U
|
���� ý°dlH��ã��������������������@���s<���U�d�d�l�m�Z���d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�m Z ��d�d�l
|
m�Z�m�Z�m Z ��d�d�l�m�Z�m�Z���d�d�l�m�Z�m�Z���d�Z�d�Z�d Z�d Z�d Z�d
|
g�Z�e�j�e�e�e�e�e�f���Z�e�e�e d��Z�d�d d�d��d�d��Z�d�d�d d�d��d�d��Z e�j!�r"d�d�l"m#Z#��d�d�l$m%Z%m&Z&��d�d�l'm�Z(��G�d�d��d�e&d d��Z)i�Z*d�e+d�<�z¶d�d�l"Z"d�d�l"m,Z,m�Z�m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2m3Z3m�Z�m4Z4��e0Z5e��re e/e�j6j7e�j8��sd Z�d�D�]BZ9z�e:e4e9�e*e:e"d e9���<�W�n���e;k
|
�r������Y��qY�n�X��qd�d�l'm�Z���W�n2��e<k
|
�r�������d!Z-d"Z.d#Z2d$Z3d���Z5Z0d%Z1Y�n�X�e�j=d�e>d�f���Z?d&d�d'd(�d)d*�Z@d+d,d-�d.d/�ZAd+d�d-�d0d1�ZBdNd2d2d2d3d2d2d4d5�d6d7�ZCe�jDdOd9d3d3d2d3d3d2d3d:d3d3d;d<d=d>�d?d@��ZEe�jDdPd9d3d3d2d3d3d2d3d:d3d3d;d�dAd>�dBd@��ZEdQd9d3d3d2d3d3d2d3d:d3d3d;d�dAd>�dCd@�ZEdDd�dE�dFdG�ZFd�d�dH�dIdJ�ZGdRd9d4d�d3dAdK�dLdM�ZHd�S�)Sé����)�Ú�annotationsN)�Ú unhexlify)�Ú�md5Ú�sha1Ú�sha256é����)�Ú�ProxySchemeUnsupportedÚ�SSLErroré����)�Ú�_BRACELESS_IPV6_ADDRZ_REÚ�_IPV4_REFz�http/1.1)�é ���é(���é@���Ú�strÚ�_TYPE_VERSION_INFOÚ�bool)�Ú�implementation_nameÚ�version_infoÚ�returnc��������������������C���sH���|�d�k�r�d�S�|�d�d�
���}�|�d���}�|�d�k�r0|�d�k�pF|�d�k�r@|�d�k�pF|�d k�S�)
|
ad���Return True for CPython 3.8.9+, 3.9.3+ or 3.10+ where setting
|
SSLContext.hostname_checks_common_name to False works.
|
|
PyPy 7.3.7 doesn't work as it doesn't ship with OpenSSL 1.1.1l+
|
so we're waiting for a version of PyPy that works before
|
allowing this function to return 'True'.
|
|
Outside of CPython and PyPy we don't know which implementations work
|
or not so we conservatively use our hostname matching as we know that works
|
on all implementations.
