iNE8UddlmZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z ddlmZmZdZdZdZdZd gZeeeeeefZd d DZdSdZejr"ddlmZddlmZddl mZ!GddedZ"iZ#de$d< ddlZddlm%Z%mZm&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.mZm/Z/e)Z0er ee(sdZdD]*Z1 e2e/e1e#e2ede1< #e3$rY'wxYwddl mZn#e4$rdZ&dZ'dZ-dZ.dxZ0Z)d Z*d!Z+d"Z,YnwxYwej5de6dfZ7dTd'Z8dUd+Z9dVd-Z: dWdXd8Z;ej< dYdZdIZ=ej< dYd[dKZ= d\d[dLZ=d]dOZ>d^dQZ? d_d`dRZ@dS)a) annotationsN) unhexlify)ProxySchemeUnsupportedSSLError)_BRACELESS_IPV6_ADDRZ_RE_IPV4_REFzhttp/1.1cBi|]\}}|tt|dSN)getattrhashlib).0length algorithms X/home/piyush/.hermes/hermes-agent/venv/lib/python3.11/site-packages/urllib3/util/ssl_.py rs:  GGY - -)) md5)(sha1)@sha256openssl_versionstrreturnboolc0|d}|S)NzOpenSSL ) startswith)r is_openssls r(_is_has_never_check_common_name_reliabler"s !++J77J r) VerifyMode) TypedDict) SSLTransportc.eZdZUded<ded<ded<dS)_TYPE_PEER_CERT_RET_DICTztuple[tuple[str, str], ...]subjectAltNamez'tuple[tuple[tuple[str, str], ...], ...]subjectr serialNumberN)__name__ __module__ __qualname____annotations__rrr'r'.s633338888rr')totalzdict[int, int]_SSL_VERSION_TO_TLS_VERSION) CERT_REQUIREDHAS_NEVER_CHECK_COMMON_NAMEOP_NO_COMPRESSION OP_NO_TICKETOPENSSL_VERSION PROTOCOL_TLSPROTOCOL_TLS_CLIENTVERIFY_X509_PARTIAL_CHAINVERIFY_X509_STRICT OP_NO_SSLv2 OP_NO_SSLv3 SSLContext TLSVersion)TLSv1TLSv1_1TLSv1_2 PROTOCOL_ii@iiircert bytes | None fingerprintNonec|td|dd}t|}|tvrtd|t|}|td|t |}||}tj ||s(td|d| d dS) z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. NzNo certificate for the peer.:zFingerprint of invalid length: zAHash function implementation unavailable for fingerprint length: z&Fingerprints did not match. Expected "z", got "") rreplacelowerlen HASHFUNC_MAPgetrencodedigesthmaccompare_digesthex)rDrF digest_lengthhashfuncfingerprint_bytes cert_digests rassert_fingerprintrZks& |5666%%c2..4466K $$ML((FFFGGG ..H _P] _ _   "+"4"4"6"677(4..''))K  {,= > >  ^[ ^ ^+//J[J[ ^ ^ ^     r candidateNone | int | strr#c|tSt|tr2tt|d}|ttd|z}|S|S)a Resolves the argument to a numeric constant, which can be passed to the wrap_socket function/method from the ssl module. Defaults to :data:`ssl.CERT_REQUIRED`. If given a string it is assumed to be the name of the constant in the :mod:`ssl` module or its abbreviation. (So you can specify `REQUIRED` instead of `CERT_REQUIRED`. If it's neither `None` nor a string we assume it is already the numeric constant which can directly be passed to wrap_socket. NCERT_)r2 isinstancerr sslr[ress rresolve_cert_reqsrcsW)S!!c9d++ ;#w233C rintc|tSt|trJtt|d}|ttd|z}t jt|S|S)z like resolve_cert_reqs NrB)r7r_rr r`typingcastrdras rresolve_ssl_versionrhsd)S!!%c9d++ ;#{Y677C{3$$$ r ssl_version int | None cert_reqsoptionsciphers str | Nonessl_minimum_versionssl_maximum_version verify_flagsssl.SSLContextc>ttd|dttfvry||t dt |tj}t |tj }tj dtdtt}|||_ ntj|_ |||_|r||| t"jn|}|*d}|t&z}|t(z}|t*z}|t,z}|xj|zc_|&d}t0jdkr|t4z}|t6z}|xj|zc_t;|d dd |_|t"jkrt>s||_ d |_!nd |_!||_ d |_"d tFj$vr=tFj%&tFj$d }nd}|r||_'|S) a#Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3. :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. This parameter is deprecated instead use 'ssl_minimum_version'. :param ssl_minimum_version: The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. :param ssl_maximum_version: The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the default value. :param cert_reqs: Whether to require the certificate verification. This defaults to ``ssl.CERT_REQUIRED``. :param options: Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. :param ciphers: