1 // Copyright (C) MongoDB, Inc. 2017-present. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); you may 4 // not use this file except in compliance with the License. You may obtain 5 // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 6 7 package auth 8 9 import ( 10 "fmt" 11 "io" 12 13 // Ignore gosec warning "Blocklisted import crypto/md5: weak cryptographic primitive". We need 14 // to use MD5 here to implement the SCRAM specification. 15 /* #nosec G501 */ 16 "crypto/md5" 17 ) 18 19 const defaultAuthDB = "admin" 20 21 func mongoPasswordDigest(username, password string) string { 22 // Ignore gosec warning "Use of weak cryptographic primitive". We need to use MD5 here to 23 // implement the SCRAM specification. 24 /* #nosec G401 */ 25 h := md5.New() 26 _, _ = io.WriteString(h, username) 27 _, _ = io.WriteString(h, ":mongo:") 28 _, _ = io.WriteString(h, password) 29 return fmt.Sprintf("%x", h.Sum(nil)) 30 } 31