f%ddlmZddlmZddlZddlZddlZddl m Z ddl m Z ddl m Z ddl m Z ddlmZGd d ZGd d eZdddZGddeZddZGddZdS)) annotationsN)_base64_alphabet) base64_decode) base64_encode want_bytes) BadSignaturec"eZdZdZd dZd d Zd S) SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. keybytesvaluereturnct)z2Returns the signature for the given key and value.)NotImplementedErrorselfr rs V/var/www/api.educacionweb.es/myenv/lib/python3.11/site-packages/itsdangerous/signer.py get_signaturezSigningAlgorithm.get_signatures!###sigboolcTtj||||S)zMVerifies the given signature matches the expected signature. )hmaccompare_digestr)rr rrs rverify_signaturez!SigningAlgorithm.verify_signatures'"3(:(:3(F(FGGGrNr rrrrr)r rrrrrrr)__name__ __module__ __qualname____doc__rrrrr r sL$$$$HHHHHHrr ceZdZdZddZdS) NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. r rrrcdS)Nrr#rs rrzNoneAlgorithm.get_signature$ssrNr)rr r!r"rr#rrr%r%s2rr%rstringrrt.Anyc*tj|S)zDon't access ``hashlib.sha1`` until runtime. FIPS builds may not include SHA-1, in which case the import and use as a default would fail before the developer can configure something else. )hashlibsha1)r's r _lazy_sha1r,(s <  rcFeZdZUdZeeZded<d d dZdd Z dS) HMACAlgorithmz*Provides signature generation using HMACs.r(default_digest_methodN digest_methodc&||j}||_dSN)r/r0)rr0s r__init__zHMACAlgorithm.__init__8s   6M$1rr rrrcbtj|||j}|S)N)msg digestmod)rnewr0digest)rr rmacs rrzHMACAlgorithm.get_signature>s)hs1CDDDzz||rr2)r0r(r) rr r!r" staticmethodr,r/__annotations__r3rr#rrr.r.0sg44 $0< #;#;;;;;22222 rr. secret_key7str | bytes | cabc.Iterable[str] | cabc.Iterable[bytes] list[bytes]crt|ttfrt|gSd|DS)Nc,g|]}t|Sr#r).0ss r z#_make_keys_list..Is . . .aJqMM . . .r) isinstancestrrr )r<s r_make_keys_listrFCs?*sEl++(:&&'' . .: . . ..rceZdZUdZeeZded<dZded< d$d%dZ e d&dZ d'd(dZ d)dZ d)dZd*d Zd+d"Zd,d#Zd S)-SigneraA signer securely signs bytes, then unsigns them to verify that the value hasn't been changed. The secret key should be a random string of ``bytes`` and should not be saved to code or version control. Different salts should be used to distinguish signing in different contexts. See :doc:`/concepts` for information about the security of the secret key and salt. :param secret_key: The secret key to sign and verify with. Can be a list of keys, oldest to newest, to support key rotation. :param salt: Extra key to combine with ``secret_key`` to distinguish signatures in different contexts. :param sep: Separator between the signature and value. :param key_derivation: How to derive the signing key from the secret key and salt. Possible values are ``concat``, ``django-concat``, or ``hmac``. Defaults to :attr:`default_key_derivation`, which defaults to ``django-concat``. :param digest_method: Hash function to use when generating the HMAC signature. Defaults to :attr:`default_digest_method`, which defaults to :func:`hashlib.sha1`. Note that the security of the hash alone doesn't apply when used intermediately in HMAC. :param algorithm: A :class:`SigningAlgorithm` instance to use instead of building a default :class:`HMACAlgorithm` with the ``digest_method``. .. versionchanged:: 2.0 Added support for key rotation by passing a list to ``secret_key``. .. versionchanged:: 0.18 ``algorithm`` was added as an argument to the class constructor. .. versionchanged:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. r(r/ django-concatrEdefault_key_derivationitsdangerous.Signer.Nr<r=saltstr | bytes | Nonesep str | byteskey_derivation str | Noner0 t.Any | None algorithmSigningAlgorithm | Nonec@t||_t||_|jtvrt d|t|}nd}||_||j}||_||j }||_ |t|j }||_ dS)NzThe given separator cannot be used because it may be contained in the signature itself. ASCII letters, digits, and '-_=' must not be used.rK) rF secret_keysr rOr ValueErrorrMrJrQr/r0r.rT)rr<rMrOrQr0rTs rr3zSigner.__init__s)8 (C(C$S// 8' ' '7   d##DD)D  !!8N#1   6M$1  %d&899I+4rrrc|jdS)zThe newest (last) entry in the :attr:`secret_keys` list. This is for compatibility from before key rotation support was added. )rW)rs rr<zSigner.secret_keys ##rcn||jd}nt|}|jdkrGtjt ||j|zS|jdkrJtjt ||jdz|zS|jdkrItj ||j}| |j|S|jdkr|Std ) aThis method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. :param secret_key: A specific secret key to derive from. Defaults to the last item in :attr:`secret_keys`. .. versionchanged:: 2.0 Added the ``secret_key`` parameter. NrZconcatrIssignerr)r6nonezUnknown key derivation method) rWr rQtcastrr0rMr8rr7update TypeError)rr<r9s r derive_keyzSigner.derive_keys   )"-JJ#J//J  ( * *6%!3!3DI 4J!K!K!R!R!T!TUU U  O 3 36t))$)i*?**LMMTTVV  F * *(:1CDDDC JJty ! ! !::<<   F * * ;<< >>>NNNNrcT ||dS#t$rYdSwxYw)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TF)rmr )rris rvalidatezSigner.validates@  KK % % %4   55 s  '')rKrLNNN) r<r=rMrNrOrPrQrRr0rSrTrU)rrr2)r<rNrr)rrPrr)rrPrrPrr)rirPrr)rirPrr)rr r!r"r:r,r/r;rJr3propertyr<rbrrerrmror#rrrHrHLs ##V$0< #;#;;;;;#21111 $:%)&*-1,5,5,5,5,5\$$$X$ =====B""""<<<< " O O O OrrH)r)r'rrr()r<r=rr>) __future__rcollections.abcabccabcr*rtypingr^encodingrrrr excr r r%r,r.rFrHr#rrrxs"""""" &&&&&&############  H H H H H H H H $     $&////~~~~~~~~~~r