bgK zUdZddlmZddlZddlmZ ddlmZn#e $rGdde ZYnwxYwddl Z ddl Z ddl Z ddlZddlmZdd lmZdd lmZd d lmZejd ed e jrddlmZddgZejjejjejj ejje j!ejj"iZ#e$e dr%e$ejdrejj%e#e j&<e$e dr%e$ejdrejj'e#e j(<e j)ejj*e j+ejj,e j-ejj,ejj.ziZ/de/0DZ1e2ejdde2ejddzZ3de4d<e2ejddZ5de4d<e2ejddZ6de4d<e2ejddZ7de4d <e2ejd!dZ8de4d"<e j9j:e3e j9j;e3e j9j<e3e5ze j9j=e3e5ze6ze j9j>e3e5ze6ze7ze j9j?e3e5ze6ze7ziZ@d#e4d$<e j9j:e3e5ze6ze7ze8ze j9j;e3e6ze7ze8ze j9j<e3e7ze8ze j9j=e3e8ze j9j>e3e j9j?e3iZAd#e4d%<d&ZBejjCZDe jEeFZGd@d)ZHd@d*ZId@d+ZJdAd/ZKdBd3ZLGd4d5ZMejNeM_NGd6d7ZOdCd?ZPdS)Da Module for using pyOpenSSL as a TLS backend. This module was relevant before the standard library ``ssl`` module supported SNI, but now that we've dropped support for Python 2.7 all relevant Python versions support SNI so **this module is no longer recommended**. This needs the following packages installed: * `pyOpenSSL`_ (tested with 16.0.0) * `cryptography`_ (minimum 1.3.4, from pyopenssl) * `idna`_ (minimum 2.0, from cryptography) However, pyOpenSSL depends on cryptography, which depends on idna, so while we use all three directly here we end up having relatively few packages required. You can install them with the following command: .. code-block:: bash $ python -m pip install pyopenssl cryptography idna To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this: .. code-block:: python try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass .. _pyopenssl: https://www.pyopenssl.org .. _cryptography: https://cryptography.io .. _idna: https://github.com/kjd/idna ) annotationsN)x509)UnsupportedExtensionceZdZdS)rN)__name__ __module__ __qualname__j/builddir/build/BUILD/cloudlinux-venv-1.0.7/venv/lib/python3.11/site-packages/urllib3/contrib/pyopenssl.pyrr2s r r)BytesIO)socket)timeout)utilz'urllib3.contrib.pyopenssl' module is deprecated and will be removed in urllib3 v2.1.0. Read more in this issue: https://github.com/urllib3/urllib3/issues/2680)category stacklevelX509inject_into_urllib3extract_from_urllib3PROTOCOL_TLSv1_1TLSv1_1_METHODPROTOCOL_TLSv1_2TLSv1_2_METHODci|]\}}|| Sr r ).0kvs r r bsPPPdaQPPPr OP_NO_SSLv2 OP_NO_SSLv3int_OP_NO_SSLv2_OR_SSLv3 OP_NO_TLSv1 _OP_NO_TLSv1 OP_NO_TLSv1_1_OP_NO_TLSv1_1 OP_NO_TLSv1_2_OP_NO_TLSv1_2 OP_NO_TLSv1_3_OP_NO_TLSv1_3zdict[int, int]_openssl_to_ssl_minimum_version_openssl_to_ssl_maximum_versioni@returnNonecttt_ttj_dt_dtj_dS)z7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.TN)_validate_dependencies_metPyOpenSSLContextr SSLContextssl_ IS_PYOPENSSLr r r rrs9   &DO+DID!DIr ctt_ttj_dt_dtj_dS)z4Undo monkey-patching by :func:`inject_into_urllib3`.FN)orig_util_SSLContextrr4r5r6r r r rrs-+DO/DID"DIr cddlm}t|ddtdddlm}|}t|ddtddS) z{ Verifies that PyOpenSSL's package-level dependencies have been met. Throws `ImportError` if they are not met. r) Extensionsget_extension_for_classNzX'cryptography' module missing required functionality. Try upgrading to v1.3.4 or newer.r_x509zS'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.)cryptography.x509.extensionsr:getattr ImportErrorOpenSSL.cryptor)r:rrs r r2r2s 877777z4d;;C 0   $##### 466DtWd##+ /   ,+r namestr str | Nonec^d d}d|vr|S||}|dS|dS) a% Converts a dNSName SubjectAlternativeName field to the form used by the standard library on the given Python version. Cryptography produces a dNSName as a unicode string that was idna-decoded from ASCII bytes. We need to idna-encode that string to get it back, and then on Python 3 we also need to convert to unicode via UTF-8 (the stdlib uses PyUnicode_FromStringAndSize on it, which decodes via UTF-8). If the name cannot be idna-encoded then we return None signalling that the name given should be skipped. rArBr/ bytes | Nonecddl} dD][}||rD|t|d}|d||zcS\||S#|jj$rYdSwxYw)z Borrowed wholesale from the Python Cryptography Project. It turns out that we can't just safely call `idna.encode`: it can explode for wildcard names. This avoids that problem. rN)z*..ascii)idna startswithlenencodecore IDNAError)rArIprefixs r idna_encodez'_dnsname_to_stdlib..idna_encodes   % F F??6**FF .D!==11DKK4E4EEEEEF;;t$$ $y"   44 sAA9#A99B  B :Nutf-8)rArBr/rE)decode)rArP encoded_names r _dnsname_to_stdlibrUsT$ d{{ ;t$$Lt   w ' ''r peer_certrlist[tuple[str, str]]c:|} |jtjj}nc#tj$rgcYStjttj tf$r'}t d|gcYd}~Sd}~wwxYwdtt|tjD}|d|tjD|S)zU Given an PyOpenSSL certificate, provides all the subject alternative names. zA problem was encountered with the certificate that prevented urllib3 from finding the SubjectAlternativeName field. This can affect certificate validation. The error was %sNcg|]}|d|f S)NDNSr rrAs r z%get_subj_alt_name..s,          r c38K|]}dt|fVdS)z IP AddressN)rBr[s r z$get_subj_alt_name..s>&*s4yy!r )to_cryptography extensionsr;rSubjectAlternativeNamevalueExtensionNotFoundDuplicateExtensionrUnsupportedGeneralNameType UnicodeErrorlogwarningmaprUget_values_for_typeDNSNameextend IPAddress)rVcertextenamess r get_subj_alt_namerrs?  $ $ & &Do55d6QRRX  !   '    >      .  *C,C,CDL,Q,QRR   E  LL.1.E.Edn.U.U Ls#)AB &B 9BB B ceZdZdZ d%d&d Zd'd Zd(dZd)dZd*dZd+dZ d,dZ d-dZ d(dZ d(dZ d(dZ d.d/d!Zd0d#Zd$S)1 WrappedSocketz@API-compatibility wrapper for Python OpenSSL's Connection-class.T connectionOpenSSL.SSL.Connectionr socket_clssuppress_ragged_eofsboolr/r0cL||_||_||_d|_d|_dSNrF)rurrx_io_refs_closed)selfrurrxs r __init__zWrappedSocket.