
    l h@              
      J   U d Z ddlmZ ddlZddlZddlZddlZddlmZm	Z	 ddl
mZmZmZmZmZmZmZ ddlmZ ddlmZ ddlmZmZmZmZ dd	lmZmZ dd
lmZ ddl m!Z! ddl"m#Z#m$Z$ ddl%m&Z& erddl'm(Z( ddl)m*Z* dZ+dZ,	 ddl-Z. e/ e0e1e.jd                  jg                  d      dd             dk\  rdZ,dZ5d/dZ6d0dZ7d1dZ8d2dZ9d3dZ:d3dZ;d3dZ<d3dZ=e:e<e!e#e; ej|                  e6d       ej|                  e6d      e=d Z?d!e@d"<    G d# d$      ZA G d% d&eA      ZB G d' d(eA      ZC G d) d*eA      ZDeC ej|                  eBd       ej|                  eBd      eD ej|                  eBd      d+ZEd,e@d-<   	 d4	 	 	 	 	 	 	 d5d.ZFy# e4$ r 	 ddl.Z.n# e4$ r dZ+Y nw xY wY w xY w)6zAuthentication helpers.    )annotationsN)standard_b64decodestandard_b64encode)TYPE_CHECKINGAnyCallableMappingMutableMappingOptionalcast)quote)Binary)MongoCredential_authenticate_scram_start_parse_scram_response_xor)ConfigurationErrorOperationFailure)saslprep)_authenticate_aws)_authenticate_oidc_get_authenticator)_getaddrinfo)Hello)
ConnectionTF.   )r      c                Z   | j                   }|dk(  r7d}t        j                  }t        | j                        j                  d      }n7d}t        j                  }t        || j                        j                  d      }| j                  }| j                  }t        j                  }	|j                  }
|
rL|
j                         r<t        |
t              sJ |
j                   J |
j                   \  }}|
j"                  }n"t%        | |      \  }}}|j'                  ||      }|J |d   }t)        |      }t+        |d         }|dk  rt-        d	      |d
   }|d   }|j/                  |      st-        d      d|z   }|j0                  r|j0                  \  }}}}nd\  }}}}|r
||k7  s||k7  r\t        j2                  ||t5        |      |      } |	|d|      j7                         } |	|d|      j7                         }||||f|_         ||      j7                         }dj9                  |||f      } |	|||      j7                         }dt;        t=        ||            z   }dj9                  ||f      }t;         |	|||      j7                               }d|d   t?        |      d}|j'                  ||      }t)        |d         }t        j@                  |d   |      st-        d      |d   s5d|d   t?        d      d}|j'                  ||      }|d   st-        d      yy)zAuthenticate using SCRAM.SCRAM-SHA-256sha256utf-8sha1Npayload   ii   z+Server returned an invalid iteration count.   s   rz!Server returned an invalid nonce.s	   c=biws,r=)NNNNs
   Client Keys
   Server Key   ,s   p=   conversationIdsaslContinuer*   r$      vz%Server returned an invalid signature.done    z%SASL conversation failed to complete.)!usernamehashlibr!   r   passwordencoder#   _password_digestsourcecachehmacHMACauth_ctxspeculate_succeeded
isinstance_ScramContext
scram_dataspeculative_authenticater   commandr   intr   
startswithdatapbkdf2_hmacr   digestjoinr   r   r   compare_digest) credentialsconn	mechanismr0   rD   	digestmodrB   r5   r6   _hmacctxnonce
first_barerescmdserver_firstparsed
iterationssaltrnoncewithout_proof
client_key
server_keycsaltciterationssalted_pass
stored_keyauth_msg
client_sigclient_proofclient_final
server_sigs                                    ~/var/www/html/SchoolMeal/SchoolMeal/pds_admin_SchoolMeal/Backend/venv/lib/python3.12/site-packages/pymongo/synchronous/auth.py_authenticate_scramrc   G   s:   ##HO#NN	,,-44W=LL	+*>*>?FFwOFE IIE
--C
s&&(#}---~~)))NNz**!:;	!Rz3ll63'??y>L"<0FVD\"JDLMM$<DD\FU#BCC 6)Mzz5:ZZ2
J{5K2
J{ **C))&$8J48PR\];yAHHJ
;yAHHJ
 *dJ?
