o 7cۅ@s^UdZddlZddlZddlZddlZddlmZmZmZm Z z"ddl m Z ddl m Z ddlmZddlmZddlmZd ZWn eyNd ZeZYnwdd lmZmZmZdd lmZmZmZdd lm Z ddl!m"Z"ddl#m$Z$m%Z%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.ddl/m0Z0ddl1m2Z2m3Z3m4Z4m5Z5ddl6m7Z7ddl8m9Z9ddl:m;Z;ddlZ>ddl?m@Z@ddlAmBZBmCZCddlDmEZEddlFmGZGddlHmIZIdZJd ZKd!ZLe e(ed"ZMe eNd#<e e%d$ZOejPd%d&ZQGd'd(d(eZRGd)d*d*eZSGd+d,d,eZTGd-d.d.eUejVZWGd/d0d0eUejVZXGd1d2d2eZYdS)3z8Support for explicit client-side field level encryption.N)AnyMappingOptionalSequence) AutoEncrypter)MongoCryptError)ExplicitEncrypter)MongoCryptOptions)MongoCryptCallbackTF) _dict_to_bsondecodeencode)STANDARD UUID_SUBTYPEBinary) CodecOptions) BSONError)DEFAULT_RAW_BSON_OPTIONSRawBSONDocument _inflate_bson)SON)_csot)Cursor) _spawn_daemon)AutoEncryptionOpts)ConfigurationErrorEncryptionErrorInvalidOperationServerSelectionTimeoutError) MongoClient)BLOCKING_IO_ERRORS) UpdateOne) PoolOptions_configured_socket) ReadConcern)BulkWriteResult DeleteResult)get_ssl_context) parse_host) WriteConcerni i')document_classuuid_representation_DATA_KEY_OPTS)r+c cs>zdVWdStyty}zt|d}~ww)z2Context manager to wrap encryption related errors.N)r Exceptionr)excr0P/var/www/milkbook_backend/env/lib/python3.10/site-packages/pymongo/encryption.py_wrap_encryption_errorsHs  r2c@sTeZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ dS) _EncryptionIOcCsT||dur t||_nd|_|jttddtddd|_||_||_ d|_ dS)z8Internal class to perform I/O on behalf of pymongocrypt.Nmajority)level)w) codec_options read_concern write_concernF) weakrefref client_ref with_options_KEY_VAULT_OPTSr$r)key_vault_collmongocryptd_clientopts_spawned)selfclientr?r@rAr0r0r1__init__Vs z_EncryptionIO.__init__c Cs|j}|j}|j}|jj|}|durtddddddd}tt t d}t |||d}t |t \}} t|| f|} zAz-| ||jdkrh| tt t d| |j} | s^td|| |jdksGWn tyutdwW| dS| w)zComplete a KMS request. :Parameters: - `kms_context`: A :class:`MongoCryptKmsContext`. :Returns: None NFgMbP?)connect_timeoutsocket_timeout ssl_contextrzKMS connection closedz timed out)endpointmessage kms_providerrA_kms_ssl_contextsgetr'maxrclamp_remaining_KMS_CONNECT_TIMEOUTr"r( _HTTPS_PORTr#sendall bytes_needed settimeoutrecvOSErrorfeedr sockettimeoutclose) rC kms_contextrIrJproviderctxrFrAhostportconndatar0r0r1 kms_requestgsJ         z_EncryptionIO.kms_requestcCsd||jt|d}|D]}t|dtWdSWddS1s+wYdS)aGet the collection info for a namespace. The returned collection info is passed to libmongocrypt which reads the JSON schema. :Parameters: - `database`: The database on which to run listCollections. - `filter`: The filter to pass to listCollections. :Returns: The first document from the listCollections command response as BSON. )filterFN)r<list_collectionsrr r-)rCdatabaserccursordocr0r0r1collection_infos  "z_EncryptionIO.collection_infocCs.d|_|jjpdg}||jjt|dS)z~Spawn mongocryptd. Note this method is thread safe; at most one mongocryptd will start successfully. T mongocryptdN)rBrA_mongocryptd_spawn_pathextend_mongocryptd_spawn_argsr)rCargsr0r0r1spawns z_EncryptionIO.spawncCsz|js |jjs |t|t}z|j|j|td}W|j Sty<|jjr*||j|j|td}Y|j Sw)zMark a command for encryption. :Parameters: - `database`: The database on which to run this command. - `cmd`: The BSON command to run. :Returns: The marked command response from mongocryptd. r7) rBrA_mongocryptd_bypass_spawnrnrrr@commandrraw)rCrecmd inflated_cmdresr0r0r1 mark_commands"     z_EncryptionIO.mark_commandccsJ|jt|}|D]}|jVq WddS1swYdS)zYields one or more keys from the key vault. :Parameters: - `filter`: The filter to pass to find. :Returns: A generator which yields the requested keys from the key vault. N)r?findrrr)rCrcrfkeyr0r0r1 fetch_keyss   "z_EncryptionIO.fetch_keyscCs@t|t}|d}t|tr|jtkrtd|j ||S)zInsert a data key into the key vault. :Parameters: - `data_key`: The data key document to insert. :Returns: The _id of the inserted data key document. _idz/data_key _id must be Binary with a UUID subtype) rr>rM isinstancersubtyper TypeErrorr? insert_one)rCdata_keyraw_doc data_key_idr0r0r1insert_data_keys  z_EncryptionIO.insert_data_keycCst|S)zEncode