î )ÚX.ã'@s*dZddlmZy$ddlmZddlmZWn1ek rmZ ze e ƒ‚WYddZ [ XnXddl Z ddl mZddlmZmZddlmZmZydd lmZWn(e k rôdZdd lmZYnXddlZddlZddlZd d lmZd d lmZddgZ eZ!ie j"j#ej$6e j"j%ej&6Z'e(edƒr¨e(e j"dƒr¨e j"j)e'ej*Z?dd„Z@dd„ZAGdd„deƒZdd„ZBGdd„deCƒZDerêd%dd „ZEneZEeEeD_Ed!d"„ZFdddddddd#d$„Z>dS)&a!SSL with SNI_-support for Python 2. Follow these instructions if you would like to verify SSL certificates in Python 2. Note, the default libraries do *not* do certificate checking; you need to do additional work to validate certificates yourself. This needs the following packages installed: * pyOpenSSL (tested with 0.13) * ndg-httpsclient (tested with 0.3.2) * pyasn1 (tested with 0.1.6) You can install them with the following command: pip install pyopenssl ndg-httpsclient pyasn1 To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this:: try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass Now you can use :mod:`urllib3` as you normally would, and it will support SNI when the required modules are installed. Activating this module also has the positive side effect of disabling SSL/TLS compression in Python 2 (see `CRIME attack`_). If you want to configure the default list of supported cipher suites, you can set the ``urllib3.contrib.pyopenssl.DEFAULT_SSL_CIPHER_LIST`` variable. Module Variables ---------------- :var DEFAULT_SSL_CIPHER_LIST: The list of supported SSL/TLS cipher suites. .. _sni: https://en.wikipedia.org/wiki/Server_Name_Indication .. _crime attack: https://en.wikipedia.org/wiki/CRIME_(security_exploit) é)Úabsolute_import)ÚSUBJ_ALT_NAME_SUPPORT)ÚSubjectAltNameN)Údecoder)ÚunivÚ constraint)ÚtimeoutÚerror)Ú _fileobject)Úbackport_makefileé)Ú connection)ÚutilÚinject_into_urllib3Úextract_from_urllib3ÚPROTOCOL_TLSv1_1ÚTLSv1_1_METHODÚPROTOCOL_TLSv1_2ÚTLSv1_2_METHODÚasciii@cCstt_tt_dt_dS)z7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.TN)Ússl_wrap_socketr ÚHAS_SNIrÚ IS_PYOPENSSL©rrú[/home/ubuntu/projects/ifolica/build/requests/requests/packages/urllib3/contrib/pyopenssl.pyrns  cCstt_tt_dt_dS)z4Undo monkey-patching by :func:`inject_into_urllib3`.FN)Úorig_connection_ssl_wrap_socketr rÚorig_util_HAS_SNIrrrrrrrrvs  c@s2eZdZdZejjejddƒZdS)rz0ASN.1 implementation for subjectAltNames supportéiN) Ú__name__Ú __module__Ú __qualname__Ú__doc__rZ SequenceOfZsizeSpecrZValueSizeConstraintrrrrrs  rc Cs g}ts|Stƒ}xët|jƒƒD]×}|j|ƒ}|jƒ}|dkr_q,n|jƒ}tj|d|ƒ}x€|D]x}t |tƒs¢q‡nxZtt |ƒƒD]F} |j | ƒ} | j ƒdkrâqµn|j t| jƒƒƒqµWq‡Wq,W|S)NssubjectAltNameZasn1SpecZdNSName)rrÚrangeZget_extension_countÚ get_extensionZget_short_nameÚget_dataÚ der_decoderÚdecodeÚ isinstanceÚlenZgetComponentByPositionÚgetNameÚappendÚstrZ getComponent) Z peer_certZdns_nameZ general_namesÚiÚextZext_nameZext_datZ decoded_datÚnameÚentryÚ componentrrrÚget_subj_alt_nameŠs*       %r1c@s¸eZdZdZddd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z ddd„Zdd„Zdd„ZdS)Ú WrappedSocketz§API-compatibility wrapper for Python OpenSSL's Connection-class. Note: _makefile_refs, _drop() and _reuse() are needed for the garbage collector of pypy. TcCs1||_||_||_d|_d|_dS)NrF)r ÚsocketÚsuppress_ragged_eofsÚ_makefile_refsÚ_closed)Úselfr r3r4rrrÚ__init__¯s     zWrappedSocket.