:&--/Jyy*lMBCHz8Y7>>@J-d:z.JKKL99m\:;L#E*h	$J$Q$Q$STJ ./,'C
 ,,vs
#C"3y>2Fvd|Z8FGG v;!"23c{

 ll63'6{"#JKK  r/   c                N   t        |t              st        d      t        |      dk(  rt	        d      t        | t              st        dt        |              t        j                         }|  d| }|j                  |j                  d             |j                         S )z0Get a password digest to use for authentication.z#password must be an instance of strr   zpassword can't be emptyz)username must be an instance of str, not z:mongo:r"   )r;   str	TypeErrorlen
ValueErrortyper1   md5updater3   	hexdigest)r0   r2   md5hashrB   s       rb   r4   r4      s    h$=>>
8}233h$CDNCSTUUkkmGZwxj)DNN4;;w'(r/   c                    t        ||      }t        j                         }|  | | }|j                  |j	                  d             |j                         S )z*Get an auth key to use for authentication.r"   )r4   r1   rj   rk   r3   rl   )rM   r0   r2   rD   rm   rB   s         rb   	_auth_keyro      sO    h1FkkmGWXJvh'DNN4;;w'(r/   c                f   |dv r| S t        | dddt        j                  t        j                        d   \  }}}}}|dk(  r|j	                         S 	 t        j
                  |t        j                        }|d   j	                         S # t        j                  $ r |j	                         cY S w xY w)z2Canonicalize hostname following MIT-krb5 behavior.)FnoneNr   )familyri   protoflagsforward)r   socketIPPROTO_TCPAI_CANONNAMElowergetnameinfoNI_NAMEREQDgaierror)hostnameoptionafsocktypers   	canonnamesockaddrnames           rb   _canonicalize_hostnamer      s       	$$%%	
 	0	,B%H   !!!(F,>,>? 7==? ?? !  !s   $B
 
#B0/B0c                   t         st        d      	 | j                  }| j                  }| j                  }|j
                  xs |j                  d   }t        ||j                        }|j                  dz   |z   }|j                  |dz   |j                  z   }|t        rOdj                  t        |      t        |      f      }t        j                  ||t        j                         \  }}	nrd|v r|j#                  dd      \  }
}n|d}}
t        j                  |t        j                   |
||      \  }}	n(t        j                  |t        j                         \  }}	|t        j$                  k7  rt'        d	      	 t        j(                  |	d
      dk7  rt'        d      t        j*                  |	      }dd|dd}|j-                  d|      }t/        d      D ]}  }t        j(                  |	t1        |d               }|dk(  rt'        d      t        j*                  |	      xs d
}d|d   |d}|j-                  d|      }|t        j$                  k(  s} n t'        d      t        j2                  |	t1        |d               dk7  rt'        d      t        j4                  |	t        j*                  |	      |      dk7  rt'        d      t        j*                  |	      }d|d   |d}|j-                  d|       t        j6                  |	       y# t        j6                  |	       w xY w# t        j8                  $ r}t'        t1        |            dd}~ww xY w)zAuthenticate using GSSAPI.zEThe "kerberos" module must be installed to use GSSAPI authentication.r   @N:)gssflagsr)   )r   userdomainr2   z&Kerberos context failed to initialize. z*Unknown kerberos failure in step function.GSSAPI	saslStartrI   r$   autoAuthorize	$external
   r$   r*   r+   z+Kerberos authentication failed to complete.z0Unknown kerberos failure during GSS_Unwrap step.z.Unknown kerberos failure during GSS_Wrap step.)HAVE_KERBEROSr   r0   r2   mechanism_propertiesservice_hostaddressr   canonicalize_host_nameservice_nameservice_realm_USE_PRINCIPALrE   r   kerberosauthGSSClientInitGSS_C_MUTUAL_FLAGsplitAUTH_GSS_COMPLETEr   authGSSClientStepauthGSSClientResponser?   rangere   authGSSClientUnwrapauthGSSClientWrapauthGSSClientCleanKrbError)rG   rH   r0   r2   propshostservice	principalresultrL   r   r   r$   rP   response_excs                    rb   _authenticate_gssapir      sF    S
 	
d3''''00 !!4T\\!_%dE,H,HI$$s*T1*me&9&99G  HHeHouX%GH	&88Y1K1K (?#+>>#q#9LD&#+T&D&88%77!% #44WxGaGabKFCX///"#KLL:	-
 ))#r2a7&'STT 44S9G%"!"	C ||K5H 2Y V!33CXi=P9QRR<*+WXX"88=C %&&./?&@&
  <<S9X777V" ''TUU ++CXi5H1IJaO&'YZZ))#x/M/Mc/RT\]abb&'WXX44S9G !"*+;"<"C
 LLc* '',H'', 3s3x(d23s8   E.L2 CL B&L L2 L//L2 2MMMc                    | j                   }| j                  }| j                  }d| d| j                         }ddt	        |      dd}|j                  ||       y)z(Authenticate using SASL PLAIN (RFC 4616) r)   PLAINr   N)r5   r0   r2   r3   r   r?   )rG   rH   r5   r0   r2   r$   rP   s          rb   _authenticate_plainr   =  se    F##H##HhZtH:.668G'?	C 	LLr/   c                    |j                   }|r|j                         ryt        | |j                        j	                         }|j                  d|       y)z Authenticate using MONGODB-X509.Nr   )r9   r:   _X509Contextr   speculate_commandr?   )rG   rH   rL   rP   s       rb   _authenticate_x509r   L  sC    
