3 hf 8@sddlmZddlZddlZddlZddlZddlZddlmZm Z ddl Z ddl m Z ddlmZddlmZyddlZejZWn,eefk rdZGdd d eZYnXyeZWn$ek rGd d d eZYnXdd lmZmZmZmZdd l m!Z!m"Z"ddl#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ej-e.Z/dddZ0ej1dddZ2ej3dZ4Gddde5Z6Gdddee5ZGdddeZ7Gddde7Z8dd Z9ere7Z:e8Z7ne6Z7dS)!)absolute_importN)errortimeout)six)HTTPConnection) HTTPExceptionc@s eZdZdS) BaseSSLErrorN)__name__ __module__ __qualname__r r /usr/lib/python3.6/connection.pyr sr c@s eZdZdS)ConnectionErrorN)r r r r r r rrsr)NewConnectionErrorConnectTimeoutErrorSubjectAltNameWarningSystemTimeWarning)match_hostnameCertificateError)resolve_cert_reqsresolve_ssl_versionassert_fingerprintcreate_urllib3_contextssl_wrap_socket) connection)HTTPHeaderDictPi)httphttpsi z[^-!#$%&'*+.^_`|~0-9a-zA-Z]c@seZdZdZdS)DummyConnectionz-Used to detect a failed ConnectionCls import.N)r r r __doc__r r r rr!Dsr!c@sxeZdZdZedZejejdfgZ dZ ddZ e ddZ e jd dZ d d Zd d ZddZddZdddZdS)ra$ Based on httplib.HTTPConnection but provides an extra constructor backwards-compatibility layer between older and newer Pythons. Additional keyword parameters are used to configure attributes of the connection. Accepted parameters include: - ``strict``: See the documentation on :class:`urllib3.connectionpool.HTTPConnectionPool` - ``source_address``: Set the source address for the current connection. - ``socket_options``: Set specific options on the underlying socket. If not specified, then defaults are loaded from ``HTTPConnection.default_socket_options`` which includes disabling Nagle's algorithm (sets TCP_NODELAY to 1) unless the connection is behind a proxy. For example, if you wish to enable TCP Keep Alive in addition to the defaults, you might pass:: HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ] Or you may want to disable the defaults by passing an empty list (e.g., ``[]``). rrFcOsDtjr|jdd|jd|_|jd|j|_tj|f||dS)Nstrictsource_addresssocket_options) rZPY3popgetr$default_socket_optionsr%_HTTPConnection__init__)selfargskwr r rr*js   zHTTPConnection.__init__cCs |jjdS)a Getter method to remove any trailing dots that indicate the hostname is an FQDN. In general, SSL certificates don't include the trailing dot indicating a fully-qualified domain name, and thus, they don't validate properly when checked against a domain name that includes the dot. In addition, some servers may not expect to receive the trailing dot when provided. However, the hostname with trailing dot is critical to DNS resolution; doing a lookup with the trailing dot will properly only resolve the appropriate FQDN, whereas a lookup without a trailing dot will search the system's search domain list. Thus, it's important to keep the original host around for use only in those cases where it's appropriate (i.e., when doing DNS lookup to establish the actual TCP connection across which we're going to send HTTP requests). .) _dns_hostrstrip)r+r r rhostwszHTTPConnection.hostcCs ||_dS)z Setter for the `host` property. We assume that only urllib3 uses the _dns_host attribute; httplib itself only uses `host`, and it seems reasonable that other libraries follow suit. N)r/)r+valuer r rr1scCsi}|jr|j|d<|jr$|j|d<ytj|j|jf|jf|}Wnftk rz}zt|d|j |jfWYdd}~Xn0t k r}zt |d|WYdd}~XnX|S)zp Establish a socket connection and set nodelay settings on it. :return: New socket connection. r$r%z0Connection to %s