a UwdG? @sVddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZmZddlmZdd lmZmZdZdZd Zd Zd Zd gZe e e d Zd dZeedeZ z4ddl!Z!ddl!mZddl!m"Z"m#Z#ddl$mZWne%yYn0zddl!m&Z&e&Z'WnFe%ybzddl!m'Z&e&Z'Wne%y\dZ'Z&Yn0Yn0zddl!m(Z(m)Z)m*Z*Wn e%yd\Z)Z*dZ(Yn0zddl!m+Z+Wne%ydZ+Yn0d,gdZ-zddl!mZWn$e%y Gddde.ZYn0dd Z/d!d"Z0d#d$Z1d/d%d&Z2d0d'd(Z3d)d*Z4d+d,Z5d1d-d.Z6dS)2)absolute_importN)hexlify unhexlify)md5sha1sha256)InsecurePlatformWarningProxySchemeUnsupportedSNIMissingWarningSSLError)six)BRACELESS_IPV6_ADDRZ_REIPV4_REFzhttp/1.1) (@cCsDtt|t|}tt|t|D]\}}|||AO}q&|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultleftrightr8/Users/ymaher/Downloads/lambdas_org/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest)HAS_SNI) CERT_REQUIRED wrap_socket) SSLTransport) PROTOCOL_TLS)PROTOCOL_SSLv23)OP_NO_COMPRESSION OP_NO_SSLv2 OP_NO_SSLv3)iii) OP_NO_TICKETi@:)z ECDHE+AESGCMzECDHE+CHACHA20z DHE+AESGCMz DHE+CHACHA20z ECDH+AESGCMz DH+AESGCMzECDH+AESzDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5z!DSS) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r,cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamessl CERT_NONE verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__yszSSLContext.__init__cCs||_||_dSN)r4r5)r7r4r5rrrload_cert_chainszSSLContext.load_cert_chainNcCs*||_|durtd|dur&tddS)Nz-CA directories not supported in older Pythonsz&CA data not supported in older Pythons)r2r )r7cafilecapathcadatarrrload_verify_locationss z SSLContext.load_verify_locationscCs ||_dSr9r6)r7Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r5r4r2 cert_reqs ssl_version server_sider6) warningswarnr r5r4r2r1r-r#r6)r7socketserver_hostnamerCkwargsrrrr#s zSSLContext.wrap_socket)NNN)NF)__name__ __module__ __qualname__r8r:r>r@r#rrrrr,xs   r,cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r+z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)certZ fingerprintZ digest_lengthZhashfuncZfingerprint_bytesZ cert_digestrrrassert_fingerprints     rVcCs@|dur tSt|trIOErrorOSErrorr rhrm_is_key_file_encryptedr:rnALPN_PROTOCOLSNotImplementedError is_ipaddressr!IS_SECURETRANSPORTrDrEr _ssl_wrap_socket_impl)sockr5r4rAr2rGrBr6 ssl_context ca_cert_dir key_password ca_cert_data tls_in_tlsrkeZuse_sni_hostnameZsend_sniZssl_sockrrrssl_wrap_socketFsH&        rcCs2tjst|tr|d}tt|p.t|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii) r PY2rWbytesdecodeboolrmatchr)hostnamerrrrus rucCsRt|d4}|D]}d|vrWddSqWdn1sD0YdS)z*Detects if a key file is encrypted or not.rZ ENCRYPTEDNTF)open)key_fileflinerrrrrs  2rrcCsF|r&tstdt|t|||S|r8|j||dS||SdS)Nz0TLS in TLS requires support for the 'ssl' modulero)r$r Z$_validate_ssl_context_for_tls_in_tlsr#)rxryr}rGrrrrws  rw)NNNN) NNNNNNNNNNNF)N)7 __future__rZhmacrirfrDbinasciirrhashlibrrr exceptionsr r r r packagesr urlrrr,r$r! IS_PYOPENSSLrvrsrOrrYrTr/r"r#Z ssltransport ImportErrorr%r&r'r(r)r*joinreobjectrVr]r^rlrrurrrwrrrrs         1 [ f