B ݁[W3@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZddlmZdZdZdZdZe e e d Zd d Zeed eZy,ddlZdd lmZmZmZddlmZWnek rYnXyddlm Z m!Z!m"Z"Wn"ek rd\Z Z!dZ"YnXe#edr2ej$Z$n4yddl%Z%ddZ$Wnek rdddZ$YnXd&ddddddddddd d!d"d#d$d%gZ'ydd&lmZWn.ek rddl(Z(Gd'd(d(e)ZYnXd)d*Z*d+d,Z+d-d.Z,d5d/d0Z-d6d1d2Z.d3d4Z/dS)7)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarning)sixF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrrR/Users/kashii/Desktop/Projects/Workshops/worker-safety/lambda/urllib3/util/ssl_.py_const_compare_digest_backportsrZcompare_digest) wrap_socket CERT_NONEPROTOCOL_SSLv23)HAS_SNI) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSION)iii inet_ptoncCst|tr|d}t|S)Nascii) isinstancebytesdecode ipaddressZ ip_address)_hostrrrr#Ds  cCs t|S)N)socket inet_aton)r)r*rrrr#Js:zTLS13-AES-256-GCM-SHA384zTLS13-CHACHA20-POLY1305-SHA256zTLS13-AES-128-GCM-SHA256z ECDH+AESGCMz ECDH+CHACHA20z DH+AESGCMz DH+CHACHA20z ECDH+AES256z DH+AES256z ECDH+AES128zDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r.cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamesslr verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__vszSSLContext.__init__cCs||_||_dS)N)r5r6)r8r5r6rrrload_cert_chainszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r3r )r8cafilecapathrrrload_verify_locationssz SSLContext.load_verify_locationscCs ||_dS)N)r7)r8Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r6r5r3 cert_reqs ssl_version server_sider7) warningswarnr r6r5r3r2r/rr7)r8r+server_hostnamerAkwargsrrrrszSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r9r:r=r>rrrrrr.us   r.cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r-z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      rXcCs@|dkr tSt|trDEFAULT_CIPHERS CERT_REQUIREDr r!r"r4r2r[r0)r@r?r4r7contextrrrcreate_urllib3_contexts#rdc Cs|} | dkrt|||d} |s"| ry| || Wqtk r\} z t| Wdd} ~ XYqtk r} z| jtjkrt| Wdd} ~ XYqXnt| dddk r| |r| |||dk rt |rt rt r|dk r| j ||dStdt| |S)a All arguments except for server_hostname, ssl_context, and ca_cert_dir have the same meaning as they do when using :func:`ssl.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). N)r7load_default_certs)rDaAn HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)rdr=IOErrorr OSErrorerrnoENOENTr[rer: is_ipaddressIS_SECURETRANSPORTrrrBrCr ) sockr6r5r?r3rDr@r7 ssl_context ca_cert_dirrcerrrssl_wrap_socket#s2   rpc Csztjrt|tr|d}tjg}ttdr8|tj x<|D]4}yt ||Wntj t t fk rlYq>XdSq>WdS)zDetects whether the hostname given is an IP address. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. r$AF_INET6TF)r PY3r%r&r'r+AF_INEThasattrappendrqr#error ValueErrorrg)hostnameZfamiliesafrrrrjhs    rj)NNNN) NNNNNNNNN)0 __future__rrhrBZhmacr+binasciirrhashlibrrr exceptionsr r r packagesr r.r IS_PYOPENSSLrkrLrr[rQr1rrr ImportErrorr r!r"rtr#r(joinrasysobjectrXr^r`rdrprjrrrrs      . = B