
    i)iB                       d Z ddlmZ ddlZddlZddlZddl	Z
ddlmZ ddlmZ ddlmZmZmZmZmZmZ ddlmZ ddlZddlmZ ddlmZ dd	l m!Z" dd
l m#Z# ddl$m%Z% ddl&m'Z'm(Z( ddl)m*Z+ ddl)m,Z, ddl-m.Z. erddlm/Z/  ed          Z0	 ddl1Z1dZ2n# e3$ r dZ2Y nw xY wej4        Z5ej6        Z6ej7        Z7ej8        Z8 e9edd          Z:dZ;dZ<ej=        Z>ej?        ej@        ejA        ejB        ejC        ejB        ejD        z  iZEd eEF                                D             ZGd$dZHejI        ejJ        ejK        fZLejI        ZMejJ        ZNejK        ZOd%dZP G d dejQ                  ZR G d  d!          ZS G d" d#          ZTdS )&zA CPython compatible SSLContext implementation wrapping PyOpenSSL's
context.

Due to limitations of the CPython asyncio.Protocol implementation for SSL, the async API does not support PyOpenSSL.
    )annotationsN)EINTR)
ip_address)TYPE_CHECKINGAnyCallableOptionalTypeVarUnion)SSL)crypto)ConfigurationError)_CertificateError)
_OCSPCache)_load_trusted_ca_certs_ocsp_callback)SocketChecker)_errno_from_exception)validate_boolean)
VerifyMode_TTFOP_NO_RENEGOTIATIONc                    i | ]\  }}||	S  r   ).0keyvalues      k/Users/user/workspace/sujinbaek/cqa-test-app/venv/lib/python3.11/site-packages/pymongo/pyopenssl_context.py
<dictcomp>r   N   s    HHHjc5ucHHH    addressr   returnboolc                V    	 t          |            dS # t          t          f$ r Y dS w xY w)NTF)_ip_address
ValueErrorUnicodeError)r!   s    r   _is_ip_addressr(   S   sA    Gt%   uus    ((excBaseExceptionc                    | j         dk    S )z<Return True if the OpenSSL.SSL.SysCallError is a ragged EOF.)zUnexpected EOF)args)r)   s    r   _ragged_eofr.   c   s    8---r    c                  Z     e Zd Zd fdZddZd fdZd fdZd fdZdd  fdZ xZ	S )!_sslConnctx_SSL.ContextsockOptional[_socket.socket]suppress_ragged_eofsr#   c                    t                      | _        || _        t                                          ||           d S N)_SocketCheckersocket_checkerr5   super__init__)selfr1   r3   r5   	__class__s       r   r;   z_sslConn.__init__l   s;     -..$8!d#####r    callCallable[..., _T]r-   r   kwargsr"   r   c                z   |                                  }|rt          j                    }	 	  ||i |S # t          $ r}|dk    r||                                 dk    rA|r/t          j                    |z
  |k    rt          j        d          d t          d          d t          |t          j
                  rd}d}n#t          |t          j                  rd}d}nd}d}| j                            | |||           |r/t          j                    |z
  |k    rt          j        d          d Y d }~d }~ww xY w)NTr   r,   z	timed outz!Underlying socket has been closedF)
gettimeout_time	monotonicBLOCKING_IO_ERRORSfileno_sockettimeoutSSLError
isinstance_SSLWantReadErrorWantWriteErrorr9   select)	r<   r>   r-   r@   rH   startr)   	want_read
want_writes	            r   _callz_sslConn._callv   sn   //## 	&O%%E	tT,V,,,%   a<<I;;==B&& E5?#4#4u#<w#F#F%ok::D"#FGGTQc4#566 & $I!&JJT%899 & %I!%JJ $I!%J#**4JPPP Au00587BB!/+66D@+s   4 
