B ,^K7@s(ddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZddlmZmZmZdd lmZdZd Zd Zd Ze e e d Zd d ZeedeZy(ddlZddlmZm Z ddlmZWne!k rYnXyddlm"Z"e"Z#WnJe!k rLyddlm#Z"e"Z#Wne!k rFdZ#Z"YnXYnXyddlm$Z$m%Z%m&Z&Wn"e!k rd\Z$Z%dZ&YnXd'dddddddddd d!d"d#d$gZ(ydd%lmZWn&e!k rGd&d'd'e)ZYnXd(d)Z*d*d+Z+d,d-Z,d6d.d/Z-d7d0d1Z.d2d3Z/d4d5Z0dS)8)absolute_importN)hexlify unhexlify)md5sha1sha256)IPV4_REBRACELESS_IPV6_ADDRZ_RE)SSLErrorInsecurePlatformWarningSNIMissingWarning)sixF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrrj/private/var/folders/js/6mbksdm115n9bm0ybwfvd9mc74tjfb/T/pip-install-ut4lx1_p/urllib3/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest) wrap_socket CERT_REQUIRED)HAS_SNI) PROTOCOL_TLS)PROTOCOL_SSLv23) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSION)iii:z ECDHE+AESGCMzECDHE+CHACHA20z DHE+AESGCMz DHE+CHACHA20z ECDH+AESGCMz DH+AESGCMzECDH+AESzDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5z!DSS) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r)cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamessl CERT_NONE verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__kszSSLContext.__init__cCs||_||_dS)N)r1r2)r4r1r2rrrload_cert_chainvszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r/r )r4cafilecapathrrrload_verify_locationszsz SSLContext.load_verify_locationscCs ||_dS)N)r3)r4Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r2r1r/ cert_reqs ssl_version server_sider3) warningswarnr r2r1r/r.r*r r3)r4socketserver_hostnamer=kwargsrrrr szSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r5r6r9r:r rrrrr)js   r)cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r(z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints     rUcCs@|dkr tSt|trr?r) sockr2r1r;r/rAr<r3 ssl_context ca_cert_dirZ key_passwordrferrrssl_wrap_socket(s8 rucCs2tjst|tr|d}tt|p.t|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii) rPY2rWbytesdecodeboolr matchr )hostnamerrrros roc Cs4t|d }x|D]}d|krdSqWWdQRXdS)z*Detects if a key file is encrypted or not.rZ ENCRYPTEDTNF)open)key_fileflinerrrrns   rn)NNNN) NNNNNNNNNN)1 __future__rrkr>hmacrdbinasciirrhashlibrrrurlr r exceptionsr r rpackagesrr)r" IS_PYOPENSSLrprIrrYrNr,r r! ImportErrorr#r$r%r&r'joinrcobjectrUr\r^rgrurornrrrrs       . M O