abc!@@sdZddlmZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl mZddlmZmZmZddlmZmZmZmZydd l mZWn'ek r eZdd lmZnXyed Wnek r;ed nXd dgZe Z!ej!Z"ej#j$Z%e j&Z'e j(Z)dZ*ej+ej,ej-ej.ej/ej0ej1ej2ej3ej4ej5ej6ej7ej8ej9ej:ej;ej<ej=ej>ej?ej@ejAejBejCejDejEejFejGejHejIejJejKg!ZLiejMejNfe jO6ZPeQe drejRejRfePe jS Undo monkey-patching by :func:`inject_into_urllib3`. N(torig_util_SSLContextRRRtorig_util_HAS_SNIRtFalseR(((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyR s     cC@sd}ytj|}|dkr+tjS|j}|d}|j}d}d}tj|j |} t | } yx||kr|dks|dkrt j |g|} | stj tjdqn|j| ||!} || 7}| s~|s tjSPq~q~WWnVtj k rl} | j}|dk rm|tjkrm|tjkrctjSqmnX||d<||krtjSdSWn/tk r} |dk r| |_ntjSXdS(ss SecureTransport read callback. This is called by ST to request that data be returned from the socket. is timed outN(tNonet_connection_refstgetRterrSSLInternaltsockett gettimeouttctypestc_chart from_addresst memoryviewRt wait_for_readterrorterrnotEAGAINt recv_intoterrSSLClosedGracefult ECONNRESETterrSSLClosedAbortterrSSLWouldBlockt Exceptiont _exception(t connection_idt data_buffertdata_length_pointertwrapped_sockett base_sockettrequested_lengthttimeoutR(t read_counttbuffert buffer_viewt readablest chunk_sizete((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt_read_callbacksN             c C@sd}yetj|}|dkr+tjS|j}|d}tj||}|j}d}d} yx| |kr|dks|dkrt j |g|} | stj t j dqn|j|} | | 7} || }qnWWnVtj k rH} | j }|dk rI|t j krI|t jkr?tjSqInX| |d<| |krftjSdSWn/tk r} |dk r| |_ntjSXdS(sx SecureTransport write callback. This is called by ST to request that data actually be sent on the network. is timed outN(RRRRR R!R#t string_atR"Rtwait_for_writeR(R)R*tsendR-R.R/R0R1( R2R3R4R5R6tbytes_to_writetdataR8R(tsentt writablest chunk_sentR>((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt_write_callbacksD           t WrappedSocketcB@seZdZdZejdZdZdZdZ dZ dZ dZ dd Zd Zd Zd Zd ZdZdZedZdZdZRS(s API-compatibility wrapper for Python's OpenSSL wrapped socket object. Note: _makefile_refs, _drop(), and _reuse() are needed for the garbage collector of PyPy. cC@sn||_d|_d|_t|_d|_d|_d|_d|_ |jj |_ |jj ddS(Ni( R!Rtcontextt_makefile_refsRt_closedR1t _keychaint _keychain_dirt_client_cert_chainR"t_timeoutt settimeout(tselfR!((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt__init__.s        cc@sGd|_dV|jdk rC|jd}|_|j|ndS(s] A context manager that can be used to wrap calls that do I/O from SecureTransport. If any of the I/O callbacks hit an exception, this context manager will correctly propagate the exception after the fact. This avoids silently swallowing those exceptions. It also correctly forces the socket closed. N(RR1tclose(RRt exception((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt_raise_on_error@s  cC@sEtjttt}tj|j|tt}t|dS(s4 Sets up the allowed ciphers. By default this matches the set in util.ssl_.DEFAULT_CIPHERS, at least as supported by macOS. This is done custom and doesn't allow changing at this time, mostly because parsing OpenSSL cipher strings is going to be a freaking nightmare. N(RtSSLCipherSuitetlent CIPHER_SUITEStSSLSetEnabledCiphersRJR(RRtcipherstresult((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt _set_ciphersUsc C@s|s dStjj|rCt|d}|j}WdQXnd}tj}zt|}tj |j t j |}t ||stjdntj||}t |tj|t}t |tj}tj|t j |}t |Wd|r'tj|n|dkrCtj|nXtjtjf}|j|kr~tjd|jndS(s Called when we have set custom validation. We do this in two cases: first, when cert validation is entirely disabled; and second, when using a custom trust DB. NtrbsFailed to copy trust references)certificate verify failed, error code: %d(tostpathtisfiletopentreadRRt SecTrustRefRtSSLCopyPeerTrustRJR#tbyrefRtssltSSLErrortSecTrustSetAnchorCertificatest!SecTrustSetAnchorCertificatesOnlyRtSecTrustResultTypetSecTrustEvaluateRt CFReleaseRtkSecTrustResultUnspecifiedtkSecTrustResultProceedtvalue( RRtverifyt trust_bundletft cert_arrayttrustR\t trust_resultt successes((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt_custom_validatebs@        c C@s[tjdtjtj|_tj|jtt } t | t @t |d} x| t krw| dd} qZW|t | Z    (       > icC@s%|jd7_t|||dtS(NiRT(RKR R(RRtmodetbufsize((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytmakefilestrcO@sd}t|||||S(Ni(R (RRRt