First commit

author: Shubham Saini <shubham6405@gmail.com> 2018-12-11 10:01:23 +0000
committer: Shubham Saini <shubham6405@gmail.com> 2018-12-11 10:01:23 +0000
commit: 68df54d6629ec019142eb149dd037774f2d11e7c (patch)
tree: 345bc22d46b4e01a4ba8303b94278952a4ed2b9e /venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py
1 files changed, 157 insertions, 0 deletions
diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py
new file mode 100644
index 0000000..7272d86
--- /dev/null
+++ b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py
@@ -0,0 +1,157 @@
+"""The match_hostname() function from Python 3.3.3, essential when using SSL."""
+# Note: This file is under the PSF license as the code comes from the python
+# stdlib.   http://docs.python.org/3/license.html
+import re
+import sys
+# ipaddress has been backported to 2.6+ in pypi.  If it is installed on the
+# system, use it to handle IPAddress ServerAltnames (this was added in
+# python-3.5) otherwise only do DNS matching.  This allows
+# backports.ssl_match_hostname to continue to be used all the way back to
+# python-2.4.
+try:
+    from pip._vendor import ipaddress
+except ImportError:
+    ipaddress = None
+__version__ = '3.5.0.1'
+class CertificateError(ValueError):
+    pass
+def _dnsname_match(dn, hostname, max_wildcards=1):
+    """Matching according to RFC 6125, section 6.4.3
+    http://tools.ietf.org/html/rfc6125#section-6.4.3
+    """
+    pats = []
+    if not dn:
+        return False
+    # Ported from python3-syntax:
+    # leftmost, *remainder = dn.split(r'.')
+    parts = dn.split(r'.')
+    leftmost = parts[0]
+    remainder = parts[1:]
+    wildcards = leftmost.count('*')
+    if wildcards > max_wildcards:
+        # Issue #17980: avoid denials of service by refusing more
+        # than one wildcard per fragment.  A survey of established
+        # policy among SSL implementations showed it to be a
+        # reasonable choice.
+        raise CertificateError(
+            "too many wildcards in certificate DNS name: " + repr(dn))
+    # speed up common case w/o wildcards
+    if not wildcards:
+        return dn.lower() == hostname.lower()
+    # RFC 6125, section 6.4.3, subitem 1.
+    # The client SHOULD NOT attempt to match a presented identifier in which
+    # the wildcard character comprises a label other than the left-most label.
+    if leftmost == '*':
+        # When '*' is a fragment by itself, it matches a non-empty dotless
+        # fragment.
+        pats.append('[^.]+')
+    elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
+        # RFC 6125, section 6.4.3, subitem 3.
+        # The client SHOULD NOT attempt to match a presented identifier
+        # where the wildcard character is embedded within an A-label or
+        # U-label of an internationalized domain name.
+        pats.append(re.escape(leftmost))
+    else:
+        # Otherwise, '*' matches any dotless string, e.g. www*
+        pats.append(re.escape(leftmost).replace(r'\*', '[^.]*'))
+    # add the remaining fragments, ignore any wildcards
+    for frag in remainder:
+        pats.append(re.escape(frag))
+    pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
+    return pat.match(hostname)
+def _to_unicode(obj):
+    if isinstance(obj, str) and sys.version_info < (3,):
+        obj = unicode(obj, encoding='ascii', errors='strict')
+    return obj
+def _ipaddress_match(ipname, host_ip):
+    """Exact matching of IP addresses.
+    RFC 6125 explicitly doesn't define an algorithm for this
+    (section 1.7.2 - "Out of Scope").
+    """
+    # OpenSSL may add a trailing newline to a subjectAltName's IP address
+    # Divergence from upstream: ipaddress can't handle byte str
+    ip = ipaddress.ip_address(_to_unicode(ipname).rstrip())
+    return ip == host_ip
+def match_hostname(cert, hostname):
+    """Verify that *cert* (in decoded format as returned by
+    SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
+    rules are followed, but IP addresses are not accepted for *hostname*.
+    CertificateError is raised on failure. On success, the function
+    returns nothing.
