3 gY2@sddlmZddlZddlZddlZddlZddlZddlmZm Z ddl Z ddl m Z ddlmZddlmZyddlZejZWn,eefk rdZGdd d eZYnXyeZWn$ek rGd d d eZYnXdd lmZmZmZmZdd l m!Z!m"Z"ddl#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ej-e.Z/dddZ0ej1dddZ2Gddde3Z4Gdddee3ZGdddeZ5Gddde5Z6ddZ7ere5Z8e6Z5ne4Z5dS))absolute_importN)errortimeout)six)HTTPConnection) HTTPExceptionc@s eZdZdS) BaseSSLErrorN)__name__ __module__ __qualname__r r C/Users/olari/OneDrive/sandbox/awsBlog2/lambda/urllib3/connection.pyr sr c@s eZdZdS)ConnectionErrorN)r r r r r r rrsr)NewConnectionErrorConnectTimeoutErrorSubjectAltNameWarningSystemTimeWarning)match_hostnameCertificateError)resolve_cert_reqsresolve_ssl_versionassert_fingerprintcreate_urllib3_contextssl_wrap_socket) connection)HTTPHeaderDictPi)httphttpsic@seZdZdZdS)DummyConnectionz-Used to detect a failed ConnectionCls import.N)r r r __doc__r r r rr Asr c@sVeZdZdZedZejejdfgZ dZ ddZ ddZ d d Z d d ZdddZd S)ra{ Based on httplib.HTTPConnection but provides an extra constructor backwards-compatibility layer between older and newer Pythons. Additional keyword parameters are used to configure attributes of the connection. Accepted parameters include: - ``strict``: See the documentation on :class:`urllib3.connectionpool.HTTPConnectionPool` - ``source_address``: Set the source address for the current connection. .. note:: This is ignored for Python 2.6. It is only applied for 2.7 and 3.x - ``socket_options``: Set specific options on the underlying socket. If not specified, then defaults are loaded from ``HTTPConnection.default_socket_options`` which includes disabling Nagle's algorithm (sets TCP_NODELAY to 1) unless the connection is behind a proxy. For example, if you wish to enable TCP Keep Alive in addition to the defaults, you might pass:: HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ] Or you may want to disable the defaults by passing an empty list (e.g., ``[]``). rrFcOsZtjr|jdd|jd|_tjdkr4|jdd|jd|j|_t j |f||dS)Nstrictsource_addresssocket_options)r$r%) rPY3popgetr#sys version_infodefault_socket_optionsr&_HTTPConnection__init__)selfargskwr r rr.js    zHTTPConnection.__init__cCsi}|jr|j|d<|jr$|j|d<ytj|j|jf|jf|}Wnftk rz}zt|d|j|jfWYdd}~Xn0t k r}zt |d|WYdd}~XnX|S)zp Establish a socket connection and set nodelay settings on it. :return: New socket connection. r#r&z0Connection to %s timed out. (connect timeout=%s)Nz(Failed to establish a new connection: %s) r#r&rcreate_connectionhostportr SocketTimeoutr SocketErrorr)r/extra_kwconner r r _new_conns    zHTTPConnection._new_conncCs$||_t|ddr |jd|_dS)N _tunnel_hostr)sockgetattr_tunnel auto_open)r/r8r r r _prepare_conns zHTTPConnection._prepare_conncCs|j}|j|dS)N)r:r@)r/r8r r rconnectszHTTPConnection.connectNc Cst|dk r|ni}d|k}d|k}|j||||dx |jD]\}}|j||q@Wd|krl|jdd|j|dk rtjtjf} t|| r|f}xj|D]b} | sqt| tjs| j d} t t | d d} |j | j d |j d |j | |j d qW|j d dS) z Alternative to the common request method, which sends the body with chunked encoding and not as one block Nzaccept-encodingr3)skip_accept_encoding skip_hostztransfer-encodingzTransfer-Encodingchunkedutf8r$zutf-8s s0 ) r putrequestitems putheader endheadersr string_types binary_type isinstanceencodehexlensend) r/methodurlbodyheadersrBrCheadervalueZstringish_typeschunkZlen_strr r rrequest_chunkeds8        zHTTPConnection.request_chunked)NN)r r r r!port_by_scheme default_portsocket IPPROTO_TCP TCP_NODELAYr, is_verifiedr.r:r@rArXr r r rrFs rc@s8eZdZedZdZddddejdfddZddZ dS)HTTPSConnectionrNc Ks8tj|||f||d|||_||_||_d|_dS)N)r"rr)rr.key_file cert_file ssl_context _protocol) r/r3r4r`rar"rrbr1r r rr.s zHTTPSConnection.__init__cCsN|j}|j||jdkr2ttdtdd|_t||j|j|jd|_ dS)N) ssl_version cert_reqs)r<keyfilecertfilerb) r:r@rbrrrrr`rar<)r/r8r r rrAs  zHTTPSConnection.connect) r r r rYrZrdr[_GLOBAL_DEFAULT_TIMEOUTr.rAr r r rr_s  r_c@s6eZdZdZdZdZdZdZdZdddZ ddZ dS)VerifiedHTTPSConnectionz[ Based on httplib.HTTPSConnection but wraps the socket with SSL certification. NcCsn|dkr(|s|rd}n|jdk r(|jj}||_||_||_||_||_|oTtjj ||_ |oftjj ||_ dS)zX This method should only be called once, before the connection is used. N CERT_REQUIRED) rb verify_moder`rareassert_hostnamerospath expanduserca_certs ca_cert_dir)r/r`rarerprlrrqr r rset_certs  z VerifiedHTTPSConnection.set_certc CsL|j}|j}t|ddr4||_|jd|_|j}tjj t k}|rXt j dj t t|jdkr|tt|jt|jd|_|j}t|j|_t||j|j|j|j||d|_|jrt|jjdd|jnb|jtjkot|dd  o|jd k r.|jj}|j d fst j d j |t!t"||jp*||jtj#kpD|jdk |_$dS) Nr;rzWSystem time is way off (before {0}). This will probably lead to SSL verification errors)rdre)r<rfrgrprqserver_hostnamerbT) binary_formcheck_hostnameFsubjectAltNamezCertificate for {0} has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.))%r:r3r=r<r>r?r;datetimedatetoday RECENT_DATEwarningswarnformatrrbrrrdrrerkrr`rarprqr getpeercertssl CERT_NONErlr)r_match_hostnamerjr^)r/r8hostname is_time_offcontextcertr r rrAsT        zVerifiedHTTPSConnection.connect)NNNNNNN) r r r r!rerprqrdrrrrAr r r rris ricCsLyt||Wn8tk rF}ztjd||||_WYdd}~XnXdS)Nz@Certificate did not match expected hostname: %s. Certificate: %s)rrlogrZ _peer_cert)rZasserted_hostnamer9r r rrbsr)9 __future__rrwloggingrmr*r[rr6rr5r{packagesrZpackages.six.moves.http_clientrr-rrSSLErrorr ImportErrorAttributeError BaseExceptionr NameError Exception exceptionsrrrrpackages.ssl_match_hostnamerrZ util.ssl_rrrrrutilr _collectionsr getLoggerr rrYrxrzobjectr r_rirUnverifiedHTTPSConnectionr r r rsN         &l