|
|
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
|
https://foss.heptapod.net/pypy/pypy/-/issues/3539#
|
Ú�cpythonFNr����)�é����é����é ���)�r����r����r����)�r����é
|
���©�)�r����r����Z�major_minorÚ�micror����r����úHd:\z\workplace\vscode\pyvenv\venv\Lib\site-packages\urllib3/util/ssl_.pyÚ�_is_bpo_43522_fixed����s�����������������ÿ���ýr����Ú�int)�Ú�openssl_version_numberr����r����r����c��������������������C���s����|�d�k�}�|�p�t�|�|��S�)�NiÏ���)�r����)�r ���r����r����Z�is_openssl_issue_14579_fixedr����r����r����Ú(_is_has_never_check_common_name_reliable9���s
|
���� �������ÿr!���)�Ú
|
VerifyMode)�Ú�LiteralÚ TypedDict)�Ú�SSLTransportc��������������������@���s&���e�Z�d�Z�U�d�e�d�<�d�e�d�<�d�e�d�<�d�S�)�Ú�_TYPE_PEER_CERT_RET_DICTz�tuple[tuple[str, str], ...]Ú�subjectAltNamez'tuple[tuple[tuple[str, str], ...], ...]Ú�subjectr����Z�serialNumberN)�Ú�__name__Ú
|
__module__�__qualname__�__annotations__r����r����r����r����r&���P���s����
|
�����r&���)�Ú�totalz�dict[int, int]Ú�_SSL_VERSION_TO_TLS_VERSION)�Ú CERT_REQUIREDÚ�HAS_NEVER_CHECK_COMMON_NAMEÚ�OP_NO_COMPRESSIONÚ�OP_NO_TICKETÚ�OPENSSL_VERSION_NUMBERÚ�PROTOCOL_TLSÚ�PROTOCOL_TLS_CLIENTÚ�OP_NO_SSLv2Ú�OP_NO_SSLv3Ú
|
SSLContextÚ
|
TLSVersion)�Ú�TLSv1Ú�TLSv1_1Ú�TLSv1_2Ú PROTOCOL_i����i�@��i����i����é����z�bytes | NoneÚ�None)�Ú�certÚ�fingerprintr����c��������������������C���s���|�d�k�r�t�d���|� �d�d�¡� �¡�}�t�|��}�t� �|�¡�}�|�sDt�d�|�����t�|� �¡��}�|�|�� �¡�}�t
|
|�|�¡�st�d�|��d�|� �¡��d����d�S�) zá
|
Checks if given fingerprint matches the supplied certificate.
|
|
:param cert:
|
Certificate as bytes object.
|
:param fingerprint:
|
Fingerprint as string of hexdigits, can be interspersed by colons.
|
Nz�No certificate for the peer.ú�:Ú�z�Fingerprint of invalid length: z&Fingerprints did not match. Expected "z�", got "ú�")�r ���Ú�replaceÚ�lowerÚ�lenÚ�HASHFUNC_MAPÚ�getr����Ú�encodeÚ�digestÚ�hmacÚ�compare_digestÚ�hex)�r@���rA���Ú digest_lengthÚ�hashfuncÚ�fingerprint_bytesÚ�cert_digestr����r����r����Ú�assert_fingerprint���s�����
|
|
��������������ÿrS���z�None | int | strr"���)�Ú candidater����c��������������������C���s@���|�d�k�r�t�S�t�|�t��r<t�t�|�d��}�|�d�k�r8t�t�d�|����}�|�S�|�S�)�aë���
|
Resolves the argument to a numeric constant, which can be passed to
|
the wrap_socket function/method from the ssl module.
|
Defaults to :data:`ssl.CERT_REQUIRED`.
|
If given a string it is assumed to be the name of the constant in the
|
:mod:`ssl` module or its abbreviation.
|
(So you can specify `REQUIRED` instead of `CERT_REQUIRED`.
|
If it's neither `None` nor a string we assume it is already the numeric
|
constant which can directly be passed to wrap_socket.
|
NÚ�CERT_)�r/���Ú
|
isinstancer����Ú�getattrÚ�ssl©�rT���Ú�resr����r����r����Ú�resolve_cert_reqs©���s����������
|
���������r[���c��������������������C���sH���|�d�k�r�t�S�t�|�t��rDt�t�|�d��}�|�d�k�r8t�t�d�|����}�t� �t�|�¡�S�|�S�)�z
|
like resolve_cert_reqs
|
Nr=���)�r4���rV���r����rW���rX���Ú�typingÚ�castr����rY���r����r����r����Ú�resolve_ssl_versionÀ���s����������
|
���������r^���z
|
int | Nonez
|
str | Nonez�ssl.SSLContext)�Ú�ssl_versionÚ cert_reqsÚ�optionsÚ�ciphersÚ�ssl_minimum_versionÚ�ssl_maximum_versionr����c��������������������C���s���t�d�k�r�t�d���|�d�t�t�f�k�rd|�d�k s.|�d�k r8t�d���n,t� �|�t�j�¡�}�t� �|�t�j ¡�}�t
|
j�d�t�d�d����t�t��}�|�d�k r||�|�_ n�t�j�|�_ |�d�k r|�|�_�|�r |� �|�¡���|�d�k�r®t�j�n�|�}�|�d�k�rÞd�}�|�t�O�}�|�t�O�}�|�t�O�}�|�t�O�}�|���j�|�O���_�|�t�j�k��s�t�j�d�k��r�t�|�d d��d�k �r�d
|
|�_�|�t�j�k��r<t��s<|�|�_�d
|
|�_�n�d�|�_�|�|�_�z
|
d�|�_�W�n���t k
|
�rh������Y�n�X�t!|�d���rt"j# �d ¡�}�|��r|�|�_$|�S�)�ac���Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3.
