K iM UdZddlmZddlZddlmZ ddlmZddl Z ddl Z ddl Z ddlmZdd lmZdd lmZd d lmZe j*rdd lmZddgZej2j4ej6j8ej2j:ej6j8e j<ej6j>iZ de!d<e"e dr6e"ej6dr#ej6jFe e jH<e"e dr6e"ej6dr#ej6jJe e jL<e jNej6jPe jRej6jTe jVej6jTej6jXziZ-e-j]Dcic]\}}|| c}}Z/e0ej6dde0ej6ddzZ1de!d<e0ej6ddZ2de!d<e0ej6ddZ3de!d<e0ej6ddZ4de!d<e0ej6d dZ5de!d!<e jljne1e jljpe1e jljre1e2ze jljte1e2ze3ze jljve1e2ze3ze4ze jljxe1e2ze3ze4ziZ=de!d"<e jljne1e2ze3ze4ze5ze jljpe1e3ze4ze5ze jljre1e4ze5ze jljte1e5ze jljve1e jljxe1iZ>de!d#<d$Z?ej2jZAe jeCZDd/d%ZEd/d&ZFd/d'ZGd0d(ZHd1d)ZIGd*d+ZJejeJ_KGd,d-ZL d2d.ZMy#e $rGdde ZY8wxYwcc}}w)3a Module for using pyOpenSSL as a TLS backend. This module was relevant before the standard library ``ssl`` module supported SNI, but now that we've dropped support for Python 2.7 all relevant Python versions support SNI so **this module is no longer recommended**. This needs the following packages installed: * `pyOpenSSL`_ (tested with 16.0.0) * `cryptography`_ (minimum 1.3.4, from pyopenssl) * `idna`_ (minimum 2.0) However, pyOpenSSL depends on cryptography, so while we use all three directly here we end up having relatively few packages required. You can install them with the following command: .. code-block:: bash $ python -m pip install pyopenssl cryptography idna To activate certificate checking, call :func:`~urllib3.contrib.pyopenssl.inject_into_urllib3` from your Python code before you begin making HTTP requests. This can be done in a ``sitecustomize`` module, or at any other time before your application begins using ``urllib3``, like this: .. code-block:: python try: import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() except ImportError: pass .. _pyopenssl: https://www.pyopenssl.org .. _cryptography: https://cryptography.io .. _idna: https://github.com/kjd/idna ) annotationsN)x509)UnsupportedExtensionc eZdZy)rN)__name__ __module__ __qualname___/mnt/ssd/data/python-lab/Trading/venv/lib/python3.12/site-packages/urllib3/contrib/pyopenssl.pyrr2s r r)BytesIO)socket)timeout)utilX509inject_into_urllib3extract_from_urllib3zdict[int, int]_openssl_versionsPROTOCOL_TLSv1_1TLSv1_1_METHODPROTOCOL_TLSv1_2TLSv1_2_METHOD OP_NO_SSLv2 OP_NO_SSLv3int_OP_NO_SSLv2_OR_SSLv3 OP_NO_TLSv1 _OP_NO_TLSv1 OP_NO_TLSv1_1_OP_NO_TLSv1_1 OP_NO_TLSv1_2_OP_NO_TLSv1_2 OP_NO_TLSv1_3_OP_NO_TLSv1_3_openssl_to_ssl_minimum_version_openssl_to_ssl_maximum_versioni@cttt_ttj_dt_dtj_y)z7Monkey-patch urllib3 with PyOpenSSL-backed SSL-support.TN)_validate_dependencies_metPyOpenSSLContextr SSLContextssl_ IS_PYOPENSSLr r r rrs1 &DO+DIID!DIIr ctt_ttj_dt_dtj_y)z4Undo monkey-patching by :func:`inject_into_urllib3`.FN)orig_util_SSLContextrr,r-r.r r r rrs++DO/DIID"DIIr cddlm}t|dd tdddlm}|}t|dd tdy) z{ Verifies that PyOpenSSL's package-level dependencies have been met. Throws `ImportError` if they are not