D:C1D55D:Nonec                H     | j         t                      j        g|R i |S r7   )rR   r:   do_handshake)r<   r-   r@   r=   s      r   rU   z_sslConn.do_handshake   s,    tz%''.@@@@@@@r    bytesc                    	  | j         t                      j        g|R i |S # t          j        $ r"}| j        rt          |          rY d }~dS  d }~ww xY w)Nr    )rR   r:   recvrK   SysCallErrorr5   r.   r<   r-   r@   r)   r=   s       r   rX   z_sslConn.recv   s|    	4:eggl<T<<<V<<<  	 	 	( [-=-= sssss		   !% AAAAintc                    	  | j         t                      j        g|R i |S # t          j        $ r"}| j        rt          |          rY d }~dS  d }~ww xY wNr   )rR   r:   	recv_intorK   rY   r5   r.   rZ   s       r   r_   z_sslConn.recv_into   s}    	4:egg/A$AAA&AAA  	 	 	( [-=-= qqqqq		r[   r   bufflagsc                \   t          |          }t          |          }d}||k     r	 |                     t                      j        ||d          |          }n0# t
          $ r#}t          |          t          k    rY d }~_ d }~ww xY w|dk    rt          d          ||z  }||k     d S d S )Nr   zconnection closed)
memoryviewlenrR   r:   sendOSErrorr   _EINTR)	r<   r`   ra   viewtotal_length
total_sentsentr)   r=   s	           r   sendallz_sslConn.sendall   s    #3xx
<''zz%'',Z[[0A5II    (--77HHHH qyy1222$J <''''''s   0A 
B$BBB)r1   r2   r3   r4   r5   r#   )r>   r?   r-   r   r@   r   r"   r   )r-   r   r@   r   r"   rS   )r-   r   r@   r   r"   rV   )r-   r   r@   r   r"   r\   )r   )r`   rV   ra   r\   r"   rS   )
__name__
__module____qualname__r;   rR   rU   rX   r_   rl   __classcell__)r=   s   @r   r0   r0   k   s        $ $ $ $ $ $   <A A A A A A                    r    r0   c                      e Zd ZdZddZdS )_CallbackDataz0Data class which is passed to the OCSP callback.r"   rS   c                H    d | _         d | _        t                      | _        d S r7   )trusted_ca_certscheck_ocsp_endpointr   ocsp_response_cacher<   s    r   r;   z_CallbackData.__init__   s$    BF37 #-<<   r    Nr"   rS   )rm   rn   ro   __doc__r;   r   r    r   rr   rr      s.        ::0 0 0 0 0 0r    rr   c                  $   e Zd ZdZdZd3dZed4d            Zd5d	Zd6dZ	 eee	          Z
d7dZd8dZ eee          Zd9dZd:dZ eee          Zd4dZd;dZ eee          Z	 	 d<d=dZ	 d<d>d Zd?d!Zd@d$Zd?d%Zd?d&Z	 	 	 	 	 dAdBd2ZdS )C
SSLContextzUA CPython compatible SSLContext implementation wrapping PyOpenSSL's
    context.
    )	_protocol_ctx_callback_data_check_hostnameprotocolr\   c                    || _         t          j        | j                   | _        t	                      | _        d| _        d| j        _        | j                            t          | j                   d S )NT)callbackdata)
r|   rK   Contextr}   rr   r~   r   ru   set_ocsp_client_callbackr   )r<   r   s     r   r;   zSSLContext.__init__   sa    !L00	+oo#
 37/	**NI\*]]]]]r    r"   c                    | j         S )zhThe protocol version chosen when constructing the context.
        This attribute is read-only.
        )r|   rw   s    r   r   zSSLContext.protocol   s    
 ~r    r   c                J    t           | j                                                 S )zWhether to try to verify other peers' certificates and how to
        behave if verification fails. This attribute must be one of
        ssl.CERT_NONE, ssl.CERT_OPTIONAL or ssl.CERT_REQUIRED.
