fume-manage-python.git

U  
I=®dÆ@ã@s\dZddlmZddlZddlmZddlmZ    ddl
mZzddlm Z Wn$ek
rpGdd    d    eZ YnXdd
lmZmZddlmZzddlmZWn$ek
rÂdZd dlmZYnXddlZddlZd dlmZddlZd dlmZddgZ dZ!ej"ej#j$ej%ej#j&iZ'e(edr@e(ej#dr@ej#j)e'ej*<e(edrhe(ej#drhej#j+e'ej,<e(edre(ej#drej#j-e'ej.<ej/ej#j0ej1ej#j2ej3ej#j2ej#j4iZ5e6dde5 7¡DZ8dZ9ej!Z:ej;j<Z=e >e?¡Z@ddZAddZBdd ZCd!d"ZDd#d$ZEGd%d&d&eFZGer6d.d(d)ZHneZHeHeG_HGd*d+d+eFZId,d-ZJdS)/ab
SSL with SNI_-support for Python 2. Follow these instructions if you would
like to verify SSL certificates in Python 2. Note, the default libraries do
*not* do certificate checking; you need to do additional work to validate
certificates yourself.
 
This needs the following packages installed:
 
* pyOpenSSL (tested with 16.0.0)
* cryptography (minimum 1.3.4, from pyopenssl)
* idna (minimum 2.0, from cryptography)
 
However, pyopenssl depends on cryptography, which depends on idna, so while we
use all three directly here we end up having relatively few packages required.
 
You can install them with the following command:
 
    pip install pyopenssl cryptography idna
 
To activate certificate checking, call
:func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code
before you begin making HTTP requests. This can be done in a ``sitecustomize``
module, or at any other time before your application begins using ``urllib3``,
like this::
 
    try:
        import urllib3.contrib.pyopenssl
        urllib3.contrib.pyopenssl.inject_into_urllib3()
    except ImportError:
        pass
 
Now you can use :mod:`urllib3` as you normally would, and it will support SNI
when the required modules are installed.
 
Activating this module also has the positive side effect of disabling SSL/TLS
compression in Python 2 (see `CRIME attack`_).
 
If you want to configure the default list of supported cipher suites, you can
set the ``urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST`` variable.
 
.. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication
.. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit)
é)Úabsolute_importN)Úx509)Úbackend)Ú_Certificate)ÚUnsupportedExtensionc@seZdZdS)rN)Ú__name__Ú
__module__Ú__qualname__©r
r
ú\D:\z\workplace\VsCode\pyvenv\venv\Lib\site-packages\pip/_vendor/urllib3/contrib/pyopenssl.pyr7sr)ÚtimeoutÚerror)ÚBytesIO)Ú_fileobjecté)Úbackport_makefile)Úsix)ÚutilÚinject_into_urllib3Úextract_from_urllib3TÚPROTOCOL_SSLv3ÚSSLv3_METHODÚPROTOCOL_TLSv1_1ÚTLSv1_1_METHODÚPROTOCOL_TLSv1_2ÚTLSv1_2_METHODccs|]\}}||fVqdS©Nr
)Ú.0ÚkÚvr
r
rÚ    <genexpr>gsr i@cCs4ttt_ttj_tt_ttj_dt_dtj_dS)z7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.TN)Ú_validate_dependencies_metÚPyOpenSSLContextrÚ
SSLContextÚssl_ÚHAS_SNIÚIS_PYOPENSSLr
r
r
rrsscCs.tt_ttj_tt_ttj_dt_dtj_dS)z4Undo monkey-patching by :func:`inject_into_urllib3`.FN)Úorig_util_SSLContextrr#r$Úorig_util_HAS_SNIr%r&r
r
r
rrscCsRddlm}t|dddkr$tdddlm}|}t|dddkrNtddS)    z{
    Verifies that PyOpenSSL's package-level dependencies have been met.
    Throws `ImportError` if they are not met.
    r)Ú
ExtensionsÚget_extension_for_classNzX'cryptography' module missing required functionality.  Try upgrading to v1.3.4 or newer.)ÚX509Ú_x509zS'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.)Zcryptography.x509.extensionsr)ÚgetattrÚImportErrorZOpenSSL.cryptor+)r)r+rr
r
rr!sÿÿr!cCs@dd}d|kr|S||}|dkr(dStjdkr<| d¡}|S)a%
    Converts a dNSName SubjectAlternativeName field to the form used by the
    standard library on the given Python version.
 
