!:h99 UdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZddlmZddlmZddlmZddlmZdd lmZmZdd lmZGd d e d Zej:ej:ej<ej<ej>ej>ej>ej>ej@ej@ej@ej@d Z!ee"ee#gdffe$d<ejJdZ&dZ'ee e ddfe$d<e(e)e!jUZ+ee e"dfe$d<e,hdZ-ee e"e$d<de"de"fdZ.de"de"fdZ/de"dee"e"ffdZ0Gdd Z1y)!av Digest authentication middleware for aiohttp client. This middleware implements HTTP Digest Authentication according to RFC 7616, providing a more secure alternative to Basic Authentication. It supports all standard hash algorithms including MD5, SHA, SHA-256, SHA-512 and their session variants, as well as both 'auth' and 'auth-int' quality of protection (qop) options. N) CallableDictFinal FrozenSetListLiteralTuple TypedDictUnion)URL)hdrs) ClientError)ClientHandlerType) ClientRequestClientResponse)Payloadc@eZdZUeed<eed<eed<eed<eed<y)DigestAuthChallengerealmnonceqop algorithmopaqueN)__name__ __module__ __qualname__str__annotations___/var/www/html/turnos/venv/lib/python3.12/site-packages/aiohttp/client_middleware_digest_auth.pyrr#s J J HN Kr!rF)total) MD5zMD5-SESSSHAzSHA-SESSSHA256z SHA256-SESSzSHA-256z SHA-256-SESSSHA512z SHA512-SESSzSHA-512z SHA-512-SESSz hashlib._HashDigestFunctionsz-(\w+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+)))rrrrr.CHALLENGE_FIELDSSUPPORTED_ALGORITHMS>urirrcnoncerresponseusernameQUOTED_AUTH_FIELDSvaluereturnc&|jddS)z,Escape double quotes for HTTP header values."\"replacer0s r" escape_quotesr8ks ==e $$r!c&|jddS)z-Unescape double quotes in HTTP header values.r4r3r5r7s r"unescape_quotesr:ps == $$r!headerc tj|Dcic](\}}}|jx}r||r t|n|*c}}}Scc}}}w)a Parse key-value pairs from WWW-Authenticate or similar HTTP headers. This function handles the complex format of WWW-Authenticate header values, supporting both quoted and unquoted values, proper handling of commas in quoted values, and whitespace variations per RFC 7616. Examples of supported formats: - key1="value1", key2=value2 - key1 = "value1" , key2="value, with, commas" - key1=value1,key2="value2" - realm="example.com", nonce="12345", qop="auth" Args: header: The header value string to parse Returns: Dictionary mapping parameter names to their values )_HEADER_PAIRS_PATTERNfindallstripr:)r;key quoted_val unquoted_val stripped_keys r"parse_header_pairsrDusZ,.C-J-J6-R   )C\IIK 'L ' Zoj1\Q  s-A c peZdZdZdededdfdZdeded eee d fdefd Z d e de fd Z dedede fdZy)DigestAuthMiddlewarea HTTP digest authentication middleware for aiohttp client. This middleware intercepts 401 Unauthorized responses containing a Digest authentication challenge, calculates the appropriate digest credentials, and automatically retries the request with the proper Authorization header. Features: - Handles all aspects of Digest authentication handshake automatically - Supports all standard hash algorithms: - MD5, MD5-SESS - SHA, SHA-SESS - SHA256, SHA256-SESS, SHA-256, SHA-256-SESS - SHA512, SHA512-SESS, SHA-512, SHA-512-SESS - Supports 'auth' and 'auth-int' quality of protection modes - Properly handles quoted strings and parameter parsing - Includes replay attack protection with client nonce count tracking Standards compliance: - RFC 7616: HTTP Digest Access Authentication (primary reference) - RFC 2617: HTTP Authentication (deprecated by RFC 7616) - RFC 1945: Section 11.1 (username restrictions) Implementation notes: The core digest calculation is inspired by the implementation in https://github.com/requests/requests/blob/v2.18.4/requests/auth.py with added support for modern digest auth features and error handling. loginpasswordr1Nc| td| tdd|vr td||_|jd|_|jd|_d|_d|_i|_y)Nz"None is not allowed as login valuez%None is not allowed as password value:z8A ":" is not allowed in username (RFC 1945#section-11.1)utf-8r!r) ValueError _login_strencode _login_bytes_password_bytes_last_nonce_bytes _nonce_count _challenge)selfrGrHs r"__init__zDigestAuthMiddleware.