h:dZddlZddlZddlmZddlmZ ddl m Z ddl mZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd l m!Z"ddl m#Z$ddl%m&Z'ddl%m(Z)ddl%m*Z+ddl%m,Z-ddl%m.Z/ddl%m0Z1ddl2m3Z4ddl2m5Z6ddl2m7Z8ddl2m9Z:ddl;mZ?ddl@mAZBddlCmDZEejeGZHejdejZKdZLdZMd ZNd!ZOd"ZPd#ZQd$ZRd%ZSd&ZTd'ZUd(ZVd)ZWy)*z4Support for requesting and verifying OCSP responses.N)datetime)InvalidSignature)default_backend) DSAPublicKey)ECDSA)EllipticCurvePublicKey)PKCS1v15) RSAPublicKey)SHA1)Hash)Encoding) PublicFormat)AuthorityInformationAccess)ExtendedKeyUsage)ExtensionNotFound) TLSFeature)TLSFeatureType)load_pem_x509_certificate)OCSPCertStatus)OCSPRequestBuilder)OCSPResponseStatus)load_der_ocsp_response)AuthorityInformationAccessOID)ExtendedKeyUsageOID)post)RequestExceptions9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+ct|d5}|j}dddg}t}tjt D]}|j t|||S#1swYQxYw)z0Parse the tlsCAFile into a list of certificates.rbN)openread_default_backend_refindall _CERT_REGEXappend_load_pem_x509_certificate)cafilefdatatrusted_ca_certsbackend cert_datas R/var/www/html/eduruby.in/venv/lib/python3.12/site-packages/pymongo/ocsp_support.py_load_trusted_ca_certsr.?sv fd qvvx G[[d3P  :9g NOP s A..A7c|j}|D]}|j|k(s|cS|r|D]}|j|k(s|cSyN)issuersubject)certchainr* issuer_name candidates r-_get_issuer_certr7Ls[++K    + ) !I  K/   ! cF t|tr|j||t|yt|tr|j|||yt|t r|j||t |y|j|| y#t$rYywxYw)Nr) isinstance _RSAPublicKeyverify _PKCS1v15 _DSAPublicKey_EllipticCurvePublicKey_ECDSA_InvalidSignature)key signature algorithmr)s r-_verify_signaturerF]s  c= ) JJy$ Y ? ] + JJy$ 2 4 5 JJy$y(9 :  JJy$ '  s",B#B,BB B B cX |jj|S#t$rYywxYwr0) extensionsget_extension_for_class_ExtensionNotFound)r3klasss r-_get_extensionrLns.66u== s  ))c|j}t|tr/|jtj t j}nmt|tr/|jtjt j}n.|jtj t j}ttt}|j||j!S)N)r+) public_keyr;r< public_bytes _EncodingDER _PublicFormatPKCS1r@X962UncompressedPointSubjectPublicKeyInfo_Hash_SHA1r!updatefinalize)r3rNpbytesdigests r-_public_key_hashr]us"J *m,(( 8K8KL J 7 8((9X9XY(( 8Z8Z[ 57$4$6 7F MM& ?? r8cz|Dcgc]+}t||k(r|j|jk(r|-c}Scc}wr0)r]r1r2) certificatesr1responder_key_hashr3s r-_get_certs_by_key_hashrasA!   D !%7 7DKK6>> )dkkV^^.K   s19c|j}|j}|j}|||jk(s||k(rtj d|}n#tj d|j }|j#t|||}tj dn"t|||}tj d|stj dy|d}t|t}|rtj|jvrtj dyt|j|j |j"|j$stj dyt|j|j |j"|j&} | stj d | S) NzResponder is issuerzResponder is a delegatezUsing responder namezUsing key hashz%No matching or valid responder certs.rz(Delegate not authorized for OCSP signingz&Delegate signature verification failedz&Response signature verification failed)rcr`issuer_key_hashr2_LOGGERdebugr_rdrarL_ExtendedKeyUsage_ExtendedKeyUsageOID OCSP_SIGNINGvaluerFrNrDsignature_hash_algorithmtbs_certificate_bytestbs_response_bytes) r1responsename rkey_hash ikey_hashresponder_certcertsresponder_certsextrets r-_verify_response_signaturerys  " "D++I((I DFNN2i96L +, /0%%  " " .0EO MM0 14UFINO MM* + MMA B)+^->?*77syyH MMD E      $ $  3 3  0 0  MMB C !!