,h%SSKJr SSKJr SSKrSSKrSSKrSSK J r SSK J r SSK J r SSK J r SSKJr "S S 5r"S S \5rSSS jjr"SS\5rSSjr"SS5rg)) annotationsN)_base64_alphabet) base64_decode) base64_encode) want_bytes) BadSignaturec,\rSrSrSrSSjrSSjrSrg) SigningAlgorithmz_Subclasses must implement :meth:`get_signature` to provide signature generation functionality. c[5e)z2Returns the signature for the given key and value.)NotImplementedErrorselfkeyvalues K/var/www/auris/envauris/lib/python3.13/site-packages/itsdangerous/signer.py get_signatureSigningAlgorithm.get_signatures !##cL[R"X0RX55$)z=Verifies the given signature matches the expected signature. )hmaccompare_digestr)rrrsigs rverify_signature!SigningAlgorithm.verify_signatures ""3(:(:3(FGGrNrbytesrrreturnr)rrrrrrr bool)__name__ __module__ __qualname____firstlineno____doc__rr__static_attributes__rrrr r s$Hrr c"\rSrSrSrSSjrSrg) NoneAlgorithmzXProvides an algorithm that does not perform any signing and returns an empty signature. cg)Nrrrs rrNoneAlgorithm.get_signature$srrNr)r"r#r$r%r&rr'rrrr)r)s rr)c.[R"U5$)zDon't access ``hashlib.sha1`` until runtime. FIPS builds may not include SHA-1, in which case the import and use as a default would fail before the developer can configure something else. )hashlibsha1)strings r _lazy_sha1r1(s << rcL\rSrSr%Sr\"\5rS\S'S S Sjjr S Sjr Sr g) HMACAlgorithm0z*Provides signature generation using HMACs.t.Anydefault_digest_methodNc.Uc URnXlgN)r6 digest_method)rr9s r__init__HMACAlgorithm.__init__8s   66M$1rc`[R"XURS9nUR5$)N)msg digestmod)rnewr9digest)rrrmacs rrHMACAlgorithm.get_signature>s$hhs1C1CDzz|r)r9r8)r9r5r) r"r#r$r%r& staticmethodr1r6__annotations__r:rr'rrrr3r30s!4 $0 #;5;2 rr3c[U[[45(a [U5/$UVs/sHn[U5PM sn$s snfr8) isinstancestrrr) secret_keyss r_make_keys_listrJCs?*sEl++:&''#- .:aJqM: .. .sAc\rSrSr%Sr\"\5rS\S'Sr S\S'SSS jjr \ SS j5r SSS jjr SS jrSS jrSSjrSSjrSSjrSrg)SignerLa^A signer securely signs bytes, then unsigns them to verify that the value hasn't been changed. The secret key should be a random string of ``bytes`` and should not be saved to code or version control. Different salts should be used to distinguish signing in different contexts. See :doc:`/concepts` for information about the security of the secret key and salt. :param secret_key: The secret key to sign and verify with. Can be a list of keys, oldest to newest, to support key rotation. :param salt: Extra key to combine with ``secret_key`` to distinguish signatures in different contexts. :param sep: Separator between the signature and value. :param key_derivation: How to derive the signing key from the secret key and salt. Possible values are ``concat``, ``django-concat``, or ``hmac``. Defaults to :attr:`default_key_derivation`, which defaults to ``django-concat``. :param digest_method: Hash function to use when generating the HMAC signature. Defaults to :attr:`default_digest_method`, which defaults to :func:`hashlib.sha1`. Note that the security of the hash alone doesn't apply when used intermediately in HMAC. :param algorithm: A :class:`SigningAlgorithm` instance to use instead of building a default :class:`HMACAlgorithm` with the ``digest_method``. .. versionchanged:: 2.0 Added support for key rotation by passing a list to ``secret_key``. .. versionchanged:: 0.18 ``algorithm`` was added as an argument to the class constructor. .. versionchanged:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. r5r6 django-concatrGdefault_key_derivationNc@[U5Ul[U5UlUR[;a [ S5eUb [U5nOSnX lUc URnX@lUc URnXPl Uc[UR5nX`l g)NzThe given separator cannot be used because it may be contained in the signature itself. ASCII letters, digits, and '-_=' must not be used.itsdangerous.Signer) rJ secret_keysrsepr ValueErrorsaltrOkey_derivationr6r9r3 algorithm)rrHrUrSrVr9rWs rr:Signer.__init__s)8 (C$S/ 88' '7   d#D)D  !!88N#1   66M$1  %d&8&89I+4rc URS$)zThe newest (last) entry in the :attr:`secret_keys` list. This is for compatibility from before key rotation support was added. )rR)rs rrHSigner.secret_keys ##rcUcURSnO [U5nURS:XaE[R"[ UR URU-5R55$URS:XaH[R"[ UR URS-U-5R55$URS:XaI[R"XR S9nURUR5 UR5$URS:XaU$[S5e) aThis method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. :param secret_key: A specific secret key to derive from. Defaults to the last item in :attr:`secret_keys`. .. versionchanged:: 2.0 Added the ``secret_key`` parameter. rZconcatrNssignerr)r>nonezUnknown key derivation method) rRrrVtcastrr9rUr@rr?update TypeError)rrHrAs r derive_keySigner.derive_keys  ))"-J#J/J   ( *66%!3!3DII 4J!K!R!R!TU U  O 366t))$))i*?**LMTTV  F *((:1C1CDC JJtyy !::<   F * ;< NNrcHURU5 g![a gf=f)z^Only validates the given signed value. Returns ``True`` if the signature exists and is valid. TF)rrr )rrqs rvalidateSigner.validates(  KK %  s  !!)rWr9rVrUrRrS)rQ.NNN) rH7str | bytes | cabc.Iterable[str] | cabc.Iterable[bytes]rUstr | bytes | NonerS str | bytesrVz str | Noner9z t.Any | NonerWzSigningAlgorithm | None)r rr8)rHryr r)rrzr r)rrzrrzr r!)rqrzr r)rqrzr r!)r"r#r$r%r&rCr1r6rDrOr:propertyrHrcrrhrrrrur'rrrrLrLLs#V$0 #;5;#2C1 $:%)&*-1,5K,5!,5 ,5 # ,5 $ ,5+,5\$$ =B"< " OrrL)r)r0rr r5)rHrxr z list[bytes]) __future__rcollections.abcabccabcr.rtypingr_encodingrrrrexcr r r)r1r3rJrLrrrrso" &##  H H $ $&/G//~~r