2h*B %SrSSKrSSKrSSKrSSKrSSKJrJrJrJ r J r J r J r J r Jr SSKJr SSKJr SSKJr SSKJr SS KJrJr SS KJr "S S \ S S9r\R:\R:\R<\R<\R>\R>\R>\R>\R@\R@\R@\R@S. r!\\"\\#/S44\$S'\RJ"S5r&Sr'\\ \ SS4\$S'\("\)"\!RU555r+\\ \"S4\$S'\,"1Sk5r-\\ \"\$S'S\"S\"4Sjr.S\"S\"4Sjr/S\"S\\"\"44Sjr0"SS 5r1g)!av Digest authentication middleware for aiohttp client. This middleware implements HTTP Digest Authentication according to RFC 7616, providing a more secure alternative to Basic Authentication. It supports all standard hash algorithms including MD5, SHA, SHA-256, SHA-512 and their session variants, as well as both 'auth' and 'auth-int' quality of protection (qop) options. N) CallableDictFinal FrozenSetListLiteralTuple TypedDictUnion)URL)hdrs) ClientError)ClientHandlerType) ClientRequestClientResponse)Payloadc\\rSrSr%\\S'\\S'\\S'\\S'\\S'\\S'\\S'S rg ) DigestAuthChallenge#realmnonceqop algorithmopaquedomainstaleN)__name__ __module__ __qualname____firstlineno__str__annotations____static_attributes__r]/var/www/auris/envauris/lib/python3.13/site-packages/aiohttp/client_middleware_digest_auth.pyrr#s% J J HN K K Jr&rF)total) MD5zMD5-SESSSHAzSHA-SESSSHA256z SHA256-SESSzSHA-256z SHA-256-SESSSHA512z SHA512-SESSzSHA-512z SHA-512-SESSz hashlib._HashDigestFunctionsz-(\w+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+)))rrrrrrr.CHALLENGE_FIELDSSUPPORTED_ALGORITHMS>urirrcnoncerresponseusernameQUOTED_AUTH_FIELDSvaluereturnc&URSS5$)z,Escape double quotes for HTTP header values."\"replacer5s r' escape_quotesr=qs ==e $$r&c&URSS5$)z-Unescape double quotes in HTTP header values.r9r8r:r<s r'unescape_quotesr?vs == $$r&headerc [RU5VVVs0sH3upnUR5=n(dMXB(a [U5OU_M5 snnn$s snnnf)aI Parse key-value pairs from WWW-Authenticate or similar HTTP headers. This function handles the complex format of WWW-Authenticate header values, supporting both quoted and unquoted values, proper handling of commas in quoted values, and whitespace variations per RFC 7616. Examples of supported formats: - key1="value1", key2=value2 - key1 = "value1" , key2="value, with, commas" - key1=value1,key2="value2" - realm="example.com", nonce="12345", qop="auth" Args: header: The header value string to parse Returns: Dictionary mapping parameter names to their values )_HEADER_PAIRS_PATTERNfindallstripr?)r@key quoted_val unquoted_val stripped_keys r'parse_header_pairsrI{s\,.C-J-J6-R -R )C\IIK 'L ' R Zoj1\Q-R  s AAc \rSrSrSrSS\S\S\SS4SjjrS \S \S \ \ \ S 4S\4S jr S \S\4Sjr S\S\4SjrS\S\S\4SjrSrg)DigestAuthMiddlewarea HTTP digest authentication middleware for aiohttp client. This middleware intercepts 401 Unauthorized responses containing a Digest authentication challenge, calculates the appropriate digest credentials, and automatically retries the request with the proper Authorization header. Features: - Handles all aspects of Digest authentication handshake automatically - Supports all standard hash algorithms: - MD5, MD5-SESS - SHA, SHA-SESS - SHA256, SHA256-SESS, SHA-256, SHA-256-SESS - SHA512, SHA512-SESS, SHA-512, SHA-512-SESS - Supports 'auth' and 'auth-int' quality of protection modes - Properly handles quoted strings and parameter parsing - Includes replay attack protection with client nonce count tracking - Supports preemptive authentication per RFC 7616 Section 3.6 Standards compliance: - RFC 7616: HTTP Digest Access Authentication (primary reference) - RFC 2617: HTTP Authentication (deprecated by RFC 7616) - RFC 1945: Section 11.1 (username restrictions) Implementation notes: The core digest calculation is inspired by the implementation in https://github.com/requests/requests/blob/v2.18.4/requests/auth.py with added support for modern digest auth features and error handling. loginpassword preemptiver6NcUc [S5eUc [S5eSU;a [S5eXlURS5UlURS5UlSUlSUl0UlX0l/Ul g)Nz"None is not allowed as login valuez%None is not allowed as password value:z8A ":" is not allowed in username (RFC 1945#section-11.1)utf-8r&r) ValueError _login_strencode _login_bytes_password_bytes_last_nonce_bytes _nonce_count _challenge _preemptive_protection_space)selfrMrNrOs r'__init__DigestAuthMiddleware.