ó «©\Tc@sPddlZddlZddlZddlZddlZddlZddlmZmZddlm Z yddl Z Wne k r—dZ nXdddddgZ d jƒjƒZeZZxmd d d gfd ddgffD]G\ZZx8eD]0ZydeefdUWqe k r0qXqWqîWe dk oTeeefkZyddlmZWn5e k r¢eedeƒƒZedd„ZnXyddl mZmZWn<e k rûdefd„ƒYZdd„Zd„ZnXdefd„ƒYZdefd„ƒYZ dd„Z!da"d„Z#d„Z$dS( iÿÿÿÿN(tResolutionErrortExtractionError(turllib2tVerifyingHTTPSHandlertfind_ca_bundlet is_availablet cert_pathst opener_forsÄ /etc/pki/tls/certs/ca-bundle.crt /etc/ssl/certs/ca-certificates.crt /usr/share/ssl/certs/ca-bundle.crt /usr/local/share/certs/ca-root.crt /etc/ssl/cert.pem /System/Library/OpenSSL/certs/cert.pem t HTTPSHandlerRsurllib.requesttHTTPSConnectionthttplibs http.clientsfrom %s import %s(tcreate_connectiont_GLOBAL_DEFAULT_TIMEOUTc Csþ|\}}d}xÍtj||dtjƒD]°}|\}}} } } d} y\tj||| ƒ} |tk rƒ| j|ƒn|r™| j|ƒn| j| ƒ| SWq.tk rÝt }| dk rÞ| j ƒqÞq.Xq.W|rî‚n tdƒ‚dS(sˆConnect to *address* and return the socket object. Convenience function. Connect to *address* (a 2-tuple ``(host, port)``) and return the socket object. Passing the optional *timeout* parameter will set the timeout on the socket instance before attempting to connect. If no *timeout* is supplied, the global default timeout setting returned by :func:`getdefaulttimeout` is used. If *source_address* is set it must be a tuple of (host, port) for the socket to bind as a source address before making the connection. An host of '' or port 0 tells the OS to use the default. is!getaddrinfo returns an empty listN( tNonetsockett getaddrinfot SOCK_STREAMR t settimeouttbindtconnectterrortTruetclose( taddressttimeouttsource_addressthosttportterrtrestaftsocktypetprotot canonnametsatsock((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyR 0s( "    (tCertificateErrortmatch_hostnameR$cBseZRS((t__name__t __module__(((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyR$XsicCs¶g}x‰|jdƒD]x}|jdƒ|krJtdt|ƒƒ‚n|dkrf|jdƒqtj|ƒ}|j|jddƒƒqWtjddj |ƒd tj ƒS( Nt.t*s,too many wildcards in certificate DNS name: s[^.]+s\*s[^.]*s\As\.s\Z( tsplittcountR$treprtappendtretescapetreplacetcompiletjoint IGNORECASE(tdnt max_wildcardstpatstfrag((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyt_dnsname_to_pat[s cCsg|stdƒ‚ng}|jdd ƒ}xI|D]A\}}|dkr4t|ƒj|ƒredS|j|ƒq4q4W|sëxi|jddƒD]R}xI|D]A\}}|dkrŸt|ƒj|ƒrÐdS|j|ƒqŸqŸWq’Wnt|ƒdkr(td|d jtt |ƒƒfƒ‚n;t|ƒdkrWtd ||d fƒ‚n td ƒ‚dS(s7Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 rules are mostly followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. sempty or no certificatetsubjectAltNametDNSNtsubjectt commonNameis&hostname %r doesn't match either of %ss, shostname %r doesn't match %ris=no appropriate commonName or subjectAltName fields were found((( t ValueErrortgetR8tmatchR-tlenR$R2tmapR,(tcertthostnametdnsnamestsantkeytvaluetsub((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyR%os.  %cBs eZdZd„Zd„ZRS(s=Simple verifying handler: no auth, subclasses, timeouts, etc.cCs||_tj|ƒdS(N(t ca_bundleRt__init__(tselfRI((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRJ±s csˆj‡fd†|ƒS(Ncst|ˆj|S(N(tVerifyingHTTPSConnRI(Rtkw(RK(sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyt·s(tdo_open(RKtreq((RKsC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyt https_openµs(R&R't__doc__RJRQ(((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyR®s RLcBs eZdZd„Zd„ZRS(s@Simple verifying connection: no auth, subclasses, timeouts, etc.cKs tj|||||_dS(N(R RJRI(RKRRIRM((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRJ½scCs£t|j|jft|ddƒƒ}tj|dtjd|jƒ|_ yt |j j ƒ|jƒWn4t k rž|j j tjƒ|j jƒ‚nXdS(NRt cert_reqstca_certs(R RRtgetattrR tsslt wrap_sockett CERT_REQUIREDRIR#R%t getpeercertR$tshutdownRt SHUT_RDWRR(RKR#((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRÁs$  (R&R'RRRJR(((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRL»s cCstjt|ptƒƒƒjS(s@Get a urlopen() replacement that uses ca_bundle for verification(Rt build_openerRRtopen(RI((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRÏscsttdk rtjSyddlm‰Wntk r;dSXdˆf‡fd†ƒY}|dddgƒatjS(Niÿÿÿÿ(tCertFilet MyCertFilecseZdd‡fd†ZRS(csLˆj|ƒx|D]}|j|ƒqW|j|ƒtj|jƒdS(N(RJtaddstoretaddcertstatexittregisterR(RKtstorestcertststore(R^(sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRJäs    (((R&R'RJ((R^(sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyR_ãsRdtCAtROOT(t _wincertsR tnamet wincertstoreR^t ImportError(R_((R^sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pytget_win_certfileÙs  cCsstjdkrtƒSx$tD]}tjj|ƒr|SqWytjddƒSWntt t fk rndSXdS(s*Return an existing CA bundle path, or Nonetnttcertifis cacert.pemN( tosRjRmRtpathtisfilet pkg_resourcestresource_filenameRlRRR (t cert_path((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pyRïs (%tsysRpRRbR.RsRRtsetuptools.compatRRVRlR t__all__tstripR*RtobjectRR twhattwheretmoduleRR RUR R$R%R=R8RRLRRiRmR(((sC/opt/freeware/lib/python2.7/site-packages/setuptools/ssl_support.pytsL<          $   ?