nh3BdZddlmZddlZddlZddlZddl Z ddl m Z ddlmZddlmZmZmZmZmZmZddlmZddlZddlmZddlmZdd l m!Z"dd l m#Z#dd l$m%Z%dd l&m'Z'm(Z(dd l)m*Z+ddl)m,Z,ddl-m.Z.erddlm/Z/edZ0 ddl1Z1dZ2ejhZ5ejlZ6ejnZ7ejpZ8e9eddZ:dZ;dZej~ejejejejejejziZEeEjDcic]\}}|| c}}ZGddZHejejejfZLejZMejZNejZOddZPGddejZRGddZSGddZTy#e3$rdZ2YBwxYwcc}}w)zA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. Due to limitations of the CPython asyncio.Protocol implementation for SSL, the async API does not support PyOpenSSL. ) annotationsN)EINTR) ip_address) TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)SSL)crypto)ConfigurationError)_CertificateError) _OCSPCache)_load_trusted_ca_certs_ocsp_callback) SocketChecker)_errno_from_exception)validate_boolean) VerifyMode_TTFOP_NO_RENEGOTIATIONcF t|y#ttf$rYywxYw)NTF) _ip_address ValueError UnicodeError)addresss /var/www/html/SchoolMeal/SchoolMeal/pds_admin_SchoolMeal/Backend/venv/lib/python3.12/site-packages/pymongo/pyopenssl_context.py_is_ip_addressrSs)G  %s   c |jdk(S)z|r0tjz |kDrt j ddtddt|tjrd}d}n#t|tjrd}d}nd}d}|jj|||||r0tjz |kDrt j ddYd}~d}~wwxYw)NTrr!z timed outz!Underlying socket has been closedF) gettimeout_time monotonicBLOCKING_IO_ERRORSfileno_sockettimeoutSSLError isinstance_SSL WantReadErrorWantWriteErrorr+select) r/callr"kwargsr:startr# want_read want_writes r_callz_sslConn._callvs//# OO%E T,V,,% a<I;;=B&5??#4u#d|_d|_t|_yr))trusted_ca_certscheck_ocsp_endpointrocsp_response_cacher/s rr.z_CallbackData.__init__sBF37 #-< r%Nr_r`)rcrdre__doc__r.r%rrhrhs :0r%rhc6eZdZdZdZddZeddZddZddZ eee Z ddZ ddZ ee e Z dd Zdd ZeeeZdd Zdd ZeeeZ d ddZ d d dZd!dZd"dZd!dZd!dZ d# d$dZy )% SSLContextzUA CPython compatible SSLContext implementation wrapping PyOpenSSL's context. ) _protocol_ctx_callback_data_check_hostnamec||_tj|j|_t |_d|_d|j _|jjt|j y)NT)callbackdata) rsr=Contextrtrhrurvrkset_ocsp_client_callbackr)r/protocols rr.zSSLContext.__init__s\!LL0 +o# 37/ **NI\I\*]r%c|jS)zhThe protocol version chosen when constructing the context. This attribute is read-only. )rsrms rr|zSSLContext.protocols ~~r%cDt|jjS)zWhether to try to verify other peers' certificates and how to behave if verification fails. This attribute must be one of ssl.CERT_NONE, ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED. )_REVERSE_VERIFY_MAPrtget_verify_moderms r__get_verify_modezSSLContext.__get_verify_modes #499#<#<#>??r%cj dd}|jjt||y)zSetter for verify_mode.ct|Sr))r^)_connobj_x509obj_errnum _errdepthretcodes r_cbz)SSLContext.__set_verify_mode.._cbs= r%N) rz_SSL.Connectionrz _crypto.X509rrbrrbrrbr_r^)rt set_verify _VERIFY_MAP)r/valuers r__set_verify_modezSSLContext.__set_verify_modesZ !% !" ! !  !   !   ! [/5r%c|jSr))rvrms r__get_check_hostnamezSSLContext.__get_check_hostnames###r%c*td|||_y)Ncheck_hostname)rrvr/rs r__set_check_hostnamezSSLContext.__set_check_hostnames)51$r%c.|jjSr))rurkrms r__get_check_ocsp_endpointz$SSLContext.__get_check_ocsp_endpoints""666r%c>td|||j_y)N check_ocsp)rrurkrs r__set_check_ocsp_endpointz$SSLContext.__set_check_ocsp_endpoint su-27/r%c8|jjdSrO)rt set_optionsrms r __get_optionszSSLContext.__get_optionssyy$$Q''r%cL|jjt|yr))rtrrbrs r __set_optionszSSLContext.