DŽg%ddlmZddlmZddlZddlZddlZddl m Z ddl m Z ddl m Z ddl m Z ddlmZGd d ZGd d eZddd ZGddeZ ddZGddZy)) annotationsN)_base64_alphabet) base64_decode) base64_encode) want_bytes) BadSignaturec eZdZdZddZddZy)SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. ct)z2Returns the signature for the given key and value.)NotImplementedErrorselfkeyvalues [/home/mcse/projects/flask_80/flask-venv/lib/python3.12/site-packages/itsdangerous/signer.py get_signaturezSigningAlgorithm.get_signatures !##cNtj||j||S)zMVerifies the given signature matches the expected signature. )hmaccompare_digestr)rrrsigs rverify_signaturez!SigningAlgorithm.verify_signatures$""3(:(:3(FGGrNrbytesrrreturnr)rrrrrrrbool)__name__ __module__ __qualname____doc__rrrrr r s$Hrr ceZdZdZddZy) NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. cy)Nrr"rs rrzNoneAlgorithm.get_signature$srNr)rrr r!rr"rrr$r$s rr$c,tj|S)zDon't access ``hashlib.sha1`` until runtime. FIPS builds may not include SHA-1, in which case the import and use as a default would fail before the developer can configure something else. )hashlibsha1)strings r _lazy_sha1r*(s << rc>eZdZUdZeeZded<dddZd dZ y) HMACAlgorithmz*Provides signature generation using HMACs.t.Anydefault_digest_methodNc.| |j}||_yN)r. digest_method)rr1s r__init__zHMACAlgorithm.__init__8s   66M$1rcftj|||j}|jS)N)msg digestmod)rnewr1digest)rrrmacs rrzHMACAlgorithm.get_signature>s&hhs1C1CDzz|rr0)r1r-r) rrr r! staticmethodr*r.__annotations__r2rr"rrr,r,0s!4 $0 #;5;2 rr,ct|ttfr t|gS|Dcgc] }t|c}Scc}wr0) isinstancestrrr) secret_keyss r_make_keys_listr@Cs8*sEl+:&''#- .aJqM .. .s<ceZdZUdZeeZded<dZded< d ddZ e dd Z ddd Z dd Z dd Zdd ZddZddZy)SigneraA signer securely signs bytes, then unsigns them to verify that the value hasn't been changed. The secret key should be a random string of ``bytes`` and should not be saved to code or version control. Different salts should be used to distinguish signing in different contexts. See :doc:`/concepts` for information about the security of the secret key and salt. :param secret_key: The secret key to sign and verify with. Can be a list of keys, oldest to newest, to support key rotation. :param salt: Extra key to combine with ``secret_key`` to distinguish signatures in different contexts. :param sep: Separator between the signature and value. :param key_derivation: How to derive the signing key from the secret key and salt. Possible values are ``concat``, ``django-concat``, or ``hmac``. Defaults to :attr:`default_key_derivation`, which defaults to ``django-concat``. :param digest_method: Hash function to use when generating the HMAC signature. Defaults to :attr:`default_digest_method`, which defaults to :func:`hashlib.sha1`. Note that the security of the hash alone doesn't apply when used intermediately in HMAC. :param algorithm: A :class:`SigningAlgorithm` instance to use instead of building a default :class:`HMACAlgorithm` with the ``digest_method``. .. versionchanged:: 2.0 Added support for key rotation by passing a list to ``secret_key``. .. versionchanged:: 0.18 ``algorithm`` was added as an argument to the class constructor. .. versionchanged:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. r-r. django-concatr=default_key_derivationNc<t||_t||_|jtvr t d| t|}nd}||_| |j}||_| |j}||_ |t|j}||_ y)NzThe given separator cannot be used because it may be contained in the signature itself. ASCII letters, digits, and '-_=' must not be used.itsdangerous.Signer) r@ secret_keysrsepr ValueErrorsaltrDkey_derivationr.r1r, algorithm)rr>rJrHrKr1rLs rr2zSigner.__init__s)8 (C$S/ 88' '7   d#D)D  !!88N#1   66M$1  %d&8&89I+4rc |jdS)zThe newest (last) entry in the :attr:`secret_keys` list. This is for compatibility from before key rotation support was added. )rG)rs rr>zSigner.secret_keys ##rc|||jd}n t|}|jdk(rDtjt |j |j|zjS|jdk(rGtjt |j |jdz|zjS|jdk(rLtj||j }|j|j|jS|jdk(r|Std) aThis method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. :param secret_key: A specific secret key to derive from. Defaults to the last item in :attr:`secret_keys`. .. versionchanged:: 2.0 Added the ``secret_key`` parameter. rNconcatrCssignerr)r5nonezUnknown key derivation method) rGrrKtcastrr1rJr7rr6update TypeError)rr>r8s r derive_keyzSigner.derive_keys  ))"-J#J/J   ( *66%!3!3DII 4J!K!R!R!TU U  O 366t))$))i*?**LMTTV  F *((:1C1CDC JJtyy !::<   F * ;< rs rrzSigner.verify_signaturesw $C5!"4#3#34 J//*-C~~..sE3?     s A## A/.A/ct|}|j|vrtd|jd|j|jd\}}|j ||r|Std|d|)zUnsigns the given string.zNo z found in valuerz Signature z does not match)payload)rrHr rsplitr)r signed_valuerrs runsignz Signer.unsignsu!,/ 88< 'TXXL@A A!((15 s   ,LZwo>NNrcF |j|y#t$rYywxYw)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TF)rar )rr`s rvalidatezSigner.validates(  KK %  s   )rF.NNN) r>7str | bytes | cabc.Iterable[str] | cabc.Iterable[bytes]rJstr | bytes | NonerH str | bytesrKz str | Noner1z t.Any | NonerLzSigningAlgorithm | None)rrr0)r>rfrr)rrgrr)rrgrrgrr)r`rgrr)r`rgrr)rrr r!r9r*r.r:rDr2propertyr>rVrrYrrarcr"rrrBrBLs#V$0 #;5;#2C1 $:%)&*-1,5K,5!,5 ,5 # ,5 $ ,5+,5\$$ =B"< " OrrB)r)r)rrr-)r>rerz list[bytes]) __future__rcollections.abcabccabcr'rtypingrRencodingrrrrexcr r r$r*r,r@rBr"rrrpso" &##  H H $ $&/G//~~r