    Cryptography produces a dNSName as a unicode string that was idna-decoded
    from ASCII bytes. We need to idna-encode that string to get it back, and
    then on Python 3 we also need to convert to unicode via UTF-8 (the stdlib
    uses PyUnicode_FromStringAndSize on it, which decodes via UTF-8).
 
    If the name cannot be idna-encoded then we return None signalling that
    the name given should be skipped.
    cSsvddlm}zJdD]8}| |¡r|t|d}| d¡| |¡WSq| |¡WS|jjk
rpYdSXdS)zÒ
        Borrowed wholesale from the Python Cryptography Project. It turns out
        that we can't just safely call `idna.encode`: it can explode for
        wildcard names. This avoids that problem.
        r)Úidna)z*.Ú.NÚascii)Úpip._vendorr/Ú
startswithÚlenÚencodeÚcoreÚ    IDNAError)Únamer/Úprefixr
r
rÚidna_encode³s
z'_dnsname_to_stdlib.<locals>.idna_encodeú:N)érúutf-8)ÚsysÚversion_infoÚdecode)r8r:r
r
rÚ_dnsname_to_stdlib¥s
 
rAcCsÌt|dr| ¡}ntt|j}z|j tj¡j    }WnZtj
k
rNgYStjttj tfk
r}zt d|¡gWY¢Sd}~XYnXddtt| tj¡D}| dd| tj¡D¡|S)zU
    Given an PyOpenSSL certificate, provides all the subject alternative names.
    Úto_cryptographyzA problem was encountered with the certificate that prevented urllib3 from finding the SubjectAlternativeName field. This can affect certificate validation. The error was %sNcSsg|]}|dk    rd|fqS)NÚDNSr
©rr8r
r
rÚ
<listcomp>úsþz%get_subj_alt_name.<locals>.<listcomp>css|]}dt|fVqdS)z
IP AddressN)ÚstrrDr
r
rr ÿsz$get_subj_alt_name.<locals>.<genexpr>)ÚhasattrrBrÚopenssl_backendr,Ú
extensionsr*rZSubjectAlternativeNameÚvalueZExtensionNotFoundZDuplicateExtensionrZUnsupportedGeneralNameTypeÚUnicodeErrorÚlogÚwarningÚmaprAZget_values_for_typeZDNSNameÚextendZ    IPAddress)Z    peer_certÚcertÚextÚeÚnamesr
r
rÚget_subj_alt_nameÐs2
 
üü    þ
 
ÿrTc@seZdZdZd!ddZddZddZd    d
ZddZd dZ    ddZ
ddZddZddZ d"ddZddZddZddZd S)#Ú WrappedSocketz§API-compatibility wrapper for Python OpenSSL's Connection-class.
 
