tor is using microdescriptors...

    ::

      controller.get_conf('UseMicrodescriptors', '0') == '1'

    ... and :class:`~stem.descriptor.router_status_entry.RouterStatusEntryV3`
    otherwise.

    :param list default: items to provide if the query fails

    :returns: iterates over
      :class:`~stem.descriptor.router_status_entry.RouterStatusEntry` for
      relays in the tor network

    :raises: :class:`stem.ControllerError` if unable to query tor and no
      default was provided
    """

    # TODO: We should iterate over the descriptors as they're read from the
    # socket rather than reading the whole thing into memory.
    #
    # https://trac.torproject.org/8248

    if self.get_conf('UseMicrodescriptors', '0') == '1':
      desc_class = stem.descriptor.router_status_entry.RouterStatusEntryMicroV3
    else:
      desc_class = stem.descriptor.router_status_entry.RouterStatusEntryV3

    desc_content = self.get_info('ns/all', get_bytes = True)

    if not desc_content:
      raise stem.DescriptorUnavailable('Descriptor information is unavailable, tor might still be downloading it')

    desc_iterator = stem.descriptor.router_status_entry._parse_file(
      io.BytesIO(desc_content),
      True,
      entry_class = desc_class,
    )

    for desc in desc_iterator:
      yield desc

  @with_default()
  def get_hidden_service_descriptor(self, address, default = UNDEFINED, servers = None, await_result = True):
    """
    get_hidden_service_descriptor(address, default = UNDEFINED, servers = None, await_result = True)

    Provides the descriptor for a hidden service. The **address** is the
    '.onion' address of the hidden service (for instance 3g2upl4pq6kufc4m.onion
    for DuckDuckGo).

    If **await_result** is **True** then this blocks until we either receive
    the descriptor or the request fails. If **False** this returns right away.

    .. versionadded:: 1.4.0

    :param str address: address of the hidden service descriptor, the '.onion' suffix is optional
    :param object default: response if the query fails
    :param list servers: requrest the descriptor from these specific servers

    :returns: :class:`~stem.descriptor.hidden_service_descriptor.HiddenServiceDescriptor`
      for the given service if **await_result** is **True**, or **None** otherwise

    :raises:
      * :class:`stem.DescriptorUnavailable` if **await_result** is **True** and
        unable to provide a descriptor for the given service
      * :class:`stem.ControllerError` if unable to query the descriptor
      * **ValueError** if **address** doesn't conform with the pattern of a
        hidden service address

      An exception is only raised if we weren't provided a default response.
    """

    if address.endswith('.onion'):
      address = address[:-6]

    if not stem.util.tor_tools.is_valid_hidden_service_address(address):
      raise ValueError("'%s.onion' isn't a valid hidden service address" % address)

    if self.get_version() < stem.version.Requirement.HSFETCH:
      raise stem.UnsatisfiableRequest(message = 'HSFETCH was added in tor version %s' % stem.version.Requirement.HSFETCH)

    hs_desc_queue, hs_desc_listener = queue.Queue(), None
    hs_desc_content_queue, hs_desc_content_listener = queue.Queue(), None

    if await_result:
      def hs_desc_listener(event):
        hs_desc_queue.put(event)

      def hs_desc_content_listener(event):
        hs_desc_content_queue.put(event)

      self.add_event_listener(hs_desc_listener, EventType.HS_DESC)
      self.add_event_listener(hs_desc_content_listener, EventType.HS_DESC_CONTENT)

    try:
      request = 'HSFETCH %s' % address

      if servers:
        request += ' '.join(['SERVER=%s' % s for s in servers])

      response = self.msg(request)
      stem.response.convert('SINGLELINE', response)

      if not response.is_ok():
        raise stem.ProtocolError('HSFETCH returned unexpected response code: %s' % response.code)

      if not await_result:
        return None  # not waiting, so nothing to provide back
      else:
        while True:
          event = hs_desc_content_queue.get()

          if event.address == address:
            if event.descriptor:
              return event.descriptor
            else:
              # no descriptor, looking through HS_DESC to figure out why

              while True:
                event = hs_desc_queue.get()

                if event.address == address and event.action == stem.HSDescAction.FAILED:
                  if event.reason == stem.HSDescReason.NOT_FOUND:
                    raise stem.DescriptorUnavailable('No running hidden service at %s.onion' % address)
                  else:
                    raise stem.DescriptorUnavailable('Unable to retrieve the descriptor for %s.onion (retrieved from %s): %s' % (address, event.directory_fingerprint, event.reason))
    finally:
      if hs_desc_listener:
        self.remove_event_listener(hs_desc_listener)

      if hs_desc_content_listener:
        self.remove_event_listener(hs_desc_content_listener)

  def get_conf(self, param, default = UNDEFINED, multiple = False):
    """
    Queries the current value for a configuration option. Some configuration
    options (like the ExitPolicy) can have multiple values. This provides a
    **list** with all of the values if **multiple** is **True**. Otherwise this
    will be a **str** with the first value.

    If provided with a **default** then that is provided if the configuration
    option was unset or the query fails (invalid configuration option, error
    response, control port closed, initiated, etc).

    If the configuration value is unset and no **default** was given then this
    provides **None** if **multiple** was **False** and an empty list if it was
    **True**.

    :param str param: configuration option to be queried
    :param object default: response if the option is unset or the query fails
    :param bool multiple: if **True** then provides a list with all of the
      present values (this is an empty list if the config option is unset)

    :returns:
      Response depends upon how we were called as follows...

      * **str** with the configuration value if **multiple** was **False**,
        **None** if it was unset
      * **list** with the response strings if multiple was **True**
      * default if one was provided and the configuration option was either
        unset or our call failed

    :raises:
      * :class:`stem.ControllerError` if the call fails and we weren't
        provided a default response
      * :class:`stem.InvalidArguments` if the configuration option
        requested was invalid
    """

    # Config options are case insensitive and don't contain whitespace. Using
    # strip so the following check will catch whitespace-only params.

    param = param.lower().strip()

    if not param:
      return default if default != UNDEFINED else None

    entries = self.get_conf_map(param, default, multiple)
    return _case_insensitive_lookup(entries, param, default)

  def get_conf_map(self, params, default = UNDEFINED, multiple = True):
    """
    Similar to :func:`~stem.control.Controller.get_conf` but queries multiple
    configuration options, providing back a mapping of those options to their
    values.

    There are three use cases for GETCONF:

      1. a single value is provided (e.g. **ControlPort**)
      2. multiple values are provided for the option (e.g. **ExitPolicy**)
      3. a set of options that weren't necessarily requested are returned (for
         instance querying **HiddenServiceOptions** gives **HiddenServiceDir**,
         **HiddenServicePort**, etc)

    The vast majority of the options fall into the first two categories, in
    which case calling :func:`~stem.control.Controller.get_conf` is sufficient.
    However, for batch queries or the special options that give a set of values
    this provides back the full response. As of tor version 0.2.1.25
    **HiddenServiceOptions** was the only option that falls into the third
    category.

    :param str,list params: configuration option(s) to be queried
    :param object default: value for the mappings if the configuration option
      is either undefined or the query fails
    :param bool multiple: if **True** then the values provided are lists with
      all of the present values

    :returns:
      **dict** of the 'config key => value' mappings. The value is a...

