FCf@dZddlmZddlZddlZddlZddl Z ddl m Z ddlmZddlmZmZmZmZmZmZddlmZddlmZdd lmZdd lm Z!dd lm"Z"dd l#m$Z$dd l%m&Z&m'Z'ddl(m)Z*ddl(m+Z+ddl,m-Z-edZ.edZ/edZ0er ddlm1Z1ddl2m3Z3edZ4 ddl5Z5dZ6ejpZ9ejtZ:ejvZ;ejxZ<e=eddZ>dZ?dZ@ejZBejejejejejejejziZIeIjDcic]\}}|| c}}ZKd"dZLejejejfZPd#dZQGddejZSGddZTGd d!ZUy#e7$rdZ6YwxYwcc}}w)$zMA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. ) annotationsN)EINTR) ip_address) TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)SSL)crypto) lazy_import)ConfigurationError)_CertificateError) _OCSPCache)_load_trusted_ca_certs_ocsp_callback) SocketChecker)_errno_from_exception)validate_booleanzcryptography.x509service_identityzservice_identity.pyopenssl) VerifyMode) Certificate_TTFOP_NO_RENEGOTIATIONcF t|y#ttf$rYywxYw)NTF) _ip_address ValueError UnicodeError)addresss Y/var/www/highfloat_scraper/venv/lib/python3.12/site-packages/pymongo/pyopenssl_context.py_is_ip_addressr"Us)G  %s   c |jdk(S)z|r0tjz |kDrt j ddtddt|tjrd}d}n#t|tjrd}d}nd}d}|jj|||||r0tjz |kDrt j ddYd}~d}~wwxYw)NTr$z timed outz!Underlying socket has been closedF) gettimeout_time monotonicBLOCKING_IO_ERRORSfileno_sockettimeoutSSLError isinstance_SSL WantReadErrorWantWriteErrorr.select) r2callr%kwargsr=startr& want_read want_writes r!_callz_sslConn._callrs //# OO%E T,V,,% ;;=B&5??#4u#d|_d|_t|_yr,)trusted_ca_certscheck_ocsp_endpointrocsp_response_cacher2s r!r1z_CallbackData.__init__s=A37 #-< r(Nrbrc)rfrgrh__doc__r1r(r!rkrks :0r(rkc6eZdZdZdZddZeddZddZddZ eee Z ddZ ddZ ee e Z dd Zdd ZeeeZdd Zdd ZeeeZ d d dZ d d!dZddZd"dZddZddZ d# d$dZy )% SSLContextzUA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. ) _protocol_ctx_callback_data_check_hostnamec||_tj|j|_t |_d|_d|j _|jjt|j y)NT)callbackdata) rvr@Contextrwrkrxryrnset_ocsp_client_callbackr)r2protocols r!r1zSSLContext.__init__s\!LL0 +o# 37/ **NI\I\*]r(c|jS)zhThe protocol version chosen when constructing the context. This attribute is read-only. )rvrps r!rzSSLContext.protocols ~~r(cDt|jjS)zWhether to try to verify other peers' certificates and how to behave if verification fails. This attribute must be one of ssl.CERT_NONE, ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED. )_REVERSE_VERIFY_MAPrwget_verify_moderps r!__get_verify_modezSSLContext.__get_verify_modes #499#<#<#>??r(cj dd}|jjt||y)zSetter for verify_mode.ct|Sr,)ra)_connobj_x509obj_errnum _errdepthretcodes r!_cbz)SSLContext.__set_verify_mode.._cbs= r(N) rz_SSL.Connectionrz _crypto.X509rrerrerrerbra)rw set_verify _VERIFY_MAP)r2valuers r!__set_verify_modezSSLContext.__set_verify_modesZ !% !" ! !  !   !   ! [/5r(c|jSr,)ryrps r!__get_check_hostnamezSSLContext.__get_check_hostnames###r(c*td|||_y)Ncheck_hostname)rryr2rs r!__set_check_hostnamezSSLContext.__set_check_hostnames)51$r(c.|jjSr,)rxrnrps r!__get_check_ocsp_endpointz$SSLContext.__get_check_ocsp_endpoints""666r(c>td|||j_y)N check_ocsp)rrxrnrs r!__set_check_ocsp_endpointz$SSLContext.__set_check_ocsp_endpointsu-27/r(c8|jjdSrR)rw set_optionsrps r! __get_optionszSSLContext.__get_options syy$$Q''r(cL|jjt|yr,)rwrrers r! __set_optionszSSLContext.__set_optionss c%j)r(Ncr!dfd }|jj||jj||jj|xs||jj y)aLoad a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key. Otherwise the private key will be taken from certfile as well. c.JjdS)Nzutf-8)encode) _max_length _prompt_twice _user_datapasswords r!