o 'h|F@sdZddlmZddlZddlZddlmZddlm Z ddl m Z m Z m Z mZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZ dd l!m"Z#ddl$m%Z&ddl'm(Z)ddl*m+Z,ddl*m-Z.ddl/m0Z1ddl/m2Z3ddl4m5Z6ddl4m7Z8ddl4m9Z:ddl4m;Z<ddl4m=Z>ddl4m?Z@ddlAmBZCddlAmDZEddlAmFZGddlAmHZIddlJmKZLddlJmMZNdd lOmPZQdd!lRmSZTdd"lUmVZVdd#lWmXZXmYZYe r7dd$lZm[Z[m\Z\m]Z]m^Z^m_Z_m`Z`maZadd%lbmcZcdd&l*mdZddd'l4meZemfZfdd(lgmhZhmiZidd)lAmjZjmkZkdd*llmmZmdd+lWmnZndd,lompZpee[je_j"e\je^jqe]jreaj(e`j%fZseteuZvewd-ejxZydpd2d3Zzdqd;d<Z{drdEdFZ|dsdJdKZ}dtdLdMZ~dudRdSZdvdVdWZdwdZd[Zdxd]d^Zdwd_d`ZdydfdgZdzdndoZdS){z4Support for requesting and verifying OCSP responses.) annotationsN)datetime)timezone) TYPE_CHECKINGIterableOptionalTypeUnion)InvalidSignature)default_backend) DSAPublicKey)ECDSA)EllipticCurvePublicKey)PKCS1v15) RSAPublicKey) X448PublicKey)X25519PublicKey)SHA1)Hash)Encoding) PublicFormat)AuthorityInformationAccess)ExtendedKeyUsage)ExtensionNotFound) TLSFeature)TLSFeatureType)load_pem_x509_certificate)OCSPCertStatus)OCSPRequestBuilder)OCSPResponseStatus)load_der_ocsp_response)AuthorityInformationAccessOID)ExtendedKeyUsageOID)post)RequestException)_csot) _next_update _this_update)dsaeced448ed25519rsax448x25519) Prehashed) HashAlgorithm) CertificateName) ExtensionExtensionTypeVar) OCSPRequest OCSPResponse) Connection) _OCSPCache) _CallbackDatas9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+cafilestrreturnlist[Certificate]cCsbt|d }|}Wdn1swYg}t}tt|D] }|t||q$|S)z0Parse the tlsCAFile into a list of certificates.rbN)openread_default_backend_refindall _CERT_REGEXappend_load_pem_x509_certificate)r:fdatatrusted_ca_certsbackend cert_datarLP/var/www/html/olx_land/venv/lib/python3.10/site-packages/pymongo/ocsp_support.py_load_trusted_ca_certsis  rNcertr1chainIterable[Certificate]rIOptional[list[Certificate]]Optional[Certificate]cCsF|j}|D] }|j|kr|Sq|r!|D] }|j|kr |SqdSN)issuersubject)rOrPrI issuer_name candidaterLrLrM_get_issuer_certvs  rYkeyCertificateIssuerPublicKeyTypes signaturebytes algorithm%Union[Prehashed, HashAlgorithm, None]rHintcCszDt|tr|||t|WdSt|tr!||||WdSt|tr2|||t|WdSt|ttfrs z*_get_certs_by_key_hash..rL)rrUrrLrrM_get_certs_by_key_hash rresponder_nameOptional[Name]cr)Ncs&g|]}|jkr|jjkr|qSrL)rVrUrrUrrLrMrs z&_get_certs_by_name..rL)rrUrrLrrM_get_certs_by_namerrresponser6c Cs|j}|j}|j}|dur||jks||krtd|}nXtd|j}|jdur7t|||}tdn t|||}td|sKtddS|d}t |t }|r\t j |j vrctddSt||j|j|jsvtddSt||j|j|j} | std | S) NzResponder is issuerzResponder is a delegatezUsing responder namezUsing key hashz%No matching or valid responder certs.rz(Delegate not authorized for OCSP signingz&Delegate signature verification failedz&Response signature verification failed)rrissuer_key_hashrV_LOGGERdebugrrrrs_ExtendedKeyUsage_ExtendedKeyUsageOID OCSP_SIGNINGvaluerlrtr\signature_hash_algorithmtbs_certificate_bytestbs_response_bytes) rUrname rkey_hash ikey_hashresponder_certcertsresponder_certsextretrLrLrM_verify_response_signaturesL            rr5cCst}|||t}|SrT)_OCSPRequestBuilderadd_certificater~build)rOrUbuilderrLrLrM_build_ocsp_requestsrcCstdt||}|sdSt|}tjtjd}|r&|jdur&|j dd}|r3||kr3tddSt |}|rD||krDtddSdS)NzVerifying responser)tz)tzinfozthisUpdate is in the futureznextUpdate is in the pastra) rrrr' _datetimenowrutcrreplacer&)rUrres