uVc@sdZddlZddlZyddlZWnek rGdZnXdZdefdYZddZ dZ d Z d Z dS( sJThe match_hostname() function from Python 3.3.3, essential when using SSL.iNs3.5.0.1tCertificateErrorcBseZRS((t__name__t __module__(((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pyRsic CsRg}|stS|jd}|d}|d}|jd}||krgtdt|n|s|j|jkS|dkr|jdnY|jds|jdr|jtj |n"|jtj |j dd x$|D]}|jtj |qWtj d d j |d tj } | j|S( shMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 t.iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(tFalsetsplittcountRtreprtlowertappendt startswithtretescapetreplacetcompiletjoint IGNORECASEtmatch( tdnthostnamet max_wildcardstpatstpartstleftmostt remaindert wildcardstfragtpat((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pyt_dnsname_matchs*    " &cCs=t|tr9tjdkr9t|dddd}n|S(Nitencodingtasciiterrorststrict(i(t isinstancetstrtsyst version_infotunicode(tobj((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pyt _to_unicodeLscCs%tjt|j}||kS(sExact matching of IP addresses. RFC 6125 explicitly doesn't define an algorithm for this (section 1.7.2 - "Out of Scope"). (t ipaddresst ip_addressR(trstrip(tipnamethost_iptip((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pyt_ipaddress_matchQscCs|stdnytjt|}WnUtk rGd}n?tk r]d}n)tk rtdkrd}qnXg}|jdd}x|D]\}}|dkr|dkrt||rdS|j |q|dkr|dk rt ||rdS|j |qqW|sxc|jddD]L}xC|D];\}}|dkrQt||r|dS|j |qQqQWqDWnt |dkrt d |d j tt|fn;t |dkrt d ||d fn t d dS(s)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. stempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDtsubjectAltNametDNSNs IP Addresstsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found(((t ValueErrorR)R*R(tNonet UnicodeErrortAttributeErrortgetRR R/tlenRRtmapR(tcertRR-tdnsnamestsantkeytvaluetsub((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pytmatch_hostname]sJ          %( t__doc__R R$R)t ImportErrorR5t __version__R4RRR(R/RA(((sI/usr/lib/python2.7/site-packages/backports/ssl_match_hostname/__init__.pyts     5