met. r) Extensionsget_extension_for_classNzX'cryptography' module missing required functionality. Try upgrading to v1.3.4 or newer.r_x509zS'pyOpenSSL' module missing required functionality. Try upgrading to v0.14 or newer.)cryptography.x509.extensionsr2getattr ImportErrorOpenSSL.cryptor)r2rrs r r*r*s[ 8z4d;C 0  $ 6DtWd#+ /  ,r cNdd}d|vr|S||}|y|jdS)a% Converts a dNSName SubjectAlternativeName field to the form used by the standard library on the given Python version. Cryptography produces a dNSName as a unicode string that was idna-decoded from ASCII bytes. We need to idna-encode that string to get it back, and then on Python 3 we also need to convert to unicode via UTF-8 (the stdlib uses PyUnicode_FromStringAndSize on it, which decodes via UTF-8). If the name cannot be idna-encoded then we return None signalling that the name given should be skipped. cddl} dD]F}|j|s|t|d}|jd|j|zcS|j|S#|jj $rYywxYw)z Borrowed wholesale from the Python Cryptography Project. It turns out that we can't just safely call `idna.encode`: it can explode for wildcard names. This avoids that problem. rN)z*..ascii)idna startswithlenencodecore IDNAError)namer=prefixs r idna_encodez'_dnsname_to_stdlib..idna_encodes  % F??6*F .D!==1DKK4EEE F;;t$ $yy""  sA"2A"A""A>=A>:Nutf-8)rCstrreturn bytes | None)decode)rCrE encoded_names r _dnsname_to_stdlibrMs9$ d{ t$L   w ''r cN|j} |jjtjj }tt|jtj Dcgc]}|d|f }}|j#d|jtj$D|S#tj $rgcYStjttjtf$r"}tjd|gcYd}~Sd}~wwxYwcc}w)zU Given an PyOpenSSL certificate, provides all the subject alternative names. zA problem was encountered with the certificate that prevented urllib3 from finding the SubjectAlternativeName field. This can affect certificate validation. The error was %sNDNSc36K|]}dt|fyw)z IP AddressN)rH).0rCs r z$get_subj_alt_name.. s&*s4y!s)to_cryptography extensionsr3rSubjectAlternativeNamevalueExtensionNotFoundDuplicateExtensionrUnsupportedGeneralNameType UnicodeErrorlogwarningmaprMget_values_for_typeDNSNameextend IPAddress) peer_certcertexterCnamess r get_subj_alt_namergs   $ $ &Doo55d6Q6QRXX:*C,C,CDLL,QR       E   LL.1.E.Ednn.U LG  ! !   ''    >    . s)3B:4 D":D,D=DDDceZdZdZ d ddZddZddZddZddZddZ ddZ dd Z dd Z dd Z dd Z d dd ZddZddZy) WrappedSocketz@API-compatibility wrapper for Python OpenSSL's Connection-class.cJ||_||_||_d|_d|_yNrF) connectionrsuppress_ragged_eofs_io_refs_closed)selfrlrrms r __init__zWrappedSocket.__init__s( % $8!  r c6|jjSN)rfilenorps r rtzWrappedSocket.fileno!s{{!!