      * **str** if **multiple** is **False**, **None** if the configuration
        option is unset
      * **list** if **multiple** is **True**
      * the **default** if it was set and the value was either undefined or our
        lookup failed

    :raises:
      * :class:`stem.ControllerError` if the call fails and we weren't provided
        a default response
      * :class:`stem.InvalidArguments` if the configuration option requested
        was invalid
    """

    start_time = time.time()
    reply = {}

    if isinstance(params, (bytes, str_type)):
      params = [params]

    # remove strings which contain only whitespace
    params = [entry for entry in params if entry.strip()]

    if params == []:
      return {}

    # translate context sensitive options
    lookup_params = set([MAPPED_CONFIG_KEYS.get(entry, entry) for entry in params])

    # check for cached results

    from_cache = [param.lower() for param in lookup_params]
    cached_results = self._get_cache_map(from_cache, 'getconf')

    for key in cached_results:
      user_expected_key = _case_insensitive_lookup(lookup_params, key)
      reply[user_expected_key] = cached_results[key]
      lookup_params.remove(user_expected_key)

    # if everything was cached then short circuit making the query
    if not lookup_params:
      log.trace('GETCONF %s (cache fetch)' % ' '.join(reply.keys()))
      return self._get_conf_dict_to_response(reply, default, multiple)

    try:
      response = self.msg('GETCONF %s' % ' '.join(lookup_params))
      stem.response.convert('GETCONF', response)
      reply.update(response.entries)

      if self.is_caching_enabled():
        to_cache = dict((k.lower(), v) for k, v in response.entries.items())

        for key in UNCACHEABLE_GETCONF_PARAMS:
          if key in to_cache:
            del to_cache[key]

        self._set_cache(to_cache, 'getconf')

      # Maps the entries back to the parameters that the user requested so the
      # capitalization matches (ie, if they request "exitpolicy" then that
      # should be the key rather than "ExitPolicy"). When the same
      # configuration key is provided multiple times this determines the case
      # based on the first and ignores the rest.
      #
      # This retains the tor provided camel casing of MAPPED_CONFIG_KEYS
      # entries since the user didn't request those by their key, so we can't
      # be sure what they wanted.

      for key in reply:
        if not key.lower() in MAPPED_CONFIG_KEYS.values():
          user_expected_key = _case_insensitive_lookup(params, key, key)

          if key != user_expected_key:
            reply[user_expected_key] = reply[key]
            del reply[key]

      log.debug('GETCONF %s (runtime: %0.4f)' % (' '.join(lookup_params), time.time() - start_time))
      return self._get_conf_dict_to_response(reply, default, multiple)
    except stem.ControllerError as exc:
      log.debug('GETCONF %s (failed: %s)' % (' '.join(lookup_params), exc))

      if default != UNDEFINED:
        return dict((param, default) for param in params)
      else:
        raise exc

  def _get_conf_dict_to_response(self, config_dict, default, multiple):
    """
    Translates a dictionary of 'config key => [value1, value2...]' into the
    return value of :func:`~stem.control.Controller.get_conf_map`, taking into
    account what the caller requested.
    """

    return_dict = {}

    for key, values in list(config_dict.items()):
      if values == []:
        # config option was unset
        if default != UNDEFINED:
          return_dict[key] = default
        else:
          return_dict[key] = [] if multiple else None
      else:
        return_dict[key] = values if multiple else values[0]

    return return_dict

  def set_conf(self, param, value):
    """
    Changes the value of a tor configuration option. Our value can be any of
    the following...

    * a string to set a single value
    * a list of strings to set a series of values (for instance the ExitPolicy)
    * None to either set the value to 0/NULL

    :param str param: configuration option to be set
    :param str,list value: value to set the parameter to

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.InvalidArguments` if configuration options
        requested was invalid
      * :class:`stem.InvalidRequest` if the configuration setting is
        impossible or if there's a syntax error in the configuration values
    """

    self.set_options({param: value}, False)

  def reset_conf(self, *params):
    """
    Reverts one or more parameters to their default values.

    :param str params: configuration option to be reset

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.InvalidArguments` if configuration options requested was invalid
      * :class:`stem.InvalidRequest` if the configuration setting is
        impossible or if there's a syntax error in the configuration values
    """

    self.set_options(dict([(entry, None) for entry in params]), True)

  def set_options(self, params, reset = False):
    """
    Changes multiple tor configuration options via either a SETCONF or
    RESETCONF query. Both behave identically unless our value is None, in which
    case SETCONF sets the value to 0 or NULL, and RESETCONF returns it to its
    default value. This accepts str, list, or None values in a similar fashion
    to :func:`~stem.control.Controller.set_conf`. For example...

    ::

      my_controller.set_options({
        'Nickname': 'caerSidi',
        'ExitPolicy': ['accept *:80', 'accept *:443', 'reject *:*'],
        'ContactInfo': 'caerSidi-exit@someplace.com',
        'Log': None,
      })

    The params can optionally be a list of key/value tuples, though the only
    reason this type of argument would be useful is for hidden service
    configuration (those options are order dependent).

    :param dict,list params: mapping of configuration options to the values
      we're setting it to
    :param bool reset: issues a RESETCONF, returning **None** values to their
      defaults if **True**

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.InvalidArguments` if configuration options
        requested was invalid
      * :class:`stem.InvalidRequest` if the configuration setting is
        impossible or if there's a syntax error in the configuration values
    """

    start_time = time.time()

    # constructs the SETCONF or RESETCONF query
    query_comp = ['RESETCONF' if reset else 'SETCONF']

    if isinstance(params, dict):
      params = list(params.items())

    for param, value in params:
      if isinstance(value, str):
        query_comp.append('%s="%s"' % (param, value.strip()))
      elif value:
        query_comp.extend(['%s="%s"' % (param, val.strip()) for val in value])
      else:
        query_comp.append(param)

    query = ' '.join(query_comp)
    response = self.msg(query)
    stem.response.convert('SINGLELINE', response)

    if response.is_ok():
      log.debug('%s (runtime: %0.4f)' % (query, time.time() - start_time))

      if self.is_caching_enabled():
        to_cache = {}

        for param, value in params:
          param = param.lower()

          if isinstance(value, (bytes, str_type)):
            value = [value]

          to_cache[param] = value

          if param == 'exitpolicy':
            self._set_cache({'exitpolicy': None})

        self._set_cache(to_cache, 'getconf')
    else:
      log.debug('%s (failed, code: %s, message: %s)' % (query, response.code, response.message))

      if response.code == '552':
        if response.message.startswith("Unrecognized option: Unknown option '"):
          key = response.message[37:response.message.find("'", 37)]
          raise stem.InvalidArguments(response.code, response.message, [key])
        raise stem.InvalidRequest(response.code, response.message)
      elif response.code in ('513', '553'):
        raise stem.InvalidRequest(response.code, response.message)
      else:
        raise stem.ProtocolError('Returned unexpected status code: %s' % response.code)

  @with_default()
  def get_hidden_service_conf(self, default = UNDEFINED):
    """
    get_hidden_service_conf(default = UNDEFINED)

    This provides a mapping of hidden service directories to their
    attribute's key/value pairs. All hidden services are assured to have a
    'HiddenServicePort', but other entries may or may not exist.