+    """
+    if not cert:
+        raise ValueError("empty or no certificate, match_hostname needs a "
+                         "SSL socket or SSL context with either "
+                         "CERT_OPTIONAL or CERT_REQUIRED")
+    try:
+        # Divergence from upstream: ipaddress can't handle byte str
+        host_ip = ipaddress.ip_address(_to_unicode(hostname))
+    except ValueError:
+        # Not an IP address (common case)
+        host_ip = None
+    except UnicodeError:
+        # Divergence from upstream: Have to deal with ipaddress not taking
+        # byte strings.  addresses should be all ascii, so we consider it not
+        # an ipaddress in this case
+        host_ip = None
+    except AttributeError:
+        # Divergence from upstream: Make ipaddress library optional
+        if ipaddress is None:
+            host_ip = None
+        else:
+            raise
+    dnsnames = []
+    san = cert.get('subjectAltName', ())
+    for key, value in san:
+        if key == 'DNS':
+            if host_ip is None and _dnsname_match(value, hostname):
+                return
+            dnsnames.append(value)
+        elif key == 'IP Address':
+            if host_ip is not None and _ipaddress_match(value, host_ip):
+                return
+            dnsnames.append(value)
+    if not dnsnames:
+        # The subject is only checked when there is no dNSName entry
+        # in subjectAltName
+        for sub in cert.get('subject', ()):
+            for key, value in sub:
+                # XXX according to RFC 2818, the most specific Common Name
+                # must be used.
+                if key == 'commonName':
+                    if _dnsname_match(value, hostname):
+                        return
+                    dnsnames.append(value)
+    if len(dnsnames) > 1:
+        raise CertificateError("hostname %r "
+            "doesn't match either of %s"
+            % (hostname, ', '.join(map(repr, dnsnames))))
+    elif len(dnsnames) == 1:
+        raise CertificateError("hostname %r "
+            "doesn't match %r"
+            % (hostname, dnsnames[0]))
+    else:
+        raise CertificateError("no appropriate commonName or "
+            "subjectAltName fields were found")
author	Shubham Saini <shubham6405@gmail.com>	2018-12-11 10:01:23 +0000
committer	Shubham Saini <shubham6405@gmail.com>	2018-12-11 10:01:23 +0000
commit	68df54d6629ec019142eb149dd037774f2d11e7c (patch)
tree	345bc22d46b4e01a4ba8303b94278952a4ed2b9e /venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py

diff --git a/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py new file mode 100644 index 0000000..7272d86 --- /dev/null +++ b/venv/lib/python3.7/site-packages/pip-10.0.1-py3.7.egg/pip/_vendor/urllib3/packages/ssl_match_hostname/_implementation.py
@@ -0,0 +1,157 @@
	1	"""The match_hostname() function from Python 3.3.3, essential when using SSL."""
	2
	3	# Note: This file is under the PSF license as the code comes from the python
	4	# stdlib. http://docs.python.org/3/license.html
	5
	6	import re
	7	import sys
	8
	9	# ipaddress has been backported to 2.6+ in pypi. If it is installed on the
	10	# system, use it to handle IPAddress ServerAltnames (this was added in
	11	# python-3.5) otherwise only do DNS matching. This allows
	12	# backports.ssl_match_hostname to continue to be used all the way back to
	13	# python-2.4.
	14	try:
	15	from pip._vendor import ipaddress
	16	except ImportError:
	17	ipaddress = None
	18
	19	__version__ = '3.5.0.1'
	20
	21
	22	class CertificateError(ValueError):
	23	pass
	24
	25
	26	def _dnsname_match(dn, hostname, max_wildcards=1):
	27	"""Matching according to RFC 6125, section 6.4.3
	28
	29	http://tools.ietf.org/html/rfc6125#section-6.4.3
	30	"""
	31	pats = []
	32	if not dn:
	33	return False
	34
	35	# Ported from python3-syntax:
	36	# leftmost, *remainder = dn.split(r'.')
	37	parts = dn.split(r'.')
	38	leftmost = parts[0]
	39	remainder = parts[1:]
	40
	41	wildcards = leftmost.count('*')
	42	if wildcards > max_wildcards:
	43	# Issue #17980: avoid denials of service by refusing more
	44	# than one wildcard per fragment. A survey of established
	45	# policy among SSL implementations showed it to be a
	46	# reasonable choice.
	47	raise CertificateError(
	48	"too many wildcards in certificate DNS name: " + repr(dn))
	49
	50	# speed up common case w/o wildcards
	51	if not wildcards:
	52	return dn.lower() == hostname.lower()
	53
	54	# RFC 6125, section 6.4.3, subitem 1.