        )_REVERSE_VERIFY_MAPr}   get_verify_moderw   s    r   __get_verify_modezSSLContext.__get_verify_mode   s    
 #49#<#<#>#>??r    r   rS   c                Z    dd}| j                             t          |         |           dS )zSetter for verify_mode._connobj_SSL.Connection_x509obj_crypto.X509_errnumr\   	_errdepthretcoder"   r#   c                     t          |          S r7   )r#   )r   r   r   r   r   s        r   _cbz)SSLContext.__set_verify_mode.<locals>._cb   s     == r    N)r   r   r   r   r   r\   r   r\   r   r\   r"   r#   )r}   
set_verify_VERIFY_MAP)r<   r   r   s      r   __set_verify_modezSSLContext.__set_verify_mode   s;    	! 	! 	! 	!  		[/55555r    r#   c                    | j         S r7   )r   rw   s    r   __get_check_hostnamezSSLContext.__get_check_hostname   s    ##r    r   c                4    t          d|           || _        d S )Ncheck_hostname)r   r   r<   r   s     r   __set_check_hostnamezSSLContext.__set_check_hostname  s!    )5111$r    Optional[bool]c                    | j         j        S r7   )r~   ru   rw   s    r   __get_check_ocsp_endpointz$SSLContext.__get_check_ocsp_endpoint  s    "66r    c                >    t          d|           || j        _        d S )N
check_ocsp)r   r~   ru   r   s     r   __set_check_ocsp_endpointz$SSLContext.__set_check_ocsp_endpoint  s#    u---27///r    c                6    | j                             d          S r^   )r}   set_optionsrw   s    r   __get_optionszSSLContext.__get_options  s     y$$Q'''r    c                T    | j                             t          |                     d S r7   )r}   r   r\   r   s     r   __set_optionszSSLContext.__set_options  s&     		c%jj)))))r    NcertfileUnion[str, bytes]keyfileUnion[str, bytes, None]passwordOptional[str]c                    r dfd	}| j                             |           | j                             |           | j                             |p|           | j                                          d
S )a  Load a private key and the corresponding certificate. The certfile
        string must be the path to a single file in PEM format containing the
        certificate as well as any number of CA certificates needed to
        establish the certificate's authenticity. The keyfile string, if
        present, must point to a file containing the private key. Otherwise
        the private key will be taken from certfile as well.
        _max_lengthr\   _prompt_twicer#   
_user_dataOptional[bytes]r"   rV   c                6    J                      d          S )Nzutf-8)encode)r   r   r   r   s      r   _pwcbz)SSLContext.load_cert_chain.<locals>._pwcb1  s#      +++w///r    N)r   r\   r   r#   r   r   r"   rV   )r}   set_passwd_cbuse_certificate_chain_fileuse_privatekey_filecheck_privatekey)r<   r   r   r   r   s      ` r   load_cert_chainzSSLContext.load_cert_chain  s       		+0 0 0 0 0 0 I##E***	,,X666	%%g&9:::	""$$$$$r    cafilecapathc                    | j                             ||           t          t          j        d          s|J t          |          | j        _        dS dS )zLoad a set of "certification authority"(CA) certificates used to
        validate other peers' certificates when `~verify_mode` is other than
        ssl.CERT_NONE.
        get_verified_chainN)r}   load_verify_locationshasattrrK   
Connectionr   r~   rt   )r<   r   r   s      r   r   z SSLContext.load_verify_locations=  sc     		''777t(<== 	R%%%3I&3Q3QD000	R 	Rr    c                ~    t           r(|                     t          j                               dS t	          d          )z&Attempt to load CA certs from certifi.ztlsAllowInvalidCertificates is False but no system CA certificates could be loaded. Please install the certifi package, or provide a path to a CA file using the tlsCAFile optionN)_HAVE_CERTIFIr   certifiwhere_ConfigurationErrorrw   s    r   _load_certifizSSLContext._load_certifiJ  sA     	&&w}77777%'  r    storestrc                F   | j                                         }|J t          j        j        j        }t          j        |          D ]X\  }}}|dk    rL|du s||v rD|                    t          j	        
                    t          j        |                               YdS )z2Attempt to load CA certs from Windows trust store.Nx509_asnT)r}   get_cert_store
_stdlibsslPurposeSERVER_AUTHoidenum_certificatesadd_cert_cryptoX509from_cryptographyx509load_der_x509_certificate)r<   r   
cert_storer   certencodingtrusts          r   _load_wincertszSSLContext._load_wincertsV  s    Y--//
%%% ,0%/%A%%H%H 	 	!D(E:%%D==C5LL''66t7UVZ7[7[\\  	 	r    c                    t           j        dk    r@	 dD ]}|                     |           nH# t          $ r |                                  Y n(w xY wt           j        dk    r|                                  | j                                         dS )z7A PyOpenSSL version of load_default_certs from CPython.win32)CAROOTdarwinN)_sysplatformr   PermissionErrorr   r}   set_default_verify_paths)r<   	storenames     r   load_default_certszSSLContext.load_default_certsc  s    
 =G##%!/ 3 3I''	22223" % % %""$$$$$% ]h&&   	**,,,,,s   - AAc                8    | j                                          dS )zmSpecify that the platform provided CA certificates are to be used
        for verification purposes.
