o jNE @sUddlmZddlZddlZddlZddlZddlZddlZddlZddl m Z ddl m Z m Z ddlmZmZdZdZdZdZd gZeeeeeefZd d d DZd]ddZejrxddlmZddlmZddl mZ!GdddeddZ"iZ#de$d<zQddlZddlm%Z%mZm&Z&m'Z'm(Z(m)Z)m*Z*m+Z+m,Z,m-Z-m.Z.mZm/Z/e)Z0eree(sdZdD]Z1ze2e/e1e#e2ede1<Wqe3yYqwddl mZWne4ydZ&dZ'd Z-d!Z.dZ0Z)d"Z*d#Z+d$Z,Ynwej5de6dfZ7d^d)d*Z8d_d.d/Z9d`d1d2Z:       dadbd=d>Z;ej< ? ? ? ? ? ? ? ? ? ? ? ?dcdddOdPZ=ej< ? ? ? ? ? ? ? ? ? ? ? ?dcdedRdPZ=            dfdedSdPZ=dgdVdWZ>dhdYdZZ? didjd[d\Z@dS)k) annotationsN) unhexlify)ProxySchemeUnsupportedSSLError)_BRACELESS_IPV6_ADDRZ_RE_IPV4_REFzhttp/1.1cCsi|] \}}|tt|dqSN)getattrhashlib).0length algorithmrR/var/www/html/Deteccion_Ine/venv/lib/python3.10/site-packages/urllib3/util/ssl_.py s r)) md5)(sha1)@sha256openssl_versionstrreturnboolcCs|d}|S)NzOpenSSL ) startswith)r is_opensslrrr(_is_has_never_check_common_name_reliables r) VerifyMode) TypedDict) SSLTransportc@s&eZdZUded<ded<ded<dS)_TYPE_PEER_CERT_RET_DICTztuple[tuple[str, str], ...]subjectAltNamez'tuple[tuple[tuple[str, str], ...], ...]subjectrZ serialNumberN)__name__ __module__ __qualname____annotations__rrrrr#.s  r#)totalzdict[int, int]_SSL_VERSION_TO_TLS_VERSION) CERT_REQUIREDHAS_NEVER_CHECK_COMMON_NAMEOP_NO_COMPRESSION OP_NO_TICKETOPENSSL_VERSION PROTOCOL_TLSPROTOCOL_TLS_CLIENTVERIFY_X509_PARTIAL_CHAINVERIFY_X509_STRICT OP_NO_SSLv2 OP_NO_SSLv3 SSLContext TLSVersion)TLSv1TLSv1_1TLSv1_2 PROTOCOL_ii@iiircert bytes | None fingerprintNonecCs|durtd|dd}t|}|tvrtd|t|}|dur/td|t|}||}t ||sNtd|d| d dS) z Checks if given fingerprint matches the supplied certificate. :param cert: Certificate as bytes object. :param fingerprint: Fingerprint as string of hexdigits, can be interspersed by colons. NzNo certificate for the peer.:zFingerprint of invalid length: zAHash function implementation unavailable for fingerprint length: z&Fingerprints did not match. Expected "z", got "") rreplacelowerlen HASHFUNC_MAPgetrencodedigesthmaccompare_digesthex)r>r@ digest_lengthhashfuncfingerprint_bytes cert_digestrrrassert_fingerprintks$     rS candidateNone | int | strr cCs@|durtSt|trtt|d}|durttd|}|S|S)a Resolves the argument to a numeric constant, which can be passed to the wrap_socket function/method from the ssl module. Defaults to :data:`ssl.CERT_REQUIRED`. If given a string it is assumed to be the name of the constant in the :mod:`ssl` module or its abbreviation. (So you can specify `REQUIRED` instead of `CERT_REQUIRED`. If it's neither `None` nor a string we assume it is already the numeric constant which can directly be passed to wrap_socket. NCERT_)r, isinstancerr sslrTresrrrresolve_cert_reqss   r[intcCsH|durtSt|tr"tt|d}|durttd|}tt|S|S)z like resolve_cert_reqs Nr<)r1rWrr rXtypingcastr\rYrrrresolve_ssl_versions   r_ ssl_version int | None cert_reqsoptionsciphers str | Nonessl_minimum_versionssl_maximum_version verify_flagsssl.SSLContextc Cstdurtd|dttfvr1|dus|durtdt|tj}t|tj }t j dt ddtt}|dur=||_ ntj|_ |durH||_|rO|||durVtjn|}|durnd}|tO}|tO}|tO}|tO}|j|O_|durd}tjdkr|tO}|tO}|j|O_t|d ddurd |_|tjkrts||_ d |_!nd |_!||_ d |_"d t#j$vrt#j%&t#j$d }nd}|r||_'|S) a#Creates and configures an :class:`ssl.SSLContext` instance for use with urllib3. :param ssl_version: The desired protocol version to use. This will default to PROTOCOL_SSLv23 which will negotiate the highest protocol that both the server and your installation of OpenSSL support. This parameter is deprecated instead use 'ssl_minimum_version'. :param ssl_minimum_version: The minimum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. :param ssl_maximum_version: The maximum version of TLS to be used. Use the 'ssl.TLSVersion' enum for specifying the value. Not recommended to set to anything other than 'ssl.TLSVersion.MAXIMUM_SUPPORTED' which is the default value. :param cert_reqs: Whether to require the certificate verification. This defaults to ``ssl.CERT_REQUIRED``. :param options: Specific OpenSSL options. These default to ``ssl.OP_NO_SSLv2``, ``ssl.OP_NO_SSLv3``, ``ssl.OP_NO_COMPRESSION``, and ``ssl.OP_NO_TICKET``. :param ciphers: Which cipher suites to allow the server to select. Defaults to either system configured ciphers if OpenSSL 1.1.1+, otherwise uses a secure default set of ciphers. :param verify_flags: The flags for certificate verification operations. These default to ``ssl.VERIFY_X509_PARTIAL_CHAIN`` and ``ssl.VERIFY_X509_STRICT`` for Python 3.13+. :returns: Constructed SSLContext object with specified options :rtype: SSLContext Nz7Can't create an SSLContext object without an ssl modulezZCan't specify both 'ssl_version' and either 'ssl_minimum_version' or 'ssl_maximum_version'zi'ssl_version' option is deprecated and will be removed in urllib3 v3.0. Instead use 'ssl_minimum_version'r)category stacklevelr) post_handshake_authTF SSLKEYLOGFILE)(r7 TypeErrorr1r2 ValueErrorr+rIr8MINIMUM_SUPPORTEDMAXIMUM_SUPPORTEDwarningswarn FutureWarningminimum_versionr;maximum_version set_ciphersrXr,r5r6r.r/rcsys version_infor3r4rhr rn IS_PYOPENSSL verify_modecheck_hostnamehostname_checks_common_nameosenvironpath expandvarskeylog_filename) r`rbrcrdrfrgrhcontext sslkeylogfilerrrcreate_urllib3_contextsl'   r.sock socket.socketkeyfilecertfileca_certsserver_hostname ssl_contextssl.SSLContext | None ca_cert_dir key_password ca_cert_dataNone | str | bytes tls_in_tlstyping.Literal[False] ssl.SSLSocketc CdSr r rrrrbrrr`rdrrrrrrrrssl_wrap_socketGr ssl.SSLSocket | SSLTransportTypec Crr rrrrrrYrc  Cs|} | dur t|||d} |s| s| r.z | || | Wnty-}zt||d}~ww|dur;t| dr;| |rI| durIt|rItd|r]| durV| ||n| ||| | t t || | |}|S)a All arguments except for server_hostname, ssl_context, tls_in_tls, ca_cert_data and ca_cert_dir have the same meaning as they do when using :func:`ssl.create_default_context`, :meth:`ssl.SSLContext.load_cert_chain`, :meth:`ssl.SSLContext.set_ciphers` and :meth:`ssl.SSLContext.wrap_socket`. :param server_hostname: When SNI is supported, the expected hostname of the certificate :param ssl_context: A pre-made :class:`SSLContext` object. If none is provided, one will be created using :func:`create_urllib3_context`. :param ciphers: A string of ciphers we wish the client to support. :param ca_cert_dir: A directory containing CA certificates in multiple separate files, as supported by OpenSSL's -CApath flag or the capath argument to SSLContext.load_verify_locations(). :param key_password: Optional password if the keyfile is encrypted. :param ca_cert_data: Optional string containing CA certificates in PEM format suitable for passing as the cadata parameter to SSLContext.load_verify_locations() :param tls_in_tls: Use SSLTransport to wrap the existing socket. N)rdload_default_certsz5Client private key is encrypted, password is required) rload_verify_locationsOSErrorrhasattrr_is_key_file_encryptedload_cert_chainset_alpn_protocolsALPN_PROTOCOLS_ssl_wrap_socket_impl)rrrrbrrr`rdrrrrrressl_sockrrrrks*(   hostname str | bytescCs,t|tr |d}tt|pt|S)zDetects whether the hostname given is an IPv4 or IPv6 address. Also detects IPv6 addresses with Zone IDs. :param str hostname: Hostname to examine. :return: True if the hostname is an IP address, False otherwise. ascii)rWbytesdecoderr matchr)rrrr is_ipaddresss  rkey_filecCsRt|}|D]}d|vrWddSqWddS1s"wYdS)z*Detects if a key file is encrypted or not. ENCRYPTEDNTF)open)rflinerrrrs  rcCs4|rtstdt|t|||S|j||dS)Nz0TLS in TLS requires support for the 'ssl' module)r)r"r$_validate_ssl_context_for_tls_in_tls wrap_socket)rrrrrrrrs  r)rrrr)r>r?r@rrrA)rTrUrr )rTrUrr\)NNNNNNN)r`rarbrarcrardrerfrargrarhrarri) ............)rrrrerrerbrarrerrer`rardrerrrrerrerrrrrr)rrrrerrerbrarrerrer`rardrerrrrerrerrrrrr) NNNNNNNNNNNF)rrrr)rrrrr ) rrrrirrrrerr)A __future__rr rLrsocketrzr]rtbinasciir exceptionsrrurlrr r7r"r-r|rtupler\r_TYPE_VERSION_INFOrHr TYPE_CHECKINGrXr r! ssltransportZSSLTransportTyper#r+r)r,r.r/r0r1r2r3r4r5r6r8PROTOCOL_SSLv23attrr AttributeError ImportErrorUnionr_TYPE_PEER_CERT_RETrSr[r_roverloadrrrrrrrrs      <    "   J