timed out. (connect timeout=%s)Nz(Failed to establish a new connection: %s) r$r%rZcreate_connectionr/portr SocketTimeoutrr1 SocketErrorr)r+Zextra_kwconner r r _new_conns    zHTTPConnection._new_conncCs||_|jr|jd|_dS)Nr)sock _tunnel_host_tunnel auto_open)r+r6r r r _prepare_connszHTTPConnection._prepare_conncCs|j}|j|dS)N)r8r=)r+r6r r rconnectszHTTPConnection.connectcOs8tj|}|r"td||jftj|||f||S)zSend a request to the serverzAMethod cannot contain non-token characters %r (found at least %r))_CONTAINS_CONTROL_CHAR_REsearch ValueErrorgroupr) putrequest)r+methodurlr,kwargsmatchr r rrCs  zHTTPConnection.putrequestNc Cst|dk r|ni}d|k}d|k}|j||||dx |jD]\}}|j||q@Wd|krl|jdd|j|dk rtjtf} t|| r|f}xh|D]`} | sqt| ts| j d} t t | d d} |j | j d |j d |j | |j d qW|j d dS) z Alternative to the common request method, which sends the body with chunked encoding and not as one block Nzaccept-encodingr1)skip_accept_encoding skip_hostztransfer-encodingzTransfer-EncodingZchunkedutf8zutf-8s s0 ) rrCitemsZ putheaderZ endheadersrZ string_typesbytes isinstanceencodehexlensend) r+rDrEZbodyZheadersrHrIheaderr2Zstringish_typeschunkZlen_strr r rrequest_chunkeds8         zHTTPConnection.request_chunked)NN)r r r r"port_by_scheme default_portsocketZ IPPROTO_TCPZ TCP_NODELAYr( is_verifiedr*propertyr1setterr8r=r>rCrUr r r rrIs   rc@s:eZdZedZdZddddejddfddZddZ dS)HTTPSConnectionrNc Ks>tj|||f||d| ||_||_||_||_d|_dS)N)r#rr)rr*key_file cert_file ssl_contextserver_hostnameZ _protocol) r+r1r3r]r^r#rr_r`r-r r rr*szHTTPSConnection.__init__cCsR|j}|j||jdkr2ttdtdd|_t||j|j|j|j d|_ dS)N) ssl_version cert_reqs)r9keyfilecertfiler_r`) r8r=r_rrrrr]r^r`r9)r+r6r r rr>s  zHTTPSConnection.connect) r r r rVrWrarXZ_GLOBAL_DEFAULT_TIMEOUTr*r>r r r rr\s r\c@s6eZdZdZdZdZdZdZdZdddZ ddZ dS)VerifiedHTTPSConnectionz[ Based on httplib.HTTPSConnection but wraps the socket with SSL certification. NcCsn|dkr(|s|rd}n|jdk r(|jj}||_||_||_||_||_|oTtjj ||_ |oftjj ||_ dS)zX This method should only be called once, before the connection is used. N CERT_REQUIRED) r_ verify_moder]r^rbassert_hostnamerospath expanduserca_certs ca_cert_dir)r+r]r^rbrlrhrrmr r rset_cert s  z VerifiedHTTPSConnection.set_certc CsZ|j}|j}|jr.||_|jd|_|j}|}|jdk rB|j}tjj t k}|rft j dj t t|jdkrtt|jt|jd|_|j}t|j|_t||j|j|j|j||d|_|jrt|jjdd|jnb|jtjkot|dd o|j dk r<|jj}|j!d fs*t j d j |t"t#||j p8||jtj$kpR|jdk |_%dS) NrzWSystem time is way off (before {0}). This will probably lead to SSL verification errors)rarb)r9rcrdrlrmr`r_T)Z binary_formZcheck_hostnameFZsubjectAltNamezCertificate for {0} has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.))&r8r1r:r9r;r<r`datetimedateZtoday RECENT_DATEwarningswarnformatrr_rrrarrbrgrr]r^rlrmrZ getpeercertsslZ CERT_NONEgetattrrhr'r_match_hostnamerfrY)r+r6Zhostnamer`Z is_time_offcontextcertr r rr>9sZ        zVerifiedHTTPSConnection.connect)NNNNNNN) r r r r"rbrlrmrarrnr>r r r rres recCsLyt||Wn8tk rF}ztjd||||_WYdd}~XnXdS)Nz@Certificate did not match expected hostname: %s. Certificate: %s)rrlogrZ _peer_cert)ryZasserted_hostnamer7r r rrwsrw);Z __future__rreroZloggingrirXrr5rr4rrZpackagesrZpackages.six.moves.http_clientrr)rruZSSLErrorr ImportErrorAttributeError BaseExceptionr NameError Exception exceptionsrrrrZpackages.ssl_match_hostnamerrZ util.ssl_rrrrrutilr _collectionsrZ getLoggerr rzrVrprqcompiler?objectr!r\rerwZUnverifiedHTTPSConnectionr r r rsP         %(m