__set_optionss c%j)r%Ncr!dfd }|jj||jj||jj|xs||jj y)aLoad a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate's authenticity. The keyfile string, if present, must point to a file containing the private key. Otherwise the private key will be taken from certfile as well. c.JjdS)Nzutf-8)encode) _max_length _prompt_twice _user_datapasswords r_pwcbz)SSLContext.load_cert_chain.._pwcb1s  +++w//r%N)rrbrr^rzOptional[bytes]r_ra)rt set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r/certfilekeyfilerrs ` rload_cert_chainzSSLContext.load_cert_chainsZ  0 II # #E * ,,X6 %%g&9: ""$r%c|jj||ttjds|Jt ||j _yy)zLoad a set of "certification authority"(CA) certificates used to validate other peers' certificates when `~verify_mode` is other than ssl.CERT_NONE. get_verified_chainN)rtload_verify_locationshasattrr= Connectionrrurj)r/cafilecapaths rrz SSLContext.load_verify_locations=sK ''7t(<=% %%3I&3QD   0>r%cltr$|jtjyt d)z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN) _HAVE_CERTIFIrcertifiwhere_ConfigurationErrorrms r _load_certifizSSLContext._load_certifiJs+   & &w}} 7%' r%cd|jj}|Jtjjj }tj |D]V\}}}|dk(s |dus||vs|jtjjtj|Xy)z2Attempt to load CA certs from Windows trust store.Nx509_asnT) rtget_cert_store _stdlibsslPurpose SERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptographyx509load_der_x509_certificate)r/store cert_storercertencodingtrusts r_load_wincertszSSLContext._load_wincertsVsYY--/ %%%  ,,00%/%A%A%%H  !D(E:%D=C5L'' 66t7U7UVZ7[\ r%ctjdk(r dD]}|j|n#tjdk(r|j |j j y#t$r|j Y6wxYw)z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformrPermissionErrorrrtset_default_verify_paths)r/ storenames rload_default_certszSSLContext.load_default_certscsy ==G # %!/3I'' 23 ]]h &     **, # %""$ %sA,,BBc8|jjy)zmSpecify that the platform provided CA certificates are to be used for verification purposes. N)rtrrms rrz#SSLContext.set_default_verify_pathsss **,r%ct|j||}|r|j||dur|jnj|r+t |s |j |j d|jtjk7r|j|j|rY|j|jr=|;ddlm} t |r|j!|||S|j#|| |S|S#tj$tj&f$r} t)t+| dd} ~ wwxYw)zZWrap an existing Python socket connection and return a TLS socket object. TidnaNr) pyopenssl)r'rt set_sessionset_accept_staterset_tlsext_host_namer verify_moder CERT_NONE request_ocspset_connect_staterHrservice_identityrverify_ip_addressverify_hostnameSICertificateErrorSIVerificationErrorrstr) r/r1 server_sidedo_handshake_on_connectr,server_hostnamesessionssl_connrr#s r wrap_socketzSSLContext.wrap_socket{s2DIIt-AB    ) $   % % '~o'F--o.D.DV.LM:#7#77%%'  & & ( #  ! ! #""'B6 @%o6!33HoN "11(OL x %77$88@,CH54? @sD0D#E*D??E)r|rb)r_rb)r_r)rrr_r`)r_r^)rrr_r`)r_zOptional[bool])rr^r_r`)rrbr_r`)NN)rzUnion[str, bytes]rzUnion[str, bytes, None]r Optional[str]r_r`)rrrrr_r`rn)rrr_r`)FTTNN)r1z_socket.socketrr^rr^r,r^rrrzOptional[_SSL.Session]r_r')rcrdrero __slots__r.propertyr|_SSLContext__get_verify_mode_SSLContext__set_verify_moder_SSLContext__get_check_hostname_SSLContext__set_check_hostnamer$_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointrk_SSLContext__get_options_SSLContext__set_optionsoptionsrrrrrrrrpr%rrrrrsZKI ^ @6*,.?@K$%24HIN78##<>WX( * }m4G ,0"& %#%)% %  %>EI R# R4A R  R  - -"(,%))-*.111"& 1 # 1 ' 1(1 1r%rr)rrr_r^)r# BaseExceptionr_r^)Uro __future__rsocketr9sslrsysrtimer5errnorrV ipaddressrrtypingrrrr r r cryptography.x509rrOpenSSLr r=r rpymongo.errorsrrrpymongo.ocsp_cacherpymongo.ocsp_supportrrpymongo.socket_checkerrr*rpymongo.write_concernrrrrr ImportError SSLv23_METHODPROTOCOL_SSLv23 OP_NO_SSLv2 OP_NO_SSLv3OP_NO_COMPRESSIONgetattrrHAS_SNI IS_PYOPENSSLErrorr;r VERIFY_NONE CERT_OPTIONAL VERIFY_PEER CERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTritemsrrr>r?WantX509LookupErrorr7BLOCKING_IO_READ_ERRORBLOCKING_IO_WRITE_ERRORBLOCKING_IO_LOOKUP_ERRORr$rr'rhrr)keyrs00rr!s #!/II %D,)GB82 T]M$$  **d$91=   ::$**d..d..1Q1QQ 5@4E4E4GHjc5uczH (($*=*=t?W?WX++--33.PtPf00eeeM2IsG< GGG