    ::

      {
        "/var/lib/tor/hidden_service_empty/": {
          "HiddenServicePort": [
          ]
        },
        "/var/lib/tor/hidden_service_with_two_ports/": {
          "HiddenServiceAuthorizeClient": "stealth a, b",
          "HiddenServicePort": [
            (8020, "127.0.0.1", 8020),  # the ports order is kept
            (8021, "127.0.0.1", 8021)
          ],
          "HiddenServiceVersion": "2"
        },
      }

    .. versionadded:: 1.3.0

    :param object default: response if the query fails

    :returns: **dict** with the hidden service configuration

    :raises: :class:`stem.ControllerError` if the call fails and we weren't
      provided a default response
    """

    start_time = time.time()

    try:
      response = self.msg('GETCONF HiddenServiceOptions')
      stem.response.convert('GETCONF', response)
      log.debug('GETCONF HiddenServiceOptions (runtime: %0.4f)' %
                (time.time() - start_time))
    except stem.ControllerError as exc:
      log.debug('GETCONF HiddenServiceOptions (failed: %s)' % exc)
      raise exc

    service_dir_map = OrderedDict()
    directory = None

    for status_code, divider, content in response.content():
      if content == 'HiddenServiceOptions':
        continue

      if '=' not in content:
        continue

      k, v = content.split('=', 1)

      if k == 'HiddenServiceDir':
        directory = v
        service_dir_map[directory] = {'HiddenServicePort': []}
      elif k == 'HiddenServicePort':
        port = target_port = v
        target_address = '127.0.0.1'

        if not v.isdigit():
          port, target = v.split()

          if target.isdigit():
            target_port = target
          else:
            target_address, target_port = target.split(':')

        if not stem.util.connection.is_valid_port(port):
          raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort port (%s): %s' % (port, content))
        elif not stem.util.connection.is_valid_ipv4_address(target_address):
          raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target address (%s): %s' % (target_address, content))
        elif not stem.util.connection.is_valid_port(target_port):
          raise stem.ProtocolError('GETCONF provided an invalid HiddenServicePort target port (%s): %s' % (target_port, content))

        service_dir_map[directory]['HiddenServicePort'].append((int(port), target_address, int(target_port)))
      else:
        service_dir_map[directory][k] = v

    return service_dir_map

  def set_hidden_service_conf(self, conf):
    """
    Update all the configured hidden services from a dictionary having
    the same format as
    :func:`~stem.control.Controller.get_hidden_service_conf`.

    For convenience the HiddenServicePort entries can be an integer, string, or
    tuple. If an **int** then we treat it as just a port. If a **str** we pass
    that directly as the HiddenServicePort. And finally, if a **tuple** then
    it's expected to be the **(port, target_address, target_port)** as provided
    by :func:`~stem.control.Controller.get_hidden_service_conf`.

    This is to say the following three are equivalent...

    ::

      "HiddenServicePort": [
        80,
        '80 127.0.0.1:80',
        (80, '127.0.0.1', 80),
      ]

    .. versionadded:: 1.3.0

    :param dict conf: configuration dictionary

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.InvalidArguments` if configuration options
        requested was invalid
      * :class:`stem.InvalidRequest` if the configuration setting is
        impossible or if there's a syntax error in the configuration values
    """

    # If we're not adding or updating any hidden services then call RESETCONF
    # so we drop existing values. Otherwise calling SETCONF is a no-op.

    if not conf:
      self.reset_conf('HiddenServiceDir')
      return

    # Convert conf dictionary into a list of ordered config tuples

    hidden_service_options = []

    for directory in conf:
      hidden_service_options.append(('HiddenServiceDir', directory))

      for k, v in list(conf[directory].items()):
        if k == 'HiddenServicePort':
          for entry in v:
            if isinstance(entry, int):
              entry = '%s 127.0.0.1:%s' % (entry, entry)
            elif isinstance(entry, str):
              pass  # just pass along what the user gave us
            elif isinstance(entry, tuple):
              port, target_address, target_port = entry
              entry = '%s %s:%s' % (port, target_address, target_port)

            hidden_service_options.append(('HiddenServicePort', entry))
        else:
          hidden_service_options.append((k, str(v)))

    self.set_options(hidden_service_options)

  def create_hidden_service(self, path, port, target_address = None, target_port = None, auth_type = None, client_names = None):
    """
    Create a new hidden service. If the directory is already present, a
    new port is added. This provides a **namedtuple** of the following...

      * path (str) - hidden service directory

      * hostname (str) - Content of the hostname file, if no **client_names**
        are provided this is the onion address of the service. This is only
        retrieved if we can read the hidden service directory.

      * hostname_for_client (dict) - mapping of client names to their onion
        address, this is only set if the **client_names** was provided and we
        can read the hidden service directory

      * config (dict) - tor's new hidden service configuration

    Our *.onion address is fetched by reading the hidden service directory.
    However, this directory is only readable by the tor user, so if unavailable
    the **hostname** will be **None**.

    **As of Tor 0.2.7.1 there's two ways for creating hidden services. This is
    no longer the recommended method.** Rather, try using
    :func:`~stem.control.Controller.create_ephemeral_hidden_service` instead.

    .. versionadded:: 1.3.0

    .. versionchanged:: 1.4.0
       Added the auth_type and client_names arguments.

    :param str path: path for the hidden service's data directory
    :param int port: hidden service port
    :param str target_address: address of the service, by default 127.0.0.1
    :param int target_port: port of the service, by default this is the same as
      **port**
    :param str auth_type: authentication type: basic, stealth or None to disable auth
    :param list client_names: client names (1-16 characters "A-Za-z0-9+-_")

    :returns: **CreateHiddenServiceOutput** if we create or update a hidden service, **None** otherwise

    :raises: :class:`stem.ControllerError` if the call fails
    """

    if not stem.util.connection.is_valid_port(port):
      raise ValueError("%s isn't a valid port number" % port)
    elif target_address and not stem.util.connection.is_valid_ipv4_address(target_address):
      raise ValueError("%s isn't a valid IPv4 address" % target_address)
    elif target_port is not None and not stem.util.connection.is_valid_port(target_port):
      raise ValueError("%s isn't a valid port number" % target_port)
    elif auth_type not in (None, 'basic', 'stealth'):
      raise ValueError("%s isn't a recognized type of authentication" % auth_type)

    port = int(port)
    target_address = target_address if target_address else '127.0.0.1'
    target_port = port if target_port is None else int(target_port)

    conf = self.get_hidden_service_conf()

    if path in conf and (port, target_address, target_port) in conf[path]['HiddenServicePort']:
      return None

    conf.setdefault(path, OrderedDict()).setdefault('HiddenServicePort', []).append((port, target_address, target_port))

    if auth_type and client_names:
      hsac = "%s %s" % (auth_type, ','.join(client_names))
      conf[path]['HiddenServiceAuthorizeClient'] = hsac

    self.set_hidden_service_conf(conf)

    hostname, hostname_for_client = None, {}

    if self.is_localhost():
      hostname_path = os.path.join(path, 'hostname')

      if not os.path.isabs(hostname_path):
        cwd = stem.util.system.cwd(self.get_pid(None))

        if cwd:
          hostname_path = stem.util.system.expand_path(hostname_path, cwd)

      if os.path.isabs(hostname_path):
        start_time = time.time()

        while not os.path.exists(hostname_path):
          wait_time = time.time() - start_time

          if wait_time >= 3:
            break
          else:
            time.sleep(0.05)

        try:
          with open(hostname_path) as hostname_file:
            hostname = hostname_file.read().strip()

            if client_names and '\n' in hostname:
              # When there's multiple clients this looks like...
              #
              # ndisjxzkgcdhrwqf.onion sjUwjTSPznqWLdOPuwRUzg # client: c1
              # ndisjxzkgcdhrwqf.onion sUu92axuL5bKnA76s2KRfw # client: c2

              for line in hostname.splitlines():
                if ' # client: ' in line:
                  address = line.split()[0]
                  client = line.split(' # client: ', 1)[1]

                  if len(address) == 22 and address.endswith('.onion'):
                    hostname_for_client[client] = address
        except:
          pass

    return CreateHiddenServiceOutput(
      path = path,
      hostname = hostname,
      hostname_for_client = hostname_for_client,
      config = conf,
    )

  def remove_hidden_service(self, path, port = None):
    """
    Discontinues a given hidden service.

