o q>e$@sddlZddlZddlZddlmZddlmZddlmZddlmZddl m Z ej e e fZejeZej ejeefZGdd d ZGd d d eZGd d d eZdedeje fddZGdddZdS)N)_base64_alphabet) base64_decode) base64_encode want_bytes) BadSignaturec@s@eZdZdZdededefddZdedededefdd Zd S) SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. keyvaluereturncCst)z2Returns the signature for the given key and value.)NotImplementedErrorselfr r rT/var/www/bmteknikk.ddns.net/venv/lib/python3.10/site-packages/itsdangerous/signer.py get_signatureszSigningAlgorithm.get_signaturesigcCst||||S)zMVerifies the given signature matches the expected signature. )hmaccompare_digestr)rr r rrrrverify_signaturesz!SigningAlgorithm.verify_signatureN)__name__ __module__ __qualname____doc__bytesrboolrrrrrr sr c@s&eZdZdZdededefddZdS) NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. r r r cCsdS)Nrrrrrr%szNoneAlgorithm.get_signatureN)rrrrrrrrrrr src@sNeZdZUdZeejZej e d<d dej fddZ de de d e fd d Z dS) HMACAlgorithmz*Provides signature generation using HMACs.default_digest_methodN digest_methodcCs|dur|j}||_dSN)r r!)rr!rrr__init__1s zHMACAlgorithm.__init__r r r cCstj|||jd}|S)N)msg digestmod)rnewr!digest)rr r macrrrr7szHMACAlgorithm.get_signaturer")rrrr staticmethodhashlibsha1r _tAny__annotations__r#rrrrrrr)s r secret_keyr cCs&t|ttfr t|gSdd|DS)NcSsg|]}t|qSrr).0srrr @sz#_make_keys_list..) isinstancestrrr)r/rrr_make_keys_list<s r5c@seZdZUdZeejZej e d<dZ e e d<     d"de d ed ed eje d ejej d ejef ddZedefddZd#dedefddZdedefddZdedefddZdededefddZdedefddZdedefd d!ZdS)$SigneraA signer securely signs bytes, then unsigns them to verify that the value hasn't been changed. The secret key should be a random string of ``bytes`` and should not be saved to code or version control. Different salts should be used to distinguish signing in different contexts. See :doc:`/concepts` for information about the security of the secret key and salt. :param secret_key: The secret key to sign and verify with. Can be a list of keys, oldest to newest, to support key rotation. :param salt: Extra key to combine with ``secret_key`` to distinguish signatures in different contexts. :param sep: Separator between the signature and value. :param key_derivation: How to derive the signing key from the secret key and salt. Possible values are ``concat``, ``django-concat``, or ``hmac``. Defaults to :attr:`default_key_derivation`, which defaults to ``django-concat``. :param digest_method: Hash function to use when generating the HMAC signature. Defaults to :attr:`default_digest_method`, which defaults to :func:`hashlib.sha1`. Note that the security of the hash alone doesn't apply when used intermediately in HMAC. :param algorithm: A :class:`SigningAlgorithm` instance to use instead of building a default :class:`HMACAlgorithm` with the ``digest_method``. .. versionchanged:: 2.0 Added support for key rotation by passing a list to ``secret_key``. .. versionchanged:: 0.18 ``algorithm`` was added as an argument to the class constructor. .. versionchanged:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. r django-concatdefault_key_derivationitsdangerous.Signer.Nr/saltsepkey_derivationr! algorithmcCst||_t||_|jtvrtd|durt|}nd}||_|dur(|j}||_|dur2|j }||_ |dur>t |j }||_ dS)NzThe given separator cannot be used because it may be contained in the signature itself. ASCII letters, digits, and '-_=' must not be used.r9) r5 secret_keysrr<r ValueErrorr;r8r=r r!rr>)rr/r;r<r=r!r>rrrr#xs&      zSigner.__init__r cCs |jdS)zThe newest (last) entry in the :attr:`secret_keys` list. This is for compatibility from before key rotation support was added. )r?)rrrrr/s zSigner.secret_keycCs|dur |jd}nt|}|jdkr!tt||j|S|jdkr6tt||jd|S|jdkrMt j ||jd}| |j|S|jdkrT|St d ) aThis method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. :param secret_key: A specific secret key to derive from. Defaults to the last item in :attr:`secret_keys`. .. versionchanged:: 2.0 Added the ``secret_key`` parameter. NrAconcatr7ssignerr)r%nonezUnknown key derivation method) r?rr=r,castrr!r;r'rr&update TypeError)rr/r(rrr derive_keys       zSigner.derive_keyr cCs&t|}|}|j||}t|S)z*Returns the signature for the given value.)rrGr>rr)rr r rrrrrszSigner.get_signaturecCst|}||j||S)zSigns the given string.)rr<r)rr rrrsignsz Signer.signrcCs^zt|}Wn tyYdSwt|}t|jD]}||}|j|||r,dSqdS)z+Verifies the signature for the given value.FT)r Exceptionrreversedr?rGr>r)rr rr/r rrrrs   zSigner.verify_signature signed_valuecCsZt|}|j|vrtd|jd||jd\}}|||r#|Std|d|d)zUnsigns the given string.zNo z found in valuerz Signature z does not match)payload)rr<rrsplitr)rrKr rrrrunsigns  z Signer.unsigncCs&z||WdStyYdSw)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TF)rNr)rrKrrrvalidates   zSigner.validate)r9r:NNNr")rrrrr)r*r+r r,r-r.r8r4 _t_secret_key_t_opt_str_bytes _t_str_bytesOptionalr r#propertyrr/rGrrHrrrNrOrrrrr6Cs< +   .!r6)r*rtypingr,encodingrrrrexcrUnionr4rrRrSrQIterablerPr rrListr5r6rrrrs