__init__sz =AB B  DE E %<WX X&+*/,,w*?-5__W-E!$/1r!methodurlbodyr!c "#K|j}d|vr tdd|vr td|d}|d}|s td|jdd}|jdd j}|jd d} |j d } |j d } t |j } d} d }|rxd dhj|jdDchc]#}|js|j%c}}|std|d|vrdnd } | j d }|tvr$td|ddjtt|#dtdtf#fd "dtdtdtf"fd }dj|j| |jf}|jd| j }| dk(rFt!|t"r|j%d{}n|}"|}dj||f}"|}"|}| |j&k(r|xj(dz c_nd|_| |_|j(d}|j d }t+j,d jt/|j(j d | t1j2j d t5j6dgj9dd }|j d }|jj;d!r"dj|| |f}| r dj| ||||f}|||}n||dj| |f}t=|j>t=|t=|| |jA|d"}| rt=| |d <| r| |d<||d#<||d$<g}|jCD];\} }!| tDvr|jG| d%|!d&&|jG| d'|!=d(dj|Scc}w7`w))a Build digest authorization header for the current challenge. Args: method: The HTTP method (GET, POST, etc.) url: The request URL body: The request body (used for qop=auth-int) Returns: A fully formatted Digest authorization header string Raises: ClientError: If the challenge is missing required parameters or contains unsupported values rz:Malformed Digest auth challenge: Missing 'realm' parameterrz:Malformed Digest auth challenge: Missing 'nonce' parameterzBSecurity issue: Digest auth challenge contains empty 'nonce' valuerrr$rrKr!authzauth-int,zEDigest auth error: Unsupported Quality of Protection (qop) value(s): z/Digest auth error: Unsupported hash algorithm: z. Supported algorithms: z, xr1cL|jjS)z.H s1:'')002 2r!sdc6dj||fS)zDRFC 7616 Section 3: KD(secret, data) = H(concat(secret, ":", data)).:)join)rbrcras r"KDz(DigestAuthMiddleware._encode..KDsTYY1v&' 'r!rerJNr 08xz-SESS)r.rrr+r-rncr,z="r3=zDigest )$rSrgetupperrNr path_qs intersectionsplitr?r(rfr*bytesrOrP isinstanceras_bytesrQrRhashlibsha1rtimectimeosurandomr_endswithr8rMdecodeitemsr/append)$rTrVrWrX challengerrqop_rawrr nonce_bytes realm_bytespathr qop_bytesq valid_qopsrgA1A2 entity_bytes entity_hashHA1HA2ncvalue ncvalue_bytesr, cnonce_bytesnoncebitresponse_digest header_fieldspairsfieldr0rar`s$ @@r"_encodezDigestAuthMiddleware._encodes&OO ) #L  ) #L  '"'"T --r*MM+u5;;= x,ll7+ ll7+ 3x  *-::$+MM#$6Dq!'')DJ![\c[de!+j 8*fC 7+I O +A)M))-3G)H(IK )3 3 35 3 (% (E (e ( YY));8L8LM N q ' . . 0 * $(%)]]_4 # L/KB ,-Bee $00 0    "  !D !,&&s+w/  HH))*11':JJL''0JJqM     )+cr }}W-  ??  % %g .DIIsK>?@C yym\9cJH!h/O diic0B&CDO &doo6"5)"5)'..0"  &3F&;M( # #&M% ")M$ &,M( #)//1 1LE5** wbq12 waw/0  1 5)*++SE< 5s&C#Q4'Q,=Q,DQ4Q1I Q4r-cn|jdk7ry|jjdd}|sy|jd\}}}|sy|j dk7ry|syt |x}syi|_tD]%}|j|x}s||j |<'t|j S)z Takes the given response and tries digest-auth, if needed. Returns true if the original request must be resent. iFzwww-authenticaterZ digest) statusheadersrm partitionlowerrDrSr)bool) rTr- auth_headerrVsepr header_pairsrr0s r" _authenticatez"DigestAuthMiddleware._authenticatees ??c !&&**+=rB *44S9W <<>X %!37 ;; ;% /E$((//u/).& / DOO$$r!requesthandlerc:Kd}tdD]~}|dkDrT|j|j|j|jd{|j t j<||d{}|j|r~n|J|S7J7!w)zRun the digest auth middleware.Nr) rangerrVrWrXrr AUTHORIZATIONr)rTrrr- retry_counts r"__call__zDigestAuthMiddleware.__call__s 8 KQ<@LLNNGKK=7 2 23 %W--H%%h/ ###7 .s*A B B *B7B8B BB)rrr__doc__rrUr r rrrrrrrrrr r!r"rFrFs:222  2,_,_, #_,+0'#,1F+G_, _,B&%n&%&%P$/@ r!rF)2rruryrerwtypingrrrrrrr r r yarlr rZrclient_exceptionsrclient_middlewaresr client_reqreprrpayloadrrmd5rvsha256sha512r(rrrrcompiler=r)tuplesortedkeysr* frozensetr/r8r:rDrFr r!r"rs    *18)5 ;; << nn>>~~NNnn>>~~NN Bc8UG_$<==> "# 42% '@ A3 FG05VO