	55	# The client SHOULD NOT attempt to match a presented identifier in which
	56	# the wildcard character comprises a label other than the left-most label.
	57	if leftmost == '*':
	58	# When '*' is a fragment by itself, it matches a non-empty dotless
	59	# fragment.
	60	pats.append('[^.]+')
	61	elif leftmost.startswith('xn--') or hostname.startswith('xn--'):
	62	# RFC 6125, section 6.4.3, subitem 3.
	63	# The client SHOULD NOT attempt to match a presented identifier
	64	# where the wildcard character is embedded within an A-label or
	65	# U-label of an internationalized domain name.
	66	pats.append(re.escape(leftmost))
	67	else:
	68	# Otherwise, '' matches any dotless string, e.g. www
	69	pats.append(re.escape(leftmost).replace(r'\', '[^.]'))
	70
	71	# add the remaining fragments, ignore any wildcards
	72	for frag in remainder:
	73	pats.append(re.escape(frag))
	74
	75	pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE)
	76	return pat.match(hostname)
	77
	78
	79	def _to_unicode(obj):
	80	if isinstance(obj, str) and sys.version_info < (3,):
	81	obj = unicode(obj, encoding='ascii', errors='strict')
	82	return obj
	83
	84	def _ipaddress_match(ipname, host_ip):
	85	"""Exact matching of IP addresses.
	86
	87	RFC 6125 explicitly doesn't define an algorithm for this
	88	(section 1.7.2 - "Out of Scope").
	89	"""
	90	# OpenSSL may add a trailing newline to a subjectAltName's IP address
	91	# Divergence from upstream: ipaddress can't handle byte str
	92	ip = ipaddress.ip_address(_to_unicode(ipname).rstrip())
	93	return ip == host_ip
	94
	95
	96	def match_hostname(cert, hostname):
	97	"""Verify that cert (in decoded format as returned by
	98	SSLSocket.getpeercert()) matches the hostname. RFC 2818 and RFC 6125
	99	rules are followed, but IP addresses are not accepted for hostname.
	100
	101	CertificateError is raised on failure. On success, the function
	102	returns nothing.
	103	"""
	104	if not cert:
	105	raise ValueError("empty or no certificate, match_hostname needs a "
	106	"SSL socket or SSL context with either "
	107	"CERT_OPTIONAL or CERT_REQUIRED")
	108	try:
	109	# Divergence from upstream: ipaddress can't handle byte str
	110	host_ip = ipaddress.ip_address(_to_unicode(hostname))
	111	except ValueError:
	112	# Not an IP address (common case)
	113	host_ip = None
	114	except UnicodeError:
	115	# Divergence from upstream: Have to deal with ipaddress not taking
	116	# byte strings. addresses should be all ascii, so we consider it not
	117	# an ipaddress in this case
	118	host_ip = None
	119	except AttributeError:
	120	# Divergence from upstream: Make ipaddress library optional
	121	if ipaddress is None:
	122	host_ip = None
	123	else:
	124	raise
	125	dnsnames = []
	126	san = cert.get('subjectAltName', ())
	127	for key, value in san:
	128	if key == 'DNS':
	129	if host_ip is None and _dnsname_match(value, hostname):
	130	return
	131	dnsnames.append(value)
	132	elif key == 'IP Address':
	133	if host_ip is not None and _ipaddress_match(value, host_ip):
	134	return
	135	dnsnames.append(value)
	136	if not dnsnames:
	137	# The subject is only checked when there is no dNSName entry
	138	# in subjectAltName
	139	for sub in cert.get('subject', ()):
	140	for key, value in sub:
	141	# XXX according to RFC 2818, the most specific Common Name
	142	# must be used.
	143	if key == 'commonName':
	144	if _dnsname_match(value, hostname):
	145	return
	146	dnsnames.append(value)
	147	if len(dnsnames) > 1:
	148	raise CertificateError("hostname %r "
	149	"doesn't match either of %s"
	150	% (hostname, ', '.join(map(repr, dnsnames))))
	151	elif len(dnsnames) == 1:
	152	raise CertificateError("hostname %r "
	153	"doesn't match %r"
	154	% (hostname, dnsnames[0]))
	155	else:
	156	raise CertificateError("no appropriate commonName or "
	157	"subjectAltName fields were found")