3 ]50@s@ddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZddlmZddlmZdZd Zd Zd Ze e e d Zd d Zeed eZejdejejej fZ!y(ddl"Z"ddl"m#Z#m$Z$ddl"mZWne%k rYnXyddl"m&Z&e&Z'WnJe%k rdyddl"m'Z&e&Z'Wne%k r^dZ'Z&YnXYnXyddl"m(Z(m)Z)m*Z*Wn"e%k rd7\Z(Z)dZ*YnXdj+ddddddddd d!d"d#d$d%gZ,ydd&l"mZWn&e%k rGd'd(d(e-ZYnXd)d*Z.d+d,Z/d-d.Z0d8d/d0Z1d9d1d2Z2d3d4Z3d5d6Z4dS):)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarning)six) abnf_regexpF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrr4/tmp/pip-build-el9acr48/urllib3/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digestz^(?:%s|%s|%s)$) wrap_socket CERT_REQUIRED)HAS_SNI) PROTOCOL_TLS)PROTOCOL_SSLv23) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONi:z ECDHE+AESGCMzECDHE+CHACHA20z DHE+AESGCMz DHE+CHACHA20z ECDH+AESGCMz DH+AESGCMzECDH+AESzDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5z!DSS) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r)cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamessl CERT_NONE verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__uszSSLContext.__init__cCs||_||_dS)N)r1r2)r4r1r2rrrload_cert_chainszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r/r )r4cafilecapathrrrload_verify_locationssz SSLContext.load_verify_locationscCs ||_dS)N)r3)r4Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tjdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r2r1r/ cert_reqs ssl_version server_sider3) warningswarnr r2r1r/r.r*rr3)r4socketserver_hostnamer=kwargsrrrrszSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r5r6r9r:rrrrrr)ts   r)cCsn|jddj}t|}tj|}|s4tdj|t|j}||j }t ||sjtdj|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r(z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      rUcCs@|dkr tSt|trr?r ) sockr2r1r;r/rAr<r3 ssl_context ca_cert_dirZ key_passwordr`errrssl_wrap_socket"s: rocCs(tjrt|tr|jd}tj|dk S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. asciiN)r PY3rWbytesdecode_IP_ADDRESS_REGEXmatch)hostnamerrrriss ric Cs4t|d }x|D]}d|krdSqWWdQRXdS)z*Detects if a key file is encrypted or not.rZ ENCRYPTEDTNF)open)key_fileflinerrrrhs   rh)r&r')NNNN) NNNNNNNNNN)5 __future__rrer>hmacrebinasciirrhashlibrrr exceptionsr r r packagesr Zpackages.rfc3986r r)r IS_PYOPENSSLrjrIrrYrNcompileZIPv4_REZIPv6_REZIPv6_ADDRZ_RFC4007_RErtr,rr ImportErrorr!r"r#r$r%joinr_objectrUr\r^rarorirhrrrrs        . = N