+;dZddlmZddlZddlZddlZddlmZmZejrddl m Z dZ Gdd e Z dddZd dZ d!d"dZdS)#zHThe match_hostname() function from Python 3.5, essential when using SSL.) annotationsN) IPv4Address IPv6Address)_TYPE_PEER_CERT_RET_DICTz3.5.0.1ceZdZdS)CertificateErrorN)__name__ __module__ __qualname__q/builddir/build/BUILD/cloudlinux-venv-1.0.10/venv/lib/python3.11/site-packages/urllib3/util/ssl_match_hostname.pyr r sDrr dn typing.Anyhostnamestr max_wildcardsintreturntyping.Match[str] | None | boolcg}|sdS|d}|d}|dd}|d}||krtdt|z|s7t ||kS|dkr|dn|d s|d r(|tj |n;|tj | d d |D])}|tj |*tj d d |zdztj } | |S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 F.rrN*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)splitcountr reprboollowerappend startswithreescapereplacecompilejoin IGNORECASEmatch) rrrpatspartsleftmost remainder wildcardsfragpats r_dnsname_matchr0s D u HHTNNEQxHabb Is##I=   :T"XX E   4BHHJJ(.."2"22333 3 G   V $ $A(;(;F(C(CA BIh''(((( BIh''//w??@@@%% BIdOO$$$$ *UUZZ---5r} E EC 99X  ripnamehost_ipIPv4Address | IPv6Addressrctj|}t|j|jkS)aExact matching of IP addresses. RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded bytes of the IP address. An IP version 4 address is 4 octets, and an IP version 6 address is 16 octets. [...] A reference identity of type IP-ID matches if the address is identical to an iPAddress value of the subjectAltName extension of the certificate." ) ipaddress ip_addressrstriprpacked)r1r2ips r_ipaddress_matchr:Ps3  fmmoo . .B  W^+ , ,,rFcert_TYPE_PEER_CERT_RET_DICT | Nonehostname_checks_common_nameNonec |std d|vr0tj|d|d}ntj|}n#t$rd}YnwxYwg}|dd}|D]f\}}|dkr+|t ||rdS||6|dkr*|t||rdS||g|rT|R|sP|ddD]9}|D]4\}}|d kr)t ||rdS||5:t|d kr;td |d d tt|t|d krtd |d|dtd)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIRED%NsubjectAltNamer DNSz IP Addresssubject commonNamerz hostname z doesn't match either of z, z doesn't match rz/no appropriate subjectAltName fields were found) ValueErrorr5r6rfindgetr0r r:lenr r&mapr) r;rr=r2dnsnamessankeyvaluesubs rmatch_hostnamerO_sI   -    (??*84IhnnS6I6I4I+JKKGG*844G H'+xx0@"'E'EC## U %<<>%#B#B OOE " " " " L "'7w'G'G" OOE " " "#+wx88Ir** + +C! + + U,&&%eX66OOE***  +  8}}q,4HHdiiD(@S@S6T6T6T V    X!  U8UUhqkUUVVVPQQQsAA A+*A+)r)rrrrrrrr)r1rr2r3rr)F)r;r<rrr=rrr>)__doc__ __future__rr5r"typingrr TYPE_CHECKINGssl_r __version__rEr r0r:rOr rrrVs NN #""""" ........ /......      z   9:55555p - - - -$).@R@R@R@R@R@R@Rr