a document to BSON. A document can be any mapping type (like :class:`dict`). :Parameters: - `doc`: mapping type representing a document :Returns: The encoded BSON bytes. )r )rCrgr0r0r1 bson_encodes z_EncryptionIO.bson_encodecCs*d|_d|_|jr|jd|_dSdS)zjRelease resources. Note it is not safe to call this method from __del__ or any GC hooks. N)r<r?r@rZrCr0r0r1rZs   z_EncryptionIO.closeN) __name__ __module__ __qualname__rErbrhrnrvryrrrZr0r0r0r1r3Us0   r3c@s>eZdZdZd deeddfddZedeefddZdS) RewrapManyDataKeyResultzuResult object returned by a :meth:`~ClientEncryption.rewrap_many_data_key` operation. .. versionadded:: 4.2 Nbulk_write_resultreturncCs ||_dSN_bulk_write_result)rCrr0r0r1rE s z RewrapManyDataKeyResult.__init__cCs|jS)aDThe result of the bulk write operation used to update the key vault collection with one or more rewrapped data keys. If :meth:`~ClientEncryption.rewrap_many_data_key` does not find any matching keys to rewrap, no bulk write operation will be executed and this field will be ``None``. rrr0r0r1rsz)RewrapManyDataKeyResult.bulk_write_resultr) rrr__doc__rr%rEpropertyrr0r0r0r1rs rc@s8eZdZdZddZddZddZdd Zd d Zd S) _EncrypterzEncrypts and decrypts MongoDB commands. This class is used to support automatic encryption and decryption of MongoDB commands.c Cs|jdurd}nt|jdt}|jdurd}nt|jdt}|j|_d|_dd}|jdur2|j}n|||}|jr=d}n|||}|jdd\}} ||| } t |j dt d} t || | |} t | t|j||j|j|j||jd|_d|_dS) zCreate a _Encrypter for a client. :Parameters: - `client`: The encrypted MongoClient. - `opts`: The encrypted client's :class:`AutoEncryptionOpts`. NFcSs:|jjjdur |S|jdur|jS|jddd}||_|S)Nr) minPoolSizeauto_encryption_opts)options pool_options max_pool_size_internal_client _duplicate) encrypter mongo_clientinternal_clientr0r0r1_get_internal_client3s z1_Encrypter.__init__.._get_internal_client.)connectserverSelectionTimeoutMS)crypt_shared_lib_pathcrypt_shared_lib_requiredbypass_encryptionencrypted_fields_mapbypass_query_analysis) _schema_mapr r-_encrypted_fields_map_bypass_auto_encryptionr_key_vault_client_key_vault_namespacesplitr_mongocryptd_uri_MONGOCRYPTD_TIMEOUT_MSr3rr _kms_providers_crypt_shared_lib_path_crypt_shared_lib_required_bypass_query_analysis_auto_encrypter_closed) rCrDrA schema_maprrkey_vault_clientmetadata_clientdbcollr?r@ io_callbacksr0r0r1rE sD       z_Encrypter.__init__cCsZ|t|d|}t|j||}t|t}|WdS1s&wYdS)a!Encrypt a MongoDB command. :Parameters: - `database`: The database for this command. - `cmd`: A command document. - `codec_options`: The CodecOptions to use while encoding `cmd`. :Returns: The encrypted command to execute. FN) _check_closedr r2rencryptrr)rCrersr7 encoded_cmd encrypted_cmd encrypt_cmdr0r0r1r^s  $z_Encrypter.encryptcCs>|t|j|WdS1swYdS)zDecrypt a MongoDB command response. :Parameters: - `response`: A MongoDB command response as BSON. :Returns: The decrypted command response. N)rr2rdecrypt)rCresponser0r0r1rqs  $z_Encrypter.decryptcCs|jrtddS)Nz"Cannot use MongoClient after close)rrrr0r0r1r~sz_Encrypter._check_closedcCs.d|_|j|jr|jd|_dSdS)zCleanup resources.TN)rrrZrrr0r0r1rZs    z_Encrypter.closeN) rrrrrErrrrZr0r0r0r1rs> rc@s&eZdZdZdZ dZ dZ dZdS) Algorithmz9An enum that defines the supported encryption algorithms.z+AEAD_AES_256_CBC_HMAC_SHA_512-Deterministicz$AEAD_AES_256_CBC_HMAC_SHA_512-RandomIndexed UnindexedN)rrrr+AEAD_AES_256_CBC_HMAC_SHA_512_Deterministic$AEAD_AES_256_CBC_HMAC_SHA_512_RandomINDEXED UNINDEXEDr0r0r0r1rsrc@seZdZdZdZdS) QueryTypez**(BETA)** An enum that defines the supported values for explicit encryption query_type. .. note:: Support for Queryable Encryption is in beta. Backwards-breaking changes may be made before the final release. .. versionadded:: 4.2 equalityN)rrrrEQUALITYr0r0r0r1rsrc@seZdZdZ d7deeefdededede eeefddf d d Z   d8d ed e eeefd e e ede e de f ddZ    d9dedede e de ede ede ede fddZde defddZde de efddZdeefddZde defd d!Zde dedefd"d#Zdede efd$d%Zde dede efd&d'Z  d:d(eeefd)e ed e eeefdefd*d+Zd;d,d-Zd.ed/ed0eddfd1d2Zd3d4Zdcontextmanagerr2r3rrrEnumrrrr0r0r0r1sf                       2q