ó Àfc@s/ddlZddlZddlZddlZddlZddlmZmZmZm Z ddl m Z m Z yddl Z Wnek rdZ nXdddddgZd jƒjƒZyejjZejZWnek rûeZZnXe dk oeeefkZydd l mZmZWnUek r‹y$dd lmZdd lmZWqŒek r‡dZdZqŒXnXes«d efd„ƒYZnesÉdd„Zd„Zndefd„ƒYZdefd„ƒYZ dd„Z!d„Z"e"d„ƒZ#d„Z$d„Z%dS(iÿÿÿÿN(turllibt http_clienttmaptfilter(tResolutionErrortExtractionErrortVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_fors /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem /usr/local/share/certs/ca-root-nss.crt /etc/ssl/ca-bundle.pem (tCertificateErrortmatch_hostname(R (R R cBseZRS((t__name__t __module__(((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR 5sic CsRg}|stS|jdƒ}|d}|d}|jdƒ}||krgtdt|ƒƒ‚n|sƒ|jƒ|jƒkS|dkrŸ|jdƒnY|jdƒs½|jdƒrÖ|jtj |ƒƒn"|jtj |ƒj dd ƒƒx$|D]}|jtj |ƒƒqÿWtj d d j |ƒd tj ƒ} | j|ƒS( spMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 t.iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(tFalsetsplittcountR treprtlowertappendt startswithtretescapetreplacetcompiletjoint IGNORECASEtmatch( tdnthostnamet max_wildcardstpatstpartstleftmostt remaindert wildcardstfragtpat((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyt_dnsname_match;s*    " &cCs[|stdƒ‚ng}|jdd ƒ}xC|D];\}}|dkr4t||ƒr_dS|j|ƒq4q4W|sßxc|jddƒD]L}xC|D];\}}|dkr™t||ƒrÄdS|j|ƒq™q™WqŒWnt|ƒdkrtd|d jtt|ƒƒfƒ‚n;t|ƒdkrKtd ||d fƒ‚n td ƒ‚dS(s=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR)RtlenR RRR(tcertR tdnsnamestsantkeytvaluetsub((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR os.  %cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|ƒdS(N(t ca_bundlet HTTPSHandlert__init__(tselfR7((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR9›s csˆj‡fd†|ƒS(Ncst|ˆj|S(N(tVerifyingHTTPSConnR7(thosttkw(R:(s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyt¡t(tdo_open(R:treq((R:s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyt https_openŸs(R Rt__doc__R9RB(((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR˜s R;cBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(tHTTPSConnectionR9R7(R:R<R7R=((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR9¨scCs+tj|j|jft|ddƒƒ}t|dƒrjt|ddƒrj||_|jƒ|j }n |j}tt dƒr²t j d|j ƒ}|j |d|ƒ|_n$t j |dt jd|j ƒ|_yt|jjƒ|ƒWn4tk r&|jjtjƒ|jjƒ‚nXdS( Ntsource_addresst_tunnelt _tunnel_hosttcreate_default_contexttcafiletserver_hostnamet cert_reqstca_certs(tsockettcreate_connectionR<tporttgetattrtNonethasattrtsockRFRGtsslRHR7t wrap_sockett CERT_REQUIREDR t getpeercertR tshutdownt SHUT_RDWRtclose(R:RSt actual_hosttctx((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pytconnect¬s$$!      (R RRCR9R](((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR;¥s cCs"tjjt|ptƒƒƒjS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rtrequestt build_openerRRtopen(R7((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR Ís cs"tjˆƒ‡fd†ƒ}|S(Ncs+tˆdƒs$ˆ||Žˆ_nˆjS(Ntalways_returns(RRRa(targstkwargs(tfunc(s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pytwrapperÖs(t functoolstwraps(RdRe((Rds:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pytonceÕscsnyddl}Wntk r$dSXd|jf‡fd†ƒY‰ˆƒ}|jdƒ|jdƒ|jS(NiÿÿÿÿtCertFilecs&eZ‡fd†Z‡fd†ZRS(cs'tˆ|ƒjƒtj|jƒdS(N(tsuperR9tatexittregisterRZ(R:(Ri(s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyR9æscs/ytˆ|ƒjƒWntk r*nXdS(N(RjRZtOSError(R:(Ri(s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyRZês (R RR9RZ((Ri(s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyRiåstCAtROOT(t wincertstoret ImportErrorRQRitaddstoretname(Rpt _wincerts((Ris:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pytget_win_certfileÞs    cCs4ttjjtƒ}tƒp3t|dƒp3tƒS(s*Return an existing CA bundle path, or NoneN( RtostpathtisfileR RutnextRQt_certifi_where(textant_cert_paths((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyRös cCs5ytdƒjƒSWntttfk r0nXdS(Ntcertifi(t __import__twhereRqRR(((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pyRzs(&RvRMRkRRftsetuptools.extern.six.movesRRRRt pkg_resourcesRRRTRqRQt__all__tstripRR R^R8RDtAttributeErrortobjectRR R tbackports.ssl_match_hostnameR.R)RR;R RhRuRRz(((s:/usr/lib/python2.7/site-packages/setuptools/ssl_support.pytsP     "          4 ) (