__init__s, % $8!  r r#c4|jSN)rfilenor~s r rzWrappedSocket.fileno*s{!!###r cv|jdkr|xjdzc_|jr|dSdS)Nr)r|r}closers r _decref_socketioszWrappedSocket._decref_socketios.sD =1   MMQ MM <  JJLLLLL  r args typing.Anykwargsbytesc |jj|i|}|S#tjj$rF}|jr|jdkrYd}~dSt|jdt||d}~wtjj $r1|j tjj krYdStjj $rX}tj|j|jst#d||j|i|cYd}~Sd}~wtjj$r}t'jd||d}~wwxYw)NzUnexpected EOFr rThe read operation timed out read error: )rurecvOpenSSLSSL SysCallErrorrxrOSErrorrBZeroReturnError get_shutdownRECEIVED_SHUTDOWN WantReadErrorr wait_for_readr gettimeoutrErrorsslSSLError)r~rrdatarps r rzWrappedSocket.recv4s~ '4?'888D*K){' 8 8 8( 8QV7M-M-MsssssafQiQ00a7{*   ++--1NNNss{( 2 2 2%dk4;3I3I3K3KLL 2<==1D ty$1&11111111{  < < <,3a3344! ; 227>3OQUVV V'(8(8(:(:(=>@B/55   r rBc4|jSr)ruget_protocol_version_namers r versionzWrappedSocket.versions88:::r N)T)rurvrrwrxryr/r0r/r#r/r0)rrrrr/r)rrrrr/r#)rrr/r0)rrr/r#)rrr/r0)F)rryr/r)r/rB)rrr __doc__rrrrrrrrrrrrrr r r rtrts2JJ &*     $$$$ 2<<<<.//// 8 8 8 8#### #(     ;;;;;;r rtcReZdZdZd3dZed4dZejd5d Zed4d Zejd6d Zd7d Z d8dZ d9d:dZ d;dd?d+Zd7d,Zed4d-Zejd@d/Zed4d0ZejdAd2ZdS)Br3z I am a wrapper class for the PyOpenSSL ``Context`` object. I am responsible for translating the interface of the standard library ``SSLContext`` object to calls into PyOpenSSL. protocolr#r/r0ct||_tj|j|_d|_d|_tj j |_ tj j |_ dSr{)_openssl_versionsrrrContext_ctx_optionscheck_hostnamer TLSVersionMINIMUM_SUPPORTED_minimum_versionMAXIMUM_SUPPORTED_maximum_version)r~rs r rzPyOpenSSLContext.__init__sV)(3 K'' 66  #%(^%E%(^%Er c|jSr)rrs r optionszPyOpenSSLContext.optionss }r rbc<||_|dSr)r_set_ctx_optionsr~rbs r rzPyOpenSSLContext.optionss!  r cJt|jSr)_openssl_to_stdlib_verifyrget_verify_moders r verify_modezPyOpenSSLContext.verify_modes()B)B)D)DEEr ssl.VerifyModec\|jt|tdSr)r set_verify_stdlib_to_openssl_verify_verify_callbackrs r rzPyOpenSSLContext.verify_modes' 6u=?OPPPPPr c8|jdSr)rset_default_verify_pathsrs r rz)PyOpenSSLContext.set_default_verify_pathss **,,,,,r ciphers bytes | strct|tr|d}|j|dS)NrR) isinstancerBrLrset_cipher_list)r~rs r set_cipherszPyOpenSSLContext.set_cipherssA gs # # .nnW--G !!'*****r NcafilerCcapathcadatarEcX||d}||d} |j|||)|jt|dSdS#tjj$r}tjd||d}~wwxYw)NrRz%unable to load trusted certificates: ) rLrload_verify_locationsr rrrrr)r~rrrrps r rz&PyOpenSSLContext.load_verify_locationss  ]]7++F  ]]7++F U I + +FF ; ; ;! //@@@@@"!