\jNE >UddlmZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z ddlmZmZdZdZdZdZd gZeeeeeefZd Dcic]\}}|ee|dc}}Z d(d Zej:rdd lmZdd lm Z ddl!mZ"Gdde dZ#iZ$de%d< ddlZddlm&Z&mZm'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.m/Z/mZm0Z0e*Z1er ee)sdZdD]Z2 ee0e2e$eede2<ddl!mZejjde6dfZ7d)dZ8d*dZ9d+d Z: d, d-d!Z;ejx d. d/d"Z=ejx d. d0d#Z= d1 d0d$Z=d2d%Z>d3d&Z? d4 d5d'Z@ycc}}w#e3$rY#wxYw#e4$rdZ'dZ(dZ.dZ/dxZ1Z*dZ+dZ,dZ-YwxYw)6) annotationsN) unhexlify)ProxySchemeUnsupportedSSLError)_BRACELESS_IPV6_ADDRZ_RE_IPV4_REFzhttp/1.1)) md5)(sha1)@sha256c(|jd}|S)NzOpenSSL ) startswith)openssl_version is_openssls ;/root/env/lib/python3.12/site-packages/urllib3/util/ssl_.py(_is_has_never_check_common_name_reliablers !++J7J ) VerifyMode) TypedDict) SSLTransportc,eZdZUded<ded<ded<y)_TYPE_PEER_CERT_RET_DICTztuple[tuple[str, str], ...]subjectAltNamez'tuple[tuple[tuple[str, str], ...], ...]subjectstr serialNumberN)__name__ __module__ __qualname____annotations__rrrr.s3388rr)totalzdict[int, int]_SSL_VERSION_TO_TLS_VERSION) CERT_REQUIREDHAS_NEVER_CHECK_COMMON_NAMEOP_NO_COMPRESSION OP_NO_TICKETOPENSSL_VERSION PROTOCOL_TLSPROTOCOL_TLS_CLIENTVERIFY_X509_PARTIAL_CHAINVERIFY_X509_STRICT OP_NO_SSLv2 OP_NO_SSLv3 SSLContext TLSVersion)TLSv1TLSv1_1TLSv1_2 PROTOCOL_ii@iiir c| td|jddj}t|}|tvrtd|tj |}|td|t |j}||j}tj||s td|d|jd y) z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. NzNo certificate for the peer.:zFingerprint of invalid length: zAHash function implementation unavailable for fingerprint length: z&Fingerprints did not match. Expected "z", got "") rreplacelowerlen HASHFUNC_MAPgetrencodedigesthmaccompare_digesthex)cert fingerprint digest_lengthhashfuncfingerprint_bytes cert_digests rassert_fingerprintrNks |566%%c2.446K $ML(8 FGG .HOP] _  "+"4"4"674.'')K   {,= >4[M+//J[I\\] ^   ?rc|tSt|tr(tt|d}|ttd|z}|S|S)a Resolves the argument to a numeric constant, which can be passed to the wrap_socket function/method from the ssl module. Defaults to :data:`ssl.CERT_REQUIRED`. If given a string it is assumed to be the name of the constant in the :mod:`ssl` module or its abbreviation. (So you can specify `REQUIRED` instead of `CERT_REQUIRED`. If it's neither `None` nor a string we assume it is already the numeric constant which can directly be passed to wrap_socket. NCERT_)r( isinstancergetattrssl candidateress rresolve_cert_reqsrWsI)S!c9d+ ;#w23C rc|tSt|tr@tt|d}|ttd|z}t j t|S|S)z like resolve_cert_reqs Nr8)r-rQrrRrStypingcastintrTs rresolve_ssl_versionr\sU)S!c9d+ ;#{Y67C{{3$$ rc4t td|dttfvrs|| t dt j |tj}t j |tj}tjdtdtt}|||_ ntj|_ |||_|r|j!||t"j$n|}|&d}|t&z}|t(z}|t*z}|t,z}|xj.|zc_|'d}t0j2dk\r|t4z}|t6z}|xj8|zc_t;|d dd |_|t"j$k(rt>s||_ d |_!nd |_!||_ d |_"d tFjHvr=tFjJjMtFjHj d }nd}|r||_'|S) a#Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3. :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. This parameter is deprecated instead use 'ssl_minimum_version'. :param ssl_minimum_version: The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. :param ssl_maximum_version: The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the default value. :param cert_reqs: Whether to require the certificate verification. This defaults to ``ssl.CERT_REQUIRED``. :param options: Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. :param ciphers: Which cipher suites to allow the server to select. Defaults to either system configured ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers. :param