o vh@sdZddlmZddlZddlZddlZddlmZmZejr%ddl m Z dZ Gdd d e Z d!d"ddZd#ddZ d$d%dd ZdS)&zHThe match_hostname() function from Python 3.5, essential when using SSL.) annotationsN) IPv4Address IPv6Address)_TYPE_PEER_CERT_RET_DICTz3.5.0.1c@s eZdZdS)CertificateErrorN)__name__ __module__ __qualname__r r ]/var/www/html/hyperkenya/venv/lib/python3.10/site-packages/urllib3/util/ssl_match_hostname.pyrsrdn typing.Anyhostnamestr max_wildcardsintreturntyping.Match[str] | None | boolc Csg}|sdS|d}|d}|dd}|d}||kr&tdt||s2t||kS|dkr<|dn|d sF|d rO|t |n |t | d d |D] }|t |q]t d d |dtj } | |S)zhMatching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 F.rrN*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)splitcountrreprboollowerappend startswithreescapereplacecompilejoin IGNORECASEmatch) r rrpatspartsleftmost remainder wildcardsfragpatr r r _dnsname_matchs,      r,ipnamehost_ipIPv4Address | IPv6AddressrcCst|}t|j|jkS)aExact matching of IP addresses. RFC 9110 section 4.3.5: "A reference identity of IP-ID contains the decoded bytes of the IP address. An IP version 4 address is 4 octets, and an IP version 6 address is 16 octets. [...] A reference identity of type IP-ID matches if the address is identical to an iPAddress value of the subjectAltName extension of the certificate." ) ipaddress ip_addressrstriprpacked)r-r.ipr r r _ipaddress_matchPs r5Fcert_TYPE_PEER_CERT_RET_DICT | Nonehostname_checks_common_nameNonec Csp|stdzd|vrt|d|d}nt|}Wn ty)d}Ynwg}|dd}|D]/\}}|dkrN|durHt||rHdS||q4|dkrc|dur^t||r^dS||q4|r|dur|s|ddD]}|D]\}}|d krt||rdS||qvqrt|d krt d |d t t |ft|d krt d |d|dt d)a)Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIRED%NsubjectAltNamer DNSz IP Addresssubject commonNamerz&hostname %r doesn't match either of %sz, z hostname z doesn't match rz/no appropriate subjectAltName fields were found) ValueErrorr0r1rfindgetr,rr5lenrr"mapr) r6rr8r.dnsnamessankeyvaluesubr r r match_hostname_sT            rI)r)r rrrrrrr)r-rr.r/rr)F)r6r7rrr8rrr9)__doc__ __future__rr0rtypingrr TYPE_CHECKINGssl_r __version__r?rr,r5rIr r r r s   8