#))##  C  >? Jr8clt}|j||t}|jSr0)_OCSPRequestBuilderadd_certificaterXbuild)r3r1builders r-_build_ocsp_requestrs,!#G%%dFEG t ||j t jddid}n-#t$r!}tjd|Yd}~Yyd}~wwxYw|jdk7r"tjd|jYyt|j}tjd |j|jtjk7rYy|j|jk7rtjd Yyt!||sYytjd |||<Y|SwxYw) NzUsing cached OCSP response.z Content-Typezapplication/ocsp-request)r)headerstimeoutzHTTP request failed: %szHTTP request returned %dOCSP response status: %rz-Response serial number does not match requestzCaching OCSP response.)rrgrhKeyError_postrOrPrQ_RequestException status_code_load_der_ocsp_responsecontentresponse_status_OCSPResponseStatus SUCCESSFUL serial_numberr)r3r1uriocsp_response_cache ocsp_request ocsp_responserpexcs r-_get_ocsp_responsersN&tV4L :+L9  34@ ? : !..y}}=')CD H !  MM3S 9    3 & MM4h6J6J K/0@0@A  0-2O2OP  ( (,?,J,J J  & &,*D*D D MMI J 6 ./,9L) ?:sQ* E2.A$#E2$ B-B E2 B2E2AE2.E2 E2E21E2c8|j}|tjdy|j}t |dr|j }d}n|j }|j}|stjdy|Dcgc]}|j}}t|||}d}t|t} | =| jD].} | tjk(stjdd}n|j} |d k(rtjd |rtjd y|jstjd y t|t } | tjdy | jD cgc]5} | j"t$j&k(r| j(j7} } | stjdy |tjdytjd| D]}tjd|t+|||| }|*tjd|j,|j,t.j0k(ry |j,t.j2k(sytjdy tjd|tjdyt5|}tjd|j6|j6t8j:k7ryt=||sy|| t?||<tjd|j,|j,t.j2k(ryy cc}wcc} w)zCCallback for use with OpenSSL.SSL.Context.set_ocsp_client_callback.Nz No peer cert?rget_verified_chainzNo peer cert chain?Fz!Peer presented a must-staple certTr8z$Peer did not staple an OCSP responsez5Must-staple cert with no stapled response, hard fail.z.OCSP endpoint checking is disabled, soft fail.r:z*No authority access information, soft failzNo OCSP URI, soft failzNo issuer cert?zRequesting OCSP dataz Trying %szOCSP cert status: %rz)No definitive OCSP cert status, soft failzPeer stapled an OCSP responser) get_peer_certificatergrhto_cryptographyhasattrrget_peer_cert_chainr*r7rL _TLSFeaturerl_TLSFeatureTypestatus_requestrcheck_ocsp_endpoint_AuthorityInformationAccess access_method_AuthorityInformationAccessOIDOCSPaccess_locationrcertificate_status_OCSPCertStatusGOODREVOKEDrrrrrr)conn ocsp_bytes user_datar3r4r*cerr1 must_staplerwfeaturerdescurisrrps r-_ocsp_callbackrs(  $ $ &D | o&    !Dt)*'')((*$55  +,.3 4sS " 4E 4 dE+; ? ; MMF G  !!%C%H%HH  & &   MM2 3 > MM+ , ,- C MM+s +)$=PQH MM0(2M2M N**o.B.BB**o.E.EE   AB MM12 ~ '(&z2H MM,h.F.FG#6#A#AA FH -=E+D&9: MM((*E*EF""o&=&== ] 5: s N:N)X__doc__logging_loggingrer"rrcryptography.exceptionsrrBcryptography.hazmat.backendsrr!-cryptography.hazmat.primitives.asymmetric.dsarr?,cryptography.hazmat.primitives.asymmetric.ecrrArr@1cryptography.hazmat.primitives.asymmetric.paddingr r>-cryptography.hazmat.primitives.asymmetric.rsar r<%cryptography.hazmat.primitives.hashesr rXr rW,cryptography.hazmat.primitives.serializationr rPrrRcryptography.x509rrrrirrJrrrrrr&cryptography.x509.ocsprrrr{rrrrcryptography.x509.oidrrrrjrequestsrrrequests.exceptionsrr getLogger__name__rgcompileDOTALLr$r.r7rFrLr]rardryrrrrr8r-rs;*ILWHTW??NVWCE7?UDLLTN"E (  X &ckkDcjj " ""3l *$N_ r8