verify_flags: The flags for certificate verification operations. These default to ``ssl.VERIFY_X509_PARTIAL_CHAIN`` and ``ssl.VERIFY_X509_STRICT`` for Python 3.13+. :returns: Constructed SSLContext object with specified options :rtype: SSLContext Nz7Can't create an SSLContext object without an ssl modulezZCan't specify both 'ssl_version' and either 'ssl_minimum_version' or 'ssl_maximum_version'zi'ssl_version' option is deprecated and will be removed in urllib3 v3.0. Instead use 'ssl_minimum_version'r)category stacklevelr) post_handshake_authTF SSLKEYLOGFILE)(r3 TypeErrorr-r. ValueErrorr'rBr4MINIMUM_SUPPORTEDMAXIMUM_SUPPORTEDwarningswarn FutureWarningminimum_versionr7maximum_version set_ciphersrSr(r1r2r*r+optionssys version_infor/r0 verify_flagsrRrb IS_PYOPENSSL verify_modecheck_hostnamehostname_checks_common_nameosenvironpath expandvarskeylog_filename) ssl_version cert_reqsrnciphersssl_minimum_versionssl_maximum_versionrqcontext sslkeylogfiles rcreate_urllib3_contextrsNQRR4/BCC  *.A.MA #>"A"AZ99# #>"A"AZ99#  MMM&  ,-G&"5","4"4&"5G$&/%6!!II;; $$ < OOwO    w & 5 5L . .L L( w-t4@&*#C%%%l'!%!&'*/G'"**$**2::>>/+JK  "/ Nrc yNr% sockkeyfilecertfiler|ca_certsserver_hostnamer{r} ssl_context ca_cert_dir key_password ca_cert_data tls_in_tlss rssl_wrap_socketrGsrc yrr%rs rrrYs(+rc |} | t|||} |s| s| r | j|| | n|t | dr| j |r| t |r td|r(| | j||n| j||| | jtt|| | |}|S#t$r}t||d}~wwxYw)a All arguments except for server_hostname, ssl_context, tls_in_tls, ca_cert_data and ca_cert_dir have the same meaning as they do when using :func:`ssl.create_default_context`, :meth:`ssl.SSLContext.load_cert_chain`, :meth:`ssl.SSLContext.set_ciphers` and :meth:`ssl.SSLContext.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket. N)r}load_default_certsz5Client private key is encrypted, password is required) rload_verify_locationsOSErrorrhasattrr_is_key_file_encryptedload_cert_chainset_alpn_protocolsALPN_PROTOCOLS_ssl_wrap_socket_impl)rrrr|rrr{r}rrrrrressl_socks rrrksPG)iQ;, %  ) )(K N  2F!G""$ <',B7,KNOO    # #Hg 6  # #Hg| D ~.$T7JPH O- %1+1 $ %sB55 C> C  Cct|tr|jd}tt j |xst j |S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii)rQbytesdecodeboolr matchr )hostnames r is_ipaddressrsA(E"??7+ x(T,D,J,J8,T UUrcpt|5}|D]}d|vsdddy dddy#1swYyxYw)z*Detects if a key file is encrypted or not. ENCRYPTEDNTF)open)key_fileflines rrrsI h1 Dd"     s ,,,5c|r3ts tdtj|t|||S|j||S)Nz0TLS in TLS requires support for the 'ssl' module)r)rr$_validate_ssl_context_for_tls_in_tls wrap_socket)rrrrs rrrsO (B  99+FD+??  " "4 " IIr)rrreturnr)rHz bytes | NonerIrrNone)rUNone | int | strrr)rUrrr[)NNNNNNN)r{ int | Noner|rrnrr} str | Noner~rrrrqrrssl.SSLContext) ............)r socket.socketrrrrr|rrrrrr{rr}rrssl.SSLContext | NonerrrrrNone | str | bytesrztyping.Literal[False]rz ssl.SSLSocket)rrrrrrr|rrrrrr{rr}rrrrrrrrrrrr ssl.SSLSocket | SSLTransportType) NNNNNNNNNNNF)rz str | bytesrr)rrrrr) rrrrrrrrrr)A __future__rhashlibrErvsocketrorYrhbinasciir exceptionsrrurlr r r3rr)rrrtupler[r_TYPE_VERSION_INFOrRrAr TYPE_CHECKINGrSrr ssltransportSSLTransportTyperr'r$r(r*r+r,r-r.r/r0r1r2r4PROTOCOL_SSLv23attrAttributeError ImportErrorUnionr_TYPE_PEER_CERT_RETrNrWr\roverloadrrrr)length algorithms00rrs" 93   # 3S#s23 I  GGY --    >9E/1^0. #O#+S,',#0 LSDM 'y5G(H I+ll#=ud#JK D. "# &*&*#PPPP P $ P $ PPPf"%!),!"'*(+       '%&""%!),!"'*+ + ++ +  +  +++'+++%++&++& "&")-"#'+G G GG G  G  GGG'GGG%GG&GT V#' J JJJ J & Jk B   LKK%&&Ol 's<G/(5HG54H5G>:H=G>>HHH