]*inDdZddlmZddlZddlZddlmZddlm Z ddl m Z m Z m Z mZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZ dd l!m"Z#ddl$m%Z&ddl'm(Z)ddl*m+Z,ddl*m-Z.ddl/m0Z1ddl/m2Z3ddl4m5Z6ddl4m7Z8ddl4m9Z:ddl4m;Z<ddl4m=Z>ddl?m@ZAddl?mBZCddl?mDZEddl?mFZGddlHmIZJddlHmKZLddlMmNZOdd lPmQZRdd!lSmTZTdd"lUmVZVmWZWe rdd#lXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_dd$l`maZadd%l*mbZbdd&l4mcZcmdZddd'lemfZfmgZgdd(l?mhZhmiZidd)ljmkZkdd*lUmlZldd+lmmnZneeYj.e]jDeZj8e\je[je_jPe^jJfZqejesZtejd,ejZw d8d-Zx d9d.Zy d:d/Zzd;d0Z{ dd3Z~d?d4Zd>d5Z d@d6ZdAd7Zy)Bz4Support for requesting and verifying OCSP responses.) annotationsN)datetime)timezone) TYPE_CHECKINGIterableOptionalTypeUnion)InvalidSignature)default_backend) DSAPublicKey)ECDSA)EllipticCurvePublicKey)PKCS1v15) RSAPublicKey) X448PublicKey)X25519PublicKey)SHA1)Hash)Encoding) PublicFormat)AuthorityInformationAccess)ExtendedKeyUsage)ExtensionNotFound) TLSFeature)TLSFeatureType)OCSPCertStatus)OCSPRequestBuilder)OCSPResponseStatus)load_der_ocsp_response)AuthorityInformationAccessOID)ExtendedKeyUsageOID)post)RequestException)_csot) _next_update _this_update)dsaeced448ed25519rsax448x25519) Prehashed) HashAlgorithm) CertificateName) ExtensionExtensionTypeVar) OCSPRequest OCSPResponse) Connection) _OCSPCache) _CallbackDatas9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+c|j}|D]}|j|k(s|cS|r|D]}|j|k(s|cSyN)issuersubject)certchaintrusted_ca_certs issuer_name candidates N/home/alumno/antonio/venv/lib/python3.12/site-packages/pymongo/ocsp_support.py_get_issuer_certrDhs]++K    + ) !I  K/   ! ct t|tr|j||t|yt|tr|j|||yt|t r|j||t |yt|ttfry|j|| y#t$rYywxYw)Nr) isinstance _RSAPublicKeyverify _PKCS1v15 _DSAPublicKey_EllipticCurvePublicKey_ECDSA_X25519PublicKey_X448PublicKey_InvalidSignature)key signature algorithmdatas rC_verify_signaturerV{s c= ) JJy$ Y ? ] + JJy$ 2 4 5 JJy$y(9 :  "N3  JJy$ '  s(,B+#B+,B+B+B++ B76B7cX |jj|S#t$rYywxYwr;) extensionsget_extension_for_class_ExtensionNotFound)r>klasss rC_get_extensionr\s.66u== s  ))c|j}t|tr/|jtj t j}nmt|tr/|jtjt j}n.|jtj t j}ttt}|j||j!S)N)backend) public_keyrHrI public_bytes _EncodingDER _PublicFormatPKCS1rMX962UncompressedPointSubjectPublicKeyInfo_Hash_SHA1_default_backendupdatefinalize)r>r_pbytesdigests rC_public_key_hashros"J *m,(( 8K8KL J 7 8((9X9XY(( 8Z8Z[ 57$4$6 7F MM& ?? rEcz|Dcgc]+}t||k(r|j|jk(r|-c}Scc}wr;)ror<r=) certificatesr<responder_key_hashr>s rC_get_certs_by_key_hashrssA !   D !%7 7DKK6>>s rC_get_certs_by_namervs? !   <<> )dkkV^^.K   s19c|j}|j}|j}|||jk(s||k(rtj d|}n#tj d|j }|j#t|||}tj dn"t|||}tj d|stj dy|d}t|t}|rtj|jvrtj dyt|j|j |j"|j$stj dyt|j|j |j"|j&} | stj d | S) NzResponder is issuerzResponder is a delegatezUsing responder namezUsing key hashz%No matching or valid responder certs.rz(Delegate not authorized for OCSP signingz&Delegate signature verification failedz&Response signature verification failed)rurrissuer_key_hashr=_LOGGERdebugrqrvrsr\_ExtendedKeyUsage_ExtendedKeyUsageOID OCSP_SIGNINGvaluerVr_rSsignature_hash_algorithmtbs_certificate_bytestbs_response_bytes) r<responsename rkey_hash ikey_hashresponder_certcertsresponder_certsextrets rC_verify_response_signaturers  " "D++I((I DFNN2i96L +, /0%%  " " .0EO MM0 14UFINO MM* + MMA B)+^->?*77syyH MMD E      $ $  3 3  0 0  MMB C !!