lh|FdZddlmZddlZddlZddlmZddlm Z ddl m Z m Z m Z mZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZ dd l!m"Z#ddl$m%Z&ddl'm(Z)ddl*m+Z,ddl*m-Z.ddl/m0Z1ddl/m2Z3ddl4m5Z6ddl4m7Z8ddl4m9Z:ddl4m;Z<ddl4m=Z>ddl4m?Z@ddlAmBZCddlAmDZEddlAmFZGddlAmHZIddlJmKZLddlJmMZNdd lOmPZQdd!lRmSZTdd"lUmVZVdd#lWmXZXmYZYe rdd$lZm[Z[m\Z\m]Z]m^Z^m_Z_m`Z`maZadd%lbmcZcdd&l*mdZddd'l4meZemfZfdd(lgmhZhmiZidd)lAmjZjmkZkdd*llmmZmdd+lWmnZndd,lompZpee[j.e_jDe\j8e^je]jeajPe`jJfZsejeuZvejd-ejZyd:d.Zz d;d/Z{ dd2Z~ d?d3Z d@d4ZdAd5ZdBd6ZdAd7Z dCd8ZdDd9Zy)Ez4Support for requesting and verifying OCSP responses.) annotationsN)datetime)timezone) TYPE_CHECKINGIterableOptionalTypeUnion)InvalidSignature)default_backend) DSAPublicKey)ECDSA)EllipticCurvePublicKey)PKCS1v15) RSAPublicKey) X448PublicKey)X25519PublicKey)SHA1)Hash)Encoding) PublicFormat)AuthorityInformationAccess)ExtendedKeyUsage)ExtensionNotFound) TLSFeature)TLSFeatureType)load_pem_x509_certificate)OCSPCertStatus)OCSPRequestBuilder)OCSPResponseStatus)load_der_ocsp_response)AuthorityInformationAccessOID)ExtendedKeyUsageOID)post)RequestException)_csot) _next_update _this_update)dsaeced448ed25519rsax448x25519) Prehashed) HashAlgorithm) CertificateName) ExtensionExtensionTypeVar) OCSPRequest OCSPResponse) Connection) _OCSPCache) _CallbackDatas9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+ct|d5}|j}dddg}t}tjt D]}|j t|||S#1swYQxYw)z0Parse the tlsCAFile into a list of certificates.rbN)openread_default_backend_refindall _CERT_REGEXappend_load_pem_x509_certificate)cafilefdatatrusted_ca_certsbackend cert_datas z/var/www/html/SchoolMeal/SchoolMeal/pds_admin_SchoolMeal/Backend/venv/lib/python3.12/site-packages/pymongo/ocsp_support.py_load_trusted_ca_certsrLisv fd qvvx G[[d3P  :9g NOP s A..A7c|j}|D]}|j|k(s|cS|r|D]}|j|k(s|cSyN)issuersubject)certchainrH issuer_name candidates rK_get_issuer_certrUvs]++K    + ) !I  K/   ! ct t|tr|j||t|yt|tr|j|||yt|t r|j||t |yt|ttfry|j|| y#t$rYywxYw)Nr) isinstance _RSAPublicKeyverify _PKCS1v15 _DSAPublicKey_EllipticCurvePublicKey_ECDSA_X25519PublicKey_X448PublicKey_InvalidSignature)key signature algorithmrGs rK_verify_signaturerfs c= ) JJy$ Y ? ] + JJy$ 2 4 5 JJy$y(9 :  "N3  JJy$ '  s(,B+#B+,B+B+B++ B76B7cX |jj|S#t$rYywxYwrN) extensionsget_extension_for_class_ExtensionNotFound)rQklasss rK_get_extensionrls.66u== s  ))c|j}t|tr/|jtj t j}nmt|tr/|jtjt j}n.|jtj t j}ttt}|j||j!S)N)rI) public_keyrYrZ public_bytes _EncodingDER _PublicFormatPKCS1r^X962UncompressedPointSubjectPublicKeyInfo_Hash_SHA1r?updatefinalize)rQrnpbytesdigests rK_public_key_hashr}s"J *m,(( 8K8KL J 7 8((9X9XY(( 8Z8Z[ 57$4$6 7F MM& ?? rVcz|Dcgc]+}t||k(r|j|jk(r|-c}Scc}wrN)r}rOrP) certificatesrOresponder_key_hashrQs rK_get_certs_by_key_hashrsA !   