Which cipher suites to allow the server to select. Defaults to either system configured ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers. :param verify_flags: The flags for certificate verification operations. These default to ``ssl.VERIFY_X509_PARTIAL_CHAIN`` and ``ssl.VERIFY_X509_STRICT`` for Python 3.13+. :returns: Constructed SSLContext object with specified options :rtype: SSLContext Nz7Can't create an SSLContext object without an ssl modulezZCan't specify both 'ssl_version' and either 'ssl_minimum_version' or 'ssl_maximum_version'zi'ssl_version' option is deprecated and will be removed in urllib3 v3.0. Instead use 'ssl_minimum_version'r)category stacklevelr) post_handshake_authTF SSLKEYLOGFILE)(r= TypeErrorr7r8 ValueErrorr1rPr>MINIMUM_SUPPORTEDMAXIMUM_SUPPORTEDwarningswarn FutureWarningminimum_versionrAmaximum_version set_ciphersr`r2r;r<r4r5rlsys version_infor9r:rqr rx IS_PYOPENSSL verify_modecheck_hostnamehostname_checks_common_nameosenvironpath expandvarskeylog_filename) rirkrlrmrorprqcontext sslkeylogfiles rcreate_urllib3_contextrs]NQRRR4/BCCC  *.A.MA #>"A"AZ9## #>"A"AZ9##  MM&     ,--G&"5","4&"5%G$$$&/%6!!II;; $$ < OOwOO   w & & 5 5L . .L L( w-t44@&*#C%%%l%'!%!&'*/G'"*$$**2:>>/+J+JKK  0"/ Nr.sock socket.socketkeyfilecertfileca_certsserver_hostname ssl_contextssl.SSLContext | None ca_cert_dir key_password ca_cert_dataNone | str | bytes tls_in_tlstyping.Literal[False] ssl.SSLSocketc dSr r/ rrrrkrrrirmrrrrrs rssl_wrap_socketrGs Cr ssl.SSLSocket | SSLTransportTypec dSr r/rs rrrYs (+src |} | t|||} |s| s| r; | || | nH#t$r}t||d}~wwxYw|$t | dr| |r | t |rtd|r0| | ||n| ||| | tt|| | |}|S)a All arguments except for server_hostname, ssl_context, tls_in_tls, ca_cert_data and ca_cert_dir have the same meaning as they do when using :func:`ssl.create_default_context`, :meth:`ssl.SSLContext.load_cert_chain`, :meth:`ssl.SSLContext.set_ciphers` and :meth:`ssl.SSLContext.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket. N)rmload_default_certsz5Client private key is encrypted, password is required) rload_verify_locationsOSErrorrhasattrr_is_key_file_encryptedload_cert_chainset_alpn_protocolsALPN_PROTOCOLS_ssl_wrap_socket_impl)rrrrkrrrirmrrrrrressl_socks rrrksKPG)iQQQ%;%,% %  ) )(K N N N N % % %1++1 $ %  2F!G!G ""$$$ P<',B7,K,K'NOOOE    # #Hg 6 6 6 6  # #Hg| D D D ~...$T7JPPH Os6 AAAhostname str | bytesct|tr|d}tt j|pt j|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii)r_bytesdecoderr matchr )rs r is_ipaddressrsP(E"",??7++ x((T,D,J8,T,T U UUrkey_filect|5}|D]}d|vrddddS dddn #1swxYwYdS)z*Detects if a key file is encrypted or not. ENCRYPTEDNTF)open)rflines rrrs h1  Dd"" #  5s 5599c|r;tstdtj|t|||S|||S)Nz0TLS in TLS requires support for the 'ssl' module)r)r%r$_validate_ssl_context_for_tls_in_tls wrap_socket)rrrrs rrrsh @ (B  9+FFFD+???  " "4 " I IIr)rrrr)rDrErFrrrG)r[r\rr#)r[r\rrd)NNNNNNN)rirjrkrjrlrjrmrnrorjrprjrqrjrrr) ............)rrrrnrrnrkrjrrnrrnrirjrmrnrrrrnrrnrrrrrr)rrrrnrrnrkrjrrnrrnrirjrmrnrrrrnrrnrrrrrr) NNNNNNNNNNNF)rrrr)rrrrr ) rrrrrrrrrnrr)A __future__rrrSrsocketrrfr~binasciir exceptionsrrurlr r r=r%r3rrtuplerdr_TYPE_VERSION_INFOrOr" TYPE_CHECKINGr`r#r$ ssltransportSSLTransportTyper'r1r.r2r4r5r6r7r8r9r:r;r<r>PROTOCOL_SSLv23attrr AttributeError ImportErrorUnionr_TYPE_PEER_CERT_RETrZrcrhroverloadrrrrr/rrrs""""""" 9999999933333333   # 3S#s23H         >>>>>>9E/10000.JJJ #O#,+S+S,,,',#0 LSGDMM '5G5G5G(H(H I I    H +******LKK%&&Ol 'l#=ud#JK    D.    "# &*&*#PPPPPf"%!),!"'*(+""%!),!"'*+++++& "&")-"#'+GGGGGT V V V V#' JJJJJJJs67C: C('C:(C0-C:/C00 C::DD