| Server IP : 85.193.89.191 / Your IP : 18.221.181.79 Web Server : Apache System : Linux 956367-cx40159.tmweb.ru 3.10.0-1160.105.1.el7.x86_64 #1 SMP Thu Dec 7 15:39:45 UTC 2023 x86_64 User : bitrix ( 600) PHP Version : 8.1.27 Disable Function : NONE MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /lib/python2.7/site-packages/passlib/ |
Upload File : |
�
��Xc�����������@`�s��d��Z��d�d�l�m�Z�m�Z�m�Z�d�d�l�m�Z�d�d�l�Z�d�d�l�Z�d�d�l �Z �d�d�l
�Z
�d�d�l
�Z
�e
�j
�e
���Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�d�d�l�Z�e�r��d�d�l�m�Z�m�Z�m�Z�m�Z�n,�d�d�l�m�Z�m�Z�d�d�l�m�Z�m�Z�d�d�l�m
�Z
�y?�d�d �l
�m
�Z �d�d�l �Z!�d�d�l"�Z!�d�d
�l#�m$�Z%�[!�Wn(�e&�k
�r�e�j'�d
���e(�Z%�Z �n�Xd�d
�l)�m*�Z*�d�d
�l+�m,�Z,�m-�Z-�m.�Z.�m/�Z/�d�d�l0�m1�Z1�m2�Z2�m3�Z3�m4�Z4�m5�Z5�m6�Z6�m7�Z7�m8�Z8�d�d�l9�m:�Z:�m;�Z;�m<�Z<�d�d�l�m=�Z=�m>�Z>�m?�Z?�m@�Z@�mA�ZA�mB�ZB�mC�ZC�mD�ZD�mE�ZE�mF�ZF�d�d�lG�mH�ZH�mI�ZI�d�d�lJ�mK�ZK�mL�ZL�mM�ZM�d�d�lN�mO�ZO�d�d�d�d�d�d�d�d�g�ZP�e�jQ�d
�d
�d
�f�k��rd�d �l�mR�ZR�d �eR�k�r eR�jS�d ���e�j'�d!���n��[R�n��e�jT�e=�d"���e�jU���ZV�d
�d#�d$�g�ZW�d%����ZX�d&�d'���ZY�d(����ZZ�e[�e%���Z\�e�jT�d)���Z]�d�e^�f�d*�������YZ_�e�j`�d+���ja�Zb�e�j`�d,���jc�Zd�d-�d.�Ze�d�e^�f�d/�������YZf�d�e6�f�d0�������YZg�d�e6�f�d1�������YZh�d2�e:�d3� d4���Zi�d�S(5���s@���passlib.totp -- TOTP / RFC6238 / Google Authenticator utilities.i����(���t���absolute_importt���divisiont���print_function(���t���PY3N(���t���urlparset ���parse_qslt���quotet���unquote(���R���R���(���R���R���(���t���warn(���t���default_backend(���t���cipherss=���can't import 'cryptography' package, totp encryption disabled(���t���exc(���t
���TokenErrort���MalformedTokenErrort���InvalidTokenErrort���UsedTokenError(���t
���to_unicodet���to_bytest���consteqt
���getrandbytest���rngt
���SequenceMixint ���xor_bytest
���getrandstr(���t
���BASE64_CHARSt ���b32encodet ���b32decode(
���t���ut���unicodet���native_string_typest
���bascii_to_strt ���int_typest ���num_typest���iranget���byte_elem_valuet ���UnicodeIOt���suppress_cause(���t
���hybrid_methodt���memoized_property(���t
���lookup_hasht
���compile_hmact
���pbkdf2_hmac(���t
���pbkdf2_sha256t ���AppWallett���TOTPR
���R
���R���R���t ���TotpTokent ���TotpMatchi���i���i���(���t
���uses_queryt���otpauths4���registered 'otpauth' scheme with urlparse.uses_querys���\s|[-=]i���i���c���������C`�sg���x
�t��D]�}�|��|�s�|�Sq�Wt��d�}�d�}�x1�t��D])�}�|��|�|�k�r6�|�}�|��|�}�q6�q6�W|�S(���sb���
helper for group_string() --
calculates optimal size of group for given string size.
i����(���t
���_chunk_sizes(���t���klent���sizet���bestt���rem(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���_get_group_sizeZ���s����
t���-c���������`�sD���t������}�t�|������|�j������f�d����t�d�|������D����S(���s����
reformat string into (roughly) evenly-sized groups, separated by **sep**.
useful for making tokens & keys easier to read by humans.
c���������3`�s ���|��]�}���|�|����!Vq�d��S(���N(����(���t���.0t���o(���R3���t���value(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pys ���<genexpr>t���s����i����(���t���lenR6���t���joinR!���(���R:���t���sepR2���(����(���R3���R:���s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���group_stringm���s����
c���������C`�s����|�d�k�r7�t��|��t���s3�t�j�|��d�d�����n��|��St�|��d�d��}��t�j�d�|����j�d���}��|�d�k�s|�|�d�k�r��t�j �|��j
������S|�d �k�r��t
�|����St
�d
�|�f�����d
�S(
���sR���
internal TOTP() helper --
decodes key according to specified format.
t���rawt���bytest���keyt���paramt����s���utf-8t���hext���base16t���base32s ���unknown byte-encoding format: %rN(
���t
���isinstanceR@���R
���t���ExpectedTypeErrorR���t ���_clean_ret���subt���encodet���base64t ���b16decodet���upperR���t
���ValueError(���RA���t���format(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���_decode_bytesz���s����
s���(?i)^[a-z0-9][a-z0-9_.-]*$c�����������B`�s����e��Z�d��Z�d�Z�d�Z�d
�Z�d
�Z�d
�d
�d
�d
�d���Z�d����Z �d����Z
�e
�d������Z
�d����Z
�e�e�d�����Z�d ����Z�d
����Z�RS(
���s�
��
This class stores application-wide secrets that can be used
to encrypt & decrypt TOTP keys for storage.