        N)r}   r   rw   s    r   r   z#SSLContext.set_default_verify_pathss  s     		**,,,,,r    FTr3   _socket.socketserver_sidedo_handshake_on_connectr5   server_hostnamesessionOptional[_SSL.Session]r0   c                   t          | j        ||          }|r|                    |           |du r|                                 nv|r7t	          |          s(|                    |                    d                     | j        t          j	        k    r|
                                 |                                 |r|                                 | j        r|ddlm} 	 t	          |          r|                    ||           n|                    ||           n@# t          j        t          j        f$ r"}	t)          t+          |	                    dd}	~	ww xY w|S )zZWrap an existing Python socket connection and return a TLS socket
        object.
        TidnaNr   )	pyopenssl)r0   r}   set_sessionset_accept_stater(   set_tlsext_host_namer   verify_moder   	CERT_NONErequest_ocspset_connect_staterU   r   service_identityr   verify_ip_addressverify_hostnameCertificateErrorVerificationErrorr   r   )
r<   r3   r   r   r5   r   r   ssl_connr   r)   s
             r   wrap_socketzSSLContext.wrap_socket{  s    DIt-ABB 	*  )))$%%''''  N~o'F'F N --o.D.DV.L.LMMM:#777%%'''&&((( # 	@ !!### " @'B666666	@%o66 M!33HoNNNN!11(OLLL$5$6 @ @ @ ,CHH554?	@
 s   #<D   E;EE)r   r\   )r"   r\   )r"   r   )r   r   r"   rS   )r"   r#   )r   r   r"   rS   )r"   r   )r   r#   r"   rS   )r   r\   r"   rS   )NN)r   r   r   r   r   r   r"   rS   )r   r   r   r   r"   rS   rx   )r   r   r"   rS   )FTTNN)r3   r   r   r#   r   r#   r5   r#   r   r   r   r   r"   r0   )rm   rn   ro   ry   	__slots__r;   propertyr   _SSLContext__get_verify_mode_SSLContext__set_verify_moder   _SSLContext__get_check_hostname_SSLContext__set_check_hostnamer   $_SSLContext__get_check_ocsp_endpoint$_SSLContext__set_check_ocsp_endpointru   _SSLContext__get_options_SSLContext__set_optionsoptionsr   r   r   r   r   r   r   r   r    r   r{   r{      s         KI
^ 
^ 
^ 
^    X@ @ @ @6 6 6 6* (,.?@@K$ $ $ $% % % % X24HIIN7 7 7 78 8 8 8 #(#<>WXX( ( ( (* * * * h}m44G
 ,0"&	% % % % %> EIR R R R R
 
 
 
   - - - - - - - - "(,%))-*.1 1 1 1 1 1 1r    r{   )r!   r   r"   r#   )r)   r*   r"   r#   )Ury   
__future__r   socketrG   sslr   sysr   timerC   errnor   rg   	ipaddressr   r%   typingr   r   r   r	   r
   r   cryptography.x509r   r   OpenSSLr   rK   r   r   pymongo.errorsr   r   r   pymongo.ocsp_cacher   pymongo.ocsp_supportr   r   pymongo.socket_checkerr   r8   r   pymongo.write_concernr   r   r   r   r   ImportErrorSSLv23_METHODPROTOCOL_SSLv23OP_NO_SSLv2OP_NO_SSLv3OP_NO_COMPRESSIONgetattrr   HAS_SNIIS_PYOPENSSLErrorrI   r   VERIFY_NONECERT_OPTIONALVERIFY_PEERCERT_REQUIREDVERIFY_FAIL_IF_NO_PEER_CERTr   itemsr   r(   rL   rM   WantX509LookupErrorrE   BLOCKING_IO_READ_ERRORBLOCKING_IO_WRITE_ERRORBLOCKING_IO_LOOKUP_ERRORr.   r   r0   rr   r{   r   r    r   <module>r/     se   
 # " " " " "                 ! ! ! ! ! ! / / / / / / I I I I I I I I I I I I I I I I                       % % % % % % D D D D D D , , , , , , ) ) ) ) ) ) G G G G G G G G B B B B B B 8 8 8 8 8 8 2 2 2 2 2 2  WT]]NNNMM   MMM $* gd$91==   : $*d.d.1QQ IHK4E4E4G4GHHH 
    ($*=t?WX + - 3 . . . .P P P P Pt P P Pf0 0 0 0 0 0 0 0e e e e e e e e e es   B BB