B \5@s@ddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZddlmZddlmZdZd Zd Zd Ze e e d Zd d Zeed eZedejejej fZ!y(ddl"Z"ddl"m#Z#m$Z$ddl"mZWne%k rYnXyddl"m&Z&e&Z'WnJe%k rdyddl"m'Z&e&Z'Wne%k r^dZ'Z&YnXYnXyddl"m(Z(m)Z)m*Z*Wn"e%k rd\Z(Z)dZ*YnXd+dddddddddd d!d"d#d$gZ,ydd%l"mZWn&e%k rGd&d'd'e-ZYnXd(d)Z.d*d+Z/d,d-Z0d6d.d/Z1d7d0d1Z2d2d3Z3d4d5Z4dS)8)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarning)six) abnf_regexpF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrr4/tmp/pip-build-uw_ogi45/urllib3/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digestz^(?:%s|%s|%s)$) wrap_socket CERT_REQUIRED)HAS_SNI) PROTOCOL_TLS)PROTOCOL_SSLv23) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSION)iii:z ECDHE+AESGCMzECDHE+CHACHA20z DHE+AESGCMz DHE+CHACHA20z ECDH+AESGCMz DH+AESGCMzECDH+AESzDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5z!DSS) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r'cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamessl CERT_NONE verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__uszSSLContext.__init__cCs||_||_dS)N)r/r0)r2r/r0rrrload_cert_chainszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r-r )r2cafilecapathrrrload_verify_locationssz SSLContext.load_verify_locationscCs ||_dS)N)r1)r2Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r0r/r- cert_reqs ssl_version server_sider1) warningswarnr r0r/r-r,r(rr1)r2socketserver_hostnamer;kwargsrrrrszSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r3r4r7r8rrrrrr'ts   r'cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r&z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      rScCs@|dkr tSt|trs        . = N