U ~fh" @s,dZddlmZddlZddlZddlmZddlmZddlm Z m Z m Z m Z ddl mZddlmZmZmZmZdd lmZed d d d dddddg ZGdddZedddddddgZeddddgZed d!gZd"d#d"d"d$d#dd%d&d'Zd(d(d(d)d*d+Zd(d,d-d.d/Zdd"d0d1d2d3ZdS)4z6Constants and types shared across multiple auth types.) annotationsN)standard_b64encode) namedtuple)AnyDictMappingOptional)Binary)_OIDCAzureCallback_OIDCGCPCallback_OIDCProperties_OIDCTestCallback)ConfigurationErrorGSSAPIz MONGODB-CR MONGODB-OIDC MONGODB-X509 MONGODB-AWSPLAINz SCRAM-SHA-1z SCRAM-SHA-256DEFAULTc@sTeZdZdZedZddddZdddd d Zdddd d Zd dddZ dS)_CachedataNone)returncCs d|_dSNrselfr7/tmp/pip-unpacked-wheel-36gvocj8/pymongo/auth_shared.py__init__7sz_Cache.__init__objectbool)otherrcCst|trdStS)NT isinstancerNotImplementedrr"rrr__eq__:s z _Cache.__eq__cCst|trdStS)NFr#r&rrr__ne__@s z _Cache.__ne__intcCs|jSr) _hash_valrrrr__hash__Esz_Cache.__hash__N) __name__ __module__ __qualname__ __slots__hashr*rr'r(r+rrrrr2s rMongoCredential mechanismsourceusernamepasswordZmechanism_propertiescacheGSSAPIProperties service_namecanonicalize_host_name service_realm_AWSPropertiesaws_session_tokenstrz Optional[str]zMapping[str, Any])mechr3userpasswdextradatabasercCs|dkr|dkrt|d|dkr|dk r>|dkr>td|di}|dd }t|d d }|d } t||| d } t|d||| dS|dkr|dk rtd|dk r|dkrtdt|d|dddS|dkrB|dk r|dkrtd|dk r|dkrtd|di}|d} t| d} t|d||| dS|dkr|di}|d} |d}|d}|dd}ddddd d!d"g}|d#|}d$}|dk rd%}t|| s|r|dk rt|| r|rd&}t|n|dk r|d'kr$|dk rd(}t|t} nZ|d)krJd}|s@td*t|} n4|d+krpd}|sftd,t |} ntd-|nt|t | |||||d.}t|d|||t S|d/kr|p|pd}t||||ddS|p|pd0}|dkrtd1t||||dt SdS)2z8Build and return a mechanism specific credentials tuple.)rrrNz requires a username.rz $externalz:authentication source must be $external or None for GSSAPIZauthmechanismpropertiesZ SERVICE_NAMEZmongodbZCANONICALIZE_HOST_NAMEFZ SERVICE_REALM)r8r9r:rz+Passwords are not supported by MONGODB-X509z@authentication source must be $external or None for MONGODB-X509rz;username without a password is not supported by MONGODB-AWSz?authentication source must be $external or None for MONGODB-AWSZAWS_SESSION_TOKEN)r<rZ OIDC_CALLBACKZOIDC_HUMAN_CALLBACKZ ENVIRONMENTZTOKEN_RESOURCEz *.mongodb.netz*.mongodb-dev.netz*.mongodb-qa.netz*.mongodbgov.net localhostz 127.0.0.1z::1Z ALLOWED_HOSTSzVauthentication with MONGODB-OIDC requires providing either a callback or a environmentz)password is not supported by MONGODB-OIDCz5cannot set both OIDC_CALLBACK and OIDC_HUMAN_CALLBACKtestz;test environment for MONGODB-OIDC does not support usernameZazurezTAzure environment for MONGODB-OIDC requires a TOKEN_RESOURCE auth mechanism propertyZgcpzOGCP provider for MONGODB-OIDC requires a TOKEN_RESOURCE auth mechanism propertyz+unrecognized ENVIRONMENT for MONGODB-OIDC: )callbackhuman_callback environment allowed_hoststoken_resourcer4rZadminzA password is required.) r ValueErrorgetr!r7r1r;r r r r r)r>r3r?r@rArBZ propertiesr8 canonicalizer:propsr<Z aws_propsrFrGenvironrJZdefault_allowedrImsgZ oidc_propsZsource_databaserrr_build_credentials_tupleZs                             rQbytes)firsecrcCsdddt||DS)zXOR two byte strings together.cSsg|]\}}t||AgqSr)rR).0xyrrr sz_xor..)joinzip)rSrTrrr_xorsr\zDict[bytes, bytes])responsercCstdd|dDS)z-Split a scram response into key, value pairs.css,|]$}ttjttf|ddVqdS)=N)typingcastTuplerRsplit)rVitemrrr sz(_parse_scram_response..,)dictrc)r]rrr_parse_scram_responsesrhz4tuple[bytes, bytes, typing.MutableMapping[str, Any]]) credentialsr2rcCsd|j}|ddddd}ttd}d|d|}d |td |d d d id }|||fS)Nzutf-8r^s=3Drfs=2C sn=s,r=r_sn,,ZskipEmptyExchangeT)Z saslStartr2payloadZ autoAuthorizeoptions)r4encodereplacerosurandomr )rir2r4r?nonceZ first_barecmdrrr_authenticate_scram_starts rs) __doc__ __future__rror`base64r collectionsrrrrrZbsonr Zpymongo.auth_oidc_sharedr r r r Zpymongo.errorsr frozensetZ MECHANISMSrr1r7r;rQr\rhrsrrrrsF      v