__init__cCs |jjƒS)N)r3Úfileno)r7rrrr9¶szWrappedSocket.filenocCs;|jdkr!|jd8_n|jr7|jƒndS)Nrr)r5r6Úclose)r7rrrÚ_decref_socketiosºs zWrappedSocket._decref_socketioscOs5y|jj||Ž}Wntjjk rt}z3|jrP|jdkrPdStt|ƒƒ‚WYdd}~Xn½tjj k rÀ}z'|jj ƒtjj kr«dS‚WYdd}~Xnqtjj k r,t j |jggg|jjƒƒ\}}}|stdƒ‚n|j||ŽSYnX|SdS)NrúUnexpected EOFózThe read operation timed outéÿÿÿÿ)r>r<)r ÚrecvÚOpenSSLÚSSLÚ SysCallErrorr4ÚargsÚ SocketErrorr+ÚZeroReturnErrorÚ get_shutdownÚRECEIVED_SHUTDOWNÚ WantReadErrorÚselectr3Ú gettimeoutr)r7rCÚkwargsÚdataÚeÚrdÚwdÚedrrrr?Às"$*zWrappedSocket.recvcOs/y|jj||ŽSWntjjk rr}z3|jrN|jdkrNdStt|ƒƒ‚WYdd}~Xn¹tjj k r¾}z'|jj ƒtjj kr©dS‚WYdd}~Xnmtjj k r*t j |jggg|jjƒƒ\}}}|stdƒ‚n|j||ŽSYnXdS)NrúUnexpected EOFrzThe read operation timed outr>)r>rQ)r Ú recv_intor@rArBr4rCrDr+rErFrGrHrIr3rJr)r7rCrKrMrNrOrPrrrrR×s $*zWrappedSocket.recv_intocCs|jj|ƒS)N)r3Ú settimeout)r7rrrrrSìszWrappedSocket.settimeoutc Csxxy|jj|ƒSWqtjjk rvtjg|jgg|jjƒƒ\}}}|sotƒ‚nwYqXqWdS)N) r Úsendr@rAZWantWriteErrorrIr3rJr)r7rLÚ_ZwlistrrrÚ_send_until_doneïs zWrappedSocket._send_until_donecCsJd}x=|t|ƒkrE|j|||t…ƒ}||7}q WdS)Nr)r(rVÚSSL_WRITE_BLOCKSIZE)r7rLZ total_sentZsentrrrÚsendallúszWrappedSocket.sendallcCs|jjƒdS)N)r Úshutdown)r7rrrrYszWrappedSocket.shutdownc Cs^|jdkrKyd|_|jjƒSWqZtjjk rGdSYqZXn|jd8_dS)NrT)r5r6r r:r@rAÚError)r7rrrr:s  zWrappedSocket.closeFcCsr|jjƒ}|s|S|r8tjjtjj|ƒSid|jƒjfffd6dd„t|ƒDƒd6S)NÚ commonNameÚsubjectcSsg|]}d|f‘qS)ÚDNSr)Ú.0Úvaluerrrú s z-WrappedSocket.getpeercert..ÚsubjectAltName) r Zget_peer_certificater@ZcryptoZdump_certificateZ FILETYPE_ASN1Z get_subjectZCNr1)r7Ú binary_formÚx509rrrÚ getpeercerts   zWrappedSocket.getpeercertcCs|jd7_dS)Nr)r5)r7rrrÚ_reuse#szWrappedSocket._reusecCs/|jdkr|jƒn|jd8_dS)Nr)r5r:)r7rrrÚ_drop&s zWrappedSocket._dropN)rrr r!r8r9r;r?rRrSrVrXrYr:rdrerfrrrrr2¨s          r2rcCs%|jd7_t|||ddƒS)Nrr:T)r5r )r7ÚmodeÚbufsizerrrÚmakefile.sricCs |dkS)Nrr)ÚcnxrcZerr_noZ err_depthZ return_coderrrÚ_verify_callback7srkcCstjjt|ƒ}|r8|p%|}|j|ƒn|rN|j|ƒn|tjkrt|jt |t ƒn|s€|rÛy|j ||ƒWqåtjj k r×} ztj d|| ƒ‚WYdd} ~ XqåXn |jƒd} |j| ƒ|jtƒtjj||ƒ} t|tjƒr>|jdƒ}n| j|ƒ| jƒx­y| jƒWn—tjjk rÂtj|ggg|jƒƒ\} } } | s»tdƒ‚nwXYn>tjj k rÿ} ztj d| ƒ‚WYdd} ~ XnXPqXWt| |ƒS)Nzbad ca_certs: %rizutf-8zselect timed outzbad handshake: %r)r@rAZContextÚ_openssl_versionsZuse_certificate_fileZuse_privatekey_fileÚsslÚ CERT_NONEZ set_verifyÚ_openssl_verifyrkÚload_verify_locationsrZÚSSLErrorÚset_default_verify_pathsZ set_optionsZset_cipher_listÚDEFAULT_SSL_CIPHER_LISTÚ Connectionr'ÚsixÚ text_typeÚencodeZset_tlsext_host_nameZset_connect_stateÚ do_handshakerHrIrJrr2)ÚsockÚkeyfileÚcertfileÚ cert_reqsÚca_certsÚserver_hostnameÚ ssl_versionZ ca_cert_dirÚctxrMÚOP_NO_COMPRESSIONrjrNrUrrrr;sD  ,     *&rr>)Gr!Ú __future__rZ%ndg.httpsclient.ssl_peer_verificationrZndg.httpsclient.subj_alt_namerZBaseSubjectAltNameÚ SyntaxErrorrMÚ ImportErrorZ OpenSSL.SSLr@Zpyasn1.codec.derrr%Z pyasn1.typerrr3rr rDr Z#urllib3.packages.backports.makefiler rmrIruÚr rÚ__all__rrAZ SSLv23_METHODÚPROTOCOL_SSLv23Z TLSv1_METHODÚPROTOCOL_TLSv1rlÚhasattrrrrrÚupdateZ SSLv3_METHODÚPROTOCOL_SSLv3ÚAttributeErrorZ VERIFY_NONErnZ VERIFY_PEERÚ CERT_OPTIONALZVERIFY_FAIL_IF_NO_PEER_CERTÚ CERT_REQUIREDroZssl_ZDEFAULT_CIPHERSrwrsrWrrrrrr1Úobjectr2rirkrrrrÚ-sl      !!!      …