� M�g�%��ddlmZddlmZddlZddlZddlZddl m Z ddl mZddl mZddl m Z ddlmZGd �d ��ZGd�de��Zddd�ZGd�de��Zdd�ZGd�d��ZdS)�)�annotationsN�)�_base64_alphabet)� base64_decode)� base64_encode�� want_bytes)�BadSignaturec�"�eZdZdZdd�Zdd �Zd S) �SigningAlgorithmzgSubclasses must implement :meth:`get_signature` to provide signature generation functionality. �key�bytes�value�returnc��t��)z2Returns the signature for the given key and value.)�NotImplementedError��selfr rs �c/home/asafur/pinokio/api/open-webui.git/app/env/lib/python3.11/site-packages/itsdangerous/signer.py� get_signaturezSigningAlgorithm.get_signatures��!�#�#�#��sig�boolc�T�tj||�||��S)zMVerifies the given signature matches the expected signature. )�hmac�compare_digestr)rr rrs r�verify_signaturez!SigningAlgorithm.verify_signatures'��"�3��(:�(:�3��(F�(F�G�G�GrN�r rrrrr)r rrrrrrr)�__name__� __module__�__qualname__�__doc__rr�rrrrsL��$�$�$�$�H�H�H�H�H�Hrrc��eZdZdZdd�ZdS) � NoneAlgorithmz`Provides an algorithm that does not perform any signing and returns an empty signature. r rrrc��dS)Nrr#rs rrzNoneAlgorithm.get_signature$s��srNr)rr r!r"rr#rrr%r%s2��rr%r�stringrr�t.Anyc�*�tj|��S)z�Don't access ``hashlib.sha1`` until runtime. FIPS builds may not include SHA-1, in which case the import and use as a default would fail before the developer can configure something else. )�hashlib�sha1)r's r� _lazy_sha1r,(s�� <��rc�F�eZdZUdZee��Zded<dd d�Zdd�Z dS)� HMACAlgorithmz*Provides signature generation using HMACs.r(�default_digest_methodN� digest_methodc�&�|�|j}||_dS�N)r/r0)rr0s r�__init__zHMACAlgorithm.__init__8s�� 6�M�$1��rr rrrc�b�tj|||j��}|��S)N)�msg� digestmod)r�newr0�digest)rr r�macs rrzHMACAlgorithm.get_signature>s)��h�s��1C�D�D�D��z�z�|�|�rr2)r0r(r) rr r!r"�staticmethodr,r/�__annotations__r3rr#rrr.r.0sg��4�4� $0�<� �#;�#;��;�;�;�;�2�2�2�2�2��rr.� secret_key�7str | bytes | cabc.Iterable[str] | cabc.Iterable[bytes]�list[bytes]c�r�t|ttf��rt|��gSd�|D��S)Nc�,�g|]}t|��Sr#r)�.0�ss r� <listcomp>z#_make_keys_list.<locals>.<listcomp>Is��.�.�.�a�J�q�M�M�.�.�.r)� isinstance�strrr )r<s r�_make_keys_listrFCs?��*�s�E�l�+�+�(��:�&�&�'�'�.�.�:�.�.�.�.rc��eZdZUdZee��Zded<dZded< d$d%d�Z e d&d��Zd'd(d�Zd)d�Z d)d�Zd*d �Zd+d"�Zd,d#�Zd S)-�Signera�A signer securely signs bytes, then unsigns them to verify that the value hasn't been changed. The secret key should be a random string of ``bytes`` and should not be saved to code or version control. Different salts should be used to distinguish signing in different contexts. See :doc:`/concepts` for information about the security of the secret key and salt. :param secret_key: The secret key to sign and verify with. Can be a list of keys, oldest to newest, to support key rotation. :param salt: Extra key to combine with ``secret_key`` to distinguish signatures in different contexts. :param sep: Separator between the signature and value. :param key_derivation: How to derive the signing key from the secret key and salt. Possible values are ``concat``, ``django-concat``, or ``hmac``. Defaults to :attr:`default_key_derivation`, which defaults to ``django-concat``. :param digest_method: Hash function to use when generating the HMAC signature. Defaults to :attr:`default_digest_method`, which defaults to :func:`hashlib.sha1`. Note that the security of the hash alone doesn't apply when used intermediately in HMAC. :param algorithm: A :class:`SigningAlgorithm` instance to use instead of