a *Na@sdZddlmZmZddlmZddlmZmZddlm Z ddl m Z ddl m Z ddl mZdd lZd d lmZd d lmZzdd lmZWneyddlmZYn0GdddeZddZd e jfddZd S)zA X509Adapter for use with the requests library. This file contains an implementation of the X509Adapter that will allow users to authenticate a request using an arbitrary X.509 certificate without needing to convert it to a .pem file )PKeyX509)x509)load_pem_private_keyload_der_private_key)Encoding)default_backend)datetime) HTTPAdapterN)PyOpenSSLContext) exceptions) PROTOCOL_TLS)PROTOCOL_SSLv23cs@eZdZdZfddZfddZfddZdd ZZS) X509Adaptera_Adapter for use with X.509 certificates. Provides an interface for Requests sessions to contact HTTPS urls and authenticate with an X.509 cert by implementing the Transport Adapter interface. This class will need to be manually instantiated and mounted to the session :param pool_connections: The number of urllib3 connection pools to cache. :param pool_maxsize: The maximum number of connections to save in the pool. :param max_retries: The maximum number of retries each connection should attempt. Note, this applies only to failed DNS lookups, socket connections and connection timeouts, never to requests where data has made it to the server. By default, Requests does not retry failed connections. If you need granular control over the conditions under which we retry a request, import urllib3's ``Retry`` class and pass that instead. :param pool_block: Whether the connection pool should block for connections. :param bytes cert_bytes: bytes object containing contents of a cryptography.x509Certificate object using the encoding specified by the ``encoding`` parameter. :param bytes pk_bytes: bytes object containing contents of a object that implements ``cryptography.hazmat.primitives.serialization.PrivateFormat`` using the encoding specified by the ``encoding`` parameter. :param password: string or utf8 encoded bytes containing the passphrase used for the private key. None if unencrypted. Defaults to None. :param encoding: Enumeration detailing the encoding method used on the ``cert_bytes`` parameter. Can be either PEM or DER. Defaults to PEM. :type encoding: :class: `cryptography.hazmat.primitives.serialization.Encoding` Usage:: >>> import requests >>> from requests_toolbelt.adapters.x509 import X509Adapter >>> s = requests.Session() >>> a = X509Adapter(max_retries=3, cert_bytes=b'...', pk_bytes=b'...', encoding='...' >>> s.mount('https://', a) cs||dd}|dd}|dd}|dtj}d}|dusPt|tsXtd|dusjt|tsrtdt|tr|}n|r|d}t|||||_ t t |j |i|dS)N cert_bytespk_bytespasswordencodingzXInvalid cert content provided. You must provide an X.509 cert formatted as a byte array.z_Invalid private key content provided. You must provide a private key formatted as a byte array.utf8) _check_versionpoprPEM isinstancebytes ValueErrorencodecreate_ssl_context ssl_contextsuperr__init__)selfargskwargsrrrrZpassword_bytes __class__z/private/var/folders/js/6pj4vh5d4zd0k6bxv74qrbhr0000gr/T/pip-target-22xwyzbs/lib/python/requests_toolbelt/adapters/x509.pyr Ss$     zX509Adapter.__init__cs&|jr|j|d<tt|j|i|SNr)rrrinit_poolmanagerr!r"r#r$r&r'r)os zX509Adapter.init_poolmanagercs&|jr|j|d<tt|j|i|Sr()rrrproxy_manager_forr*r$r&r'r+ts zX509Adapter.proxy_manager_forcCstdurtdtjdS)NzaThe X509Adapter requires at least Requests 2.12.0 to be installed. Version {0} was found instead.)r excZVersionMismatchErrorformatrequests __version__)r!r&r&r'rys zX509Adapter._check_version) __name__ __module__ __qualname____doc__r r)r+r __classcell__r&r&r$r'r#s /   rcCs4t}|j|ks|j|kr0td|j|jdS)z4Verify that the supplied client cert is not invalid.z`Client certificate expired: Not After: {0:%Y-%m-%d %H:%M:%SZ} Not Before: {1:%Y-%m-%d %H:%M:%SZ}N)r utcnowZnot_valid_afterZnot_valid_beforerr-)certnowr&r&r'check_cert_datess r8cCst}d}d}|tjkr2t||}t|||}n,|tjkrVt||}t|||}nt d|rf|snt dt |t t }|j t||j t||S)aCreate an SSL Context with the supplied cert/password. :param cert_bytes array of bytes containing the cert encoded using the method supplied in the ``encoding`` parameter :param pk_bytes array of bytes containing the private key encoded using the method supplied in the ``encoding`` parameter :param password array of bytes containing the passphrase to be used with the supplied private key. None if unencrypted. Defaults to None. :param encoding ``cryptography.hazmat.primitives.serialization.Encoding`` details the encoding method used on the ``cert_bytes`` and ``pk_bytes`` parameters. Can be either PEM or DER. Defaults to PEM. Nz-Invalid encoding provided: Must be PEM or DERz3Cert and key could not be parsed from provided data)rrrrZload_pem_x509_certificaterZDERZload_der_x509_certificaterrr8r PROTOCOLZ_ctxZuse_certificaterZfrom_cryptographyZuse_privatekeyrZfrom_cryptography_key)Z cert_byesrrrbackendr6keyrr&r&r'rs"    r)r3ZOpenSSL.cryptorrZ cryptographyrZ,cryptography.hazmat.primitives.serializationrrrZcryptography.hazmat.backendsrr Zrequests.adaptersr r._compatr r r,_sslrr9 ImportErrorrrr8rrr&r&r&r's&        `