##r c|jdkDr|xjdzc_|jr|jyy)Nr)rnrocloserus r _decref_socketioszWrappedSocket._decref_socketios%s1 ==1  MMQ M << JJL r c  |jj|i|}|S#tjj$rH}|j r|j dk(rYd}~yt|j dt||d}~wtjj$r9|jjtjjk(rYytjj$r`}tj|j|jj!s t#d||j|i|cYd}~Sd}~wtjj$$r}t'j(d||d}~wwxYw)NzUnexpected EOFr rThe read operation timed out read error: )rlrecvOpenSSLSSL SysCallErrorrmargsOSErrorrHZeroReturnError get_shutdownRECEIVED_SHUTDOWN WantReadErrorr wait_for_readr gettimeoutrErrorsslSSLError)rprkwargsdatares r rzWrappedSocket.recv+s4 '4??''88D*K){{'' 8((QVV7M-MaffQiQ0a7{{** ++-1N1NN{{(( 2%%dkk4;;3I3I3KL<=1D tyy$1&11{{   <,,aU34! ; #A>>AF F 2AE F  F -FF c8|jj|Srs)r settimeout)rprs r rzWrappedSocket.settimeout[s{{%%g..r c |jj|S#tjj$rM}t j |j|jjs t|Yd}~d}~wtjj$r(}t|jdt||d}~wwxYwNr)rlsendrrWantWriteErrorrwait_for_writerrrrrrrH)rprres r _send_until_donezWrappedSocket._send_until_done^s 8++D11;;-- **4;; 8N8N8PQ!)*;;++ 8affQiQ0a7 8s!C AB C ##CC cd}|t|kr0|j|||tz}||z }|t|kr/yyr)r?rSSL_WRITE_BLOCKSIZE)rpr total_sentsents r sendallzWrappedSocket.sendallisM 3t9$((Z*/B"BCD $ J 3t9$r c |jjy#tjj$r}t j d||d}~wwxYw)Nzshutdown error: )rlshutdownrrrrr)rphowres r rzWrappedSocket.shutdownqsM @ OO $ $ &{{   @,,!1!78a ? @sAAAcRd|_|jdkr|jyy)NTr)rorn _real_closerus r rxzWrappedSocket.closews& ==A      r c~ |jjS#tjj$rYywxYwrs)rlrxrrrrus r rzWrappedSocket._real_close|s6 ??((* *{{     s <<c|jj}|s|S|r8tjj tjj |Sd|j jffft|dS)N commonName)subjectsubjectAltName) rlget_peer_certificatercryptodump_certificate FILETYPE_ASN1 get_subjectCNrg)rp binary_formrs r getpeercertzWrappedSocket.getpeercertsw335K >>227>>3O3OQUV V'(8(8(8(:(=(=>@B/5  r c6|jjSrs)rlget_protocol_version_namerus r versionzWrappedSocket.versions88::r c^|jj}|r|jSdSrs)rlget_alpn_proto_negotiatedrK)rp alpn_protos r selected_alpn_protocolz$WrappedSocket.selected_alpn_protocols*__>>@ &0z  ":d:r N)T)rlOpenSSL.SSL.Connectionr socket_clsrmboolrINonerIrrIr)r typing.AnyrrrIbytes)rrrrrIr)rfloatrIr)rrrIr)rrrIr)rrrIr)F)rrrIz"dict[str, list[typing.Any]] | None)rIrH)rI str | None)rrr __doc__rqrtryrrrrrrrxrrrrr r r ririsJ &* *  #   $ 2<./ 8@  #(  + ;;r riceZdZdZddZeddZejddZeddZejddZeddZ e jddZ dd Z dd Z d dd Z d dd Z ddZ d d!dZddZeddZejd"dZeddZejd#dZy )$r+z I am a wrapper class for the PyOpenSSL ``Context`` object. I am responsible for translating the interface of the standard library ``SSLContext`` object to calls into PyOpenSSL. c>t||_tjj |j|_d|_d|_tjj|_ tjj|_ tj|_yrk)rprotocolrrContext_ctx_optionscheck_hostnamer TLSVersionMINIMUM_SUPPORTED_minimum_versionMAXIMUM_SUPPORTED_maximum_versionVERIFY_X509_TRUSTED_FIRST _verify_flags)rprs r rqzPyOpenSSLContext.__init__si)(3 KK'' 6  #%(^^%E%E%(^^%E%E"%"?"?r c|jSrs)rrus r optionszPyOpenSSLContext.optionss }}r c2||_|jyrs)r_set_ctx_optionsrprVs r rzPyOpenSSLContext.optionss  r c|jSrs)rrus r verify_flagszPyOpenSSLContext.verify_flagss!!!r cx||_|jjj|jyrs)rrget_cert_store set_flagsrs r rzPyOpenSSLContext.verify_flagss+"   ",,T-?-?@r cDt|jjSrs)_openssl_to_stdlib_verifyrget_verify_moderus r verify_modezPyOpenSSLContext.verify_modes()B)B)DEEr cR|jjt|tyrs)r set_verify_stdlib_to_openssl_verify_verify_callbackrs r rzPyOpenSSLContext.verify_modes 6u=?OPr c8|jjyrs)rset_default_verify_pathsrus r rz)PyOpenSSLContext.set_default_verify_pathss **,r c|t|tr|jd}|jj |y)NrG) isinstancerHr@rset_cipher_list)rpcipherss r set_cipherszPyOpenSSLContext.set_cipherss, gs #nnW-G !!'