    .. versionadded:: 1.3.0

    :param str path: path for the hidden service's data directory
    :param int port: hidden service port

    :returns: **True** if the hidden service is discontinued, **False** if it
      wasn't running in the first place

    :raises: :class:`stem.ControllerError` if the call fails
    """

    if port and not stem.util.connection.is_valid_port(port):
      raise ValueError("%s isn't a valid port number" % port)

    port = int(port) if port else None
    conf = self.get_hidden_service_conf()

    if path not in conf:
      return False

    if not port:
      del conf[path]
    else:
      to_remove = [entry for entry in conf[path]['HiddenServicePort'] if entry[0] == port]

      if not to_remove:
        return False

      for entry in to_remove:
        conf[path]['HiddenServicePort'].remove(entry)

      if not conf[path]['HiddenServicePort']:
        del conf[path]  # no ports left

    self.set_hidden_service_conf(conf)
    return True

  @with_default()
  def list_ephemeral_hidden_services(self, default = UNDEFINED, our_services = True, detached = False):
    """
    list_ephemeral_hidden_services(default = UNDEFINED, our_services = True, detached = False)

    Lists hidden service addresses created by
    :func:`~stem.control.Controller.create_ephemeral_hidden_service`.

    .. versionadded:: 1.4.0

    :param object default: response if the query fails
    :param bool our_services: include services created with this controller
      that weren't flagged as 'detached'
    :param bool detached: include services whos contiuation isn't tied to a
      controller

    :returns: **list** of hidden service addresses without their '.onion'
      suffix

    :raises: :class:`stem.ControllerError` if the call fails and we weren't
      provided a default response
    """

    if self.get_version() < stem.version.Requirement.ADD_ONION:
      raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)

    result = []

    if our_services:
      try:
        result += self.get_info('onions/current').split('\n')
      except stem.ProtocolError as exc:
        if 'No onion services of the specified type.' not in str(exc):
          raise exc

    if detached:
      try:
        result += self.get_info('onions/detached').split('\n')
      except stem.ProtocolError as exc:
        if 'No onion services of the specified type.' not in str(exc):
          raise exc

    return result

  def create_ephemeral_hidden_service(self, ports, key_type = 'NEW', key_content = 'BEST', discard_key = False, detached = False, await_publication = False):
    """
    Creates a new hidden service. Unlike
    :func:`~stem.control.Controller.create_hidden_service` this style of
    hidden service doesn't touch disk, carrying with it a lot of advantages.
    This is the suggested method for making hidden services.

    Our **ports** argument can be a single port...

    ::

      create_ephemeral_hidden_service(80)

    ... list of ports the service is available on...

    ::

      create_ephemeral_hidden_service([80, 443])

    ... or a mapping of hidden service ports to their targets...

    ::

      create_ephemeral_hidden_service({80: 80, 443: '173.194.33.133:443'})

    .. versionadded:: 1.4.0

    :param int,list,dict ports: hidden service port(s) or mapping of hidden
      service ports to their targets
    :param str key_type: type of key being provided, generates a new key if
      'NEW' (options are: **NEW** and **RSA1024**)
    :param str key_content: key for the service to use or type of key to be
      generated (options when **key_type** is **NEW** are **BEST** and
      **RSA1024**)
    :param bool discard_key: avoid providing the key back in our response
    :param bool detached: continue this hidden service even after this control
      connection is closed if **True**
    :param bool await_publication: blocks until our descriptor is successfully
      published if **True**

    :returns: :class:`~stem.response.add_onion.AddOnionResponse` with the response

    :raises: :class:`stem.ControllerError` if the call fails
    """

    if self.get_version() < stem.version.Requirement.ADD_ONION:
      raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)

    hs_desc_queue, hs_desc_listener = queue.Queue(), None

    if await_publication:
      def hs_desc_listener(event):
        hs_desc_queue.put(event)

      self.add_event_listener(hs_desc_listener, EventType.HS_DESC)

    request = 'ADD_ONION %s:%s' % (key_type, key_content)

    flags = []

    if discard_key:
      flags.append('DiscardPK')

    if detached:
      flags.append('Detach')

    if flags:
      request += ' Flags=%s' % ','.join(flags)

    if isinstance(ports, int):
      request += ' Port=%s' % ports
    elif isinstance(ports, list):
      for port in ports:
        request += ' Port=%s' % port
    elif isinstance(ports, dict):
      for port, target in ports.items():
        request += ' Port=%s,%s' % (port, target)
    else:
      raise ValueError("The 'ports' argument of create_ephemeral_hidden_service() needs to be an int, list, or dict")

    response = self.msg(request)
    stem.response.convert('ADD_ONION', response)

    if await_publication:
      # We should receive five UPLOAD events, followed by up to another five
      # UPLOADED to indicate they've finished. Presently tor seems to have an
      # issue where the address is provided for UPLOAD but not UPLOADED so need
      # to just guess that if it's for the same hidden service authority then
      # it's what we're looking for.

      directories_uploaded_to, failures = [], []

      try:
        while True:
          event = hs_desc_queue.get()

          if event.action == stem.HSDescAction.UPLOAD and event.address == response.service_id:
            directories_uploaded_to.append(event.directory_fingerprint)
          elif event.action == stem.HSDescAction.UPLOADED and event.directory_fingerprint in directories_uploaded_to:
            break  # successfully uploaded to a HS authority... maybe
          elif event.action == stem.HSDescAction.FAILED and event.directory_fingerprint in directories_uploaded_to:
            failures.append('%s (%s)' % (event.directory_fingerprint, event.reason))

            if len(directories_uploaded_to) == len(failures):
              raise stem.OperationFailed(message = 'Failed to upload our hidden service descriptor to %s' % ', '.join(failures))
      finally:
        self.remove_event_listener(hs_desc_listener)

    return response

  def remove_ephemeral_hidden_service(self, service_id):
    """
    Discontinues a given hidden service that was created with
    :func:`~stem.control.Controller.create_ephemeral_hidden_service`.

    .. versionadded:: 1.4.0

    :param str service_id: hidden service address without the '.onion' suffix

    :returns: **True** if the hidden service is discontinued, **False** if it
      wasn't running in the first place

    :raises: :class:`stem.ControllerError` if the call fails
    """

    if self.get_version() < stem.version.Requirement.ADD_ONION:
      raise stem.UnsatisfiableRequest(message = 'Ephemeral hidden services were added in tor version %s' % stem.version.Requirement.ADD_ONION)

    response = self.msg('DEL_ONION %s' % service_id)
    stem.response.convert('SINGLELINE', response)

    if response.is_ok():
      return True
    elif response.code == '552':
      return False  # no hidden service to discontinue
    else:
      raise stem.ProtocolError('DEL_ONION returned unexpected response code: %s' % response.code)

  def add_event_listener(self, listener, *events):
    """
    Directs further tor controller events to a given function. The function is
    expected to take a single argument, which is a
    :class:`~stem.response.events.Event` subclass. For instance the following
    would print the bytes sent and received by tor over five seconds...

