;3h8 UdZddlZddlZddlZddlZddlmZmZmZm Z m Z m Z m Z m Z mZddlmZddlmZddlmZddlmZdd lmZmZGd d e d Zej6ej6ej8ej8ej:ej:ej:ej:ej<ej<ej<ej<d Zee ee!gdffe"d<ejFdZ$dZ%ee e ddfe"d<e&e'ejQZ)ee e dfe"d<e*hdZ+ee e e"d<de de fdZ,de de fdZ-de dee e ffdZ.GddZ/y) av Digest authentication middleware for aiohttp client. This middleware implements HTTP Digest Authentication according to RFC 7616, providing a more secure alternative to Basic Authentication. It supports all standard hash algorithms including MD5, SHA, SHA-256, SHA-512 and their session variants, as well as both 'auth' and 'auth-int' quality of protection (qop) options. N) CallableDictFinal FrozenSetListLiteralTuple TypedDictUnion)URL)hdrs) ClientError)ClientHandlerType) ClientRequestClientResponsec@eZdZUeed<eed<eed<eed<eed<y)DigestAuthChallengerealmnonceqop algorithmopaqueN)__name__ __module__ __qualname__str__annotations__e/var/www/html/audio-gradio/venv/lib/python3.12/site-packages/aiohttp/client_middleware_digest_auth.pyrr"s J J HN Kr rF)total) MD5zMD5-SESSSHAzSHA-SESSSHA256z SHA256-SESSzSHA-256z SHA-256-SESSSHA512z SHA512-SESSzSHA-512z SHA-512-SESSz hashlib._HashDigestFunctionsz-(\w+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+)))rrrrr.CHALLENGE_FIELDSSUPPORTED_ALGORITHMS>urirrcnoncerresponseusernameQUOTED_AUTH_FIELDSvaluereturnc&|jddS)z,Escape double quotes for HTTP header values."\"replacer/s r! escape_quotesr7js ==e $$r c&|jddS)z-Unescape double quotes in HTTP header values.r3r2r4r6s r!unescape_quotesr9os == $$r headerc tj|Dcic](\}}}|jx}r||r t|n|*c}}}Scc}}}w)a Parse key-value pairs from WWW-Authenticate or similar HTTP headers. This function handles the complex format of WWW-Authenticate header values, supporting both quoted and unquoted values, proper handling of commas in quoted values, and whitespace variations per RFC 7616. Examples of supported formats: - key1="value1", key2=value2 - key1 = "value1" , key2="value, with, commas" - key1=value1,key2="value2" - realm="example.com", nonce="12345", qop="auth" Args: header: The header value string to parse Returns: Dictionary mapping parameter names to their values )_HEADER_PAIRS_PATTERNfindallstripr9)r:key quoted_val unquoted_val stripped_keys r!parse_header_pairsrCtsZ,.C-J-J6-R   )C\IIK 'L ' Zoj1\Q  s-A cjeZdZdZdededdfdZdeded eeefdefd Z d e de fd Z d e dede fdZy)DigestAuthMiddlewarea HTTP digest authentication middleware for aiohttp client. This middleware intercepts 401 Unauthorized responses containing a Digest authentication challenge, calculates the appropriate digest credentials, and automatically retries the request with the proper Authorization header. Features: - Handles all aspects of Digest authentication handshake automatically - Supports all standard hash algorithms: - MD5, MD5-SESS - SHA, SHA-SESS - SHA256, SHA256-SESS, SHA-256, SHA-256-SESS - SHA512, SHA512-SESS, SHA-512, SHA-512-SESS - Supports 'auth' and 'auth-int' quality of protection modes - Properly handles quoted strings and parameter parsing - Includes replay attack protection with client nonce count tracking Standards compliance: - RFC 7616: HTTP Digest Access Authentication (primary reference) - RFC 2617: HTTP Authentication (deprecated by RFC 7616) - RFC 1945: Section 11.1 (username restrictions) Implementation notes: The core digest calculation is inspired by the implementation in https://github.com/requests/requests/blob/v2.18.4/requests/auth.py with added support for modern digest auth features and error handling. loginpasswordr0Nc| td| tdd|vr td||_|jd|_|jd|_d|_d|_i|_y)Nz"None is not allowed as login valuez%None is not allowed as password value:z8A ":" is not allowed in username (RFC 1945#section-11.1)utf-8r r) ValueError _login_strencode _login_bytes_password_bytes_last_nonce_bytes _nonce_count _challenge)selfrFrGs r!