    Note: _makefile_refs, _drop() and _reuse() are needed for the garbage
    collector of pypy.
    TcCs"||_||_||_d|_d|_dS©NrF)Ú
connectionÚsocketÚsuppress_ragged_eofsÚ_makefile_refsÚ_closed)ÚselfrWrXrYr
r
rÚ__init__ s
zWrappedSocket.__init__cCs
|j ¡Sr)rXÚfileno©r\r
r
rr^szWrappedSocket.filenocCs*|jdkr|jd8_|jr&| ¡dS)Nré)rZr[Úcloser_r
r
rÚ_decref_socketioss
zWrappedSocket._decref_socketiosc
Osz|jj||}Wnôtjjk
r^}z*|jrB|jdkrBWY¢dStt|W5d}~XYn®tjj    k
r|j 
¡tjjkrYdSYn~tjjk
rÒt  |j|j ¡¡s¾tdn|j||YSYn:tjjk
r}zt d|¡W5d}~XYnX|SdS)N©éÿÿÿÿzUnexpected EOFóúThe read operation timed outúread error: %r)rWÚrecvÚOpenSSLÚSSLÚSysCallErrorrYÚargsÚSocketErrorrFÚZeroReturnErrorÚget_shutdownÚRECEIVED_SHUTDOWNÚ WantReadErrorrÚ wait_for_readrXÚ
gettimeoutrÚErrorÚsslÚSSLError)r\rlÚkwargsÚdatarRr
r
rrhs"
 
 zWrappedSocket.recvc
Os
z|jj||WStjjk
r\}z*|jr@|jdkr@WY¢dStt|W5d}~XYnªtjj    k
r|j 
¡tjjkrYdSYnztjjk
rÐt  |j|j ¡¡s¼tdn|j||YSYn6tjjk
r}zt d|¡W5d}~XYnXdS)Nrcrrfrg)rWÚ    recv_intorirjrkrYrlrmrFrnrorprqrrrrXrsrrtrurv)r\rlrwrRr
r
rry7s 
 
zWrappedSocket.recv_intocCs|j |¡Sr)rXÚ
settimeout)r\rr
r
rrzNszWrappedSocket.settimeoutc
Cs|z|j |¡WStjjk
rDt |j|j ¡¡s<t    YqYqtjj
k
rt}ztt|W5d}~XYqXqdSr) rWÚsendrirjZWantWriteErrorrÚwait_for_writerXrsrrkrmrF)r\rxrRr
r
rÚ_send_until_doneQszWrappedSocket._send_until_donecCs4d}|t|kr0| |||t¡}||7}qdS©Nr)r4r}ÚSSL_WRITE_BLOCKSIZE)r\rxÚ
total_sentÚsentr
r
rÚsendall\sÿzWrappedSocket.sendallcCs|j ¡dSr)rWÚshutdownr_r
r
rrdszWrappedSocket.shutdowncCsL|jdkr:zd|_|j ¡WStjjk
r6YdSXn|jd8_dS)Nr`T)rZr[rWrarirjrtr_r
r
rrahs
 
zWrappedSocket.closeFcCsD|j ¡}|s|S|r(tj tjj|¡Sd| ¡jffft|dS)NÚ
commonName)ÚsubjectÚsubjectAltName)    rWZget_peer_certificateriZcryptoZdump_certificateZ FILETYPE_ASN1Zget_subjectZCNrT)r\Úbinary_formrr
r
rÚgetpeercertrs
þzWrappedSocket.getpeercertcCs
|j ¡Sr)rWZget_protocol_version_namer_r
r
rÚversionszWrappedSocket.versioncCs|jd7_dS©Nr`)rZr_r
r
rÚ_reuseszWrappedSocket._reusecCs&|jdkr| ¡n|jd8_dSr)rZrar_r
r
rÚ_drops
 
