/{Yc@scddlZddlZddlZddlZddlZddlmZmZddlmZyddl Z Wne k rdZ YnXdddddgZ d j jZeZZxpd d d gfd ddgffD]J\ZZx;eD]3ZyedeefWqe k r(YqXqWqWe dk oLeeefkZyddl mZmZWnWe k ry$ddlmZddlmZWne k rdZdZYnXYnXesGdddeZnesdddZddZnGdddeZGdddeZdddZda dd Z!d!dZ"dS("iN(uResolutionErroruExtractionError(uurllib2uVerifyingHTTPSHandlerufind_ca_bundleu is_availableu cert_pathsu opener_foru /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem u HTTPSHandleruurllib2uurllib.requestuHTTPSConnectionuhttplibu http.clientufrom %s import %s(uCertificateErrorumatch_hostname(uCertificateError(umatch_hostnamecBs|EeZdZdS(uCertificateErrorN(u__name__u __module__u __qualname__(u __locals__((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyuCertificateError8suCertificateErroric CsXg}|sdS|jd}|d}|dd}|jd}||krmtdt|n|s|j|jkS|dkr|jdnY|jds|jdr|jtj |n"|jtj |j d d x$|D]}|jtj |qWtj d d j |d tj } | j|S(upMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 u.iiNu*u,too many wildcards in certificate DNS name: u[^.]+uxn--u\*u[^.]*u\Au\.u\ZF(uFalseusplitucountuCertificateErrorurepruloweruappendu startswithureuescapeureplaceucompileujoinu IGNORECASEumatch( udnuhostnameu max_wildcardsupatsupartsuleftmostu remainderu wildcardsufragupat((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu_dnsname_match<s*   " &u_dnsname_matchcCs[|stdng}|jdf}xC|D];\}}|dkr4t||r_dS|j|q4q4W|sxc|jdfD]L}xC|D];\}}|dkrt||rdS|j|qqWqWnt|dkrtd|d jtt|fn;t|dkrKtd ||d fn td dS( u=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. uempty or no certificateusubjectAltNameuDNSNusubjectu commonNameiu&hostname %r doesn't match either of %su, uhostname %r doesn't match %riu=no appropriate commonName or subjectAltName fields were found( u ValueErrorugetu_dnsname_matchuappendulenuCertificateErrorujoinumapurepr(ucertuhostnameudnsnamesusanukeyuvalueusub((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyumatch_hostnameps.  %umatch_hostnamecBs2|EeZdZdZddZddZdS(uVerifyingHTTPSHandleru=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|dS(N(u ca_bundleu HTTPSHandleru__init__(uselfu ca_bundle((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu__init__s uVerifyingHTTPSHandler.__init__csjfdd|S(Ncst|j|S(N(uVerifyingHTTPSConnu ca_bundle(uhostukw(uself(u//tmp/pip-jy811g-build/setuptools/ssl_support.pyusu2VerifyingHTTPSHandler.https_open..(udo_open(uselfureq((uselfu//tmp/pip-jy811g-build/setuptools/ssl_support.pyu https_opensu VerifyingHTTPSHandler.https_openN(u__name__u __module__u __qualname__u__doc__u__init__u https_open(u __locals__((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyuVerifyingHTTPSHandlers cBs2|EeZdZdZddZddZdS(uVerifyingHTTPSConnu@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(uHTTPSConnectionu__init__u ca_bundle(uselfuhostu ca_bundleukw((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu__init__suVerifyingHTTPSConn.__init__c Cstj|j|jft|dd}t|drat|ddra||_|jnt j |dt j d|j |_yt |jj|jWn5tk r|jjtj|jjYnXdS(Nusource_addressu_tunnelu _tunnel_hostu cert_reqsuca_certs(usocketucreate_connectionuhostuportugetattruNoneuhasattrusocku_tunnelusslu wrap_socketu CERT_REQUIREDu ca_bundleumatch_hostnameu getpeercertuCertificateErrorushutdownu SHUT_RDWRuclose(uselfusock((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyuconnects$!    uVerifyingHTTPSConn.connectN(u__name__u __module__u __qualname__u__doc__u__init__uconnect(u __locals__((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyuVerifyingHTTPSConns uVerifyingHTTPSConncCstjt|ptjS(u@Get a urlopen() replacement that uses ca_bundle for verification(uurllib2u build_openeruVerifyingHTTPSHandlerufind_ca_bundleuopen(u ca_bundle((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu opener_forsc sxtdk rtjSyddlmWntk r?dSYnXGfddd}|dddgatjS(Ni(uCertFilecs,|EeZdZfffddZdS(u$get_win_certfile..MyCertFilecsLj|x|D]}|j|qW|j|tj|jdS(N(u__init__uaddstoreuaddcertsuatexituregisteruclose(uselfustoresucertsustore(uCertFile(u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu__init__s    u-get_win_certfile..MyCertFile.__init__N(u__name__u __module__u __qualname__u__init__(u __locals__(uCertFile(u//tmp/pip-jy811g-build/setuptools/ssl_support.pyu MyCertFilesu MyCertFileustoresuCAuROOT(u _wincertsuNoneunameu wincertstoreuCertFileu ImportError(u MyCertFile((uCertFileu//tmp/pip-jy811g-build/setuptools/ssl_support.pyuget_win_certfiles   uget_win_certfilec CswtjdkrtSx$tD]}tjj|r|SqWytjddSWntt t fk rrdSYnXdS(u*Return an existing CA bundle path, or Noneuntucertifiu cacert.pemN( uosunameuget_win_certfileu cert_pathsupathuisfileu pkg_resourcesuresource_filenameu ImportErroruResolutionErroruExtractionErroruNone(u cert_path((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyufind_ca_bundles (#uosusocketuatexitureu pkg_resourcesuResolutionErroruExtractionErrorusetuptools.compatuurllib2usslu ImportErroruNoneu__all__ustripusplitu cert_pathsuobjectu HTTPSHandleruHTTPSConnectionuwhatuwhereumoduleuexecu is_availableuCertificateErrorumatch_hostnameubackports.ssl_match_hostnameu ValueErroru_dnsname_matchuVerifyingHTTPSHandleruVerifyingHTTPSConnu opener_foru _wincertsuget_win_certfileufind_ca_bundle(((u//tmp/pip-jy811g-build/setuptools/ssl_support.pyusV               4)