this_updater next_updaterLrLrM_verify_responses       ruriUnion[str, bytes]ocsp_response_cacher8Optional[OCSPResponse]c Cs$t||}z ||}tdW|Styttdd}zt||t j ddi|d}Wnt yJ}ztd|WYd}~YdSd}~ww|j dkrZtd |j YdSt |j}td |j|jtjkroYdS|j|jkr}td YdSt||sYdStd |||<Y|Sw) NzUsing cached OCSP response.gMbP?z Content-Typezapplication/ocsp-request)rHheaderstimeoutzHTTP request failed: %szHTTP request returned %dOCSP response status: %rz-Response serial number does not match requestzCaching OCSP response.)rrrKeyErrormaxr%clamp_remaining_postrurvrw_RequestException status_code_load_der_ocsp_responsecontentresponse_status_OCSPResponseStatus SUCCESSFUL serial_numberr) rOrUrr ocsp_request ocsp_responserrexcrLrLrM_get_ocsp_response(sF  $            rconnr7 ocsp_bytes user_dataOptional[_CallbackData]boolcCsV|sJ|}|durtddS|}t|dr#|}d}n|}|j}|s3tddSdd|D}t|||}d} t |t } | dur_| j D]} | t j kr^tdd } nqN|j} |d krtd | rttd dS|js~td d St |t} | durtdd Sdd| j D}|stdd S|durtddStd|D]-}td|t|||| }|durqtd|j|jtjkrd S|jtjkrdSqtdd Std|durtddSt|}td|j|jtjkr dSt||sdS|| t||<td|j|jtjkr)dSd S)zCCallback for use with OpenSSL.SSL.Context.set_ocsp_client_callback.Nz No peer cert?Fget_verified_chainzNo peer cert chain?cSsg|]}|qSrL)to_cryptography)rcerrLrLrMrhsz"_ocsp_callback..z!Peer presented a must-staple certTz$Peer did not staple an OCSP responsez5Must-staple cert with no stapled response, hard fail.z.OCSP endpoint checking is disabled, soft fail.z*No authority access information, soft failcSs g|] }|jtjkr|jjqSrL) access_method_AuthorityInformationAccessOIDOCSPaccess_locationr)rdescrLrLrMrs  zNo OCSP URI, soft failzNo issuer cert?zRequesting OCSP dataz Trying %szOCSP cert status: %rz)No definitive OCSP cert status, soft failzPeer stapled an OCSP responser)get_peer_certificaterrrhasattrrget_peer_cert_chainrIrYrs _TLSFeaturer_TLSFeatureTypestatus_requestrcheck_ocsp_endpoint_AuthorityInformationAccessrcertificate_status_OCSPCertStatusGOODREVOKEDrrrrrr)rrrpycertrOpychainrIrPrU must_stapleext_tlsfeaturerext_aiaurisrrrLrLrM_ocsp_callbackUs                       r)r:r;r<r=)rOr1rPrQrIrRr<rS) rZr[r\r]r^r_rHr]r<r`)rOr1rmrnr<ro)rOr1r<r])rrQrUr1rrr<r=)rrQrUr1rrr<r=)rUr1rr6r<r`)rOr1rUr1r<r5) rOr1rUr1rrrr8r<r)rr7rr]rrr<r)__doc__ __future__rlogging_loggingrerBrrrtypingrrrrr cryptography.exceptionsr rkcryptography.hazmat.backendsr rA-cryptography.hazmat.primitives.asymmetric.dsar rf,cryptography.hazmat.primitives.asymmetric.ecr rhrrg1cryptography.hazmat.primitives.asymmetric.paddingrre-cryptography.hazmat.primitives.asymmetric.rsarrc.cryptography.hazmat.primitives.asymmetric.x448rrj0cryptography.hazmat.primitives.asymmetric.x25519rri%cryptography.hazmat.primitives.hashesrr~rr},cryptography.hazmat.primitives.serializationrrvrrxcryptography.x509rrrrrrrrrrrrrFcryptography.x509.ocsprrrrrrr rcryptography.x509.oidr!rr"rrequestsr#rrequests.exceptionsr$rpymongor%pymongo.ocsp_cacher&r')cryptography.hazmat.primitives.asymmetricr(r)r*r+r,r-r./cryptography.hazmat.primitives.asymmetric.utilsr/r0r1r2cryptography.x509.extensionsr3r4r5r6 OpenSSL.SSLr7r8pymongo.pyopenssl_contextr9Ed25519PublicKeyEd448PublicKeyr[ getLogger__name__rcompileDOTALLrDrNrYrlrsrrrrrrrrrLrLrLrMs                               $          6  -