zWrappedSocket._dropN)T)F)rrr    Ú__doc__r]r^rbrhryrzr}rrrarrrrr
r
r
rrUs
 
 
rUrdcCs|jd7_t|||ddS)Nr`T)ra)rZr)r\ÚmodeÚbufsizer
r
rÚmakefilesrc@szeZdZdZddZeddZejddZeddZejd    dZd
dZ    dd Z
dddZdddZdddZ dS)r"zÂ
    I am a wrapper class for the PyOpenSSL ``Context`` object. I am responsible
    for translating the interface of the standard library ``SSLContext`` object
    to calls into PyOpenSSL.
    cCs*t||_tj |j¡|_d|_d|_dSrV)Ú_openssl_versionsÚprotocolrirjÚContextÚ_ctxÚ_optionsÚcheck_hostname)r\rr
r
rr]¡s
zPyOpenSSLContext.__init__cCs|jSr)rr_r
r
rÚoptions§szPyOpenSSLContext.optionscCs||_|j |¡dSr)rrZset_options©r\rJr
r
rr«scCst|j ¡Sr)Ú_openssl_to_stdlib_verifyrZget_verify_moder_r
r
rÚverify_mode°szPyOpenSSLContext.verify_modecCs|j t|t¡dSr)rZ
set_verifyÚ_stdlib_to_openssl_verifyÚ_verify_callbackrr
r
rr´scCs|j ¡dSr)rÚset_default_verify_pathsr_r
r
rr¸sz)PyOpenSSLContext.set_default_verify_pathscCs&t|tjr| d¡}|j |¡dS)Nr=)Ú
isinstancerÚ    text_typer5rZset_cipher_list)r\Úciphersr
r
rÚset_ciphers»s
zPyOpenSSLContext.set_ciphersNc
Cs|dk    r| d¡}|dk    r$| d¡}z*|j ||¡|dk    rL|j t|¡Wn4tjjk
r}zt d|¡W5d}~XYnXdS)Nr=z'unable to load trusted certificates: %r)    r5rÚload_verify_locationsrrirjrtrurv)r\ÚcafileÚcapathÚcadatarRr
r
rr¢Às
 
z&PyOpenSSLContext.load_verify_locationscsR|j |¡dk    r>ttjs* d¡|j fdd¡|j |pJ|¡dS)Nr=csSrr
)Ú_©Úpasswordr
rÚ<lambda>Ñrez2PyOpenSSLContext.load_cert_chain.<locals>.<lambda>)rZuse_certificate_chain_filerrÚbinary_typer5Z set_passwd_cbZuse_privatekey_file)r\ÚcertfileÚkeyfiler¨r
r§rÚload_cert_chainÌs
z PyOpenSSLContext.load_cert_chainFTc
CsÂtj |j|¡}t|tjr&| d¡}|dk    r8| |¡|     ¡z| 
¡Wq¸tjjk
rt  || ¡¡sxtdYq@Yq¸tjjk
r²}zt d|¡W5d}~XYq¸Xq¸q@t||S)Nr=zselect timed outzbad handshake: %r)rirjÚ
Connectionrrrrr5Zset_tlsext_host_nameZset_connect_stateÚdo_handshakerqrrrrsrrtrurvrU)r\ÚsockÚserver_sideÚdo_handshake_on_connectrYÚserver_hostnameÚcnxrRr
r
rÚwrap_socketÔs 
 
 zPyOpenSSLContext.wrap_socket)NNN)NN)FTTN)rrr    rr]ÚpropertyrÚsetterrrr¡r¢rrµr
r
r
rr"s&
 
 
 
 
 
úr"cCs|dkSr~r
)r´rZerr_noZ    err_depthZreturn_coder
r
rrôsr)rd)KrÚ
__future__rZOpenSSL.SSLriZcryptographyrZ$cryptography.hazmat.backends.opensslrrHZ)cryptography.hazmat.backends.openssl.x509rZcryptography.x509rr.Ú    ExceptionrXrr rmÚiorrZpackages.backports.makefilerÚloggingruÚpackagesrr>ÚrÚ__all__r%ÚPROTOCOL_TLSrjZ SSLv23_METHODÚPROTOCOL_TLSv1ZTLSv1_METHODrrGrrrrrrÚ    CERT_NONEZVERIFY_NONEÚ CERT_OPTIONALZVERIFY_PEERÚ CERT_REQUIREDZVERIFY_FAIL_IF_NO_PEER_CERTrÚdictÚitemsrrr(r$r#r'Ú    getLoggerrrLrrr!rArTÚobjectrUrr"rr
r
r
rÚ<module>sz+þÿý
 +6Z