B w\W3@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZddlmZdZdZdZdZe e e d Zd d Zeed eZy,ddlZdd lmZmZmZddlmZWnek rYnXyddlm Z m!Z!m"Z"Wn"ek rd\Z Z!dZ"YnXe#edr2ej$Z$n4yddl%Z%ddZ$Wnek rdddZ$YnXd&ddddddddddd d!d"d#d$d%gZ'ydd&lmZWn.ek rddl(Z(Gd'd(d(e)ZYnXd)d*Z*d+d,Z+d-d.Z,d5d/d0Z-d6d1d2Z.d3d4Z/dS)7)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarning)sixF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrrj/private/var/folders/j5/hv2kzfgs4sl6jnf70fy_2vrc4p3c_b/T/pip-install-d8kq1y21/urllib3/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest) wrap_socket CERT_NONEPROTOCOL_SSLv23)HAS_SNI) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSION)iii inet_ptoncCst|tr|d}t|S)Nascii) isinstancebytesdecode ipaddress ip_address)_hostrrrr$Ds  cCs t|S)N)socket inet_aton)r+r,rrrr$Js:zTLS13-AES-256-GCM-SHA384zTLS13-CHACHA20-POLY1305-SHA256zTLS13-AES-128-GCM-SHA256z ECDH+AESGCMz ECDH+CHACHA20z DH+AESGCMz DH+CHACHA20z ECDH+AES256z DH+AES256z ECDH+AES128zDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r0cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamesslr verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__vszSSLContext.__init__cCs||_||_dS)N)r7r8)r:r7r8rrrload_cert_chainszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r5r )r:cafilecapathrrrload_verify_locationssz SSLContext.load_verify_locationscCs ||_dS)N)r9)r:Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r8r7r5 cert_reqs ssl_version server_sider9) warningswarnr r8r7r5r4r1rr9)r:r-server_hostnamerCkwargsrrrrszSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r;r<r?r@rrrrrr0us   r0cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r/z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      rZcCs@|dkr tSt|trXdSq>WdS)zDetects whether the hostname given is an IP address. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. r%AF_INET6TF)r PY3r&r'r(r-AF_INEThasattrappendrsr$error ValueErrorri)hostnamefamiliesafrrrrlhs    rl)NNNN) NNNNNNNNN)0 __future__rrjrDhmacr-binasciirrhashlibrrr exceptionsr r r packagesr r0r IS_PYOPENSSLrmrNrr]rSr3rrr ImportErrorr!r"r#rvr$r)joinrcsysobjectrZr`rbrfrrrlrrrrs      . = B