o 'èhÕã@sˆdZddlmZddlZddlZddlZddlmZmZejr%ddl m Z dZ Gdd „d e ƒZ d!d"dd„Zd#dd„Z d$d%dd „ZdS)&zHThe match_hostname() function from Python 3.5, essential when using SSL.é)Ú annotationsN)Ú IPv4AddressÚ IPv6Addressé)Ú_TYPE_PEER_CERT_RET_DICTz3.5.0.1c@s eZdZdS)ÚCertificateErrorN)Ú__name__Ú __module__Ú __qualname__©r r ú[/var/www/html/olx_land/venv/lib/python3.10/site-packages/urllib3/util/ssl_match_hostname.pyrsrÚdnú typing.AnyÚhostnameÚstrÚ max_wildcardsÚintÚreturnútyping.Match[str] | None | boolc Csög}|sdS| d¡}|d}|dd…}| d¡}||kr&tdt|ƒƒ‚|s2t| ¡| ¡kƒS|dkr<| d¡n| d ¡sF| d ¡rO| t  |¡¡n | t  |¡  d d ¡¡|D] }| t  |¡¡q]t  d d   |¡dtj ¡} |  |¡S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 FÚ.rrNÚ*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)ÚsplitÚcountrÚreprÚboolÚlowerÚappendÚ startswithÚreÚescapeÚreplaceÚcompileÚjoinÚ IGNORECASEÚmatch) r rrÚpatsÚpartsÚleftmostÚ remainderÚ wildcardsÚfragÚpatr r r Ú_dnsname_matchs,    ÿ  r,ÚipnameÚhost_ipúIPv4Address | IPv6AddressrcCst | ¡¡}t|j|jkƒS)a…Exact matching of IP addresses. RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded bytes of the IP address. An IP version 4 address is 4 octets, and an IP version 6 address is 16 octets. [...] A reference identity of type IP-ID matches if the address is identical to an iPAddress value of the subjectAltName extension of the certificate." )Ú ipaddressÚ ip_addressÚrstriprÚpacked)r-r.Úipr r r Ú_ipaddress_matchPs r5FÚcertú_TYPE_PEER_CERT_RET_DICT | NoneÚhostname_checks_common_nameÚNonec Csp|stdƒ‚zd|vrt |d| d¡…¡}nt |¡}Wn ty)d}Ynwg}| dd¡}|D]/\}}|dkrN|durHt||ƒrHdS| |¡q4|dkrc|dur^t||ƒr^dS| |¡q4|rŽ|durŽ|sŽ| dd¡D]}|D]\}}|d krŒt||ƒr‡dS| |¡qvqrt|ƒd kr¢t d |d   t t |ƒ¡fƒ‚t|ƒd kr´t d |›d|d›ƒ‚t dƒ‚)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDú%NÚsubjectAltNamer ÚDNSz IP AddressÚsubjectÚ commonNamerz&hostname %r doesn't match either of %sz, z hostname z doesn't match rz/no appropriate subjectAltName fields were found) Ú ValueErrorr0r1ÚrfindÚgetr,rr5Úlenrr"Úmapr) r6rr8r.ÚdnsnamesÚsanÚkeyÚvalueÚsubr r r Úmatch_hostname_sT ÿ € þ    €   €ü ÿÿ rI)r)r rrrrrrr)r-rr.r/rr)F)r6r7rrr8rrr9)Ú__doc__Ú __future__rr0rÚtypingrrÚ TYPE_CHECKINGÚssl_rÚ __version__r?rr,r5rIr r r r Ús   ÿ 8ý