U g@sdZddlmZddlZddlZddlZddlmZmZejrJddl m Z dZ Gdd d e Z dd d d d dddZd dddddZddd dddddZdS)zHThe match_hostname() function from Python 3.5, essential when using SSL.) annotationsN) IPv4Address IPv6Address)_TYPE_PEER_CERT_RET_DICTz3.5.0.1c@s eZdZdS)CertificateErrorN)__name__ __module__ __qualname__r r C/tmp/pip-unpacked-wheel-f4zjg0cl/urllib3/util/ssl_match_hostname.pyrsrz typing.Anystrintztyping.Match[str] | None | bool)dnhostname max_wildcardsreturnc Csg}|s dS|d}|d}|dd}|d}||krLtdt||sdt||kS|dkrx|dn>|d s|d r|t |n|t | d d |D]}|t |qt d d |dtj } | |S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 F.rrN*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)splitcountrreprboollowerappend startswithreescapereplacecompilejoin IGNORECASEmatch) rrrpatspartsleftmost remainder wildcardsfragpatr r r _dnsname_matchs,     r*zIPv4Address | IPv6Addressr)ipnamehost_iprcCst|}t|j|jkS)aExact matching of IP addresses. RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded bytes of the IP address. An IP version 4 address is 4 octets, and an IP version 6 address is 16 octets. [...] A reference identity of type IP-ID matches if the address is identical to an iPAddress value of the subjectAltName extension of the certificate." ) ipaddress ip_addressrstriprpacked)r+r,ipr r r _ipaddress_matchPs r2Fz_TYPE_PEER_CERT_RET_DICT | NoneNone)certrhostname_checks_common_namerc Cs|s tdz0d|kr0t|d|d}n t|}Wntk rTd}YnXg}|dd}|D]^\}}|dkr|dkrt||rdS||qj|dkrj|dk rt||rdS||qj|r&|dkr&|s&|ddD]8}|D].\}}|d krt||rdS||qqt|d krRt d |d t t |fn0t|d krzt d |d|dnt ddS)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIRED%NsubjectAltNamer DNSz IP Addresssubject commonNamerz&hostname %r doesn't match either of %sz, z hostname z doesn't match rz/no appropriate subjectAltName fields were found) ValueErrorr-r.rfindgetr*rr2lenrr mapr) r4rr5r,dnsnamessankeyvaluesubr r r match_hostname_sJ        rE)r)F)__doc__ __future__rr-rtypingrr TYPE_CHECKINGssl_r __version__r;rr*r2rEr r r r s  8