    ::

      import time
      from stem.control import Controller, EventType

      def print_bw(event):
        print('sent: %i, received: %i' % (event.written, event.read))

      with Controller.from_port(port = 9051) as controller:
        controller.authenticate()
        controller.add_event_listener(print_bw, EventType.BW)
        time.sleep(5)

    If a new control connection is initialized then this listener will be
    reattached.

    :param functor listener: function to be called when an event is received
    :param stem.control.EventType events: event types to be listened for

    :raises: :class:`stem.ProtocolError` if unable to set the events
    """

    # first checking that tor supports these event types

    with self._event_listeners_lock:
      if self.is_authenticated():
        for event_type in events:
          event_type = stem.response.events.EVENT_TYPE_TO_CLASS.get(event_type)

          if event_type and (self.get_version() < event_type._VERSION_ADDED):
            raise stem.InvalidRequest(552, '%s event requires Tor version %s or later' % (event_type, event_type._VERSION_ADDED))

      for event_type in events:
        self._event_listeners.setdefault(event_type, []).append(listener)

      failed_events = self._attach_listeners()[1]

      # restricted the failures to just things we requested

      failed_events = set(failed_events).intersection(set(events))

      if failed_events:
        raise stem.ProtocolError('SETEVENTS rejected %s' % ', '.join(failed_events))

  def remove_event_listener(self, listener):
    """
    Stops a listener from being notified of further tor events.

    :param stem.control.EventListener listener: listener to be removed

    :raises: :class:`stem.ProtocolError` if unable to set the events
    """

    with self._event_listeners_lock:
      event_types_changed = False

      for event_type, event_listeners in list(self._event_listeners.items()):
        if listener in event_listeners:
          event_listeners.remove(listener)

          if len(event_listeners) == 0:
            event_types_changed = True
            del self._event_listeners[event_type]

      if event_types_changed:
        response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys()))

        if not response.is_ok():
          raise stem.ProtocolError('SETEVENTS received unexpected response\n%s' % response)

  def _get_cache(self, param, namespace = None):
    """
    Queries our request cache for the given key.

    :param str param: key to be queried
    :param str namespace: namespace in which to check for the key

    :returns: cached value corresponding to key or **None** if the key wasn't found
    """

    return self._get_cache_map([param], namespace).get(param, None)

  def _get_cache_map(self, params, namespace = None):
    """
    Queries our request cache for multiple entries.

    :param list params: keys to be queried
    :param str namespace: namespace in which to check for the keys

    :returns: **dict** of 'param => cached value' pairs of keys present in cache
    """

    with self._cache_lock:
      cached_values = {}

      if self.is_caching_enabled():
        for param in params:
          if namespace:
            cache_key = '%s.%s' % (namespace, param)
          else:
            cache_key = param

          if cache_key in self._request_cache:
            cached_values[param] = self._request_cache[cache_key]

      return cached_values

  def _set_cache(self, params, namespace = None):
    """
    Sets the given request cache entries. If the new cache value is **None**
    then it is removed from our cache.

    :param dict params: **dict** of 'cache_key => value' pairs to be cached
    :param str namespace: namespace for the keys
    """

    with self._cache_lock:
      if not self.is_caching_enabled():
        return

      for key, value in list(params.items()):
        if namespace:
          cache_key = '%s.%s' % (namespace, key)
        else:
          cache_key = key

        if value is None:
          if cache_key in self._request_cache:
            del self._request_cache[cache_key]
        else:
          self._request_cache[cache_key] = value

  def is_caching_enabled(self):
    """
    **True** if caching has been enabled, **False** otherwise.

    :returns: bool to indicate if caching is enabled
    """

    return self._is_caching_enabled

  def set_caching(self, enabled):
    """
    Enables or disables caching of information retrieved from tor.

    :param bool enabled: **True** to enable caching, **False** to disable it
    """

    self._is_caching_enabled = enabled

    if not self._is_caching_enabled:
      self.clear_cache()

  def clear_cache(self):
    """
    Drops any cached results.
    """

    with self._cache_lock:
      self._request_cache = {}
      self._last_newnym = 0.0
      self._geoip_failure_count = 0

  def load_conf(self, configtext):
    """
    Sends the configuration text to Tor and loads it as if it has been read from
    the torrc.

    :param str configtext: the configuration text

    :raises: :class:`stem.ControllerError` if the call fails
    """

    response = self.msg('LOADCONF\n%s' % configtext)
    stem.response.convert('SINGLELINE', response)

    if response.code in ('552', '553'):
      if response.code == '552' and response.message.startswith('Invalid config file: Failed to parse/validate config: Unknown option'):
        raise stem.InvalidArguments(response.code, response.message, [response.message[70:response.message.find('.', 70) - 1]])
      raise stem.InvalidRequest(response.code, response.message)
    elif not response.is_ok():
      raise stem.ProtocolError('+LOADCONF Received unexpected response\n%s' % str(response))

  def save_conf(self):
    """
    Saves the current configuration options into the active torrc file.

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.OperationFailed` if the client is unable to save
        the configuration file
    """

    response = self.msg('SAVECONF')
    stem.response.convert('SINGLELINE', response)

    if response.is_ok():
      return True
    elif response.code == '551':
      raise stem.OperationFailed(response.code, response.message)
    else:
      raise stem.ProtocolError('SAVECONF returned unexpected response code')

  def is_feature_enabled(self, feature):
    """
    Checks if a control connection feature is enabled. These features can be
    enabled using :func:`~stem.control.Controller.enable_feature`.

    :param str feature: feature to be checked

    :returns: **True** if feature is enabled, **False** otherwise
    """

    feature = feature.upper()

    if feature in self._enabled_features:
      return True
    else:
      # check if this feature is on by default
      defaulted_version = None

      if feature == 'EXTENDED_EVENTS':
        defaulted_version = stem.version.Requirement.FEATURE_EXTENDED_EVENTS
      elif feature == 'VERBOSE_NAMES':
        defaulted_version = stem.version.Requirement.FEATURE_VERBOSE_NAMES

      if defaulted_version:
        our_version = self.get_version(None)

        if our_version and our_version >= defaulted_version:
          self._enabled_features.append(feature)

      return feature in self._enabled_features

  def enable_feature(self, features):
    """
    Enables features that are disabled by default to maintain backward
    compatibility. Once enabled, a feature cannot be disabled and a new
    control connection must be opened to get a connection with the feature
    disabled. Feature names are case-insensitive.