|
|
:param ssl_version:
|
The desired protocol version to use. This will default to
|
PROTOCOL_SSLv23 which will negotiate the highest protocol that both
|
the server and your installation of OpenSSL support.
|
|
This parameter is deprecated instead use 'ssl_minimum_version'.
|
:param ssl_minimum_version:
|
The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value.
|
:param ssl_maximum_version:
|
The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value.
|
Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the
|
default value.
|
:param cert_reqs:
|
Whether to require the certificate verification. This defaults to
|
``ssl.CERT_REQUIRED``.
|
:param options:
|
Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``,
|
``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``.
|
:param ciphers:
|
Which cipher suites to allow the server to select. Defaults to either system configured
|
ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers.
|
:returns:
|
Constructed SSLContext object with specified options
|
:rtype: SSLContext
|
Nz7Can't create an SSLContext object without an ssl modulezZCan't specify both 'ssl_version' and either 'ssl_minimum_version' or 'ssl_maximum_version'zk'ssl_version' option is deprecated and will be removed in urllib3 v2.1.0. Instead use 'ssl_minimum_version'r����)�Ú�categoryÚ
|
stacklevelr����)�r����é����é����Ú�post_handshake_authTFÚ�keylog_filenameÚ SSLKEYLOGFILE)%r8���Ú TypeErrorr4���r5���Ú
|
ValueErrorr.���rI���r9���Ú�MINIMUM_SUPPORTEDÚ�MAXIMUM_SUPPORTEDÚ�warningsÚ�warnÚ�DeprecationWarningÚ�minimum_versionr<���Ú�maximum_versionÚ�set_ciphersrX���r/���r6���r7���r1���r2���ra���Ú�sysr����rW���ri���Ú�IS_PYOPENSSLÚ�verify_modeÚ�check_hostnameÚ�hostname_checks_common_nameÚ�AttributeErrorÚ�hasattrÚ�osÚ�environrj���)�r_���r`���ra���rb���rc���rd���Ú�contextZ sslkeylogfiler����r����r����Ú�create_urllib3_contextÐ���st����#�����������ÿ�������ÿ�������ÿ���������ü����������������
|
������������������������ÿ���þ����������������
|
�������������r���.z socket.socketz�ssl.SSLContext | Nonez�None | str | bytesz�Literal[False]z ssl.SSLSocket)�Ú�sockÚ�keyfileÚ�certfiler`���Ú�ca_certsÚ�server_hostnamer_���rb���Ú�ssl_contextÚ�ca_cert_dirÚ�key_passwordÚ�ca_cert_dataÚ
|
tls_in_tlsr����c ����������� �������C���s����d�S�©�Nr����© r���r���r���r`���r���r
���r_���rb���r���r���r���r���r���r����r����r�����ssl_wrap_socket^���s������r���z ssl.SSLSocket | SSLTransportTypec ����������� �������C���s����d�S�r���r����r���r����r����r����r���q���s������c ���������������
|
���C���sü���|�} | d�k�r�t�|�|�|�d��} |�s&| s&|�rhz�| �|�| |�¡���W�q��t�k
|
rd��}���z�t�|��|��W�5�d�}�~�X�Y�qX�n�|�d�k�rt�| d��r| �¡���|�r|
|
d�k�rt�|��rt�d���|�rÆ|
|
d�k�r¸| �|�|�¡���n�| �|�|�|
|
¡���z�| �t ¡���W�n���t
|
k
|
r�����Y�n�X�t�|�| |�|��}�|�S�)�a����
|
All arguments except for server_hostname, ssl_context, and ca_cert_dir have
|
the same meaning as they do when using :func:`ssl.wrap_socket`.
