o 'h3B@sdZddlmZddlZddlZddlZddl Z ddl m Z ddlmZddlmZmZmZmZmZmZddlmZddlZddlmZddlmZdd l m!Z"dd l m#Z#dd l$m%Z%dd l&m'Z'm(Z(dd l)m*Z+ddl)m,Z,ddl-m.Z.er~ddlm/Z/edZ0zddl1Z1dZ2Wn e3ydZ2Ynwej4Z5ej6Z6ej7Z7ej8Z8e9eddZ:dZ;dZej?ej@ejAejBejCejBejDBiZEddeEFDZGd'ddZHejIejJejKfZLejIZMejJZNejKZOd(dd ZPGd!d"d"ejQZRGd#d$d$ZSGd%d&d&ZTdS))zA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. Due to limitations of the CPython asyncio.Protocol implementation for SSL, the async API does not support PyOpenSSL. ) annotationsN)EINTR) ip_address) TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)SSL)crypto)ConfigurationError)_CertificateError) _OCSPCache)_load_trusted_ca_certs_ocsp_callback) SocketChecker)_errno_from_exception)validate_boolean) VerifyMode_TTFOP_NO_RENEGOTIATIONcCsi|]\}}||qSr).0keyvaluerrU/var/www/html/olx_land/venv/lib/python3.10/site-packages/pymongo/pyopenssl_context.py Nsraddressrreturnboolc Cs(zt|WdSttfyYdSw)NTF) _ip_address ValueError UnicodeError)rrrr_is_ip_addressSs r$exc BaseExceptioncCs |jdkS)z._cbN) r}r~rrrrUrrUrrUrr )rq set_verify _VERIFY_MAP)r5rrrrr__set_verify_modes zSSLContext.__set_verify_moder cCryr0)rsrlrrr__get_check_hostnameszSSLContext.__get_check_hostnamercCstd|||_dS)Ncheck_hostname)rrsr5rrrr__set_check_hostnames  zSSLContext.__set_check_hostnameOptional[bool]cCs|jjSr0)rrrjrlrrr__get_check_ocsp_endpointsz$SSLContext.__get_check_ocsp_endpointcCstd|||j_dS)N check_ocsp)rrrrjrrrr__set_check_ocsp_endpoint s  z$SSLContext.__set_check_ocsp_endpointcCs |jdSrV)rq set_optionsrlrrr __get_optionss zSSLContext.__get_optionscCs|jt|dSr0)rqrrUrrrr __set_optionsszSSLContext.__set_optionsNcertfileUnion[str, bytes]keyfileUnion[str, bytes, None]password Optional[str]csHrd fd d }|j||j||j|p||jd S) aLoad a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key. Otherwise the private key will be taken from certfile as well. _max_lengthrU _prompt_twicer _user_dataOptional[bytes]rrNcsdusJdS)Nzutf-8)encode)rrrrrr_pwcb1s  z)SSLContext.load_cert_chain.._pwcbN)rrUrr rrrrN)rq set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r5rrrrrrrload_cert_chains   zSSLContext.load_cert_chaincafilecapathcCs:|j||ttjds|dusJt||j_dSdS)zLoad a set of "certification authority"(CA) certificates used to validate other peers' certificates when `~verify_mode` is other than ssl.CERT_NONE. get_verified_chainN)rqload_verify_locationshasattrrD Connectionrrrri)r5rrrrrr=s   z SSLContext.load_verify_locationscCstr |tdStd)z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN) _HAVE_CERTIFIrcertifiwhere_ConfigurationErrorrlrrr _load_certifiJs zSSLContext._load_certifistorestrcCsj|j}|dus Jtjjj}t|D]\}}}|dkr2|dus&||vr2|tj t |qdS)z2Attempt to load CA certs from Windows trust store.Nx509_asnT) rqget_cert_store _stdlibsslPurpose SERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptographyx509load_der_x509_certificate)r5r cert_storercertencodingtrustrrr_load_wincertsVs   zSSLContext._load_wincertscCs^tjdkrz dD]}||qWnty|Yn wtjdkr(||jdS)z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformrPermissionErrorrrqset_default_verify_paths)r5 storenamerrrload_default_certscs     zSSLContext.load_default_certscCs|jdS)zmSpecify that the platform provided CA certificates are to be used for verification purposes. N)rqrrlrrrrssz#SSLContext.set_default_verify_pathsFTr-_socket.socket server_sidedo_handshake_on_connectr/server_hostnamesessionOptional[_SSL.Session]r*c Cst|j||}|r|||dur|n|r%t|s%||d|jtj kr/| | |rt| |j rt|durtddlm}zt|rT|||W|S|||W|Stjtjfys} ztt| dd} ~ ww|S)zZWrap an existing Python socket connection and return a TLS socket object. TidnaNr) pyopenssl)r*rq set_sessionset_accept_stater$set_tlsext_host_namer verify_moder CERT_NONE request_ocspset_connect_staterMrservice_identityrverify_ip_addressverify_hostnameSICertificateErrorSIVerificationErrorrr) r5r-rrr/rrssl_connrr%rrr wrap_socket{s8       zSSLContext.wrap_socket)rtrU)rrU)rr)rrrrL)rr )rrrrL)rr)rr rrL)rrUrrL)NN)rrrrrrrrL)rrrrrrLrm)rrrrL)FTTNN)r-rrr rr r/r rrrrrr*)rdrerfrn __slots__r4propertyrt_SSLContext__get_verify_mode_SSLContext__set_verify_moder_SSLContext__get_check_hostname_SSLContext__set_check_hostnamer$_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointrj_SSLContext__get_options_SSLContext__set_optionsoptionsrrrrrrrrrrrrosB                 ro)rrrr )r%r&rr )Urn __future__rsocketr@sslrsysrtimer<errnorr^ ipaddressrr!typingrrrrr r cryptography.x509rrOpenSSLr rDr rpymongo.errorsr rrpymongo.ocsp_cacherpymongo.ocsp_supportrrpymongo.socket_checkerrr1rpymongo.write_concernrrrrr ImportError SSLv23_METHODPROTOCOL_SSLv23 OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONgetattrrHAS_SNI IS_PYOPENSSLErrorrBr VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrzr$rErFWantX509LookupErrorr>BLOCKING_IO_READ_ERRORBLOCKING_IO_WRITE_ERRORBLOCKING_IO_LOOKUP_ERRORr)rr*rhrorrrrsf                   S