3 y\W3)@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZddlmZdZdZdZdZe e e d Zd d Zeed eZy,ddlZdd lmZmZmZddlmZWnek rYnXyddlm Z m!Z!m"Z"Wn"ek rd6\Z Z!dZ"YnXe#edr2ej$Z$n4yddl%Z%ddZ$Wnek rdddZ$YnXdj&dddddddddd d!d"d#d$d%d&gZ'ydd'lmZWn.ek rddl(Z(Gd(d)d)e)ZYnXd*d+Z*d,d-Z+d.d/Z,d7d0d1Z-d8d2d3Z.d4d5Z/dS)9)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarning)sixF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrr6/tmp/pip-install-19gh560x/urllib3/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest) wrap_socket CERT_NONEPROTOCOL_SSLv23)HAS_SNI) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONi inet_ptoncCst|tr|jd}tj|S)Nascii) isinstancebytesdecode ipaddress ip_address)_hostrrrr&Ds  cCs tj|S)N)socket inet_aton)r-r.rrrr&Js:zTLS13-AES-256-GCM-SHA384zTLS13-CHACHA20-POLY1305-SHA256zTLS13-AES-128-GCM-SHA256z ECDH+AESGCMz ECDH+CHACHA20z DH+AESGCMz DH+CHACHA20z ECDH+AES256z DH+AES256z ECDH+AES128zDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r2cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamesslr verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__vszSSLContext.__init__cCs||_||_dS)N)r9r:)r<r9r:rrrload_cert_chainszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r7r )r<cafilecapathrrrload_verify_locationssz SSLContext.load_verify_locationscCs ||_dS)N)r;)r<Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tjdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r:r9r7 cert_reqs ssl_version server_sider;) warningswarnr r:r9r7r6r3rr;)r<r/server_hostnamerEkwargsrrrrszSSLContext.wrap_socket)NN)NF)__name__ __module__ __qualname__r=r>rArBrrrrrr2us   r2cCsn|jddj}t|}tj|}|s4tdj|t|j}||j }t ||sjtdj|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r1z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints      r\cCs@|dkr tSt|tr is_ipaddressIS_SECURETRANSPORTr rrFrGr ) sockr:r9rCr7rHrDr; ssl_context ca_cert_dirrgerrrssl_wrap_socket#s2   rtcCsztjrt|tr|jd}tjg}ttdr8|jtj x<|D]4}yt ||Wntj t t fk rlYq>XdSq>WdS)zDetects whether the hostname given is an IP address. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. r'AF_INET6TF)r PY3r(r)r*r/AF_INEThasattrappendrur&error ValueErrorrk)hostnamefamiliesafrrrrnhs    rn)r$r%)NNNN) NNNNNNNNN)0 __future__rrlrFhmacr/binasciirrhashlibrrr exceptionsr r r packagesr r2r IS_PYOPENSSLrorPrr_rUr5rrr ImportErrorr!r"r#rxr&r+joinresysobjectr\rbrdrhrtrnrrrrs      . = B