building a default :class:`HMACAlgorithm` with the ``digest_method``. .. versionchanged:: 2.0 Added support for key rotation by passing a list to ``secret_key``. .. versionchanged:: 0.18 ``algorithm`` was added as an argument to the class constructor. .. versionchanged:: 0.14 ``key_derivation`` and ``digest_method`` were added as arguments to the class constructor. r(r/� django-concatrE�default_key_derivation�itsdangerous.Signer�.Nr<r=�salt�str | bytes | None�sep�str | bytes�key_derivation� str | Noner0�t.Any | None� algorithm�SigningAlgorithm | Nonec�@�t|��|_t|��|_|jtvrtd��|�t|��}nd}||_|�|j}||_|�|j }||_ |�t|j ��}||_dS)Nz�The given separator cannot be used because it may be contained in the signature itself. ASCII letters, digits, and '-_=' must not be used.rK) rF�secret_keysr rOr� ValueErrorrMrJrQr/r0r.rT)rr<rMrOrQr0rTs rr3zSigner.__init__�s��)8� �(C�(C��$�S�/�/��8�'�'�'��7�� d�#�#�D�D�)�D�� !�!�8�N�#1�� 6�M�$1��%�d�&8�9�9�I�+4��rrrc��|jdS)z�The newest (last) entry in the :attr:`secret_keys` list. This is for compatibility from before key rotation support was added. ��)rW)rs rr<zSigner.secret_key�s�� #�#rc�n�|�|jd}nt|��}|jdkrGtjt |�|j|z��S|jdkrJtjt |�|jdz|z��S|jdkrItj ||j��}|�|j��|��S|jdkr|Std ��) a�This method is called to derive the key. The default key derivation choices can be overridden here. Key derivation is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys. :param secret_key: A specific secret key to derive from. Defaults to the last item in :attr:`secret_keys`. .. versionchanged:: 2.0 Added the ``secret_key`` parameter. NrZ�concatrIssignerr)r6�nonezUnknown key derivation method) rWr rQ�t�castrr0rMr8rr7�update� TypeError)rr<r9s r� derive_keyzSigner.derive_key�s ��)�"�-�J�J�#�J�/�/�J��(�*�*��6�%��!3�!3�D�I� �4J�!K�!K�!R�!R�!T�!T�U�U�U� � �O� 3� 3��6��t�)�)�$�)�i�*?�*�*L�M�M�T�T�V�V�� F� *� *��(�:��1C�D�D�D�C��J�J�t�y�!�!�!��:�:�<�<�� F� *� *��;�<�<�<rrc��t|��}|��}|j�||��}t |��S)z*Returns the signature for the given value.)r rbrTrr)rrr rs rrzSigner.get_signature�sC��5�!�!��o�o��n�*�*�3��6�6��S�!�!�!rc�`�t|��}||jz|�|��zS)zSigns the given string.)r rOr)rrs r�signzSigner.sign�s/��5�!�!��t�x��$�"4�"4�U�";�";�;�;rrrc�� t|��}n#t$rYdSwxYwt|��}t|j��D]6}|�|��}|j�|||��rdS�7dS)z+Verifies the signature for the given value.FT)r� Exceptionr �reversedrWrbrTr)rrrr<r s rrzSigner.verify_signature�s�� $�$�C�C�� 5�5� ��5�!�!��"�4�#3�4�4� � �J��/�/�*�-�-�C��~�.�.�s�E�3�?�?� ��t�t� ��us�� signed_valuec��t|��}|j|vrtd|j�d��|�|jd��\}}|�||��r|Std|�d�|��)zUnsigns the given string.zNo z found in valuerz Signature z does not match)�payload)r rOr �rsplitr)rrirrs r�unsignz Signer.unsign�s��!�,�/�/��8�<�'�'��@�T�X�@�@�@�A�A�A�!�(�(��1�5�5� ��s�� ,�,� ��L��>��>�>�>��N�N�N�Nrc�T� |�|��dS#t$rYdSwxYw)znOnly validates the given signed value. Returns ``True`` if the signature exists and is valid. TF)rmr )rris r�validatezSigner.validates@�� K�K��%�%�%��4�� 5�5� ��s�� '�')rKrLNNN)r<r=rMrNrOrPrQrRr0rSrTrU)rrr2)r<rNrr)rrPrr)rrPrrPrr)rirPrr)rirPrr)rr r!r"r:r,r/r;rJr3�propertyr<rbrrerrmror#rrrHrHLs ��#�#�V$0�<� �#;�#;��;�;�;�;�#2��1�1�1�1� $:��%)�&*�-1�,5�,5�,5�,5�,5�\�$�$�$��X�$�=�=�=�=�=�B"�"�"�"�<�<�<�<� ��"O�O�O�O��rrH)r)r'rrr()r<r=rr>)� __future__r�collections.abc�abc�cabcr*r�typingr^�encodingrrrr �excr rr%r,r.rFrHr#rr�<module>rxs��"�"�"�"�"�"��&�&�&�&�&�&�#�#�#�#�#�#�#�#�#�#�#�#� � � � � � �� H� H� H� H� H� H� H� H� ��$�� $��&/�/�/�/�~�~�~�~�~�~�~�~�~�~r