    The following features are currently accepted:

      * EXTENDED_EVENTS - Requests the extended event syntax
      * VERBOSE_NAMES - Replaces ServerID with LongName in events and GETINFO results

    :param str,list features: a single feature or a list of features to be enabled

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * :class:`stem.InvalidArguments` if features passed were invalid
    """

    if isinstance(features, (bytes, str_type)):
      features = [features]

    response = self.msg('USEFEATURE %s' % ' '.join(features))
    stem.response.convert('SINGLELINE', response)

    if not response.is_ok():
      if response.code == '552':
        invalid_feature = []

        if response.message.startswith('Unrecognized feature "'):
          invalid_feature = [response.message[22:response.message.find('"', 22)]]

        raise stem.InvalidArguments(response.code, response.message, invalid_feature)

      raise stem.ProtocolError('USEFEATURE provided an invalid response code: %s' % response.code)

    self._enabled_features += [entry.upper() for entry in features]

  @with_default()
  def get_circuit(self, circuit_id, default = UNDEFINED):
    """
    get_circuit(circuit_id, default = UNDEFINED)

    Provides a circuit currently available from tor.

    :param int circuit_id: circuit to be fetched
    :param object default: response if the query fails

    :returns: :class:`stem.response.events.CircuitEvent` for the given circuit

    :raises:
      * :class:`stem.ControllerError` if the call fails
      * **ValueError** if the circuit doesn't exist

      An exception is only raised if we weren't provided a default response.
    """

    for circ in self.get_circuits():
      if circ.id == circuit_id:
        return circ

    raise ValueError("Tor currently does not have a circuit with the id of '%s'" % circuit_id)

  @with_default()
  def get_circuits(self, default = UNDEFINED):
    """
    get_circuits(default = UNDEFINED)

    Provides tor's currently available circuits.

    :param object default: response if the query fails

    :returns: **list** of :class:`stem.response.events.CircuitEvent` for our circuits

    :raises: :class:`stem.ControllerError` if the call fails and no default was provided
    """

    circuits = []
    response = self.get_info('circuit-status')

    for circ in response.splitlines():
      circ_message = stem.socket.recv_message(StringIO('650 CIRC ' + circ + '\r\n'))
      stem.response.convert('EVENT', circ_message, arrived_at = 0)
      circuits.append(circ_message)

    return circuits

  def new_circuit(self, path = None, purpose = 'general', await_build = False):
    """
    Requests a new circuit. If the path isn't provided, one is automatically
    selected.

    :param list,str path: one or more relays to make a circuit through
    :param str purpose: 'general' or 'controller'
    :param bool await_build: blocks until the circuit is built if **True**

    :returns: str of the circuit id of the newly created circuit

    :raises: :class:`stem.ControllerError` if the call fails
    """

    return self.extend_circuit('0', path, purpose, await_build)

  def extend_circuit(self, circuit_id = '0', path = None, purpose = 'general', await_build = False):
    """
    Either requests the creation of a new circuit or extends an existing one.

    When called with a circuit value of zero (the default) a new circuit is
    created, and when non-zero the circuit with that id is extended. If the
    path isn't provided, one is automatically selected.

    A python interpreter session used to create circuits could look like this...

    ::

      >>> controller.extend_circuit('0', ['718BCEA286B531757ACAFF93AE04910EA73DE617', '30BAB8EE7606CBD12F3CC269AE976E0153E7A58D', '2765D8A8C4BBA3F89585A9FFE0E8575615880BEB'])
      19
      >>> controller.extend_circuit('0')
      20
      >>> print(controller.get_info('circuit-status'))
      20 EXTENDED $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$649F2D0ACF418F7CFC6539AB2257EB2D5297BAFA=Eskimo BUILD_FLAGS=NEED_CAPACITY PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:51:11.433755
      19 BUILT $718BCEA286B531757ACAFF93AE04910EA73DE617=KsmoinOK,$30BAB8EE7606CBD12F3CC269AE976E0153E7A58D=Pascal1,$2765D8A8C4BBA3F89585A9FFE0E8575615880BEB=Anthracite PURPOSE=GENERAL TIME_CREATED=2012-12-06T13:50:56.969938

    :param str circuit_id: id of a circuit to be extended
    :param list,str path: one or more relays to make a circuit through, this is
      required if the circuit id is non-zero
    :param str purpose: 'general' or 'controller'
    :param bool await_build: blocks until the circuit is built if **True**

    :returns: str of the circuit id of the created or extended circuit

    :raises:
      * :class:`stem.InvalidRequest` if one of the parameters were invalid
      * :class:`stem.CircuitExtensionFailed` if we were waiting for the circuit
        to build but it failed
      * :class:`stem.ControllerError` if the call fails
    """

    # Attaches a temporary listener for CIRC events if we'll be waiting for it
    # to build. This is icky, but we can't reliably do this via polling since
    # we then can't get the failure if it can't be created.

    circ_queue, circ_listener = queue.Queue(), None

    if await_build:
      def circ_listener(event):
        circ_queue.put(event)

      self.add_event_listener(circ_listener, EventType.CIRC)

    try:
      # we might accidently get integer circuit ids
      circuit_id = str(circuit_id)

      if path is None and circuit_id == '0':
        path_opt_version = stem.version.Requirement.EXTENDCIRCUIT_PATH_OPTIONAL

        if not self.get_version() >= path_opt_version:
          raise stem.InvalidRequest(512, 'EXTENDCIRCUIT requires the path prior to version %s' % path_opt_version)

      args = [circuit_id]

      if isinstance(path, (bytes, str_type)):
        path = [path]

      if path:
        args.append(','.join(path))

      if purpose:
        args.append('purpose=%s' % purpose)

      response = self.msg('EXTENDCIRCUIT %s' % ' '.join(args))
      stem.response.convert('SINGLELINE', response)

      if response.code in ('512', '552'):
        raise stem.InvalidRequest(response.code, response.message)
      elif not response.is_ok():
        raise stem.ProtocolError('EXTENDCIRCUIT returned unexpected response code: %s' % response.code)

      if not response.message.startswith('EXTENDED '):
        raise stem.ProtocolError('EXTENDCIRCUIT response invalid:\n%s', response)

      new_circuit = response.message.split(' ', 1)[1]

      if await_build:
        while True:
          circ = circ_queue.get()

          if circ.id == new_circuit:
            if circ.status == CircStatus.BUILT:
              break
            elif circ.status == CircStatus.FAILED:
              raise stem.CircuitExtensionFailed('Circuit failed to be created: %s' % circ.reason, circ)
            elif circ.status == CircStatus.CLOSED:
              raise stem.CircuitExtensionFailed('Circuit was closed prior to build', circ)

      return new_circuit
    finally:
      if circ_listener:
        self.remove_event_listener(circ_listener)

  def repurpose_circuit(self, circuit_id, purpose):
    """
    Changes a circuit's purpose. Currently, two purposes are recognized...
      * general
      * controller

    :param str circuit_id: id of the circuit whose purpose is to be changed
    :param str purpose: purpose (either 'general' or 'controller')

    :raises: :class:`stem.InvalidArguments` if the circuit doesn't exist or if the purpose was invalid
    """

    response = self.msg('SETCIRCUITPURPOSE %s purpose=%s' % (circuit_id, purpose))
    stem.response.convert('SINGLELINE', response)

    if not response.is_ok():
      if response.code == '552':
        raise stem.InvalidRequest(response.code, response.message)
      else:
        raise stem.ProtocolError('SETCIRCUITPURPOSE returned unexpected response code: %s' % response.code)

  def close_circuit(self, circuit_id, flag = ''):
    """
    Closes the specified circuit.