_pwcbz)SSLContext.load_cert_chain.._pwcb*s  +++w//r(N)rrerrarrdrbrd)rw set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r2certfilekeyfilerrs ` r!load_cert_chainzSSLContext.load_cert_chainsZ  0 II # #E * ,,X6 %%g&9: ""$r(c|jj||ttjds|Jt ||j _yy)zLoad a set of "certification authority"(CA) certificates used to validate other peers' certificates when `~verify_mode` is other than ssl.CERT_NONE. get_verified_chainN)rwload_verify_locationshasattrr@ Connectionrrxrm)r2cafilecapaths r!rz SSLContext.load_verify_locations6sK ''7t(<=% %%3I&3QD   0>r(cltr$|jtjyt d)z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN) _HAVE_CERTIFIrcertifiwhere_ConfigurationErrorrps r! _load_certifizSSLContext._load_certifiCs+   & &w}} 7%' r(c\|jj}tjjj }tj |D]V\}}}|dk(s |dus||vs|jtjjtj|Xy)z2Attempt to load CA certs from Windows trust store.x509_asnTN) rwget_cert_store _stdlibsslPurpose SERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptography_x509load_der_x509_certificate)r2store cert_storercertencodingtrusts r!_load_wincertszSSLContext._load_wincertsOsYY--/   ,,00%/%A%A%%H  !D(E:%D=C5L'' 66u7V7VW[7\] r(ctjdk(r dD]}|j|n#tjdk(r|j |j j y#t$r|j Y6wxYw)z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformrPermissionErrorrrwset_default_verify_paths)r2 storenames r!load_default_certszSSLContext.load_default_certsZsy ==G # %!/3I'' 23 ]]h &     **, # %""$ %sA,,BBc8|jjy)zmSpecify that the platform provided CA certificates are to be used for verification purposes. N)rwrrps r!rz#SSLContext.set_default_verify_pathsjs **,r(ct|j||}|r|j||dur|jnj|r+t |s |j |j d|jtjk7r|j|j|r[|j|jr?|= t |rtj|||Stj!|| |S|S#t"j$t"j&f$r}t)t+|dd}~wwxYw)zZWrap an existing Python socket connection and return a TLS socket object. TidnaN)r*rw set_sessionset_accept_stater"set_tlsext_host_namer verify_moder CERT_NONE request_ocspset_connect_staterKr_service_identity_pyopensslverify_ip_addressverify_hostname_service_identitySICertificateErrorSIVerificationErrorrstr) r2r4 server_sidedo_handshake_on_connectr/server_hostnamesessionssl_connr&s r! wrap_socketzSSLContext.wrap_socketrs0DIIt-AB    ) $   % % '~o'F--o.D.DV.LM:#7#77%%'  & & ( #  ! ! #""'B @%o63EEhP_` 4CCHo^ x &88%99@,CH54? @s !D .D #E,EE)rre)rbre)rbr)rrrbrc)rbra)rrrbrc)rbzOptional[bool])rrarbrcrq)rrerbrc)NN)rzUnion[str, bytes]rzUnion[str, bytes, None]r Optional[str]rbrc)rrrrrbrc)rrrbrc)FTTNN)r4z_socket.socketrrarrar/rarrrzOptional[_SSL.Session]rbr*)rfrgrhrr __slots__r1propertyr_SSLContext__get_verify_mode_SSLContext__set_verify_moder_SSLContext__get_check_hostname_SSLContext__set_check_hostnamer$_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointrn_SSLContext__get_options_SSLContext__set_optionsoptionsrrrrrrrrsr(r!rurusZKI ^ @6*,.?@K$%24HIN78##<>WX( * }m4G ,0"& %#%)% %  %>EI R# R4A R  R  - -"(,%))-*.///"& / # / ' /(/ /r(ru)r rrbra)r& BaseExceptionrbra)Vrr __future__rsocketr<sslrsysrtimer8errnorrY ipaddressrrtypingrrrr r r OpenSSLr r@r rpymongo._lazy_importrpymongo.errorsrrrpymongo.ocsp_cacherpymongo.ocsp_supportrrpymongo.socket_checkerrr-rpymongo.write_concernrrrrrcryptography.x509rrrr ImportError SSLv23_METHODPROTOCOL_SSLv23 OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONgetattrrHAS_SNI IS_PYOPENSSLErrorr>r VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrr"rArBWantX509LookupErrorr:r'rr*rkru)keyrs00r!r"s#!/II%,D,)GB82'( 23)*FG- T]M$$  **d$91=   ::$**d..d..1Q1QQ 5@4E4E4GHjc5uczH (($*=*=t?W?WX.JtJZ00aaSM2Is"F< G <GG