__init__zDigestAuthMiddleware.__init__sz =AB B  DE E %<WX X&+*/,,w*?-5__W-E!$/1r methodurlbodyc "#|j}d|vr tdd|vr td|d}|d}|s td|jdd}|jdd j}|jd d} |j d } |j d } t |j } d} d }|rxd dhj|jdDchc]#}|js|j%c}}|std|d|vrdnd } | j d }|tvr$td|ddjtt|#dtdtf#fd "dtdtdtf"fd }dj|j| |jf}|jd| j }| dk(rAt!|t"r|j d d}n|}"|}dj||f}"|}"|}| |j$k(r|xj&dz c_nd|_| |_|j&d}|j d }t)j*d jt#|j&j d | t-j.j d t1j2d gj5d!d"}|j d }|jj7d#r"dj|| |f}| r dj| ||||f}|||}n||dj| |f}t9|j:t9|t9|| |j=|d$}| rt9| |d <| r| |d<||d%<||d&<g}|j?D];\} }!| t@vr|jC| d'|!d(&|jC| d)|!=d*dj|Scc}w)+a Build digest authorization header for the current challenge. Args: method: The HTTP method (GET, POST, etc.) url: The request URL body: The request body (used for qop=auth-int) Returns: A fully formatted Digest authorization header string Raises: ClientError: If the challenge is missing required parameters or contains unsupported values rz:Malformed Digest auth challenge: Missing 'realm' parameterrz:Malformed Digest auth challenge: Missing 'nonce' parameterzBSecurity issue: Digest auth challenge contains empty 'nonce' valuerrr#rrJr authzauth-int,zEDigest auth error: Unsupported Quality of Protection (qop) value(s): z/Digest auth error: Unsupported hash algorithm: z. Supported algorithms: z, xr0cL|jjS)z.Hs1:'')002 2r sdc6dj||fS)zDRFC 7616 Section 3: KD(secret, data) = H(concat(secret, ":", data)).:)join)rarbr`s r!KDz(DigestAuthMiddleware._encode..KD sTYY1v&' 'r rdrIr5)errorsr 08xNz-SESS)r-rrr*r,rncr+z="r2=zDigest )"rRrgetupperrMr path_qs intersectionsplitr>r'rer)bytesrNrO isinstancerrPrQhashlibsha1timectimeosurandomr^endswithr7rLdecodeitemsr.append)$rSrUrVrW challengerrqop_rawrr nonce_bytes realm_bytespathr qop_bytesq valid_qopsrfA1A2 entity_str entity_hashHA1HA2ncvalue ncvalue_bytesr+ cnonce_bytesnoncebitresponse_digest header_fieldspairsfieldr/r`r_s$ @@r!_encodezDigestAuthMiddleware._encodes OO ) #L  ) #L  '"'"T --r*MM+u5;;= x,ll7+ ll7+ 3x  *-::$+MM#$6Dq!'')DJ![\c[de!+j 8*fC 7+I O +A)M))-3G)H(IK )3 3 35 3 (% (E (e ( YY));8L8LM N q ' . . 0 * $$![[[C ! J-KB ,-Bee $00 0    "  !D !,&&s+w/  HH))*11':JJL''0JJqM     )+cr }}W-  ??  % %g .DIIsK>?@C yym\9cJH!h/O diic0B&CDO &doo6"5)"5)'..0"  &3F&;M( # #&M% ")M$ &,M( #)//1 1LE5** wbq12 waw/0  1 5)*++SEs %Q%;Q%r,cn|jdk7ry|jjdd}|sy|jd\}}}|sy|j dk7ry|syt |x}syi|_tD]%}|j|x}s||j |<'t|j S)z Takes the given response and tries digest-auth, if needed. Returns true if the original request must be resent. iFzwww-authenticaterY digest) statusheadersrm partitionlowerrCrRr(bool) rSr, auth_headerrUsepr header_pairsrr/s r! _authenticatez"DigestAuthMiddleware._authenticateas ??c !&&**+=rB *44S9W <<>X %!37 ;; ;% /E$((//u/).& / DOO$$r requesthandlerc&Kd}tdD]v}|dkDrL|j|j|j|j|j t j<||d{}|j|rvn|J|S7w)zRun the digest auth middleware.Nr) rangerrUrVrWrr AUTHORIZATIONr)rSrrr, retry_counts r!__call__zDigestAuthMiddleware.__call__s 8 KQ6:llNNGKK7 2 23 %W--H%%h/ ###.sA-B/B0B B)rrr__doc__rrTr r rrrrrrrrrrr r!rErEs:222  2,\,c\,\,53D\,\,|&%n&%&%P$/@ r rE)0rrtrxrervtypingrrrrrrr r r yarlr rYrclient_exceptionsrclient_middlewaresr client_reqreprrrmd5rusha256sha512r'rrrrcompiler<r(tuplesortedkeysr) frozensetr.r7r9rCrErr r!rs    *18)5 ;; << nn>>~~NNnn>>~~NN Bc8UG_$<==> "# 42% '@ A3 FG05VO