3 υ_/!@sddlmZddlZddlZddlZddlmZmZddlm Z m Z m Z ddl m Z mZmZdZdZdZdZe e e dZd d Zeed eZy,ddlZdd lmZmZmZdd lmZWnek rYnXyddlmZmZmZWn"ek rd0\ZZdZYnXdj dddddddddddddd d!d"gZ!ydd#lmZWn.ek rrddl"Z"Gd$d%d%e#ZYnXd&d'Z$d(d)Z%d*d+Z&d1d,d-Z'd2d.d/Z(dS)3)absolute_importN)hexlify unhexlify)md5sha1sha256)SSLErrorInsecurePlatformWarningSNIMissingWarningF) (@cCsHtt|t|}x*tt|t|D]\}}|||AO}q(W|dkS)z Compare two digests of equal length in constant time. The digests must be of type str/bytes. Returns True if the digests match, and False otherwise. r)abslenzip bytearray)abresultlrr/usr/lib/python3.6/ssl_.py_const_compare_digest_backportsrZcompare_digest) wrap_socket CERT_NONEPROTOCOL_SSLv23)HAS_SNI) OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONi:zTLS13-AES-256-GCM-SHA384zTLS13-CHACHA20-POLY1305-SHA256zTLS13-AES-128-GCM-SHA256z ECDH+AESGCMz ECDH+CHACHA20z DH+AESGCMz DH+CHACHA20z ECDH+AES256z DH+AES256z ECDH+AES128zDH+AESz RSA+AESGCMzRSA+AESz!aNULLz!eNULLz!MD5) SSLContextc@s\eZdZdejkodknp*dejkZddZddZdd d Zd d Z dddZ dS)r%rcCs6||_d|_tj|_d|_d|_d|_d|_d|_ dS)NFr) protocolcheck_hostnamesslr verify_modeca_certsoptionscertfilekeyfileciphers)selfZprotocol_versionrrr__init__cszSSLContext.__init__cCs||_||_dS)N)r.r/)r1r.r/rrrload_cert_chainnszSSLContext.load_cert_chainNcCs||_|dk rtddS)Nz-CA directories not supported in older Pythons)r,r )r1ZcafileZcapathrrrload_verify_locationsrsz SSLContext.load_verify_locationscCs|jstd||_dS)NzYour version of Python does not support setting a custom cipher suite. Please upgrade to Python 2.7, 3.2, or later if you need this functionality.)supports_set_ciphers TypeErrorr0)r1Z cipher_suiterrr set_ciphersxszSSLContext.set_ciphersFcCsTtjdt|j|j|j|j|j|d}|jrDt |fd|j i|St |f|SdS)Na2A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings)r/r.r, cert_reqs ssl_version server_sider0) warningswarnr r/r.r,r+r(r5rr0)r1Zsocketserver_hostnamer:kwargsrrrrszSSLContext.wrap_socket)rr&)r')r'r)NN)NF) __name__ __module__ __qualname__sys version_infor5r2r3r4r7rrrrrr%_s    r%cCsn|jddj}t|}tj|}|s4tdj|t|j}||j }t ||sjtdj|t |dS)z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. r$z"Fingerprint of invalid length: {0}z6Fingerprints did not match. Expected "{0}", got "{1}".N) replacelowerr HASHFUNC_MAPgetr formatrencodeZdigest_const_compare_digestr)ZcertZ fingerprintZ digest_lengthZhashfuncZfingerprint_bytesZ cert_digestrrrassert_fingerprints      rLcCs@|dkr tSt|trst   : >