=h@dZddlmZddlZddlZddlZddl Z ddl m Z ddlmZddlmZmZmZmZmZmZddlmZddlmZdd lmZdd l m!Z"dd l m#Z$dd l%m&Z'dd l%m(Z)ddl*m+Z,ddl*m-Z-ddl.m/Z/ddl0m1Z1m2Z2ddl3m4Z5ddl3m6Z6ddl7m8Z8er ddlm9Z9ddlm:Z:edZ; ddl$rdZ=YwxYwcc}}w)%zMA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. ) annotationsN)EINTR) ip_address) TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)load_der_x509_certificate)SSL)crypto)CertificateError)VerificationError)verify_hostname)verify_ip_address)ConfigurationError)_CertificateError) _OCSPCache)_load_trusted_ca_certs_ocsp_callback) SocketChecker)_errno_from_exception)validate_boolean) VerifyMode) Certificate_TTFOP_NO_RENEGOTIATIONcF t|y#ttf$rYywxYw)NTF) _ip_address ValueError UnicodeError)addresss i/var/www/html/phonemate/phone_mate_backend/venv/lib/python3.12/site-packages/pymongo/pyopenssl_context.py_is_ip_addressr%Us)G  %s   c |jdk(S)z|r0tjz |kDrt j ddtddt|tjrd}d}n#t|tjrd}d}nd}d}|jj|||||r0tjz |kDrt j ddYd}~d}~wwxYw)NTr'z timed outz!Underlying socket has been closedF) gettimeout_time monotonicBLOCKING_IO_ERRORSfileno_sockettimeoutSSLError isinstance_SSL WantReadErrorWantWriteErrorr1select) r5callr(kwargsr@startr) want_read want_writes r$_callz_sslConn._callrs //# OO%E T,V,,% ;;=B&5??#4u#d|_d|_t|_yr/)trusted_ca_certscheck_ocsp_endpointrocsp_response_cacher5s r$r4z_CallbackData.__init__s=A37 #-< r+Nrerf)rirjrk__doc__r4r+r$rnrns :0r+rnc6eZdZdZdZddZeddZddZddZ eee Z ddZ ddZ ee e Z dd Zdd ZeeeZdd Zdd ZeeeZ d d dZ d d!dZddZd"dZddZddZ d# d$dZy )% SSLContextzUA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. ) _protocol_ctx_callback_data_check_hostnamec||_tj|j|_t |_d|_d|j _|jjt|j y)NT)callbackdata) ryrCContextrzrnr{r|rqset_ocsp_client_callbackr)r5protocols r$r4zSSLContext.__init__s\!LL0 +o# 37/ **NI\I\*]r+c|jS)zhThe protocol version chosen when constructing the context. This attribute is read-only. )ryrss r$rzSSLContext.protocols ~~r+cDt|jjS)zWhether to try to verify other peers' certificates and how to behave if verification fails. This attribute must be one of ssl.CERT_NONE, ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED. )_REVERSE_VERIFY_MAPrzget_verify_moderss r$__get_verify_modezSSLContext.__get_verify_modes #499#<#<#>??r+cj dd}|jjt||y)zSetter for verify_mode.ct|Sr/)rd)_connobj_x509obj_errnum _errdepthretcodes r$_cbz)SSLContext.__set_verify_mode.._cbs= r+N) rz_SSL.Connectionrz _crypto.X509rrhrrhrrhrerd)rz set_verify _VERIFY_MAP)r5valuers r$__set_verify_modezSSLContext.__set_verify_modesZ !% !" ! !  !   !   ! [/5r+c|jSr/)r|rss r$__get_check_hostnamezSSLContext.__get_check_hostnames###r+c*td|||_y)Ncheck_hostname)rr|r5rs r$__set_check_hostnamezSSLContext.__set_check_hostnames)51$r+c.|jjSr/)r{rqrss r$__get_check_ocsp_endpointz$SSLContext.__get_check_ocsp_endpoints""666r+c>td|||j_y)N check_ocsp)rr{rqrs r$__set_check_ocsp_endpointz$SSLContext.__set_check_ocsp_endpointsu-27/r+c8|jjdSrU)rz set_optionsrss r$ __get_optionszSSLContext.__get_options syy$$Q''r+cL|jjt|yr/)rzrrhrs r$ __set_optionszSSLContext.