£Á°èZ¨Ä…–K§‚«“ô4“ÒÙ´dîfUÙÃÅ WKbyÊ¦•êŽ…È®FÒ¿ÊÎóCozá¬S@6{Í:›œêZÌ:Š•_%:¢¾¾~;‘Ã~èŠ©ÊÇí`ÔÑ©úë™µ'5I¿fš×WO%ø9¾«¾DK|€ùÍD”Ýs]nHÕ¶ê×Ó¼ãžªéUWŸÈË%DÒÕ¬ï‘]/Åcx  ‰ï2ß]ä6G[]S£ÔÏ¯rs{úëóµmÒï#UQxo·õÞCe]"±/aÙ&Eã4ú9Jé_ÞåëdãöKë)AÞ                  ¯¹ægƒÛowÐø^d™ý½ßB7áyMä9ÜÖUã
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<html>
U
    ʗRe~  �                   @   st   d Z ddlZddlZzddlZW n ek
r8   dZY nX dZG dd� de�Zddd�Zd	d
� Z	dd� Z
dd� ZdS )zJThe match_hostname() function from Python 3.3.3, essential when using SSL.�    Nz3.5.0.1c                   @   s   e Zd ZdS )�CertificateErrorN)�__name__�
__module__�__qualname__� r   r   ��/builddir/build/BUILDROOT/alt-python38-pip-22.2.1-2.el8.x86_64/opt/alt/python38/lib/python3.8/site-packages/pip/_vendor/urllib3/util/ssl_match_hostname.pyr      s   r   �   c           
      C   s�   g }| sdS | � d�}|d }|dd� }|�d�}||krLtdt| � ��|s`| �� |�� kS |dkrt|�d� n>|�d	�s�|�d	�r�|�t�|�� n|�t�|��	d
d�� |D ]}|�t�|�� q�t�
dd�|� d tj�}	|	�|�S )zhMatching according to RFC 6125, section 6.4.3

    http://tools.ietf.org/html/rfc6125#section-6.4.3
    F�.r   r   N�*z,too many wildcards in certificate DNS name: z[^.]+zxn--z\*z[^.]*z\Az\.z\Z)�split�countr   �repr�lower�append�
startswith�re�escape�replace�compile�join�
IGNORECASE�match)
�dn�hostname�max_wildcards�pats�parts�leftmost�	remainder�	wildcards�frag�patr   r   r   �_dnsname_match   s,    


�r"   c                 C   s&   t | t�r"tjdk r"t| ddd�} | S )N)�   �ascii�strict)�encoding�errors)�
isinstance�str�sys�version_info�unicode)�objr   r   r   �_to_unicodeO   s    r.   c                 C   s   t �t| ��� �}||kS )z�Exact matching of IP addresses.

    RFC 6125 explicitly doesn't define an algorithm for this
    (section 1.7.2 - "Out of Scope").
    )�	ipaddress�
ip_addressr.   �rstrip)�ipname�host_ip�ipr   r   r   �_ipaddress_matchV   s    r5   c              	   C   sz  | st d��zt�t|��}W n> tt fk
r:   d}Y n$ tk
r\   tdkrVd}n� Y nX g }| �dd�}|D ]^\}}|dkr�|dkr�t||�r� dS |�|� qr|dkrr|dk	r�t	||�r� dS |�|� qr|�s| �dd�D ]8}|D ].\}}|dkr�t||��r  dS |�|� q�q�t
|�d	k�rJtd
|d�tt|��f ��n,t
|�d	k�rntd||d f ��ntd��dS )a)  Verify that *cert* (in decoded format as returned by
    SSLSocket.getpeercert()) matches the *hostname*.  RFC 2818 and RFC 6125
    rules are followed, but IP addresses are not accepted for *hostname*.

    CertificateError is raised on failure. On success, the function
    returns nothing.
    ztempty or no certificate, match_hostname needs a SSL socket or SSL context with either CERT_OPTIONAL or CERT_REQUIREDN�subjectAltNamer   �DNSz
IP Address�subject�
commonNamer   z&hostname %r doesn't match either of %sz, zhostname %r doesn't match %rr   z=no appropriate commonName or subjectAltName fields were found)�
ValueErrorr/   r0   r.   �UnicodeError�AttributeError�getr"   r   r5   �lenr   r   �mapr   )�certr   r3   �dnsnames�san�key�value�subr   r   r   �match_hostnameb   sR    ����rF   )r   )�__doc__r   r*   r/   �ImportError�__version__r:   r   r"   r.   r5   rF   r   r   r   r   �<module>   s   

6