    :param str circuit_id: id of the circuit to be closed
    :param str flag: optional value to modify closing, the only flag available
      is 'IfUnused' which will not close the circuit unless it is unused

    :raises: :class:`stem.InvalidArguments` if the circuit is unknown
    :raises: :class:`stem.InvalidRequest` if not enough information is provided
    """

    response = self.msg('CLOSECIRCUIT %s %s' % (circuit_id, flag))
    stem.response.convert('SINGLELINE', response)

    if not response.is_ok():
      if response.code in ('512', '552'):
        if response.message.startswith('Unknown circuit '):
          raise stem.InvalidArguments(response.code, response.message, [circuit_id])
        raise stem.InvalidRequest(response.code, response.message)
      else:
        raise stem.ProtocolError('CLOSECIRCUIT returned unexpected response code: %s' % response.code)

  @with_default()
  def get_streams(self, default = UNDEFINED):
    """
    get_streams(default = UNDEFINED)

    Provides the list of streams tor is currently handling.

    :param object default: response if the query fails

    :returns: list of :class:`stem.response.events.StreamEvent` objects

    :raises: :class:`stem.ControllerError` if the call fails and no default was
      provided
    """

    streams = []
    response = self.get_info('stream-status')

    for stream in response.splitlines():
      message = stem.socket.recv_message(StringIO('650 STREAM ' + stream + '\r\n'))
      stem.response.convert('EVENT', message, arrived_at = 0)
      streams.append(message)

    return streams

  def attach_stream(self, stream_id, circuit_id, exiting_hop = None):
    """
    Attaches a stream to a circuit.

    Note: Tor attaches streams to circuits automatically unless the
    __LeaveStreamsUnattached configuration variable is set to '1'

    :param str stream_id: id of the stream that must be attached
    :param str circuit_id: id of the circuit to which it must be attached
    :param int exiting_hop: hop in the circuit where traffic should exit

    :raises:
      * :class:`stem.InvalidRequest` if the stream or circuit id were unrecognized
      * :class:`stem.UnsatisfiableRequest` if the stream isn't in a state where it can be attached
      * :class:`stem.OperationFailed` if the stream couldn't be attached for any other reason
    """

    query = 'ATTACHSTREAM %s %s' % (stream_id, circuit_id)

    if exiting_hop:
      query += ' HOP=%s' % exiting_hop

    response = self.msg(query)
    stem.response.convert('SINGLELINE', response)

    if not response.is_ok():
      if response.code == '552':
        raise stem.InvalidRequest(response.code, response.message)
      elif response.code == '551':
        raise stem.OperationFailed(response.code, response.message)
      elif response.code == '555':
        raise stem.UnsatisfiableRequest(response.code, response.message)
      else:
        raise stem.ProtocolError('ATTACHSTREAM returned unexpected response code: %s' % response.code)

  def close_stream(self, stream_id, reason = stem.RelayEndReason.MISC, flag = ''):
    """
    Closes the specified stream.

    :param str stream_id: id of the stream to be closed
    :param stem.RelayEndReason reason: reason the stream is closing
    :param str flag: not currently used

    :raises:
      * :class:`stem.InvalidArguments` if the stream or reason are not recognized
      * :class:`stem.InvalidRequest` if the stream and/or reason are missing
    """

    # there's a single value offset between RelayEndReason.index_of() and the
    # value that tor expects since tor's value starts with the index of one

    response = self.msg('CLOSESTREAM %s %s %s' % (stream_id, stem.RelayEndReason.index_of(reason) + 1, flag))
    stem.response.convert('SINGLELINE', response)

    if not response.is_ok():
      if response.code in ('512', '552'):
        if response.message.startswith('Unknown stream '):
          raise stem.InvalidArguments(response.code, response.message, [stream_id])
        elif response.message.startswith('Unrecognized reason '):
          raise stem.InvalidArguments(response.code, response.message, [reason])
        raise stem.InvalidRequest(response.code, response.message)
      else:
        raise stem.ProtocolError('CLOSESTREAM returned unexpected response code: %s' % response.code)

  def signal(self, signal):
    """
    Sends a signal to the Tor client.

    :param stem.Signal signal: type of signal to be sent

    :raises: :class:`stem.InvalidArguments` if signal provided wasn't recognized
    """

    response = self.msg('SIGNAL %s' % signal)
    stem.response.convert('SINGLELINE', response)

    if response.is_ok():
      if signal == stem.Signal.NEWNYM:
        self._last_newnym = time.time()
    else:
      if response.code == '552':
        raise stem.InvalidArguments(response.code, response.message, [signal])

      raise stem.ProtocolError('SIGNAL response contained unrecognized status code: %s' % response.code)

  def is_newnym_available(self):
    """
    Indicates if tor would currently accept a NEWNYM signal. This can only
    account for signals sent via this controller.

    .. versionadded:: 1.2.0

    :returns: **True** if tor would currently accept a NEWNYM signal, **False**
      otherwise
    """

    if self.is_alive():
      return self.get_newnym_wait() == 0.0
    else:
      return False

  def get_newnym_wait(self):
    """
    Provides the number of seconds until a NEWNYM signal would be respected.
    This can only account for signals sent via this controller.

    .. versionadded:: 1.2.0

    :returns: **float** for the number of seconds until tor would respect
      another NEWNYM signal
    """

    return max(0.0, self._last_newnym + 10 - time.time())

  @with_default()
  def get_effective_rate(self, default = UNDEFINED, burst = False):
    """
    get_effective_rate(default = UNDEFINED, burst = False)

    Provides the maximum rate this relay is configured to relay in bytes per
    second. This is based on multiple torrc parameters if they're set...

    * Effective Rate = min(BandwidthRate, RelayBandwidthRate, MaxAdvertisedBandwidth)
    * Effective Burst = min(BandwidthBurst, RelayBandwidthBurst)

    .. versionadded:: 1.3.0

    :param object default: response if the query fails
    :param bool burst: provides the burst bandwidth, otherwise this provides
      the standard rate

    :returns: **int** with the effective bandwidth rate in bytes per second

    :raises: :class:`stem.ControllerError` if the call fails and no default was
      provided
    """

    if not burst:
      attributes = ('BandwidthRate', 'RelayBandwidthRate', 'MaxAdvertisedBandwidth')
    else:
      attributes = ('BandwidthBurst', 'RelayBandwidthBurst')

    value = None

    for attr in attributes:
      attr_value = int(self.get_conf(attr))

      if attr_value == 0 and attr.startswith('Relay'):
        continue  # RelayBandwidthRate and RelayBandwidthBurst default to zero

      value = min(value, attr_value) if value else attr_value

    return value

  def is_geoip_unavailable(self):
    """
    Provides **True** if we've concluded hat our geoip database is unavailable,
    **False** otherwise. This is determined by having our 'GETINFO
    ip-to-country/\*' lookups fail so this will default to **False** if we
    aren't making those queries.

    Geoip failures will be untracked if caching is disabled.

    :returns: **bool** to indicate if we've concluded our geoip database to be
      unavailable or not
    """

    return self._geoip_failure_count >= GEOIP_FAILURE_THRESHOLD

  def map_address(self, mapping):
    """
    Map addresses to replacement addresses. Tor replaces subseqent connections
    to the original addresses with the replacement addresses.

    If the original address is a null address, i.e., one of '0.0.0.0', '::0', or
    '.' Tor picks an original address itself and returns it in the reply. If the
    original address is already mapped to a different address the mapping is
    removed.

