3 gY/!@sddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z ddl m Z mZmZdZdZdZdZe e e dZd d Zeed eZy,ddlZdd lmZmZmZdd lmZWnek rYnXyddlmZmZmZWn"ek rd0\ZZdZYnXdj dddddddddddddd d!d"gZ!ydd#lmZWn.ek rrddl"Z"Gd$d%d%e#ZYnXd&d'Z$d(d)Z%d*d+Z&d1d,d-Z'd2d.d/Z(dS)3)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarningF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrrB/Users/olari/OneDrive/sandbox/awsBlog2/lambda/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest) wrap_socket CERT_NONEPROTOCOL_SSLv23)HAS_SNI) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONi:zTLS13-AES-256-GCM-SHA384zTLS13-CHACHA20-POLY1305-SHA256zTLS13-AES-128-GCM-SHA256z ECDH+AESGCMz ECDH+CHACHA20z DH+AESGCMz DH+CHACHA20z ECDH+AES256z DH+AES256z ECDH+AES128zDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5) SSLContextc@s\eZdZdejkodknp*dejkZddZddZdd d Zd d Z dddZ dS)r&rcCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamesslr verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__cszSSLContext.__init__cCs||_||_dS)N)r/r0)r2r/r0rrrload_cert_chainnszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r-r )r2cafilecapathrrrload_verify_locationsrsz SSLContext.load_verify_locationscCs|jstd||_dS)NzYour version of Python does not support setting a custom cipher suite. Please upgrade to Python 2.7, 3.2, or later if you need this functionality.)supports_set_ciphers TypeErrorr1)r2Z cipher_suiterrr set_ciphersxszSSLContext.set_ciphersFcCsTtjdt|j|j|j|j|j|d}|jrDt |fd|j i|St |f|SdS)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r0r/r- cert_reqs ssl_version server_sider1) warningswarnr r0r/r-r,r)r8rr1)r2socketserver_hostnamer=kwargsrrrrszSSLContext.wrap_socket)rr')r()r(r)NN)NF) __name__ __module__ __qualname__sys version_infor8r3r4r7r:rrrrrr&_s    r&cCsn|jddj}t|}tj|}|s4tdj|t|j}||j }t ||sjtdj|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r%z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      rWcCs@|dkr tSt|trr?r ) sockr0r/r;r-rAr<r1 ssl_context ca_cert_dirrcerrrssl_wrap_sockets.  rn)r#r$)NNNN) NNNNNNNNN)) __future__rrhr>hmacbinasciirrhashlibrrr exceptionsr r r r&r IS_PYOPENSSLIS_SECURETRANSPORTrKrr[rPr+rrr ImportErrorr r!r"joinrbrFobjectrWr^r`rdrnrrrrst   : >