o sDi@@sdZddlmZddlZddlZddlZddl Z ddl m Z ddlmZddlmZmZmZmZmZmZddlmZddlZddlmZddlmZdd l m!Z"dd l m#Z#dd l$m%Z%dd l&m'Z'dd l(m)Z*ddl(m+Z+ddl,m-Z-er|ddlm.Z.edZ/zddl0Z0dZ1Wn e2ydZ1Ynwej3Z4ej5Z5ej6Z6ej7Z7e8eddZ9dZ:dZ;ejej?ej@ejAejBejAejCBiZDddeDEDZFd'ddZGejHejIejJfZKejHZLejIZMejJZNd(dd ZOGd!d"d"ejPZQGd#d$d$ZRGd%d&d&ZSdS))zA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. Due to limitations of the CPython asyncio.Protocol implementation for SSL, the async API does not support PyOpenSSL. ) annotationsN)EINTR) ip_address) TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)SSL)crypto)ConfigurationError)_CertificateError) _OCSPCache)_ocsp_callback) SocketChecker)_errno_from_exception)validate_boolean) VerifyMode_TTFOP_NO_RENEGOTIATIONcCsi|]\}}||qSr).0keyvaluerrW/home/alumno/antzosa8961/venv/lib/python3.10/site-packages/pymongo/pyopenssl_context.py Nsraddressrreturnboolc Cs(zt|WdSttfyYdSw)NTF) _ip_address ValueError UnicodeError)rrrr_is_ip_addressSs r#exc BaseExceptioncCs |jdkS)z._cbN) r|r}r~rrrTrrTrrTrr)rp set_verify _VERIFY_MAP)r4rrrrr__set_verify_modes zSSLContext.__set_verify_modercCrxr/)rrrkrrr__get_check_hostnameszSSLContext.__get_check_hostnamercCstd|||_dS)Ncheck_hostname)rrrr4rrrr__set_check_hostnames  zSSLContext.__set_check_hostnameOptional[bool]cCs|jjSr/)rqrirkrrr__get_check_ocsp_endpointsz$SSLContext.__get_check_ocsp_endpointcCstd|||j_dS)N check_ocsp)rrqrirrrr__set_check_ocsp_endpoint s  z$SSLContext.__set_check_ocsp_endpointcCs |jdSrU)rp set_optionsrkrrr __get_optionss zSSLContext.__get_optionscCs|jt|dSr/)rprrTrrrr __set_optionsszSSLContext.__set_optionsNcertfileUnion[str, bytes]keyfileUnion[str, bytes, None]password Optional[str]csHrd fd d }|j||j||j|p||jd S) aLoad a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key. Otherwise the private key will be taken from certfile as well. _max_lengthrT _prompt_twicer _user_dataOptional[bytes]rrMcsdusJdS)Nzutf-8)encode)rrrrrr_pwcb1s  z)SSLContext.load_cert_chain.._pwcbN)rrTrrrrrrM)rp set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r4rrrrrrrload_cert_chains   zSSLContext.load_cert_chaincafilecapathcCs|j||dS)zLoad a set of "certification authority"(CA) certificates used to validate other peers' certificates when `~verify_mode` is other than ssl.CERT_NONE. N)rpload_verify_locations)r4rrrrrr=sz SSLContext.load_verify_locationscCstr |tdStd)z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN) _HAVE_CERTIFIrcertifiwhere_ConfigurationErrorrkrrr _load_certifiFs zSSLContext._load_certifistorestrcCsj|j}|dus Jtjjj}t|D]\}}}|dkr2|dus&||vr2|tj t |qdS)z2Attempt to load CA certs from Windows trust store.Nx509_asnT) rpget_cert_store _stdlibsslPurpose SERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptographyx509load_der_x509_certificate)r4r cert_storercertencodingtrustrrr_load_wincertsRs   zSSLContext._load_wincertscCs^tjdkrz dD]}||qWnty|Yn wtjdkr(||jdS)z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformrPermissionErrorrrpset_default_verify_paths)r4 storenamerrrload_default_certs_s     zSSLContext.load_default_certscCs|jdS)zmSpecify that the platform provided CA certificates are to be used for verification purposes. N)rprrkrrrrosz#SSLContext.set_default_verify_pathsFTr,_socket.socket server_sidedo_handshake_on_connectr.server_hostnamesessionOptional[_SSL.Session]r)c Cst|j||}|r|||dur|n|r%t|s%||d|jtj kr/| | |rt| |j rt|durtddlm}zt|rT|||W|S|||W|Stjtjfys} ztt| dd} ~ ww|S)zZWrap an existing Python socket connection and return a TLS socket object. TidnaNr) pyopenssl)r)rp set_sessionset_accept_stater#set_tlsext_host_namer verify_moder CERT_NONE request_ocspset_connect_staterLrservice_identityrverify_ip_addressverify_hostnameCertificateErrorVerificationErrorrr) r4r,rrr.rrssl_connrr$rrr wrap_socketws8       zSSLContext.wrap_socket)rsrT)rrT)rr)rrrrK)rr)rrrrK)rr)rrrrK)rrTrrK)NN)rrrrrrrrK)rrrrrrKrl)rrrrK)FTTNN)r,rrrrrr.rrrrrrr))rcrdrerm __slots__r3propertyrs_SSLContext__get_verify_mode_SSLContext__set_verify_moder_SSLContext__get_check_hostname_SSLContext__set_check_hostnamer$_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointri_SSLContext__get_options_SSLContext__set_optionsoptionsrrrrrrrrrrrrnsB                 rn)rrrr)r$r%rr)Trm __future__rsocketr?sslrsysrtimer;errnorr] ipaddressrr typingrrrrr r cryptography.x509rrOpenSSLr rCr rpymongo.errorsr rrpymongo.ocsp_cacherpymongo.ocsp_supportrpymongo.socket_checkerrr0rpymongo.write_concernrrrrr ImportError SSLv23_METHODPROTOCOL_SSLv23 OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONgetattrrHAS_SNI IS_PYOPENSSLErrorrAr VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsryr#rDrEWantX509LookupErrorr=BLOCKING_IO_READ_ERRORBLOCKING_IO_WRITE_ERRORBLOCKING_IO_LOOKUP_ERRORr( Connectionr)rgrnrrrrsf                    S