ó ž­çSc@sNddlZddlZddlZddlZddlZddlmZmZddlmZyddl Z Wne k r‹dZ nXdddddgZ d j ƒjƒZeZZxmd d d gfd ddgffD]G\ZZx8eD]0ZydeefdUWqõe k r$qõXqõWqâWe dk oHeeefkZyddl mZmZWnUe k r¼y$ddlmZddlmZWq½e k r¸dZdZq½XnXesÜdefd„ƒYZnesúdd„Zd„Zndefd„ƒYZdefd„ƒYZdd„Zdad„Z d„Z!dS(iÿÿÿÿN(tResolutionErrortExtractionError(turllib2tVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_forsÄ /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem t HTTPSHandlerRsurllib.requesttHTTPSConnectionthttplibs http.clientsfrom %s import %s(tCertificateErrortmatch_hostname(R (R R cBseZRS((t__name__t __module__(((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR 8sic CsRg}|stS|jdƒ}|d}|d}|jdƒ}||krgtdt|ƒƒ‚n|sƒ|jƒ|jƒkS|dkrŸ|jdƒnY|jdƒs½|jdƒrÖ|jtj |ƒƒn"|jtj |ƒj dd ƒƒx$|D]}|jtj |ƒƒqÿWtj d d j |ƒd tj ƒ} | j|ƒS( spMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 t.iit*s,too many wildcards in certificate DNS name: s[^.]+sxn--s\*s[^.]*s\As\.s\Z(tFalsetsplittcountR treprtlowertappendt startswithtretescapetreplacetcompiletjoint IGNORECASEtmatch( tdnthostnamet max_wildcardstpatstpartstleftmostt remaindert wildcardstfragtpat((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyt_dnsname_match<s*    " &cCs[|stdƒ‚ng}|jdd ƒ}xC|D];\}}|dkr4t||ƒr_dS|j|ƒq4q4W|sßxc|jddƒD]L}xC|D];\}}|dkr™t||ƒrÄdS|j|ƒq™q™WqŒWnt|ƒdkrtd|d jtt|ƒƒfƒ‚n;t|ƒdkrKtd ||d fƒ‚n td ƒ‚dS(s=Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR)RtlenR RtmapR(tcertR tdnsnamestsantkeytvaluetsub((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR ps.  %cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|ƒdS(N(t ca_bundleRt__init__(tselfR8((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR9œs csˆj‡fd†|ƒS(Ncst|ˆj|S(N(tVerifyingHTTPSConnR8(thosttkw(R:(s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyt¢s(tdo_open(R:treq((R:s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyt https_open s(R Rt__doc__R9RA(((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR™s R;cBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(R R9R8(R:R<R8R=((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR9¨scCsìtj|j|jft|ddƒƒ}t|dƒrjt|ddƒrj||_|jƒ|j }n |j}t j |dt j d|j ƒ|_yt|jjƒ|ƒWn4tk rç|jjtjƒ|jjƒ‚nXdS(Ntsource_addresst_tunnelt _tunnel_hostt cert_reqstca_certs(tsockettcreate_connectionR<tporttgetattrtNonethasattrtsockRDREtsslt wrap_sockett CERT_REQUIREDR8R t getpeercertR tshutdownt SHUT_RDWRtclose(R:RNt actual_host((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pytconnect¬s$!      (R RRBR9RW(((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR;¦s cCstjt|ptƒƒƒjS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rt build_openerRRtopen(R8((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyRÇscsttdk rtjSyddlm‰Wntk r;dSXdˆf‡fd†ƒY}|dddgƒatjS(Niÿÿÿÿ(tCertFilet MyCertFilecseZdd‡fd†ZRS(csLˆj|ƒx|D]}|j|ƒqW|j|ƒtj|jƒdS(N(R9taddstoretaddcertstatexittregisterRU(R:tstorestcertststore(RZ(s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR9Ûs    (((R RR9((RZ(s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyR[ÚsR`tCAtROOT(t _wincertsRLtnamet wincertstoreRZt ImportError(R[((RZs@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pytget_win_certfileÐs  cCsstjdkrtƒSx$tD]}tjj|ƒr|SqWytjddƒSWntt t fk rndSXdS(s*Return an existing CA bundle path, or Nonetnttcertifis cacert.pemN( tosRfRiRtpathtisfilet pkg_resourcestresource_filenameRhRRRL(t cert_path((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pyRæs ("RlRHR^RRoRRtsetuptools.compatRRORhRLt__all__tstripRRtobjectRR twhattwheretmoduleRR R tbackports.ssl_match_hostnameR.R)RR;RReRiR(((s@/usr/local/lib/python2.7/site-packages/setuptools/ssl_support.pytsV                4 ) !