3 υ_2@sddlmZddlZddlZddlZddlZddlZddlmZm Z ddl Z ddl m Z ddlmZddlmZyddlZejZWn,eefk rdZGdd d eZYnXyeZWn$ek rGd d d eZYnXdd lmZmZmZmZdd l m!Z!m"Z"ddl#m$Z$m%Z%m&Z&m'Z'm(Z(ddl)m*Z*ddl+m,Z,ej-e.Z/dddZ0ej1dddZ2Gddde3Z4Gdddee3ZGdddeZ5Gddde5Z6ddZ7ere5Z8e6Z5ne4Z5dS))absolute_importN)errortimeout)six)HTTPConnection) HTTPExceptionc@s eZdZdS) BaseSSLErrorN)__name__ __module__ __qualname__r r /usr/lib/python3.6/connection.pyr sr c@s eZdZdS)ConnectionErrorN)r r r r r r rrsr)NewConnectionErrorConnectTimeoutErrorSubjectAltNameWarningSystemTimeWarning)match_hostnameCertificateError)resolve_cert_reqsresolve_ssl_versionassert_fingerprintcreate_urllib3_contextssl_wrap_socket) connection)HTTPHeaderDictPi)httphttpsic@seZdZdZdS)DummyConnectionz-Used to detect a failed ConnectionCls import.N)r r r __doc__r r r rr Asr c@sVeZdZdZedZejejdfgZ dZ ddZ ddZ d d Z d d ZdddZd S)ra{ Based on httplib.HTTPConnection but provides an extra constructor backwards-compatibility layer between older and newer Pythons. Additional keyword parameters are used to configure attributes of the connection. Accepted parameters include: - ``strict``: See the documentation on :class:`urllib3.connectionpool.HTTPConnectionPool` - ``source_address``: Set the source address for the current connection. .. note:: This is ignored for Python 2.6. It is only applied for 2.7 and 3.x - ``socket_options``: Set specific options on the underlying socket. If not specified, then defaults are loaded from ``HTTPConnection.default_socket_options`` which includes disabling Nagle's algorithm (sets TCP_NODELAY to 1) unless the connection is behind a proxy. For example, if you wish to enable TCP Keep Alive in addition to the defaults, you might pass:: HTTPConnection.default_socket_options + [ (socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1), ] Or you may want to disable the defaults by passing an empty list (e.g., ``[]``). rrFcOsZtjr|jdd|jd|_tjdkr4|jdd|jd|j|_t j |f||dS)Nstrictsource_addresssocket_options)r$r%) rZPY3popgetr#sys version_infodefault_socket_optionsr&_HTTPConnection__init__)selfargskwr r rr-js    zHTTPConnection.__init__cCsi}|jr|j|d<|jr$|j|d<ytj|j|jf|jf|}Wnftk rz}zt|d|j|jfWYdd}~Xn0t k r}zt |d|WYdd}~XnX|S)zp Establish a socket connection and set nodelay settings on it. :return: New socket connection. r#r&z0Connection to %s timed out. (connect timeout=%s)Nz(Failed to establish a new connection: %s) r#r&rZcreate_connectionhostportr SocketTimeoutr SocketErrorr)r.Zextra_kwconner r r _new_conns    zHTTPConnection._new_conncCs$||_t|ddr |jd|_dS)N _tunnel_hostr)sockgetattr_tunnel auto_open)r.r5r r r _prepare_conns zHTTPConnection._prepare_conncCs|j}|j|dS)N)r7r=)r.r5r r rconnectszHTTPConnection.connectNc Cst|dk r|ni}d|k}d|k}|j||||dx |jD]\}}|j||q@Wd|krl|jdd|j|dk rtjtjf} t|| r|f}xj|D]b} | sqt| tjs| j d} t t | d d} |j | j d |j d |j | |j d qW|j d dS) z Alternative to the common request method, which sends the body with chunked encoding and not as one block Nzaccept-encodingr1)skip_accept_encoding skip_hostztransfer-encodingzTransfer-EncodingZchunkedutf8r$zutf-8s s0 ) rZ putrequestitemsZ putheaderZ endheadersrZ string_typesZ binary_type isinstanceencodehexlensend) r.methodZurlZbodyZheadersr?r@headervalueZstringish_typeschunkZlen_strr r rrequest_chunkeds8        zHTTPConnection.request_chunked)NN)r r r r!port_by_scheme default_portsocketZ IPPROTO_TCPZ TCP_NODELAYr+ is_verifiedr-r7r=r>rLr r r rrFs rc@s8eZdZedZdZddddejdfddZddZ dS)HTTPSConnectionrNc Ks8tj|||f||d|||_||_||_d|_dS)N)r"rr)rr-key_file cert_file ssl_contextZ _protocol) r.r1r2rRrSr"rrTr0r r rr-s zHTTPSConnection.__init__cCsN|j}|j||jdkr2ttdtdd|_t||j|j|jd|_ dS)N) ssl_version cert_reqs)r9keyfilecertfilerT) r7r=rTrrrrrRrSr9)r.r5r r rr>s  zHTTPSConnection.connect) r r r rMrNrUrOZ_GLOBAL_DEFAULT_TIMEOUTr-r>r r r rrQs  rQc@s6eZdZdZdZdZdZdZdZdddZ ddZ dS)VerifiedHTTPSConnectionz[ Based on httplib.HTTPSConnection but wraps the socket with SSL certification. NcCsn|dkr(|s|rd}n|jdk r(|jj}||_||_||_||_||_|oTtjj ||_ |oftjj ||_ dS)zX This method should only be called once, before the connection is used. N CERT_REQUIRED) rT verify_moderRrSrVassert_hostnamerospath expanduserca_certs ca_cert_dir)r.rRrSrVr`r\rrar r rset_certs  z VerifiedHTTPSConnection.set_certc CsL|j}|j}t|ddr4||_|jd|_|j}tjj t k}|rXt j dj t t|jdkr|tt|jt|jd|_|j}t|j|_t||j|j|j|j||d|_|jrt|jjdd|jnb|jtjkot|dd  o|jd k r.|jj}|j d fst j d j |t!t"||jp*||jtj#kpD|jdk |_$dS) Nr8rzWSystem time is way off (before {0}). This will probably lead to SSL verification errors)rUrV)r9rWrXr`raZserver_hostnamerTT)Z binary_formZcheck_hostnameFZsubjectAltNamezCertificate for {0} has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.))%r7r1r:r9r;r<r8datetimedateZtoday RECENT_DATEwarningswarnformatrrTrrrUrrVr[rrRrSr`rarZ getpeercertsslZ CERT_NONEr\r(r_match_hostnamerZrP)r.r5ZhostnameZ is_time_offcontextcertr r rr>sT        zVerifiedHTTPSConnection.connect)NNNNNNN) r r r r!rVr`rarUrrbr>r r r rrYs rYcCsLyt||Wn8tk rF}ztjd||||_WYdd}~XnXdS)Nz@Certificate did not match expected hostname: %s. Certificate: %s)rrlogrZ _peer_cert)rlZasserted_hostnamer6r r rrjbsrj)9Z __future__rrcZloggingr]r)rOrr4rr3rfZpackagesrZpackages.six.moves.http_clientrr,rriZSSLErrorr ImportErrorAttributeError BaseExceptionr NameError Exception exceptionsrrrrZpackages.ssl_match_hostnamerrZ util.ssl_rrrrrutilr _collectionsrZ getLoggerr rmrMrdreobjectr rQrYrjZUnverifiedHTTPSConnectionr r r rsN         &l