*r NcT||jd}||jd} |jj|||%|jjt|yy#tj j $r}tjd||d}~wwxYw)NrGz%unable to load trusted certificates: ) r@rload_verify_locationsr rrrrr)rpcafilecapathcadatares r rz&PyOpenSSLContext.load_verify_locationss  ]]7+F  ]]7+F U II + +FF ;! //@"{{   U,,!FqeLMST T UsAA,,B' B""B'cz |jj|?ttsj d|jj fd|jj |xs|y#tjj$r}tjd||d}~wwxYw)NrGcSrsr )_passwords r z2PyOpenSSLContext.load_cert_chain..s8r z"Unable to load certificate chain: ) ruse_certificate_chain_filerrr@ set_passwd_cbuse_privatekey_filerrrrr)rpcertfilekeyfilerres ` r load_cert_chainz PyOpenSSLContext.load_cert_chains  R II 0 0 :#!(E2'w7H ''(;< II ) )'*=X >{{   R,,!CA5IJPQ Q RsA;A??B:B55B:c|Dcgc]"}tjj|d$}}|jj|Scc}w)Nr<)rto_bytesrset_alpn_protos)rp protocolsps r set_alpn_protocolsz#PyOpenSSLContext.set_alpn_protocolssA=FGTYY''73G Gyy((33Hs'A ctjj|j|}|rQtj j |s2t|tr|jd}|j||j |j t)||S#tjj$r:}t j||js t!d|Yd}~qd}~wtjj"$r}t%j&d||d}~wwxYw)NrGzselect timed outzbad handshake: )rr Connectionrrr- is_ipaddressrrHr@set_tlsext_host_nameset_connect_state do_handshakerrrrrrrri)rpsock server_sidedo_handshake_on_connectrmserver_hostnamecnxres r wrap_socketzPyOpenSSLContext.wrap_socketskk$$TYY5 499#9#9/#J/3/"1"8"8"A  $ $_ 5  C  " S$'';;,, ))$0AB!"451<;;$$ Cll_QE#:;B Cs$B--D= 0C?? D=D88D=c|jj|jt|jzt |j zyrs)r set_optionsrr'rr(rrus r rz!PyOpenSSLContext._set_ctx_optionssC  MM-d.C.CD E-d.C.CD E r c|jSrs)rrus r minimum_versionz PyOpenSSLContext.minimum_version$$$r c2||_|jyrs)rr)rprs r rz PyOpenSSLContext.minimum_version / r c|jSrs)rrus r maximum_versionz PyOpenSSLContext.maximum_version#rr c2||_|jyrs)rr)rprs r rz PyOpenSSLContext.maximum_version'rr )rrrIrr)rVrrIr)rVzssl.VerifyModerIrr)rz bytes | strrIr)NNN)rrrrrrJrIr)NN)rrHrrrrrIr)rzlist[bytes | str]rIr)FTTN) rrrrrrrmrr zbytes | str | NonerIri)rrrIr)rrrIr)rrr rrqpropertyrsetterrrrrrrrr rrrr r r r+r+s @ ^^  ""AAFFQQ-+"!# UUU U  U(## RRR R  R 4"(,%).2 ((("& ( # ( , ( (> %%  %%  r r+c |dk(Srr )r rerr_no err_depth return_codes r rr-s Q;r r)rCrHrIr)rbrrIzlist[tuple[str, str]]) r rrrrrrrrrrIr)Nr __future__r OpenSSL.SSLr cryptographyrcryptography.x509rr7 Exceptionloggingrtypingior rrrr TYPE_CHECKINGr8r__all__r- PROTOCOL_TLSr SSLv23_METHODPROTOCOL_TLS_CLIENTPROTOCOL_TLSv1 TLSv1_METHODr__annotations__hasattrrrrr CERT_NONE VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrr6rr r"r$r&rrTLSv1TLSv1_1TLSv1_2TLSv1_3rr'r(rr,r0 getLoggerrr[rrr*rMrgrimakefiler+r)kvs00r r=sE&P# 6 ' # !"8 9 IIGKK55II!!7;;#<#< 00%>  3"# =M(N.5kk.H.Hc**+ 3"# =M(N.5kk.H.Hc**+MM7;;**w{{..w{{.. kk--. /H.M.M.OPdaQTP%W[[-Cg KKGsGKK: c:gkk?A>>gkk?A>>gkk?A>>NN$$&;NN/NN1L@NN1L@>QNN ,~=NNN$$ ,~=N 3 NN$$          NN.?.PNN1NB^SNN1NBNN1NN$$&;3$yy++g!"# 4&(R-`E;E;P$,, M M `        {  y  RQsQ QQQ