#))##  C  >? JrEclt}|j||t}|jSr;)_OCSPRequestBuilderadd_certificateribuild)r>r<builders rC_build_ocsp_requestrs,!#G%%dFEGr<uriocsp_response_cache ocsp_request ocsp_responserrexcs rC_get_ocsp_responsersk'tV4L$:+L9  34H G !:e++A.6 !..y}}=')CD H !  MM3S 9    3 & MM4h6J6J K/0@0@A  0-2O2OP  ( (,?,J,J J  & &,*D*D D MMI J 6 ./,9L) G!:sR*)F.BF B- B("F(B--2F!AF5.F% F3FFc@|sJ|j}|tjdy|j}t |dr|j }d}n|j }|j}|stjdy|Dcgc]}|j}}t|||} d} t|t} | =| jD].} | tjk(stjdd} n|j} |dk(rtjd | rtjd y|jstjd yt|t }|tjd y|jDcgc]5}|j"t$j&k(r|j(j7}}|stjd y| tjdytjd|D]}tjd|t+|| || }|*tjd|j,|j,t.j0k(ry|j,t.j2k(sytjdytjd| tjdyt5|}tjd|j6|j6t8j:k7ryt=| |sy|| t?|| <tjd|j,|j,t.j2k(ryycc}wcc}w)zCCallback for use with OpenSSL.SSL.Context.set_ocsp_client_callback.Nz No peer cert?Fget_verified_chainzNo peer cert chain?z!Peer presented a must-staple certTrEz$Peer did not staple an OCSP responsez5Must-staple cert with no stapled response, hard fail.z.OCSP endpoint checking is disabled, soft fail.z*No authority access information, soft failzNo OCSP URI, soft failzNo issuer cert?zRequesting OCSP dataz Trying %szOCSP cert status: %rz)No definitive OCSP cert status, soft failzPeer stapled an OCSP responser) get_peer_certificateryrzto_cryptographyhasattrrget_peer_cert_chainr@rDr\ _TLSFeaturer~_TLSFeatureTypestatus_requestrcheck_ocsp_endpoint_AuthorityInformationAccess access_method_AuthorityInformationAccessOIDOCSPaccess_locationrcertificate_status_OCSPCertStatusGOODREVOKEDrrrrrr)conn ocsp_bytes user_datapycertr>pychainr@cerr?r< must_stapleext_tlsfeaturerext_aiadescurisrrs rC_ocsp_callbackrGs3 9  & & (F ~ o&  ! ! #Dt)*))+**,$55  +,.5 6sS " 6E 6 dE+; MM+ , ,- C MM+s +)$=PQH MM0(2M2M N**o.B.BB**o.E.EE   AB MM12 ~ '(&z2H MM,h.F.FG#6#A#AA FH -=E+D&9: MM((*E*EF""o&=&== ] 7: s N":N)r>r1r?Iterable[Certificate]r@zOptional[list[Certificate]]returnzOptional[Certificate]) rRCertificateIssuerPublicKeyTypesrSbytesrTz%Union[Prehashed, HashAlgorithm, None]rUrrint)r>r1r[zType[ExtensionTypeVar]rz%Optional[Extension[ExtensionTypeVar]])r>r1rr)rqrr<r1rrzOptional[bytes]rlist[Certificate])rqrr<r1ruzOptional[Name]rr)r<r1rr6rr)r>r1r<r1rr5) r>r1r<r1rzUnion[str, bytes]rr8rzOptional[OCSPResponse])rr7rrrzOptional[_CallbackData]rbool)__doc__ __future__rlogging_loggingre_rerrrtypingrrrr r cryptography.exceptionsr rQcryptography.hazmat.backendsr rj-cryptography.hazmat.primitives.asymmetric.dsar rL,cryptography.hazmat.primitives.asymmetric.ecrrNrrM1cryptography.hazmat.primitives.asymmetric.paddingrrK-cryptography.hazmat.primitives.asymmetric.rsarrI.cryptography.hazmat.primitives.asymmetric.x448rrP0cryptography.hazmat.primitives.asymmetric.x25519rrO%cryptography.hazmat.primitives.hashesrrirrh,cryptography.hazmat.primitives.serializationrrarrccryptography.x509rrrr{rrZrrrrcryptography.x509.ocsprrrrrrr rcryptography.x509.oidr!rr"r|requestsr#rrequests.exceptionsr$rpymongor%pymongo.ocsp_cacher&r')cryptography.hazmat.primitives.asymmetricr(r)r*r+r,r-r./cryptography.hazmat.primitives.asymmetric.utilsr/r0r1r2cryptography.x509.extensionsr3r4r5r6 OpenSSL.SSLr7r8pymongo.pyopenssl_contextr9Ed25519PublicKeyEd448PublicKeyr getLogger__name__rycompileDOTALL _CERT_REGEXrDrVr\rorsrvrrrrrrErCrs5;"*AAILWHTW@?NVWCE7?DLLTN"E9JC3H@&-7&+   !!      '# (  X &ckkDcjj  3Gb& (  5      4 4*"'1<Ra'1<N\3l 4* ***1B*Yc**ZarE