o sDinD@sdZddlmZddlZddlZddlmZddlm Z ddl m Z m Z m Z mZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZ dd l!m"Z#ddl$m%Z&ddl'm(Z)ddl*m+Z,ddl*m-Z.ddl/m0Z1ddl/m2Z3ddl4m5Z6ddl4m7Z8ddl4m9Z:ddl4m;Z<ddl4m=Z>ddl?m@ZAddl?mBZCddl?mDZEddl?mFZGddlHmIZJddlHmKZLddlMmNZOdd lPmQZRdd!lSmTZTdd"lUmVZVmWZWe r1dd#lXmYZYmZZZm[Z[m\Z\m]Z]m^Z^m_Z_dd$l`maZadd%l*mbZbdd&l4mcZcmdZddd'lemfZfmgZgdd(l?mhZhmiZidd)ljmkZkdd*lUmlZldd+lmmnZneeYje]j"eZje\joe[jpe_j(e^j%fZqeresZteud,ejvZwdkd5d6Zxdld?d@ZydmdDdEZzdndFdGZ{dodMdNZ|dpdQdRZ}dqdUdVZ~drdXdYZdqdZd[ZdsdadbZdtdidjZdS)uz4Support for requesting and verifying OCSP responses.) annotationsN)datetime)timezone) TYPE_CHECKINGIterableOptionalTypeUnion)InvalidSignature)default_backend) DSAPublicKey)ECDSA)EllipticCurvePublicKey)PKCS1v15) RSAPublicKey) X448PublicKey)X25519PublicKey)SHA1)Hash)Encoding) PublicFormat)AuthorityInformationAccess)ExtendedKeyUsage)ExtensionNotFound) TLSFeature)TLSFeatureType)OCSPCertStatus)OCSPRequestBuilder)OCSPResponseStatus)load_der_ocsp_response)AuthorityInformationAccessOID)ExtendedKeyUsageOID)post)RequestException)_csot) _next_update _this_update)dsaeced448ed25519rsax448x25519) Prehashed) HashAlgorithm) CertificateName) ExtensionExtensionTypeVar) OCSPRequest OCSPResponse) Connection) _OCSPCache) _CallbackDatas9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+certr0chainIterable[Certificate]trusted_ca_certsOptional[list[Certificate]]returnOptional[Certificate]cCsF|j}|D] }|j|kr|Sq|r!|D] }|j|kr |SqdSN)issuersubject)r9r:r< issuer_name candidaterER/home/alumno/antzosa8961/venv/lib/python3.10/site-packages/pymongo/ocsp_support.py_get_issuer_cerths  rGkeyCertificateIssuerPublicKeyTypes signaturebytes algorithm%Union[Prehashed, HashAlgorithm, None]dataintcCszDt|tr|||t|WdSt|tr!||||WdSt|tr2|||t|WdSt|ttfrs z*_get_certs_by_key_hash..rE)rurArvrEr|rF_get_certs_by_key_hash r~responder_nameOptional[Name]cry)Ncs&g|]}|jkr|jjkr|qSrE)rBrArzrArrErFr}s z&_get_certs_by_name..rE)rurArrErrF_get_certs_by_namerrresponser5c Cs|j}|j}|j}|dur||jks||krtd|}nXtd|j}|jdur7t|||}tdn t|||}td|sKtddS|d}t |t }|r\t j |j vrctddSt||j|j|jsvtddSt||j|j|j} | std | S) NzResponder is issuerzResponder is a delegatezUsing responder namezUsing key hashz%No matching or valid responder certs.rz(Delegate not authorized for OCSP signingz&Delegate signature verification failedz&Response signature verification failed)rrvissuer_key_hashrB_LOGGERdebugrurr~rb_ExtendedKeyUsage_ExtendedKeyUsageOID OCSP_SIGNINGvaluer[rdrJsignature_hash_algorithmtbs_certificate_bytestbs_response_bytes) rArname rkey_hash ikey_hashresponder_certcertsresponder_certsextretrErErF_verify_response_signaturesL            rr4cCst}|||t}|Sr@)_OCSPRequestBuilderadd_certificaternbuild)r9rAbuilderrErErF_build_ocsp_requestsrcCstdt||}|sdSt|}tjtjd}|r&|jdur&|j dd}|r3||kr3tddSt |}|rD||krDtddSdS)NzVerifying responser)tz)tzinfozthisUpdate is in the futureznextUpdate is in the pastrP) rrrr& _datetimenowrutcrreplacer%)rArres this_updater next_updaterErErF_verify_responses       ruriUnion[str, bytes]ocsp_response_cacher7Optional[OCSPResponse]c Cs$t||}z ||}tdW|Styttdd}zt||t j ddi|d}Wnt yJ}ztd|WYd}~YdSd}~ww|j dkrZtd |j YdSt |j}td |j|jtjkroYdS|j|jkr}td YdSt||sYdStd |||<Y|Sw) NzUsing cached OCSP response.gMbP?z Content-Typezapplication/ocsp-request)rNheaderstimeoutzHTTP request failed: %szHTTP request returned %dOCSP response status: %rz-Response serial number does not match requestzCaching OCSP response.)rrrKeyErrormaxr$clamp_remaining_postrerfrg_RequestException status_code_load_der_ocsp_responsecontentresponse_status_OCSPResponseStatus SUCCESSFUL serial_numberr) r9rArr ocsp_request ocsp_responserrexcrErErF_get_ocsp_responsesF  $            rconnr6 ocsp_bytes user_dataOptional[_CallbackData]boolcCsV|sJ|}|durtddS|}t|dr#|}d}n|}|j}|s3tddSdd|D}t|||}d} t |t } | dur_| j D]} | t j kr^tdd } nqN|j} |d krtd | rttd dS|js~td d St |t} | durtdd Sdd| j D}|stdd S|durtddStd|D]-}td|t|||| }|durqtd|j|jtjkrd S|jtjkrdSqtdd Std|durtddSt|}td|j|jtjkr dSt||sdS|| t||<td|j|jtjkr)dSd S)zCCallback for use with OpenSSL.SSL.Context.set_ocsp_client_callback.Nz No peer cert?Fget_verified_chainzNo peer cert chain?cSsg|]}|qSrE)to_cryptography)r{cerrErErFr}Zsz"_ocsp_callback..z!Peer presented a must-staple certTz$Peer did not staple an OCSP responsez5Must-staple cert with no stapled response, hard fail.z.OCSP endpoint checking is disabled, soft fail.z*No authority access information, soft failcSs g|] }|jtjkr|jjqSrE) access_method_AuthorityInformationAccessOIDOCSPaccess_locationr)r{descrErErFr}ws  zNo OCSP URI, soft failzNo issuer cert?zRequesting OCSP dataz Trying %szOCSP cert status: %rz)No definitive OCSP cert status, soft failzPeer stapled an OCSP responser)get_peer_certificaterrrhasattrrget_peer_cert_chainr<rGrb _TLSFeaturer_TLSFeatureTypestatus_requestrcheck_ocsp_endpoint_AuthorityInformationAccessrcertificate_status_OCSPCertStatusGOODREVOKEDrrrrrr)rrrpycertr9pychainr<r:rA must_stapleext_tlsfeaturerext_aiaurisrrrErErF_ocsp_callbackGs                       r)r9r0r:r;r<r=r>r?) rHrIrJrKrLrMrNrKr>rO)r9r0r\r]r>r^)r9r0r>rK)rur;rAr0rvrwr>rx)rur;rAr0rrr>rx)rAr0rr5r>rO)r9r0rAr0r>r4) r9r0rAr0rrrr7r>r)rr6rrKrrr>r)__doc__ __future__rlogging_loggingre_rerrrtypingrrrrr cryptography.exceptionsr rZcryptography.hazmat.backendsr ro-cryptography.hazmat.primitives.asymmetric.dsar rU,cryptography.hazmat.primitives.asymmetric.ecr rWrrV1cryptography.hazmat.primitives.asymmetric.paddingrrT-cryptography.hazmat.primitives.asymmetric.rsarrR.cryptography.hazmat.primitives.asymmetric.x448rrY0cryptography.hazmat.primitives.asymmetric.x25519rrX%cryptography.hazmat.primitives.hashesrrnrrm,cryptography.hazmat.primitives.serializationrrfrrhcryptography.x509rrrrrrarrrrcryptography.x509.ocsprrrrrrrrcryptography.x509.oidr rr!rrequestsr"rrequests.exceptionsr#rpymongor$pymongo.ocsp_cacher%r&)cryptography.hazmat.primitives.asymmetricr'r(r)r*r+r,r-/cryptography.hazmat.primitives.asymmetric.utilsr.r/r0r1cryptography.x509.extensionsr2r3r4r5 OpenSSL.SSLr6r7pymongo.pyopenssl_contextr8Ed25519PublicKeyEd448PublicKeyrI getLogger__name__rcompileDOTALL _CERT_REGEXrGr[rbrtr~rrrrrrrErErErFs                              $          6  -