ó .¿”Wc@sddlZddlZddlZddlZddlmZmZmZddlZddlm Z m Z yddl Z Wne k r—dZ nXdddddgZd jƒjƒZyejjZejZWnek rõeZZnXe dk oeeefkZydd l mZmZWnUe k r…y$dd lmZdd lmZWq†e k rdZdZq†XnXes¥d efd„ƒYZnesÃdd„Zd„Zndefd„ƒYZdefd„ƒYZdd„Zda d„Z!d„Z"dS(iÿÿÿÿN(turllibt http_clienttmap(tResolutionErrortExtractionErrortVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_forsë /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem /usr/local/share/certs/ca-root-nss.crt (tCertificateErrortmatch_hostname(R (R R cBseZRS((t__name__t __module__(((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR 4sic CsRg}|stS|jdƒ}|d}|d}|jdƒ}||krgtdt|ƒƒ‚n|sƒ|jƒ|jƒkS|dkrŸ|jdƒnY|jdƒs½|jdƒrÖ|jtj |ƒƒn"|jtj |ƒj dd ƒƒx$|D]}|jtj |ƒƒqÿWtj d d j |ƒd tj ƒ} | j|ƒS( spMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 t.iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(tFalsetsplittcountR treprtlowertappendt startswithtretescapetreplacetcompiletjoint IGNORECASEtmatch( tdnthostnamet max_wildcardstpatstpartstleftmostt remaindert wildcardstfragtpat((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyt_dnsname_match8s*    " &cCs[|stdƒ‚ng}|jdd ƒ}xC|D];\}}|dkr4t||ƒr_dS|j|ƒq4q4W|sßxc|jddƒD]L}xC|D];\}}|dkr™t||ƒrÄdS|j|ƒq™q™WqŒWnt|ƒdkrtd|d jtt|ƒƒfƒ‚n;t|ƒdkrKtd ||d fƒ‚n td ƒ‚dS(s=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR(RtlenR RRR(tcertRtdnsnamestsantkeytvaluetsub((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR ls.  %cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|ƒdS(N(t ca_bundlet HTTPSHandlert__init__(tselfR6((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR8˜s csˆj‡fd†|ƒS(Ncst|ˆj|S(N(tVerifyingHTTPSConnR6(thosttkw(R9(s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pytžs(tdo_open(R9treq((R9s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyt https_openœs(R R t__doc__R8R@(((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR•s R:cBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(tHTTPSConnectionR8R6(R9R;R6R<((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR8¥scCsìtj|j|jft|ddƒƒ}t|dƒrjt|ddƒrj||_|jƒ|j }n |j}t j |dt j d|j ƒ|_yt|jjƒ|ƒWn4tk rç|jjtjƒ|jjƒ‚nXdS(Ntsource_addresst_tunnelt _tunnel_hostt cert_reqstca_certs(tsockettcreate_connectionR;tporttgetattrtNonethasattrtsockRDREtsslt wrap_sockett CERT_REQUIREDR6R t getpeercertR tshutdownt SHUT_RDWRtclose(R9RNt actual_host((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pytconnect©s$!      (R R RAR8RW(((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR:¢s cCs"tjjt|ptƒƒƒjS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rtrequestt build_openerRRtopen(R6((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR Ås cswtdk rtjSyddlm‰Wntk r;dSXdˆf‡‡fd†ƒY‰ˆdddgƒatjS(Niÿÿÿÿ(tCertFilet MyCertFilecs,eZdd‡fd†Z‡fd†ZRS(csLˆj|ƒx|D]}|j|ƒqW|j|ƒtj|jƒdS(N(R8taddstoretaddcertstatexittregisterRU(R9tstorestcertststore(R[(s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR8Ûs    cs/ytˆ|ƒjƒWntk r*nXdS(N(tsuperRUtOSError(R9(R\(s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyRUâs (((R R R8RU((R[R\(s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyR\ÙsRatCAtROOT(t _wincertsRLtnamet wincertstoreR[t ImportError(((R[R\s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pytget_win_certfileÏs  cCsstjdkrtƒSx$tD]}tjj|ƒr|SqWytjddƒSWntt t fk rndSXdS(s*Return an existing CA bundle path, or Nonetnttcertifis cacert.pemN( tosRiRlRtpathtisfilet pkg_resourcestresource_filenameRkRRRL(t cert_path((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pyRìs (#RoRHR_Rtsetuptools.extern.six.movesRRRRrRRRORkRLt__all__tstripRRRXR7RBtAttributeErrortobjectRR R tbackports.ssl_match_hostnameR-R(RR:R RhRlR(((s:/tmp/pip-build-Q3rTTP/setuptools/setuptools/ssl_support.pytsN               4 ) #