bufferingtargstkwargs((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRsRcB@seZdZdZedZejdZedZejdZedZejdZdZ d Z d Z dddd Z ddd Zeeedd ZRS(s I am a wrapper class for the SecureTransport library, to translate the interface of the standard library ``SSLContext`` object to calls into SecureTransport. cC@sPt|\|_|_d|_t|_d|_d|_d|_ d|_ dS(Ni( t_protocol_to_min_maxt _min_versiont _max_versiont_optionsRt_verifyRt _trust_bundlet _client_certt _client_keyt_client_key_passphrase(RRtprotocol((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRSs     cC@stS(s SecureTransport cannot have its hostname checking disabled. For more, see the comment on getpeercert() in this file. (R(RR((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytcheck_hostnamescC@sdS(s SecureTransport cannot have its hostname checking disabled. For more, see the comment on getpeercert() in this file. N((RRRp((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRscC@s|jS(N(R(RR((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytoptionsscC@s ||_dS(N(R(RRRp((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRscC@s|jrtjStjS(N(RRgt CERT_REQUIREDt CERT_NONE(RR((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt verify_modescC@s"|tjkrtnt|_dS(N(RgRRRR(RRRp((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRscC@sdS(N((RR((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytset_default_verify_pathss cC@s |jS(N(R(RR((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytload_default_certsscC@s%|tjjkr!tdndS(Ns5SecureTransport doesn't support custom cipher strings(RRtDEFAULT_CIPHERSR(RRR[((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt set_ciphersscC@s.|dk rtdn|p$||_dS(Ns1SecureTransport does not support cert directories(RRR(RRtcafiletcapathtcadata((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytload_verify_locationss  cC@s||_||_||_dS(N(RRt_client_cert_passphrase(RRtcertfiletkeyfiletpassword((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pytload_cert_chains  c C@sl| s t|st|s%tt|}|j||j|j|j|j|j|j|j |S(N( RRIRRRRRRRR(RRtsockt server_sidetdo_handshake_on_connecttsuppress_ragged_eofsRR5((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyt wrap_sockets    N(RRRRStpropertyRtsetterRRRRRRRRRRR(((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyRs      (gRt __future__RRR#R)tos.pathR_RR!Rgt threadingtweakrefR Rt_securetransport.bindingsRRRt_securetransport.low_levelRRRRR t ImportErrorRtpackages.backports.makefileR R&t NameErrort__all__RRRRRRtWeakValueDictionaryRtLockRRtTLS_AES_256_GCM_SHA384tTLS_CHACHA20_POLY1305_SHA256tTLS_AES_128_GCM_SHA256t'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384t%TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384t'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256t%TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256t#TLS_DHE_DSS_WITH_AES_256_GCM_SHA384t#TLS_DHE_RSA_WITH_AES_256_GCM_SHA384t#TLS_DHE_DSS_WITH_AES_128_GCM_SHA256t#TLS_DHE_RSA_WITH_AES_128_GCM_SHA256t'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384t%TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384t$TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHAt"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAt#TLS_DHE_RSA_WITH_AES_256_CBC_SHA256t#TLS_DHE_DSS_WITH_AES_256_CBC_SHA256t TLS_DHE_RSA_WITH_AES_256_CBC_SHAt TLS_DHE_DSS_WITH_AES_256_CBC_SHAt'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256t%TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256t$TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHAt"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAt#TLS_DHE_RSA_WITH_AES_128_CBC_SHA256t#TLS_DHE_DSS_WITH_AES_128_CBC_SHA256t TLS_DHE_RSA_WITH_AES_128_CBC_SHAt TLS_DHE_DSS_WITH_AES_128_CBC_SHAtTLS_RSA_WITH_AES_256_GCM_SHA384tTLS_RSA_WITH_AES_128_GCM_SHA256tTLS_RSA_WITH_AES_256_CBC_SHA256tTLS_RSA_WITH_AES_128_CBC_SHA256tTLS_RSA_WITH_AES_256_CBC_SHAtTLS_RSA_WITH_AES_128_CBC_SHARYt kTLSProtocol1tkTLSProtocol12tPROTOCOL_SSLv23Rthasattrt kSSLProtocol2Rt kSSLProtocol3RRtkTLSProtocol11RRRR R R?RHt SSLReadFuncR}t SSLWriteFuncR~tobjectRIRR(((sO/usr/lib/python2.7/site-packages/pip/_vendor/urllib3/contrib/securetransport.pyts         "         9 5