U `?@sddlmZddlZddlZddlZddlZddlmZmZddl m Z m Z m Z ddl mZmZmZmZddlmZdd lmZmZdZdZd Zd Zd Zd gZe e e d Zd dZeedeZ zddl!Z!ddl!m"Z"m#Z#Wne$k rYnXzddl!mZWne$k rYnXzddl%mZWne$k r>YnXzddl!m&Z&e&Z'WnJe$k rzddl!m'Z&e&Z'Wne$k rdZ'Z&YnXYnXzddl!m(Z(m)Z)m*Z*Wn"e$k rd\Z)Z*dZ(YnXzddl!m+Z+Wne$k rdZ+YnXd,dddddd d!d"d#d$d%d&d'd(gZ-zdd)l!mZWn&e$k rdGd*d+d+e.ZYnXd,d-Z/d.d/Z0d0d1Z1dd:d;Z6dS)?)absolute_importN)hexlify unhexlify)md5sha1sha256)InsecurePlatformWarningProxySchemeUnsupportedSNIMissingWarningSSLError)six)BRACELESS_IPV6_ADDRZ_REIPV4_REFzhttp/1.1) (@cCsDtt|t|}tt|t|D]\}}|||AO}q&|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultleftrightr5/tmp/pip-unpacked-wheel-lrd7ngf2/urllib3/util/ssl_.py_const_compare_digest_backportsrcompare_digest) CERT_REQUIRED wrap_socket)HAS_SNI) SSLTransport) PROTOCOL_TLS)PROTOCOL_SSLv23)OP_NO_COMPRESSION OP_NO_SSLv2 OP_NO_SSLv3)iii) OP_NO_TICKETi@:z ECDHE+AESGCMzECDHE+CHACHA20z DHE+AESGCMz DHE+CHACHA20z ECDH+AESGCMz DH+AESGCMzECDH+AESzDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5z!DSS) SSLContextc@s8eZdZddZddZd ddZdd Zdd d ZdS)r,cCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamessl CERT_NONE verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__szSSLContext.__init__cCs||_||_dSN)r4r5)r7r4r5rrrload_cert_chainszSSLContext.load_cert_chainNcCs*||_|dk rtd|dk r&tddS)Nz-CA directories not supported in older Pythonsz&CA data not supported in older Pythons)r2r )r7cafilecapathcadatarrrload_verify_locationss z SSLContext.load_verify_locationscCs ||_dSr9r6)r7Z cipher_suiterrr set_ciphersszSSLContext.set_ciphersFcCs>tdt|j|j|j|j|j|d}t|fd|j i|S)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r5r4r2 cert_reqs ssl_version server_sider6) warningswarnr r5r4r2r1r-r"r6)r7socketserver_hostnamerCkwargsrrrr"s zSSLContext.wrap_socket)NNN)NF)__name__ __module__ __qualname__r8r:r>r@r"rrrrr,s   r,cCsn|dd}t|}t|}|s4td|t|}|| }t ||sjtd|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r+z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodedigest_const_compare_digestr)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprints     r[cCs@|dkr tSt|trIOErrorOSErrorr rort_is_key_file_encryptedr:ruALPN_PROTOCOLSNotImplementedError is_ipaddressr#IS_SECURETRANSPORTrDrEr _ssl_wrap_socket_impl)sockr5r4rAr2rGrBr6 ssl_context ca_cert_dir key_passwordZ ca_cert_data tls_in_tlsrreZuse_sni_hostnameZsend_sniZssl_sockrrrssl_wrap_socketNsN&      rcCs2tjst|tr|d}tt|p.t|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii) r PY2r]bytesdecodeboolrmatchr)hostnamerrrr|s r|c Cs<t|d(}|D]}d|krW5QRdSqW5QRXdS)z*Detects if a key file is encrypted or not.r ENCRYPTEDTF)open)key_fileflinerrrrys  rycCsF|r&tstdt|t|||S|r8|j||dS||SdS)Nz0TLS in TLS requires support for the 'ssl' modulerv)r$r Z$_validate_ssl_context_for_tls_in_tlsr")rrrrGrrrr~s  r~)NNNN) NNNNNNNNNNNF)N)7 __future__rhmacrprmrDbinasciirrhashlibrrr exceptionsr r r r packagesr urlrrr,r$r# IS_PYOPENSSLr}rzrOrr_rTr/r!r" ImportErrorZ ssltransportr%r&r'r(r)r*joinrlobjectr[rcrersrr|ryr~rrrrs        1 [ f