U
|
���� ý°d´���ã��������������������@���s ���d�Z�d�d�l�m�Z���d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m�Z�m�Z���e�j�rJd�d�l m
|
Z
|
��d�Z�G�d�d �d e��Z d�d
|
d�d�d d��d�d��Z�d�d�d�d��d�d��Z�d�d�d�d�d�d��d�d��Z�d�S�)�zHThe match_hostname() function from Python 3.5, essential when using SSL.é����)�Ú�annotationsN)�Ú�IPv4AddressÚ�IPv6Addressé����)�Ú�_TYPE_PEER_CERT_RET_DICTz�3.5.0.1c��������������������@���s����e�Z�d�Z�d�S�)�Ú�CertificateErrorN)�Ú�__name__Ú
|
__module__Ú�__qualname__©�r����r����úVd:\z\workplace\vscode\pyvenv\venv\Lib\site-packages\urllib3/util/ssl_match_hostname.pyr��������s������r����z
|
typing.AnyÚ�strÚ�intz�typing.Match[str] | None | bool)�Ú�dnÚ�hostnameÚ max_wildcardsÚ�returnc������������
|
�������C���sö���g�}�|�s�d�S�|� �d�¡�}�|�d���}�|�d�d�
���}�|� �d�¡�}�|�|�k�rLt�d�t�|������|�sdt�|� �¡�|� �¡�k��S�|�d�k�rx|� �d�¡���n>|� �d ¡�s|� �d ¡�r|� �t� |�¡�¡���n�|� �t� |�¡�
|
d
|
d�¡�¡���|�D�]�}�|� �t� |�¡�¡���qºt� �d�d �|�¡���d���t�j ¡�} | �|�¡�S�)�zhMatching according to RFC 6125, section 6.4.3
|
|
http://tools.ietf.org/html/rfc6125#section-6.4.3
|
FÚ�.r����r����NÚ�*z,too many wildcards in certificate DNS name: z�[^.]+z�xn--z�\*z�[^.]*z�\Az�\.z�\Z)�Ú�splitÚ�countr����Ú�reprÚ�boolÚ�lowerÚ�appendÚ
|
startswithÚ�reÚ�escapeÚ�replaceÚ�compileÚ�joinÚ
|
IGNORECASEÚ�match)
|
r����r����r����Z�patsÚ�partsZ�leftmostÚ remainderÚ wildcardsÚ�fragÚ�patr����r����r����Ú�_dnsname_match����s,�����������
|
|
|
ÿ����������������������r(���z�IPv4Address | IPv6Addressr����)�Ú�ipnameÚ�host_ipr����c��������������������C���s����t� �|� �¡�¡�}�t�|�j�|�j�k��S�)�a
���Exact matching of IP addresses.
|
|
RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded
|
bytes of the IP address. An IP version 4 address is 4 octets, and an IP
|
version 6 address is 16 octets. [...] A reference identity of type IP-ID
|
matches if the address is identical to an iPAddress value of the
|
subjectAltName extension of the certificate."
|
)�Ú ipaddressÚ
|
ip_addressÚ�rstripr����Ú�packed)�r)���r*���Ú�ipr����r����r����Ú�_ipaddress_matchP���s��������r0���Fz�_TYPE_PEER_CERT_RET_DICT | NoneÚ�None)�Ú�certr����Ú�hostname_checks_common_namer����c������������ �������C���s���|�s�t�d���z0d�|�k�r0t� �|�d�|� �d�¡�
���¡�}�n
|
t� �|�¡�}�W�n���t�k
|
rT������d�}�Y�n�X�g�}�|� �d�d�¡�}�|�D�]^\�}�}�|�d�k�r|�d�k�rt�|�|��r��d�S�|� �|�¡���qj|�d�k�rj|�d�k r¾t�|�|��r¾��d�S�|� �|�¡���qj|��r&|�d�k��r&|��s&|� �d�d�¡�D�]8}�|�D�].\�}�}�|�d k�rôt�|�|���r�����d�S�|� �|�¡���qôqìt�|��d
|
k��rRt d�|�d�
|
t�t�|��¡�f�����n0t�|��d
|
k��rzt d |��d�|�d�������n�t d���d�S�)�a)���Verify that *cert* (in decoded format as returned by
|
SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
|
rules are followed, but IP addresses are not accepted for *hostname*.
|
|
CertificateError is raised on failure. On success, the function
|
returns nothing.
|
ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDú�%NÚ�subjectAltNamer����Ú�DNSz
|
IP AddressÚ�subjectÚ
|
commonNamer����z&hostname %r doesn't match either of %sz�, z hostname z� doesn't match r����z/no appropriate subjectAltName fields were found) Ú
|
ValueErrorr+���r,���Ú�rfindÚ�getr(���r����r0���Ú�lenr����r ���Ú�mapr����) r2���r����r3���r*���Ú�dnsnamesÚ�sanÚ�keyÚ�valueÚ�subr����r����r����Ú�match_hostname_���sJ����������ÿ������������
|
��������������������������������������������ÿ�ÿ������rC���)�r����)�F)�Ú�__doc__Ú
|
__future__r����r+���r����Ú�typingr����r����Ú TYPE_CHECKINGÚ�ssl_r����Ú�__version__r9���r����r(���r0���rC���r����r����r����r����Ú�<module>����s�������������������������ÿ�8���ý
|
