ó %}Xc@s/ddlZddlZddlZddlZddlZddlmZmZmZm Z ddl m Z m Z yddl Z Wnek rdZ nXdddddgZd jƒjƒZyejjZejZWnek rûeZZnXe dk oeeefkZydd l mZmZWnUek r‹y$dd lmZdd lmZWqŒek r‡dZdZqŒXnXes«d efd„ƒYZnesÉdd„Zd„Zndefd„ƒYZdefd„ƒYZ dd„Z!d„Z"e"d„ƒZ#d„Z$d„Z%dS(iÿÿÿÿN(turllibt http_clienttmaptfilter(tResolutionErrortExtractionErrortVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_fors /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem /usr/local/share/certs/ca-root-nss.crt /etc/ssl/ca-bundle.pem (tCertificateErrortmatch_hostname(R (R R cBseZRS((t__name__t __module__(((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR 5sic CsRg}|stS|jdƒ}|d}|d}|jdƒ}||krgtdt|ƒƒ‚n|sƒ|jƒ|jƒkS|dkrŸ|jdƒnY|jdƒs½|jdƒrÖ|jtj |ƒƒn"|jtj |ƒj dd ƒƒx$|D]}|jtj |ƒƒqÿWtj d d j |ƒd tj ƒ} | j|ƒS( spMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 t.iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(tFalsetsplittcountR treprtlowertappendt startswithtretescapetreplacetcompiletjoint IGNORECASEtmatch( tdnthostnamet max_wildcardstpatstpartstleftmostt remaindert wildcardstfragtpat((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyt_dnsname_match;s*    " &cCs[|stdƒ‚ng}|jdd ƒ}xC|D];\}}|dkr4t||ƒr_dS|j|ƒq4q4W|sßxc|jddƒD]L}xC|D];\}}|dkr™t||ƒrÄdS|j|ƒq™q™WqŒWnt|ƒdkrtd|d jtt|ƒƒfƒ‚n;t|ƒdkrKtd ||d fƒ‚n td ƒ‚dS(s=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR)RtlenR RRR(tcertR tdnsnamestsantkeytvaluetsub((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR os.  %cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|ƒdS(N(t ca_bundlet HTTPSHandlert__init__(tselfR7((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR9›s csˆj‡fd†|ƒS(Ncst|ˆj|S(N(tVerifyingHTTPSConnR7(thosttkw(R:(s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyt¡s(tdo_open(R:treq((R:s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyt https_openŸs(R Rt__doc__R9RA(((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR˜s R;cBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(tHTTPSConnectionR9R7(R:R<R7R=((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR9¨scCsìtj|j|jft|ddƒƒ}t|dƒrjt|ddƒrj||_|jƒ|j }n |j}t j |dt j d|j ƒ|_yt|jjƒ|ƒWn4tk rç|jjtjƒ|jjƒ‚nXdS(Ntsource_addresst_tunnelt _tunnel_hostt cert_reqstca_certs(tsockettcreate_connectionR<tporttgetattrtNonethasattrtsockRERFtsslt wrap_sockett CERT_REQUIREDR7R t getpeercertR tshutdownt SHUT_RDWRtclose(R:ROt actual_host((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pytconnect¬s$!      (R RRBR9RX(((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR;¥s cCs"tjjt|ptƒƒƒjS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rtrequestt build_openerRRtopen(R7((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR Ès cs"tjˆƒ‡fd†ƒ}|S(Ncs+tˆdƒs$ˆ||Žˆ_nˆjS(Ntalways_returns(RNR\(targstkwargs(tfunc(s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pytwrapperÑs(t functoolstwraps(R_R`((R_s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pytonceÐscsnyddl}Wntk r$dSXd|jf‡fd†ƒY‰ˆƒ}|jdƒ|jdƒ|jS(NiÿÿÿÿtCertFilecs&eZ‡fd†Z‡fd†ZRS(cs'tˆ|ƒjƒtj|jƒdS(N(tsuperR9tatexittregisterRV(R:(Rd(s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyR9áscs/ytˆ|ƒjƒWntk r*nXdS(N(ReRVtOSError(R:(Rd(s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyRVås (R RR9RV((Rd(s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyRdàstCAtROOT(t wincertstoret ImportErrorRMRdtaddstoretname(Rkt _wincerts((Rds:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pytget_win_certfileÙs    cCs4ttjjtƒ}tƒp3t|dƒp3tƒS(s*Return an existing CA bundle path, or NoneN( RtostpathtisfileR RptnextRMt_certifi_where(textant_cert_paths((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyRñs cCs5ytdƒjƒSWntttfk r0nXdS(Ntcertifi(t __import__twhereRlRR(((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pyRuûs(&RqRIRfRRatsetuptools.extern.six.movesRRRRt pkg_resourcesRRRPRlRMt__all__tstripRR RYR8RCtAttributeErrortobjectRR R tbackports.ssl_match_hostnameR.R)RR;R RcRpRRu(((s:/usr/lib/python2.7/dist-packages/setuptools/ssl_support.pytsP     "          4 ) #