D !%7 7DKK6>> )dkkV^^.K   s19c|j}|j}|j}|||jk(s||k(rtj d|}n#tj d|j }|j#t|||}tj dn"t|||}tj d|stj dy|d}t|t}|rtj|jvrtj dyt|j|j |j"|j$stj dyt|j|j |j"|j&} | stj d | S) NzResponder is issuerzResponder is a delegatezUsing responder namezUsing key hashz%No matching or valid responder certs.rz(Delegate not authorized for OCSP signingz&Delegate signature verification failedz&Response signature verification failed)rrissuer_key_hashrP_LOGGERdebugrrrrl_ExtendedKeyUsage_ExtendedKeyUsageOID OCSP_SIGNINGvaluerfrnrdsignature_hash_algorithmtbs_certificate_bytestbs_response_bytes) rOresponsename rkey_hash ikey_hashresponder_certcertsresponder_certsextrets rK_verify_response_signaturers  " "D++I((I DFNN2i96L +, /0%%  " " .0EO MM0 14UFINO MM* + MMA B)+^->?*77syyH MMD E      $ $  3 3  0 0  MMB C !!#))##  C  >? JrVclt}|j||t}|jSrN)_OCSPRequestBuilderadd_certificaterxbuild)rQrObuilders rK_build_ocsp_requestrs,!#G%%dFEG MM+ , ,- C MM+s +)$=PQH MM0(2M2M N**o.B.BB**o.E.EE   AB MM12 ~ '(&z2H MM,h.F.FG#6#A#AA FH -=E+D&9: MM((*E*EF""o&=&== ] 7: s N":N)rEstrreturnlist[Certificate])rQr2rRIterable[Certificate]rHzOptional[list[Certificate]]rzOptional[Certificate]) rcCertificateIssuerPublicKeyTypesrdbytesrez%Union[Prehashed, HashAlgorithm, None]rGrrint)rQr2rkzType[ExtensionTypeVar]rz%Optional[Extension[ExtensionTypeVar]])rQr2rr)rrrOr2rzOptional[bytes]rr)rrrOr2rzOptional[Name]rr)rOr2rr7rr)rQr2rOr2rr6) rQr2rOr2rzUnion[str, bytes]rr9rzOptional[OCSPResponse])rr8rrrzOptional[_CallbackData]rbool)__doc__ __future__rlogging_loggingrer@rrrtypingrrrr r cryptography.exceptionsr rbcryptography.hazmat.backendsr r?-cryptography.hazmat.primitives.asymmetric.dsar r],cryptography.hazmat.primitives.asymmetric.ecrr_rr^1cryptography.hazmat.primitives.asymmetric.paddingrr\-cryptography.hazmat.primitives.asymmetric.rsarrZ.cryptography.hazmat.primitives.asymmetric.x448rra0cryptography.hazmat.primitives.asymmetric.x25519rr`%cryptography.hazmat.primitives.hashesrrxrrw,cryptography.hazmat.primitives.serializationrrprrrcryptography.x509rrrrrrjrrrrrrDcryptography.x509.ocsprrrrr rr!rcryptography.x509.oidr"rr#rrequestsr$rrequests.exceptionsr%rpymongor&pymongo.ocsp_cacher'r()cryptography.hazmat.primitives.asymmetricr)r*r+r,r-r.r//cryptography.hazmat.primitives.asymmetric.utilsr0r1r2r3cryptography.x509.extensionsr4r5r6r7 OpenSSL.SSLr8r9pymongo.pyopenssl_contextr:Ed25519PublicKeyEd448PublicKeyr getLogger__name__rcompileDOTALLrBrLrUrfrlr}rrrrrrrrVrKrs=;"*AAILWHTW@?NVWCE7?UDLLTN"E9JC3H@&-7&+   !!      '# (  X &ckkDcjj  3Gb& (  5      4 4*"'1<Ra'1<N\3l 4* ***1B*Yc**ZarV