U ~fhA @sUdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZmZmZddlmZddlmZddlmZmZmZmZdd lmZmZdd lmZdd l m!Z!dd l"m#Z#m$Z$e rdd l%m&Z&ddl'm(Z(dZ)dZ*z4ddl+Z,e-e.e/e,j01ddddkr$dZ*Wn>e2k rdz ddl,Z,Wne2k r^dZ)YnXYnXdZ3dddddddZ4ddddddZ5ddddddd Z6ddd!d"d#Z7dddd$d%d&Z8dddd$d'd(Z9dddd$d)d*Z:dddd$d+d,Z;dddd$d-d.Zd3e?d4<Gd5d6d6Z@Gd7d8d8e@ZAGd9d:d:e@ZBGd;d<de?d?<dDddd@ddAdBdCZEdS)EzAuthentication helpers.) annotationsN)standard_b64decodestandard_b64encode) TYPE_CHECKINGAnyCallableMappingMutableMappingOptionalcast)quote)Binary)MongoCredential_authenticate_scram_start_parse_scram_response_xor)ConfigurationErrorOperationFailure)saslprep)_authenticate_aws)_authenticate_oidc_get_authenticator)Hello) ConnectionTF.)rrrstrNone) credentialsconn mechanismreturnc Cs~|j}|dkr*d}tj}t|jd}nd}tj}t||jd}|j}|j }t j } |j } | r| rt| tsxt| jdk st| j\} } | j} nt||\} } }|||} | dk st| d}t|}t|d}|dkrtd |d }|d }|| std d |}|jr0|j\}}}}n d\}}}}|rV||ksV||krt||t||}| |d|}| |d|}||||f|_||}d| ||f}| |||}dtt||}d||f}t| |||}d| dt |d}|||} t| d}t !|d|s>td| dszd| dt dd}|||} | dsztddS)zAuthenticate using SCRAM. SCRAM-SHA-256sha256utf-8sha1Npayloadiiz+Server returned an invalid iteration count.srz!Server returned an invalid nonce.s c=biws,r=)NNNNs Client Keys Server Key,sp=conversationIdZ saslContinuer-r'vz%Server returned an invalid signature.donez%SASL conversation failed to complete.)"usernamehashlibr$rpasswordencoder&_password_digestsourcecachehmacHMACauth_ctxspeculate_succeeded isinstance _ScramContextAssertionError scram_dataspeculative_authenticatercommandrintr startswithdata pbkdf2_hmacrdigestjoinrrr compare_digest) rr r!r2rG digestmodrEr7r8Z_hmacctxnonce first_barerescmdZ server_firstparsedZ iterationsZsaltZrnonceZ without_proofZ client_keyZ server_keyZcsaltZ citerationsZ salted_passZ stored_keyZauth_msgZ client_sigZ client_proofZ client_finalZ server_sigrQs  rc CsT|j}|j}|j}||ddi}|d}t|||}d|||d}|||dS)zAuthenticate using MONGODB-CR.Zgetnoncer,rL) authenticaternrLkeyN)r7r2r4rBr[) rr r7r2r4rrLrqueryrQrQrR_authenticate_mongo_crIs rcCs|jdkrr|jr|j}n8|j}|}|d|j|d<|j||dddg}d|krdt||dSt||dSn t||dSdS)NrZsaslSupportedMechsF)Zpublish_eventsr# SCRAM-SHA-1)Zmax_wire_versionZnegotiated_mechsr7Z hello_cmdr2rBgetrS)rr Zmechsr7rOrQrQrR_authenticate_defaultXs  rr)r!r#) rqz MONGODB-CR MONGODB-X509z MONGODB-AWS MONGODB-OIDCrrr#DEFAULTz(Mapping[str, Callable[(Ellipsis, None)]] _AUTH_MAPc@s`eZdZddddddZeddddd d Zd d d dZdddddZdd ddZdS) _AuthContextrtuple[str, int]r)rrwr"cCs||_d|_||_dSN)rrArw)selfrrwrQrQrR__init__wsz_AuthContext.__init__zOptional[_AuthContext])credsrwr"cCs$t|j}|r tt|||SdSr)_SPECULATIVE_AUTH_MAPrr!r r)rrwZspec_clsrQrQrRfrom_credentials|s z_AuthContext.from_credentials"Optional[MutableMapping[str, Any]]r"cCstdSr)NotImplementedErrorrrQrQrRrsz_AuthContext.speculate_commandzHello[Mapping[str, Any]])hellor"cCs |j|_dSr)rA)rrrQrQrRparse_responsesz_AuthContext.parse_responseboolcCs t|jSr)rrArrQrQrRr<sz _AuthContext.speculate_succeededN) __name__ __module__ __qualname__r staticmethodrrrr<rQrQrQrRrvs rcs6eZdZdddddfdd Zdd d d ZZS) r>rrrr)rrwr!r"cst||d|_||_dSr)superrr@r!)rrrwr! __class__rQrRrsz_ScramContext.__init__rrcCs.t|j|j\}}}|jj|d<||f|_|SNdb)rrr!r7r@)rrLrMrOrQrQrRrs  z_ScramContext.speculate_command)rrrrr __classcell__rQrQrrRr>sr>c@seZdZddddZdS)rzMutableMapping[str, Any]rcCs&ddd}|jjdk r"|jj|d<|S)Nr,r)rr!rn)rr2)rrOrQrQrRrs   z_X509Context.speculate_commandNrrrrrQrQrQrRrsrc@seZdZddddZdS) _OIDCContextrrcCs2t|j|j}|}|dkr"dS|jj|d<|Sr)rrrwZget_spec_auth_cmdr7)rZ authenticatorrOrQrQrRrs  z_OIDCContext.speculate_commandNrrQrQrQrRrsr)rrr#rrzMapping[str, Any]rr)rr reauthenticater"cCs2|j}t|}|dkr$t|||n |||dS)zAuthenticate connection.rN)r!rr)rr rr!Z auth_funcrQrQrRrs r)F)F__doc__ __future__r functoolsr3r9r]base64rrtypingrrrrr r r urllib.parser Z bson.binaryr Zpymongo.auth_sharedrrrrZpymongo.errorsrrZpymongo.saslpreprZpymongo.synchronous.auth_awsrZpymongo.synchronous.auth_oidcrrZ pymongo.hellorZpymongo.synchronous.poolrrvrxZ winkerberosrytuplemaprC __version__rz ImportErrorZ_IS_SYNCrSr6r[rjrrrrrpartialr__annotations__rr>rrrrrQrQrQrRsx $      $ S o