3 O6bw8@shdZddlZddlZddlmZddlmZ ddl m Z ddl mZddlmZmZddlmZdd lmZdd lmZmZdd l m!Z"m#Z$dd l%m&Z'm(Z)m*Z+m,Z-m.Z/m0Z1dd l2m3Z4m5Z6ddl7m8Z9m:Z;mZ?ddl@mAZBddlCmDZEejFeGZHejIdejJZKddZLddZMddZNddZOddZPddZQddZRd d!ZSd"d#ZTd$d%ZUd&d'ZVd(d)ZWdS)*z4Support for requesting and verifying OCSP responses.N)datetime)InvalidSignature)default_backend) DSAPublicKey)ECDSAEllipticCurvePublicKey)PKCS1v15) RSAPublicKey)HashSHA1)Encoding PublicFormat)AuthorityInformationAccessExtendedKeyUsageExtensionNotFoundload_pem_x509_certificate TLSFeatureTLSFeatureType)AuthorityInformationAccessOIDExtendedKeyUsageOID)load_der_ocsp_responseOCSPCertStatusOCSPRequestBuilderOCSPResponseStatus)post)RequestExceptions9-----BEGIN CERTIFICATE[^ ]+.+?-----END CERTIFICATE[^ ]+c CsRt|d}|j}WdQRXg}t}x$tjt|D]}|jt||q6W|S)z0Parse the tlsCAFile into a list of certificates.rbN)openread_default_backend_refindall _CERT_REGEXappend_load_pem_x509_certificate)cafilefdatatrusted_ca_certsbackendZ cert_datar*S/var/www/html/sandeepIITI/myenv/lib/python3.6/site-packages/pymongo/ocsp_support.py_load_trusted_ca_certsEs r,cCsF|j}x|D]}|j|kr |Sq W|rBx|D]}|j|kr,|Sq,WdS)N)issuersubject)certchainr(Z issuer_name candidater*r*r+_get_issuer_certSs    r2c Csyft|tr |j||t|nDt|tr:|j|||n*t|trX|j||t|n |j||Wntk rzdSXdS)Nr) isinstance _RSAPublicKeyverify _PKCS1v15 _DSAPublicKey_EllipticCurvePublicKey_ECDSA_InvalidSignature)key signature algorithmr'r*r*r+_verify_signatureds   r?c Cs&y |jj|Stk r dSXdS)N) extensionsZget_extension_for_class_ExtensionNotFound)r/klassr*r*r+_get_extensionus rCcCsr|j}t|tr$|jtjtj}n,t|tr@|jtj tj }n|jtjtj }t t td}|j||jS)N)r)) public_keyr4r5 public_bytes _EncodingDER _PublicFormatZPKCS1r9ZX962ZUncompressedPointZSubjectPublicKeyInfo_Hash_SHA1rupdatefinalize)r/rDZpbytesdigestr*r*r+_public_key_hash|s    rNcsfdd|DS)Ncs(g|] }t|kr|jjkr|qSr*)rNr-r.).0r/)r-responder_key_hashr*r+ s z*_get_certs_by_key_hash..r*) certificatesr-rPr*)r-rPr+_get_certs_by_key_hashsrScsfdd|DS)Ncs&g|]}|jkr|jjkr|qSr*)r.r-)rOr/)r-responder_namer*r+rQs z&_get_certs_by_name..r*)rRr-rTr*)r-rTr+_get_certs_by_namesrUc Cs|j}|j}|j}|dk r$||jks,||kr.Fz!Peer presented a must-staple certTz$Peer did not staple an OCSP responsez5Must-staple cert with no stapled response, hard fail.z.OCSP endpoint checking is disabled, soft fail.r3z*No authority access information, soft failcSs g|]}|jtjkr|jjqSr*)Z access_method_AuthorityInformationAccessOIDZOCSPZaccess_locationrZ)rOdescr*r*r+rQ=szNo OCSP URI, soft failzNo issuer cert?zRequesting OCSP dataz Trying %szOCSP cert status: %rz)No definitive OCSP cert status, soft failzPeer stapled an OCSP responsezOCSP response status: %r)Zget_peer_certificaterVrWrzZget_peer_cert_chainr2r(rC _TLSFeaturerZ_TLSFeatureTypeZstatus_requestrwZcheck_ocsp_endpoint_AuthorityInformationAccessryZcertificate_status_OCSPCertStatusZGOODZREVOKEDrqrsrtrurhrc) connZ ocsp_bytes user_datar/r0r-Z must_stapler^featurerwurisrvr[r*r*r+_ocsp_callbacks                             r)X__doc__loggingZ_loggingrer rrdZcryptography.exceptionsrr;Zcryptography.hazmat.backendsrrZ-cryptography.hazmat.primitives.asymmetric.dsarr8Z,cryptography.hazmat.primitives.asymmetric.ecrr:rr9Z1cryptography.hazmat.primitives.asymmetric.paddingrr7Z-cryptography.hazmat.primitives.asymmetric.rsar r5Z%cryptography.hazmat.primitives.hashesr rIr rJZ,cryptography.hazmat.primitives.serializationr rFr rHZcryptography.x509rrrrXrrArr$rr~rrZcryptography.x509.oidrr|rrYZcryptography.x509.ocsprrqrrrrarrtrequestsrrnZrequests.exceptionsrro getLogger__name__rVcompileDOTALLr"r,r2r?rCrNrSrUr`rcrhryrr*r*r*r+s@          4'