__init__s =AB B  DE E %<WX X&+*/,,w*?-5__W-E!$/1!+,.r&methodurlbodyr&c r ^"^## URnSU;a [S5eSU;a [S5eUSnUSnU(d [S5eURSS5nURSS 5R5nURS S5n UR S 5n UR S 5n [ U5R n Sn S nU(aS S1RURS5Vs1sH)oR5(dMUR5iM+ sn5nU(d[SU35eSU;aSOS n U R S 5nU[;a$[SUSSR[535e[Um#S[S[4U#4Sjjm"S[S[S[4U"4SjjnSRURXR45nUR5SU 3R 5nU S:XaK[!U["5(aUR%5IShvN nOUnT""U5nSRUU45nT""U5nT""U5nXR&:XaU=R(S- slOSUlXlUR(SnUR S 5n[*R,"S R[/UR(5R S 5U [0R2"5R S 5[4R6"S5/55R95SS nUR S 5nUR5R;S!5(aT""SRUU U455nU (a SRU UUUU45nU"UU5nOU"USRU U455n[=UR>5[=U5[=U5U URA5US".nU (a[=U 5US 'U (aU US'UUS#'UUS$'/nURC5H?un n!U [D;aURGU S%U!S&35 M)URGU S'U!35 MA S(SRU53$s snfGN{7f))a} Build digest authorization header for the current challenge. Args: method: The HTTP method (GET, POST, etc.) url: The request URL body: The request body (used for qop=auth-int) Returns: A fully formatted Digest authorization header string Raises: ClientError: If the challenge is missing required parameters or contains unsupported values rz:Malformed Digest auth challenge: Missing 'realm' parameterrz:Malformed Digest auth challenge: Missing 'nonce' parameterzBSecurity issue: Digest auth challenge contains empty 'nonce' valuerrr)rrRr&authzauth-int,zEDigest auth error: Unsupported Quality of Protection (qop) value(s): z/Digest auth error: Unsupported hash algorithm: z. Supported algorithms: z, xr6cL>T"U5R5R5$)z.Hs1:'')002 2r&sdc4>T"SRX455$)zDRFC 7616 Section 3: KD(secret, data) = H(concat(secret, ":", data)).:)join)rmrnrks r'KD(DigestAuthMiddleware._encode..KDsTYYv&' 'r&rprQNr 08xz-SESS)r3rrr0r2rncr1z="r8=zDigest )$rZrgetupperrUr path_qs intersectionsplitrDr-rqr/bytesrVrW isinstanceras_bytesrXrYhashlibsha1r#timectimeosurandomriendswithr=rTdecodeitemsr4append)$r]r`rarb challengerrqop_rawrr nonce_bytes realm_bytespathr qop_bytesq valid_qopsrrA1A2 entity_bytes entity_hashHA1HA2ncvalue ncvalue_bytesr1 cnonce_bytesnoncebitresponse_digest header_fieldspairsfieldr5rkrjs$ @@r'_encodeDigestAuthMiddleware._encodes&OO ) #L  ) #L  '"'"T --r*MM+u5;;= x,ll7+ ll7+ 3x  *-::$+MM#$6D$6q'')$6DJ![\c[de!+j 8*fC 7+I O +A)M))-3G)H(IK )3 3 35 3 (% (E (e ( YY));8L8LM N q ' . . 0 * $((%)]]_4 # L/KB ,-Bee 00 0    "  !D !,&&s+w/  HH))*11':JJL''0JJqM     )+cr }}W-  ??  % %g . .DIIsK>?@C yym\9cJH!h/O diic0B&CDO &doo6"5)"5)'..0"  &3F&;M( # #&M% ")M$ &,M( #)//1LE5** wbq12 waw/0 2 5)*++SE< 5s&C1R75R/R/%DR79R4:I;R7c[U5nURHRnURU5(dM[U5[U5:Xd USS:Xa gU[U5S:XdMR g g)z Check if the given URL is within the current protection space. According to RFC 7616, a URI is in the protection space if any URI in the protection space is a prefix of it (after both have been made absolute). /TF)r#r\ startswithlen)r]ra request_str space_strs r'_in_protection_space)DigestAuthMiddleware._in_protection_spacepsi#h //I)))44;3y>1Yr]c5I3y>*c10r&r2c URS:wagURRSS5nU(dgURS5up4nU(dgUR 5S:wagU(dg[ U5=n(dg0Ul[H+nURU5=n(dMXR U'M- URR5n UR RS5=n (a/Ul U R5Hn U RS5n U RS 5(a>URR[U R![#U 5555 MhURR[[#U 555 M O[U 5/Ul [%UR 5$) zr Takes the given response and tries digest-auth, if needed. Returns true if the original request must be resent. iFzwww-authenticaterd digestrr8r)statusheadersry partitionlowerrIrZr.raoriginr\r}rDrrr#rqr bool) r]r2 auth_headerr`sepr header_pairsrr5rrr0s r' _authenticate"DigestAuthMiddleware._authenticatesu ??c !&&**+=rB *44S9W <<>X %!37 ;; ;%E$((//u/).&& $$&__((2 26 2%'D "||~iin>>#&&**11#fkk#c(6K2LM**11#c#h-@&'*&k]D "DOO$$r&requesthandlerc# Sn[S5HnUS:dBUR(aUR(atURUR5(aTUR UR URUR5IShvN UR[R'U"U5IShvN nURU5(aM O UceU$NRN)7f)zRun the digest auth middleware.Nr) ranger[rZrrarr`rbrr AUTHORIZATIONr)r]rrr2 retry_counts r'__call__DigestAuthMiddleware.__call__s 8KQ  OO--gkk::<@LLNNGKK=7 2 23 %W--H%%h//%$*###7 .s*B C&C"*C&:C$;C& C&$C&)rZrXrVrTrYrWr[r\)T)rr r!r"__doc__r#rr^r r rrrrrrrrrr%rr&r'rKrKsD /// /  /4_,_, #_,+0'#,1F+G_, _,B(9%n9%9%v$/@ r&rK)2rrrrertypingrrrrrrr r r yarlr rdrclient_exceptionsrclient_middlewaresr client_reqreprrpayloadrrmd5rsha256sha512r-r#r~r$compilerBr.tuplesortedkeysr/ frozensetr4r=r?rIrKrr&r'rs    *18)5 ;; << nn>>~~NNnn>>~~NN Bc8UG_$<==> " 46 % QRTWW  05VO