U l a_! @sddlZddlZddlZddlZddlZddlmZmZmZm Z ddl m Z m Z z ddl Z Wnek rtdZ YnXdddddgZd ZzejjZejZWnek reZZYnXe dk oeeefkZzdd l mZmZWnRek r:zdd lmZdd lmZWnek r4dZdZYnXYnXesRGd ddeZesjdddZddZGdddeZGdddeZd ddZ ddZ!e!ddZ"ddZ#ddZ$dS)!N)urllib http_clientmapfilter)ResolutionErrorExtractionErrorVerifyingHTTPSHandlerfind_ca_bundle is_available cert_paths opener_fora /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem /usr/local/share/certs/ca-root-nss.crt /etc/ssl/ca-bundle.pem )CertificateErrormatch_hostname)r )rc@s eZdZdS)r N)__name__ __module__ __qualname__rrWC:\Users\vtejo\AppData\Local\Temp\pip-unpacked-wheel-wx4infiz\setuptools\ssl_support.pyr 6sr c Csg}|s dS|d}|d}|dd}|d}||krLtdt||s`||kS|dkrt|dn>|d s|d r|t|n|t| d d |D]}|t|qt d d |dtj } | |S)zqMatching according to RFC 6125, section 6.4.3 https://tools.ietf.org/html/rfc6125#section-6.4.3 F.rrN*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)splitcountr reprlowerappend startswithreescapereplacecompilejoin IGNORECASEmatch) dnhostnameZ max_wildcardsZpatspartsZleftmost remainder wildcardsfragpatrrr_dnsname_match<s,     r+cCs|s tdg}|dd}|D]*\}}|dkr t||r@dS||q |s|ddD]6}|D],\}}|dkrdt||rdS||qdq\t|dkrtd |d tt|fn*t|dkrtd ||d fntd dS)a=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. zempty or no certificatesubjectAltNamerDNSNsubject commonNamerz&hostname %r doesn't match either of %sz, zhostname %r doesn't match %rrz=no appropriate commonName or subjectAltName fields were found) ValueErrorgetr+rlenr r!rr)certr%dnsnamessankeyvaluesubrrrrrs>         rc@s eZdZdZddZddZdS)rz=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_t|dSN) ca_bundle HTTPSHandler__init__)selfr:rrrr<szVerifyingHTTPSHandler.__init__csfdd|S)Ncst|jf|Sr9)VerifyingHTTPSConnr:)hostkwr=rrz2VerifyingHTTPSHandler.https_open..)do_open)r=reqrrAr https_opens z VerifyingHTTPSHandler.https_openN)rrr__doc__r<rFrrrrrsc@s eZdZdZddZddZdS)r>z@Simple verifying connection: no auth, subclasses, timeouts, etc.cKstj||f|||_dSr9)HTTPSConnectionr<r:)r=r?r:r@rrrr<szVerifyingHTTPSConn.__init__cCst|j|jft|dd}t|drHt|ddrH||_||j}n|j}tt drxt j |j d}|j ||d|_nt j |t j |j d|_zt|j|Wn.tk r|jtj|jYnXdS)Nsource_address_tunnel _tunnel_hostcreate_default_context)cafile)server_hostname) cert_reqsca_certs)socketcreate_connectionr?portgetattrhasattrsockrJrKsslrLr: wrap_socket CERT_REQUIREDr getpeercertr shutdown SHUT_RDWRclose)r=rV actual_hostctxrrrconnects.   zVerifyingHTTPSConn.connectN)rrrrGr<r`rrrrr>sr>cCstjt|ptjS)z@Get a urlopen() replacement that uses ca_bundle for verification)rrequest build_openerrr open)r:rrrr s cstfdd}|S)Ncstds||_jS)Nalways_returns)rUrd)argskwargsfuncrrwrappers  zonce..wrapper) functoolswraps)rhrirrgroncesrlcsZz ddl}Wntk r"YdSXGfddd|j}|d|d|jS)Nrcs,eZdZfddZfddZZS)z"get_win_certfile..CertFilecst|t|jdSr9)superr<atexitregisterr]rACertFile __class__rrr<sz+get_win_certfile..CertFile.__init__cs,zt|Wntk r&YnXdSr9)rmr]OSErrorrArprrr]sz(get_win_certfile..CertFile.close)rrrr<r] __classcell__rrq)rrrrqsrqCAROOT) wincertstore ImportErrorrqZaddstorename)rxZ _wincertsrrurget_win_certfiles    r{cCs$ttjjt}tp"t|dp"tS)z*Return an existing CA bundle path, or NoneN)rospathisfiler r{next_certifi_where)Zextant_cert_pathsrrrr s c Cs.ztdWStttfk r(YnXdS)Ncertifi) __import__whereryrrrrrrrsr)r)N)%r|rQrnrrjZsetuptools.extern.six.movesrrrr pkg_resourcesrrrWry__all__striprr rar;rHAttributeErrorobjectr r rZbackports.ssl_match_hostnamer0r+rr>r rlr{r rrrrrs`       6*(