|
|
:param server_hostname:
|
When SNI is supported, the expected hostname of the certificate
|
:param ssl_context:
|
A pre-made :class:`SSLContext` object. If none is provided, one will
|
be created using :func:`create_urllib3_context`.
|
:param ciphers:
|
A string of ciphers we wish the client to support.
|
:param ca_cert_dir:
|
A directory containing CA certificates in multiple separate files, as
|
supported by OpenSSL's -CApath flag or the capath argument to
|
SSLContext.load_verify_locations().
|
:param key_password:
|
Optional password if the keyfile is encrypted.
|
:param ca_cert_data:
|
Optional string containing CA certificates in PEM format suitable for
|
passing as the cadata parameter to SSLContext.load_verify_locations()
|
:param tls_in_tls:
|
Use SSLTransport to wrap the existing socket.
|
N)�rb����load_default_certsz5Client private key is encrypted, password is required)�r����load_verify_locations�OSErrorr ���r|���r����_is_key_file_encrypted�load_cert_chain�set_alpn_protocols�ALPN_PROTOCOLS�NotImplementedError�_ssl_wrap_socket_impl)�r���r���r���r`���r���r
���r_���rb���r���r���r���r���r���r���Ú�eZ�ssl_sockr����r����r����r������s,����&������������������������������������������z�str | bytes)�Ú�hostnamer����c��������������������C���s,���t�|�t��r�|� �d�¡�}�t�t� �|�¡�p(t� �|�¡��S�)�zæDetects whether the hostname given is an IPv4 or IPv6 address.
|
Also detects IPv6 addresses with Zone IDs.
|
|
:param str hostname: Hostname to examine.
|
:return: True if the hostname is an IP address, False otherwise.
|
�ascii)�rV����bytes�decoder����r�����matchr����)�r���r����r����r�����is_ipaddress���s������
|
|
�r���)�Ú�key_filer����c���������������� ���C���s:���t�|��(}�|�D�]�}�d�|�k�r���W�5�Q�R�£�d�S�q�W�5�Q�R�X�d�S�)�z*Detects if a key file is encrypted or not.Ú ENCRYPTEDTF)�Ú�open)�r���Ú�fÚ�liner����r����r����r���Ü���s
|
|
�������r���)�r���r���r���r
���r����c��������������������C���s4���|�r&t�s�t�d���t� �|�¡���t�|�|�|��S�|�j�|�|�d��S�)�Nz0TLS in TLS requires support for the 'ssl' module)�r
���)�r%���r����Z$_validate_ssl_context_for_tls_in_tls�wrap_socket)�r���r���r���r
���r����r����r����r���ç���s�������������ÿ��
|
���r���)�NNNNNN)�............)�............)�NNNNNNNNNNNF)�N)IÚ
|
__future__r����rL���r}���Ú�socketrv���r\���rp���Ú�binasciir����Ú�hashlibr����r����r����Ú
|
exceptionsr����r ���Ú�urlr����r����r8���r%���r0���rw���Ú�IS_SECURETRANSPORTr���Ú�Tupler����r����r����rH���r����r!���Ú TYPE_CHECKINGrX���r"���Z�typing_extensionsr#���r$���Z�ssltransportZ�SSLTransportTyper&���r.���r,���r/���r1���r2���r3���r4���r5���r6���r7���r9���Ú�PROTOCOL_SSLv23Ú�implementationÚ�namer����Ú�attrrW���r{���Ú�ImportErrorÚ�Unionr���Z�_TYPE_PEER_CERT_RETrS���r[���r^���r���Ú�overloadr���r���r���r���r����r����r����r����Ú�<module>����sÜ���������������������������������������������������������������4����������ý�������������ÿ��������������������
|
��������������������ú����������������������������ó,��������������������������ó,������������������������ó*K� ���ü
|
