a H¤XhÕã@s dZddlmZddlZddlZddlZddlmZmZejrJddl m Z dZ Gdd „d e ƒZ dd d d d dœdd„Zd dddœdd„Zddd dddœdd„ZdS)zHThe match_hostname() function from Python 3.5, essential when using SSL.é)Ú annotationsN)Ú IPv4AddressÚ IPv6Addressé)Ú_TYPE_PEER_CERT_RET_DICTz3.5.0.1c@s eZdZdS)ÚCertificateErrorN)Ú__name__Ú __module__Ú __qualname__©r r úd/var/www/viveiro_mudafortebrasil/venv/lib/python3.9/site-packages/urllib3/util/ssl_match_hostname.pyrsrz typing.AnyÚstrÚintztyping.Match[str] | None | bool)ÚdnÚhostnameÚ max_wildcardsÚreturnc Csög}|s dS| d¡}|d}|dd…}| d¡}||krLtdt|ƒƒ‚|sdt| ¡| ¡kƒS|dkrx| d¡n>| d ¡sŒ| d ¡rž| t  |¡¡n| t  |¡  d d ¡¡|D]}| t  |¡¡qºt  d d   |¡dtj ¡} |  |¡S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 FÚ.rrNÚ*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)ÚsplitÚcountrÚreprÚboolÚlowerÚappendÚ startswithÚreÚescapeÚreplaceÚcompileÚjoinÚ IGNORECASEÚmatch) rrrÚpatsÚpartsÚleftmostÚ remainderÚ wildcardsÚfragÚpatr r r Ú_dnsname_matchs,    ÿ r*zIPv4Address | IPv6Addressr)ÚipnameÚhost_iprcCst | ¡¡}t|j|jkƒS)a…Exact matching of IP addresses. RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded bytes of the IP address. An IP version 4 address is 4 octets, and an IP version 6 address is 16 octets. [...] A reference identity of type IP-ID matches if the address is identical to an iPAddress value of the subjectAltName extension of the certificate." )Ú ipaddressÚ ip_addressÚrstriprÚpacked)r+r,Úipr r r Ú_ipaddress_matchPs r2Fz_TYPE_PEER_CERT_RET_DICT | NoneÚNone)ÚcertrÚhostname_checks_common_namerc Cs„|s tdƒ‚z0d|vr0t |d| d¡…¡}n t |¡}WntyRd}Yn0g}| dd¡}|D]^\}}|dkrœ|durt||ƒrdS| |¡qh|dkrh|dur¼t||ƒr¼dS| |¡qh|r$|dur$|s$| dd¡D]8}|D].\}}|d kròt||ƒrdS| |¡qòqêt|ƒd krPt d |d   t t |ƒ¡fƒ‚n0t|ƒd krxt d |›d|d›ƒ‚nt dƒ‚dS)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDú%NÚsubjectAltNamer ÚDNSz IP AddressÚsubjectÚ commonNamerz&hostname %r doesn't match either of %sz, z hostname z doesn't match rz/no appropriate subjectAltName fields were found) Ú ValueErrorr-r.ÚrfindÚgetr*rr2Úlenrr Úmapr) r4rr5r,ÚdnsnamesÚsanÚkeyÚvalueÚsubr r r Úmatch_hostname_sJ ÿ        ÿÿrE)r)F)Ú__doc__Ú __future__rr-rÚtypingrrÚ TYPE_CHECKINGÚssl_rÚ __version__r;rr*r2rEr r r r Ús  ÿ8ý