    :param dict mapping: mapping of original addresses to replacement addresses

    :raises:
      * :class:`stem.InvalidRequest` if the addresses are malformed
      * :class:`stem.OperationFailed` if Tor couldn't fulfill the request

    :returns: **dict** with 'original -> replacement' address mappings
    """

    mapaddress_arg = ' '.join(['%s=%s' % (k, v) for (k, v) in list(mapping.items())])
    response = self.msg('MAPADDRESS %s' % mapaddress_arg)
    stem.response.convert('MAPADDRESS', response)

    return response.entries

  def drop_guards(self):
    """
    Drops our present guard nodes and picks a new set.

    .. versionadded:: 1.2.0

    :raises: :class:`stem.ControllerError` if Tor couldn't fulfill the request
    """

    if self.get_version() < stem.version.Requirement.DROPGUARDS:
      raise stem.UnsatisfiableRequest(message = 'DROPGUARDS was added in tor version %s' % stem.version.Requirement.DROPGUARDS)

    self.msg('DROPGUARDS')

  def _post_authentication(self):
    super(Controller, self)._post_authentication()

    # try to re-attach event listeners to the new instance

    with self._event_listeners_lock:
      try:
        failed_events = self._attach_listeners()[1]

        if failed_events:
          # remove our listeners for these so we don't keep failing
          for event_type in failed_events:
            del self._event_listeners[event_type]

          logging_id = 'stem.controller.event_reattach-%s' % '-'.join(failed_events)
          log.log_once(logging_id, log.WARN, 'We were unable to re-attach our event listeners to the new tor instance for: %s' % ', '.join(failed_events))
      except stem.ProtocolError as exc:
        log.warn('Unable to issue the SETEVENTS request to re-attach our listeners (%s)' % exc)

    # issue TAKEOWNERSHIP if we're the owning process for this tor instance

    owning_pid = self.get_conf('__OwningControllerProcess', None)

    if owning_pid == str(os.getpid()) and self.is_localhost():
      response = self.msg('TAKEOWNERSHIP')
      stem.response.convert('SINGLELINE', response)

      if response.is_ok():
        # Now that tor is tracking our ownership of the process via the control
        # connection, we can stop having it check for us via our pid.

        try:
          self.reset_conf('__OwningControllerProcess')
        except stem.ControllerError as exc:
          log.warn("We were unable to reset tor's __OwningControllerProcess configuration. It will continue to periodically check if our pid exists. (%s)" % exc)
      else:
        log.warn('We were unable assert ownership of tor through TAKEOWNERSHIP, despite being configured to be the owning process through __OwningControllerProcess. (%s)' % response)

  def _handle_event(self, event_message):
    stem.response.convert('EVENT', event_message, arrived_at = time.time())

    with self._event_listeners_lock:
      for event_type, event_listeners in list(self._event_listeners.items()):
        if event_type == event_message.type:
          for listener in event_listeners:
            listener(event_message)

  def _attach_listeners(self):
    """
    Attempts to subscribe to the self._event_listeners events from tor. This is
    a no-op if we're not currently authenticated.

    :returns: tuple of the form (set_events, failed_events)

    :raises: :class:`stem.ControllerError` if unable to make our request to tor
    """

    set_events, failed_events = [], []

    with self._event_listeners_lock:
      if self.is_authenticated():
        # try to set them all
        response = self.msg('SETEVENTS %s' % ' '.join(self._event_listeners.keys()))

        if response.is_ok():
          set_events = list(self._event_listeners.keys())
        else:
          # One of the following likely happened...
          #
          # * Our user attached listeners before having an authenticated
          #   connection, so we couldn't check if we met the version
          #   requirement.
          #
          # * User attached listeners to one tor instance, then connected us to
          #   an older tor instancce.
          #
          # * Some other controller hiccup (far less likely).
          #
          # See if we can set some subset of our events.

          for event in list(self._event_listeners.keys()):
            response = self.msg('SETEVENTS %s' % ' '.join(set_events + [event]))

            if response.is_ok():
              set_events.append(event)
            else:
              failed_events.append(event)

    return (set_events, failed_events)


def _parse_circ_path(path):
  """
  Parses a circuit path as a list of **(fingerprint, nickname)** tuples. Tor
  circuit paths are defined as being of the form...

  ::

    Path = LongName *("," LongName)
    LongName = Fingerprint [ ( "=" / "~" ) Nickname ]

    example:
    $999A226EBED397F331B612FE1E4CFAE5C1F201BA=piyaz

  ... *unless* this is prior to tor version 0.2.2.1 with the VERBOSE_NAMES
  feature turned off (or before version 0.1.2.2 where the feature was
  introduced). In that case either the fingerprint or nickname in the tuple
  will be **None**, depending on which is missing.

  ::

    Path = ServerID *("," ServerID)
    ServerID = Nickname / Fingerprint

    example:
    $E57A476CD4DFBD99B4EE52A100A58610AD6E80B9,hamburgerphone,PrivacyRepublic14

  :param str path: circuit path to be parsed

  :returns: list of **(fingerprint, nickname)** tuples, fingerprints do not have a proceeding '$'

  :raises: :class:`stem.ProtocolError` if the path is malformed
  """

  if path:
    try:
      return [_parse_circ_entry(entry) for entry in path.split(',')]
    except stem.ProtocolError as exc:
      # include the path with the exception
      raise stem.ProtocolError('%s: %s' % (exc, path))
  else:
    return []


def _parse_circ_entry(entry):
  """
  Parses a single relay's 'LongName' or 'ServerID'. See the
  :func:`~stem.control._parse_circ_path` function for more information.

  :param str entry: relay information to be parsed

  :returns: **(fingerprint, nickname)** tuple

  :raises: :class:`stem.ProtocolError` if the entry is malformed
  """

  if '=' in entry:
    # common case
    fingerprint, nickname = entry.split('=')
  elif '~' in entry:
    # this is allowed for by the spec, but I've never seen it used
    fingerprint, nickname = entry.split('~')
  elif entry[0] == '$':
    # old style, fingerprint only
    fingerprint, nickname = entry, None
  else:
    # old style, nickname only
    fingerprint, nickname = None, entry

  if fingerprint is not None:
    if not stem.util.tor_tools.is_valid_fingerprint(fingerprint, True):
      raise stem.ProtocolError('Fingerprint in the circuit path is malformed (%s)' % fingerprint)

    fingerprint = fingerprint[1:]  # strip off the leading '$'

  if nickname is not None and not stem.util.tor_tools.is_valid_nickname(nickname):
    raise stem.ProtocolError('Nickname in the circuit path is malformed (%s)' % nickname)

  return (fingerprint, nickname)


@with_default()
def _case_insensitive_lookup(entries, key, default = UNDEFINED):
  """
  Makes a case insensitive lookup within a list or dictionary, providing the
  first matching entry that we come across.

  :param list,dict entries: list or dictionary to be searched
  :param str key: entry or key value to look up
  :param object default: value to be returned if the key doesn't exist

  :returns: case insensitive match or default if one was provided and key wasn't found

  :raises: **ValueError** if no such value exists
  """

  if entries is not None:
    if isinstance(entries, dict):
      for k, v in list(entries.items()):
        if k.lower() == key.lower():
          return v
    else:
      for entry in entries:
        if entry.lower() == key.lower():
          return entry

  raise ValueError("key '%s' doesn't exist in dict: %s" % (key, entries))