--C
s&&(
{DLL
1
C
C
ECLLc"r/   c                R   |j                   dk\  r|j                  r|j                  }nU| j                  }|j                         }|dz   | j                  z   |d<   |j                  ||d      j                  dg       }d|v rt        | |d      S t        | |d      S t        | |d      S )N   r   saslSupportedMechsF)publish_eventsr    SCRAM-SHA-1)max_wire_versionnegotiated_mechsr5   	hello_cmdr0   r?   getrc   )rG   rH   mechsr5   rP   s        rb   _authenticate_defaultr   W  s    !  ))E ''F.."C(.{7K7K(KC$%\\&#e\DIIJ^`bcEe#&{D/JJ&{D-HH";mDDr/   r   )rI   r    )r   MONGODB-X509zMONGODB-AWSMONGODB-OIDCr   r   r    DEFAULTz!Mapping[str, Callable[..., None]]	_AUTH_MAPc                  J    e Zd ZddZe	 	 	 	 	 	 dd       Zd	dZd
dZddZy)_AuthContextc                .    || _         d | _        || _        y N)rG   r>   r   )selfrG   r   s      rb   __init__z_AuthContext.__init__u  s    &EI%r/   c                t    t         j                  | j                        }|rt        t         || |            S y r   )_SPECULATIVE_AUTH_MAPr   rI   r   r   )credsr   spec_clss      rb   from_credentialsz_AuthContext.from_credentialsz  s2     ),,U__=hug&>??r/   c                    t         r   )NotImplementedErrorr   s    rb   r   z_AuthContext.speculate_command  s    !!r/   c                &    |j                   | _         y r   )r>   )r   hellos     rb   parse_responsez_AuthContext.parse_response  s    (-(F(F%r/   c                ,    t        | j                        S r   )boolr>   r   s    rb   r:   z _AuthContext.speculate_succeeded  s    D1122r/   N)rG   r   r   tuple[str, int]returnNone)r   r   r   r   r   zOptional[_AuthContext]r   z"Optional[MutableMapping[str, Any]])r   zHello[Mapping[str, Any]]r   r   )r   r   )	__name__
__module____qualname__r   staticmethodr   r   r   r:    r/   rb   r   r   t  sC    
 )8	 "G3r/   r   c                  8     e Zd Z	 	 	 	 	 	 	 	 d fdZddZ xZS )r<   c                B    t         |   ||       d | _        || _        y r   )superr   r=   rI   )r   rG   r   rI   	__class__s       rb   r   z_ScramContext.__init__  s"     	g.9="r/   c                    t        | j                  | j                        \  }}}| j                  j                  |d<   ||f| _        |S Ndb)r   rG   rI   r5   r=   )r   rM   rN   rP   s       rb   r   z_ScramContext.speculate_command  sE    !:4;K;KT^^!\z3$$++D	 *-
r/   )rG   r   r   r   rI   re   r   r   r   )r   r   r   r   r   __classcell__)r   s   @rb   r<   r<     s-    #*#5D#QT#	#r/   r<   c                      e Zd ZddZy)r   c                n    ddd}| j                   j                  | j                   j                  |d<   |S )Nr)   r   )authenticaterI   r   )rG   r0   )r   rP   s     rb   r   z_X509Context.speculate_command  s8     ~>$$0**33CK
r/   N)r   zMutableMapping[str, Any]r   r   r   r   r   r/   rb   r   r     s    r/   r   c                      e Zd ZddZy)_OIDCContextc                    t        | j                  | j                        }|j                         }|y | j                  j                  |d<   |S r   )r   rG   r   get_spec_auth_cmdr5   )r   authenticatorrP   s      rb   r   z_OIDCContext.speculate_command  sH    *4+;+;T\\J--/;$$++D	
r/   Nr   r   r   r/   rb   r   r     s    r/   r   )r   r   r    r   r   zMapping[str, Any]r   c                f    | j                   }t        |   }|dk(  rt        | ||       y || |       y)zAuthenticate connection.r   N)rI   r   r   )rG   rH   reauthenticaterI   	auth_funcs        rb   r   r     s7     %%I)$IN";n=+t$r/   )rG   r   rH   r   rI   re   r   r   )r0   re   r2   re   r   re   )rM   re   r0   re   r2   re   r   re   )r}   re   r~   z
str | boolr   re   )rG   r   rH   r   r   r   )F)rG   r   rH   r   r   r   r   r   )G__doc__
__future__r   	functoolsr1   r7   rv   base64r   r   typingr   r   r   r	   r
   r   r   urllib.parser   bson.binaryr   pymongo.auth_sharedr   r   r   r   pymongo.errorsr   r   pymongo.saslprepr   pymongo.synchronous.auth_awsr   pymongo.synchronous.auth_oidcr   r   pymongo.synchronous.helpersr   pymongo.hellor   pymongo.synchronous.poolr   r   r   winkerberosr   tuplemapr@   __version__r   ImportError_IS_SYNCrc   r4   ro   r   r   r   r   r   partialr   __annotations__r   r<   r   r   r   r   r   r/   rb   <module>r     s    "     9      @ % : 5#3	"Sh**005bq9:;vE PLf:k3\#E$ #&$& $9$$%8MR&Y&&':oV$	0	, 	3 32L "< <  !$9$$]mL&Y&&}P  y  /J, (  LQ	% 	%(2	%DH	%		%y   s6   4F F"FF"FF"FF"!F"