__set_optionss c%j)r+Ncr!dfd }|jj||jj||jj|xs||jj y)aLoad a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key. Otherwise the private key will be taken from certfile as well. c.JjdS)Nzutf-8)encode) _max_length _prompt_twice _user_datapasswords r$_pwcbz)SSLContext.load_cert_chain.._pwcb*s  +++w//r+N)rrhrrdrrgrerg)rz set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r5certfilekeyfilerrs ` r$load_cert_chainzSSLContext.load_cert_chainsZ  0 II # #E * ,,X6 %%g&9: ""$r+c|jj||ttjds|Jt ||j _yy)zLoad a set of "certification authority"(CA) certificates used to validate other peers' certificates when `~verify_mode` is other than ssl.CERT_NONE. get_verified_chainN)rzload_verify_locationshasattrrC Connectionrr{rp)r5cafilecapaths r$rz SSLContext.load_verify_locations6sK ''7t(<=% %%3I&3QD   0>r+cltr$|jtjyt d)z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN) _HAVE_CERTIFIrcertifiwhere_ConfigurationErrorrss r$ _load_certifizSSLContext._load_certifiCs+   & &w}} 7%' r+cH|jj}tjjj }tj |D]L\}}}|dk(s |dus||vs|jtjjt|Ny)z2Attempt to load CA certs from Windows trust store.x509_asnTN) rzget_cert_store _stdlibsslPurpose SERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptography_load_der_x509_certificate)r5store cert_storercertencodingtrusts r$_load_wincertszSSLContext._load_wincertsOsYY--/   ,,00%/%A%A%%H !D(E:%D=C5L'' 667QRV7WX&Ir+ctjdk(r dD]}|j|n#tjdk(r|j |j j y#t$r|j Y6wxYw)z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformrPermissionErrorrrzset_default_verify_paths)r5 storenames r$load_default_certszSSLContext.load_default_certsZst ==G # %!/I'' 2"0 ]]h &     **, # %""$ %sA,,BBc8|jjy)zmSpecify that the platform provided CA certificates are to be used for verification purposes. N)rzrrss r$rz#SSLContext.set_default_verify_pathsjs **,r+cBt|j||}|r|j||dur|jnj|r+t |s |j |j d|jtjk7r|j|j|rG|j|jr+|) t |rt|||St|| |S|S#t t"f$r}t%t'|dd}~wwxYw)zZWrap an existing Python socket connection and return a TLS socket object. TidnaN)r-rz set_sessionset_accept_stater%set_tlsext_host_namer verify_moder CERT_NONE request_ocspset_connect_staterNr_verify_ip_address_verify_hostname_SICertificateError_SIVerificationErrorrstr) r5r7 server_sidedo_handshake_on_connectr2server_hostnamesessionssl_connr)s r$ wrap_socketzSSLContext.wrap_socketrsDIIt-AB    ) $   % % '~o'F--o.D.DV.LM:#7#77%%'  & & ( #  ! ! #""'B@%o6*8_E )?Cx,-AB@+CH54?@s C5$ C55DDD)rrh)rerh)rer)rrrerf)rerd)rrrerf)rezOptional[bool])rrdrerfrt)rrhrerf)NN)rzUnion[str, bytes]rzUnion[str, bytes, None]r Optional[str]rerf)rrrrrerf)rrrerf)FTTNN)r7z_socket.socketrrdrrdr2rdrrrzOptional[_SSL.Session]rer-)rirjrkru __slots__r4propertyr_SSLContext__get_verify_mode_SSLContext__set_verify_moder_SSLContext__get_check_hostname_SSLContext__set_check_hostnamer$_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointrq_SSLContext__get_options_SSLContext__set_optionsoptionsrrrrrrrrvr+r$rxrxsZKI ^ @6*,.?@K$%24HIN78##<>WX( * }m4G ,0"& %#%)% %  %>EI R# R4A R  R  - -"(,%))-*.,,,"& , # , ' ,(, ,r+rx)r#rrerd)r) BaseExceptionrerd)]ru __future__rsocketr?sslrsysrtimer;errnorr\ ipaddressrr typingrrrr r r cryptography.x509r rOpenSSLr rCrrservice_identityrrrrservice_identity.pyopensslrrrrpymongo.errorsrrrpymongo.ocsp_cacherpymongo.ocsp_supportrrpymongo.socket_checkerrr0rpymongo.write_concernrrrrrr ImportError SSLv23_METHODPROTOCOL_SSLv23 OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONgetattrrHAS_SNI IS_PYOPENSSLErrorrAr VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrr%rDrEWantX509LookupErrorr=r*rr-rnrx)keyrs00r$r#s#!/IIU%DFJND,)GB82- T]M$$  **d$91=   ::$**d..d..1Q1QQ 5@4E4E4GH4Gjc5ucz4GH (($*=*=t?W?WX.JtJZ00^^SM2Is"F< G <GG