U eJ@sZUddlmZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z m Z m Z ddlmZmZddlmZmZdZdZd Zd Zd gZejeeeeefZe e e d Zd d dddddZd dd d dddddZej r$ddl!m"Z"ddlm#Z#m$Z$ddl%mZ&Gddde$d dZ'iZ(de)d<zddl!Z!ddl!m*Z*mZm+Z+m,Z,m-Z-m.Z.m/Z/m0Z0m1Z1m2Z2mZm3Z3e/Z4eree-e.ej5j6ej7ej5j6d krej8ndsd Zd!D]BZ9ze:e3e9e(e:e!d"e9<Wne;k rYqYnXqddl%mZWn2edfZ?d(d d)d*d+d,Z@d-d.d/d0d1ZAd-dd/d2d3ZBdPd4d4d4d5d4d4d6d7d8d9ZCejDdQd;d5d5d4d5d5d4d5dd?d@dAdBZEejDdRd;d5d5d4d5d5d4d5d TypeErrorr:r; ValueErrorr3rOr?MINIMUM_SUPPORTEDMAXIMUM_SUPPORTEDwarningswarnDeprecationWarningminimum_versionrBmaximum_version set_ciphersr^r4r<r=r6r7rgr]rm IS_PYOPENSSL verify_modecheck_hostnamehostname_checks_common_nameAttributeErrorhasattrosenvironrn)rerfrgrhrirjcontext sslkeylogfilerrr create_urllib3_contextsh#    r.z socket.socketzssl.SSLContext | NonezNone | str | byteszLiteral[False]z ssl.SSLSocket)sockkeyfilecertfilerfca_certsserver_hostnamererh ssl_context ca_cert_dir key_password ca_cert_data tls_in_tlsrc CsdSNr rrrrfrrrerhrrrrrrrr ssl_wrap_socketbsrz ssl.SSLSocket | SSLTransportTypec CsdSrrrrrr rusc  Cs|} | dkrt|||d} |s&| s&| rhz| || | Wqtk rd}zt||W5d}~XYqXn|dkrt| dr| |r| dkrt|rtd|r| dkr| ||n| ||| z| t Wnt k rYnXt || | |}|S)a All arguments except for server_hostname, ssl_context, tls_in_tls, ca_cert_data and ca_cert_dir have the same meaning as they do when using :func:`ssl.create_default_context`, :meth:`ssl.SSLContext.load_cert_chain`, :meth:`ssl.SSLContext.set_ciphers` and :meth:`ssl.SSLContext.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket. N)rhload_default_certsz5Client private key is encrypted, password is required) rload_verify_locationsOSErrorr rr_is_key_file_encryptedload_cert_chainset_alpn_protocolsALPN_PROTOCOLSNotImplementedError_ssl_wrap_socket_impl)rrrrfrrrerhrrrrrressl_sockrrr rs,( z str | bytes)hostnamercCs,t|tr|d}tt|p(t|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii)r\bytesdecoderr matchr )rrrr is_ipaddresss  r)key_filerc Cs:t|(}|D]}d|krW5QRdSqW5QRXdS)z*Detects if a key file is encrypted or not. ENCRYPTEDTF)open)rflinerrr rs  r)rrrrrcCs4|r&tstdt|t|||S|j||dS)Nz0TLS in TLS requires support for the 'ssl' module)r)r*r$_validate_ssl_context_for_tls_in_tls wrap_socket)rrrrrrr rs  r)NNNNNN) ............) ............) NNNNNNNNNNNF)N)I __future__rrRrsocketsysrbrtbinasciirhashlibrrr exceptionsrr urlr r r>r*r5rzrTupler"rrrNr!r& TYPE_CHECKINGr^r'r(r) ssltransportZSSLTransportTyper+r3r1r4r6r7r8r9r:r;r<r=r?PROTOCOL_SSLv23implementationnamerrattrr]r~ ImportErrorUnionrZ_TYPE_PEER_CERT_RETrYrardroverloadrrrrrrrr s      8  ,,*M