3 iPdZddlZddlmZddlmZmZddlmZddl m Z ddl m Z dd l m Z d d l mZd Zd ZGdd eZy)zOpenID Authentication Plugin.N)Path)AnyList)utils)errors)logger) MySQLSocket)MySQLAuthPluginMySQLOpenIDConnectAuthPlugini(ceZdZUdZej dZeed<e de fdZ e de fdZ ede de fdZd ed edefd Zd ed ed edefd Zy)r zBClass implementing the MySQL OpenID Connect Authentication Plugin.r _openid_capability_flagreturncy)zPlugin official name.$authentication_openid_connect_clientselfs aD:\jyotish\venv\Lib\site-packages\mysql/connector/plugins/authentication_openid_connect_client.pynamez!MySQLOpenIDConnectAuthPlugin.name4s6cy)z'Signals whether or not SSL is required.Trrs r requires_sslz)MySQLOpenIDConnectAuthPlugin.requires_ssl9srtokenc|jd}t|dk7rytjdt fd|DS)a?Helper method used to validate OpenID Connect token The Token is represented as a JSON Web Token (JWT) consists of a base64-encoded header, body, and signature, separated by '.' e.g., "Base64url.Base64url.Base64url". The First part of the token contains the header, the second part contains payload and the third part contains signature. These token parts should be Base64 URLSafe i.e., Token cannot contain characters other than a-z, A-Z, 0-9 and special characters '-', '_'. Args: token (str): Base64url-encoded OpenID connect token fetched from the file path passed via `openid_token_file` connection argument. Returns: bool: Signal indicating whether the token is valid or not. .Fz^[a-zA-Z0-9-_]*$c3^K|]$}t|xrj|du&yw)N)lensearch).0 token_parturlsafe_patterns r zFMySQLOpenIDConnectAuthPlugin._validate_openid_token..Ws5 "4JJRO$:$::$Fd$RR"4s*-)splitr recompileall)rheader_payload_sigr$s @r_validate_openid_tokenz3MySQLOpenIDConnectAuthPlugin._validate_openid_token>sN&). C(8 ! "a '**%78 "4   r auth_datakwargsc  |jr.|js"tj|jd|j dd}t |}|jjtkDrtjd|jd}|j}|j|stjd|jtjt!||j#g}dj%|S#t&t(t*t,f$r}tj.d |d}~wwxYw) aPrepares authentication string for the server. Args: auth_data: Authorization data. kwargs: Custom configuration to be passed to the auth plugin when invoked. Returns: packet: Client's authorization response. The OpenID Connect authorization response follows the pattern :- int<1> capability flag string id token Raises: InterfaceError: If the connection is insecure or the OpenID Token is too large, invalid or non-existent. ProgrammingError: If the OpenID Token file could not be read. z requires SSLopenid_token_fileNz8The OpenID Connect token file size is too large (> 10KB)zutf-8)encodingz#The OpenID Connect Token is invalidrzCThe OpenID Connect Token File (openid_token_file) could not be read)r _ssl_enabledrInterfaceErrorrgetrstatst_sizeOPENID_TOKEN_MAX_SIZE read_textstripr+rrlc_intr encodejoin SyntaxError TypeErrorOSError UnicodeErrorProgrammingError)rr,r-token_file_pathr/ openid_token auth_responseerrs rrCz*MySQLOpenIDConnectAuthPlugin.auth_response]s5$   ):):++tyyk,GHH$*::.A4#HO&*?&;  %%'//2GG++N!2 ; ;W ; ML'--/L..|<++,QRR,, S./##%*M 88M* *Y> ))U  sDD!!E:EEsockc |j|fi|}|tjdtjd|t ||j ||j}tjd|t|S)aHandles server's `auth switch request` response. Args: sock: Pointer to the socket connection. auth_data: Plugin provided data (extracted from a packet representing an `auth switch request` response). kwargs: Custom configuration to be passed to the auth plugin when invoked. The parameters defined here will override the ones defined in the auth plugin itself. Returns: packet: Last server's response after back-and-forth communication. Raises: InterfaceError: If a NULL auth response is received from auth_response method. zGot a NULL auth responsez# request: %s size: %sz# server response packet: %s) rCrr2r debugr sendrecvbytes)rrEr,r-responsepackets rauth_switch_responsez1MySQLOpenIDConnectAuthPlugin.auth_switch_responsesx(&4%%i:6:  ''(BC C -xXG ( 3V<V}rN)__name__ __module__ __qualname____doc__r int1storerrJ__annotations__propertystrrboolr staticmethodr+rrCr rMrrrr r /sL%4U__Q%7U7 6c66d c d  r^s<:$ !!<!~?~r