o hp%@sdZddlmZddlZddlZddlmZddlmZddlm Z m Z m Z m Z ddl mZddlmZmZmZmZmZdd lmZegd Z Gd d d Zed gdZ edgdZ eddgZ d1ddZd2d!d"Zd3d&d'Zd4d*d+Z d5d/d0Z!dS)6z6Constants and types shared across multiple auth types.) annotationsN)standard_b64encode) namedtuple)AnyDictMappingOptional)Binary)_OIDCAzureCallback_OIDCGCPCallback_OIDCK8SCallback_OIDCProperties_OIDCTestCallback)ConfigurationError)GSSAPI MONGODB-OIDC MONGODB-X509 MONGODB-AWSPLAINz SCRAM-SHA-1z SCRAM-SHA-256DEFAULTc@s@eZdZdZedZdddZdd d Zdd d ZdddZ dS)_CachedatareturnNonecCs d|_dSNrselfrF/var/www/html/venv/lib/python3.10/site-packages/pymongo/auth_shared.py__init__7s z_Cache.__init__otherobjectboolcCt|trdStS)NT isinstancerNotImplementedrr!rrr__eq__:s z _Cache.__eq__cCr$)NFr%r(rrr__ne__@s z _Cache.__ne__intcCs|jSr) _hash_valrrrr__hash__Esz_Cache.__hash__N)rr)r!r"rr#)rr+) __name__ __module__ __qualname__ __slots__hashr,r r)r*r-rrrrr2s   rMongoCredential) mechanismsourceusernamepasswordZmechanism_propertiescacheGSSAPIProperties service_nameZcanonicalize_host_name service_realm service_host_AWSPropertiesaws_session_tokenvalue str | boolrcCs8gd}|dvr |dvS||vrtd|d||S)N)FTnoneforwardZforwardAndReverse)truefalseTF)rDTzCANONICALIZE_HOST_NAME 'z' not in valid options: ) ValueError)r@Z valid_namesrrr _validate_canonicalize_host_nameZs rGmechstrr5 Optional[str]userpasswdextraMapping[str, Any]databasecCsH|dvr|durt|d|dkrQ|dur|dkrtd|di}|dd }|d d}|d d } t| } |d } t|| | |d} t|d||| dS|dkrr|dur]td|duri|dkritdt|d|dddS|dkr|dur|durtd|dur|dkrtd|di}|d} t| d} t|d||| dS|dkrs|di}|d}|d}|d}|dd}gd}|d|}|dddur|durtdd }|durd!}t||s|r|durt||r|rd"}t|nU|durX|d#kr |durd$}t|t}n<|d%kr3d}|s.td&t|}n)|d'krFd}|sAtd(t |}n|d)krQd}t }n td*|t|t ||||||pfdd+}t|d|||t S|d,kr|p|pd}t||||ddS|p|pd-}|durtd.t||||dt S)/z8Build and return a mechanism specific credentials tuple.)rrrNz requires a usernamerz $externalz:authentication source must be $external or None for GSSAPIZauthmechanismpropertiesZ SERVICE_NAMEZmongodbZ SERVICE_HOSTZCANONICALIZE_HOST_NAMErEZ SERVICE_REALMr:rz+Passwords are not supported by MONGODB-X509z@authentication source must be $external or None for MONGODB-X509rz;username without a password is not supported by MONGODB-AWSz?authentication source must be $external or None for MONGODB-AWSZAWS_SESSION_TOKEN)r?rZ OIDC_CALLBACKZOIDC_HUMAN_CALLBACKZ ENVIRONMENTZTOKEN_RESOURCE)z *.mongodb.netz*.mongodb-dev.netz*.mongodb-qa.netz*.mongodbgov.net localhostz 127.0.0.1z::1Z ALLOWED_HOSTSz4ALLOWED_HOSTS is only valid with OIDC_HUMAN_CALLBACKzVauthentication with MONGODB-OIDC requires providing either a callback or a environmentz)password is not supported by MONGODB-OIDCz5cannot set both OIDC_CALLBACK and OIDC_HUMAN_CALLBACKtestz;test environment for MONGODB-OIDC does not support usernameZazurezTAzure environment for MONGODB-OIDC requires a TOKEN_RESOURCE auth mechanism propertyZgcpzOGCP provider for MONGODB-OIDC requires a TOKEN_RESOURCE auth mechanism propertyZk8sz+unrecognized ENVIRONMENT for MONGODB-OIDC: )callbackhuman_callback environment allowed_hoststoken_resourcer6rZadminzA password is required) rrFgetrGr9r3r>rr r r r r)rHr5rKrLrMrO propertiesr;r=Z canonicalizer<propsr?Z aws_propsrSrTenvironrWZdefault_allowedrVmsgZ oidc_propsZsource_databaserrr_build_credentials_tupleds                            r]firbytesseccCsdddt||DS)zXOR two byte strings together.cSsg|] \}}t||AgqSr)r_).0xyrrr sz_xor..)joinzip)r^r`rrr_xorsrhresponseDict[bytes, bytes]cCstdd|dDS)z-Split a scram response into key, value pairs.css.|]}ttjttf|ddVqdS)=N)typingcastTupler_split)rbitemrrr s  z(_parse_scram_response..,)dictrp)rirrr_parse_scram_responsesru credentialsr44tuple[bytes, bytes, typing.MutableMapping[str, Any]]cCsd|j}|ddddd}ttd}d|d|}d |td |d d d id }|||fS)Nzutf-8rks=3Drss=2C sn=s,r=rlsn,,ZskipEmptyExchangeT)Z saslStartr4payloadZ autoAuthorizeoptions)r6encodereplacerosurandomr )rvr4r6rKnonceZ first_barecmdrrr_authenticate_scram_starts  r)r@rArrA)rHrIr5rJrKrJrLrJrMrNrOrJrr3)r^r_r`r_rr_)rir_rrj)rvr3r4rIrrw)"__doc__ __future__rr}rmbase64r collectionsrrrrrZbsonr Zpymongo.auth_oidc_sharedr r r r rZpymongo.errorsr frozensetZ MECHANISMSrr3r9r>rGr]rhrurrrrrs>         ~