{  U U U,LqLLMMST T UsAA88B) B$$B)certfilerBkeyfilepasswordcp |j|Gttsd|jfd|j|p|dS#tjj $r}tj d||d}~wwxYw)NrRcSrr )_rs r z2PyOpenSSLContext.load_cert_chain..s8r z"Unable to load certificate chain: ) ruse_certificate_chain_filerrrL set_passwd_cbuse_privatekey_filerrrrr)r~rrrrps ` r load_cert_chainz PyOpenSSLContext.load_cert_chains  R I 0 0 : : :#!(E228'w77H ''(;(;(;(;<<< I ) )'*=X > > > > >{  R R R,IAIIJJPQ Q RsA?BB5B00B5 protocolslist[bytes | str]cNd|D}|j|S)NcNg|]"}tj|d#S)rH)rto_bytes)rps r r\z7PyOpenSSLContext.set_alpn_protocols..s*GGGTY''733GGGr )rset_alpn_protos)r~rs r set_alpn_protocolsz#PyOpenSSLContext.set_alpn_protocolss+GGYGGG y((333r FTsockrw server_siderydo_handshake_on_connectrxserver_hostnamebytes | str | Nonertctj|j|}|r^tj|s?t|tr| d}| ||  | n#tjj $rA}t j||st!d|Yd}~gd}~wtjj$r}t%jd||d}~wwxYw t)||S)NrRTzselect timed outzbad handshake: )rr Connectionrrr5 is_ipaddressrrBrLset_tlsext_host_nameset_connect_state do_handshakerrrrrrrrt)r~rrrrxrcnxrps r wrap_socketzPyOpenSSLContext.wrap_socketsVk$$TY55  649#9#9/#J#J 6/3// B"1"8"8"A"A  $ $_ 5 5 5   C  """";,   )$0A0ABB=!"4551<;$ C C Cl#:Q#:#:;;B C S$'''s$B11D57DD5D00D5c|j|jt|jzt |jzdSr)r set_optionsrr-rr.rrs r rz!PyOpenSSLContext._set_ctx_options sM  M-d.CD E-d.CD E     r c|jSr)rrs r minimum_versionz PyOpenSSLContext.minimum_version $$r rc<||_|dSr)rr)r~rs r rz PyOpenSSLContext.minimum_version" / r c|jSr)rrs r maximum_versionz PyOpenSSLContext.maximum_versionrr rc<||_|dSr)rr)r~rs r rz PyOpenSSLContext.maximum_version rr )rr#r/r0r)rbr#r/r0)rbrr/r0r)rrr/r0)NNN)rrCrrCrrEr/r0)NN)rrBrrCrrCr/r0)rrr/r0)FTTN) rrwrryrryrxryrrr/rt)rr#r/r0)rr#r/r0)rrr rrpropertyrsetterrrrrrrrrrrr r r r3r3s FFFFX ^   ^ FFFXFQQQQ----++++"!# UUUUU(## RRRRR 4444"(,%).2 (((((>    %%%X%    %%%X%      r r3rrvrerr_no err_depth return_coderyc|dkSrr )rrrrrs r rr&s Q;r r)rArBr/rC)rVrr/rW) rrvrrrr#rr#rr#r/ry)Qr __future__r OpenSSL.SSLr cryptographyrcryptography.x509rr? Exceptionloggingrtypingwarningsior rrwrrwarnDeprecationWarning TYPE_CHECKINGr@r__all__r5 PROTOCOL_TLSr SSLv23_METHODPROTOCOL_TLS_CLIENTPROTOCOL_TLSv1 TLSv1_METHODrhasattrrrrr CERT_NONE VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrr>r$__annotations__r&r(r*r,rrTLSv1TLSv1_1TLSv1_2TLSv1_3rr-r.rr4r8 getLoggerrrgrrr2rUrrrtmakefiler3rr r r rCs&&&P#""""" 6666666        y       ''''''  5   $###### !"8 9 IGK5I!7;#< 0  73"##I =M(N(NI.5k.Hc*+ 73"##I =M(N(NI.5k.Hc*+M7;*w{.w{. k-. QP.G.M.M.O.OPPP%WW[-CCgg KGGGGK:: ::::ggk?A>>>>>>ggk?A>>>>>>ggk?A>>>>>>N$&;N/N1L@N1L@>QN ,~=NN$ ,~=N 3    N$          N.?.PN1NB^SN1NBN1N$&;3$y+g!!""""####    4&(&(&(&(R----`;;;;;;;;D$, C C C C C C C C Ls 22