B ¿öYã@sBdZddlmZddlZdZGdd„deƒZd dd „Zd d „ZdS) zHThe match_hostname() function from Python 3.2, essential when using SSL.é)Úabsolute_importNz3.2.2c@s eZdZdS)ÚCertificateErrorN)Ú__name__Ú __module__Ú __qualname__©rrúO/opt/alt/python37/lib/python3.7/site-packages/raven/utils/ssl_match_hostname.pyr sréc Csòg}|s dS| d¡}|d}| d¡}||kr@tdt|ƒƒ‚|sT| ¡| ¡kS|dkrh| d¡n>| d¡s|| d¡rŽ| t |¡¡n| t |¡  dd ¡¡x$|d d …D]}| t |¡¡q´Wt  d d   |¡dtj ¡}|  |¡S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 FÚ.rÚ*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*r Nz\Az\.z\Z)ÚsplitÚcountrÚreprÚlowerÚappendÚ startswithÚreÚescapeÚreplaceÚcompileÚjoinÚ IGNORECASEÚmatch) ZdnÚhostnameZ max_wildcardsZpatsÚpartsZleftmostZ wildcardsÚfragÚpatrrrÚ_dnsname_matchs(   rcCsò|s tdƒ‚g}| dd¡}x0|D](\}}|dkr"t||ƒr@dS| |¡q"W|sšxF| dd¡D]6}x0|D](\}}|dkrjt||ƒrˆdS| |¡qjWq`Wt|ƒdkrÄtd |d  tt|ƒ¡fƒ‚n*t|ƒdkrætd ||d fƒ‚ntd ƒ‚dS)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. zempty or no certificateZsubjectAltNamerZDNSNZsubjectZ commonNamer z&hostname %r doesn't match either of %sz, zhostname %r doesn't match %rrz=no appropriate commonName or subjectAltName fields were found) Ú ValueErrorÚgetrrÚlenrrÚmapr)ZcertrZdnsnamesZsanÚkeyÚvalueÚsubrrrÚmatch_hostname@s2     r%)r ) Ú__doc__Ú __future__rrÚ __version__rrrr%rrrrÚs   2