It's mostly an internal detail, applications usually just need
to pass ``secrets`` or ``secrets_path`` to :meth:`TOTP.using`.
.. seealso::
:ref:`totp-storing-instances` for more details on this workflow.
Arguments
=========
:param secrets:
Dict of application secrets to use when encrypting/decrypting
stored TOTP keys. This should include a secret to use when encrypting
new keys, but may contain additional older secrets to decrypt
existing stored keys.
The dict should map tags -> secrets, so that each secret is identified
by a unique tag. This tag will be stored along with the encrypted
key in order to determine which secret should be used for decryption.
Tag should be string that starts with regex range ``[a-z0-9]``,
and the remaining characters must be in ``[a-z0-9_.-]``.
It is recommended to use something like a incremental counter
("1", "2", ...), an ISO date ("2016-01-01", "2016-05-16", ...),
or a timestamp ("19803495", "19813495", ...) when assigning tags.
This mapping be provided in three formats:
* A python dict mapping tag -> secret
* A JSON-formatted string containing the dict
* A multiline string with the format ``"tag: value\ntag: value\n..."``
(This last format is mainly useful when loading from a text file via **secrets_path**)
.. seealso:: :func:`generate_secret` to create a secret with sufficient entropy
:param secrets_path:
Alternately, callers can specify a separate file where the
application-wide secrets are stored, using either of the string
formats described in **secrets**.
:param default_tag:
Specifies which tag in **secrets** should be used as the default
for encrypting new keys. If omitted, the tags will be sorted,
and the largest tag used as the default.
if all tags are numeric, they will be sorted numerically;
otherwise they will be sorted alphabetically.
this permits tags to be assigned numerically,
or e.g. using ``YYYY-MM-DD`` dates.
:param encrypt_cost:
Optional time-cost factor for key encryption.
This value corresponds to log2() of the number of PBKDF2
rounds used.
.. warning::
The application secret(s) should be stored in a secure location by
your application, and each secret should contain a large amount
of entropy (to prevent brute-force attacks if the encrypted keys
are leaked).
:func:`generate_secret` is provided as a convenience helper
to generate a new application secret of suitable size.
Best practice is to load these values from a file via **secrets_path**,
and then have your application give up permission to read this file
once it's running.
Public Methods
==============
.. autoattribute:: has_secrets
.. autoattribute:: default_tag
Semi-Private Methods
====================
The following methods are used internally by the :class:`TOTP`
class in order to encrypt & decrypt keys using the provided application
secrets. They will generally not be publically useful, and may have their
API changed periodically.
.. automethod:: get_secret
.. automethod:: encrypt_key
.. automethod:: decrypt_key
i
���i���c���������C`�s��|�d��k �rH�t�|�t���r*�t�|���}�n��|�d�k�s<�t���|�|��_�n��|�d��k �r��|�d��k �ro�t�d�����n��t�|�d���j����}�n��|��j �|���}�|��_
�|�r|�d��k �r��|��j
�|���n7�t
�d����|�D����r��t
�|�d�t��}�n
�t
�|���}�|�|��_�n��d��S(���Ni����s3���'secrets' and 'secrets_path' are mutually exclusivet���rtc���������s`�s���|��]�}�|�j�����Vq�d��S(���N(���t���isdigit(���R8���t���tag(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pys ���<genexpr>*��s����RA���(���t���NoneRG���R
���t���intt���AssertionErrort
���encrypt_costt ���TypeErrort���opent���readt���_parse_secretst���_secretst
���get_secrett���allt���maxt
���default_tag(���t���selft���secretsRa���RX���t
���secrets_path(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���__init__��s"����
c���������`�s����t��}�t�|�t���r��|�j����j�d ���r<�t�j�|���}�q��d�|�k�rr�d�|�k�rr�d����}�|�|���}�t�}�q��t�d�����n��|�d
�k�r��i��St�|�t
���r��|�j
����}�n�|�r��t
�d�����n��t
����f�d����|�D����S(
���sf���
parse 'secrets' parameter
:returns:
Dict[tag:str, secret:bytes]
t���[t���{s���
t���:c���������s`�so���xh�|��j�����D]Z�}�|�j����}�|�r
�|�j�d���
r
�|�j�d�d���\�}�}�|�j����|�j����f�Vq
�q
�Wd��S(���Nt���#Rh���i���(���t
���splitlinest���stript
���startswitht���split(���t���sourcet���lineRT���t���secret(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���iter_pairsB��s
����
s"���unrecognized secrets string formats+���'secrets' must be mapping, or list of itemsc���������3`�s'���|��]
�\�}�}����j��|�|���Vq�d��S(���N(���t���_parse_secret_pair(���R8���RT���R:���(���Rb���(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pys ���<genexpr>Y��s���(���Rf���Rg���N(
���t���TrueRG���R
���t���lstripRl���t���jsont���loadst���FalseRO���RU���t���dictt���itemsRY���(���Rb���Rn���t
���check_typeRq���(����(���Rb���s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR\���0��s"����
c���������C`�s����t��|�t���r�n1�t��|�t���r0�t�|���}�n�t�d�|�f�����t�j�|���sh�t�d�|�f�����n��t��|�t���s��t �|�d�d�|�f��}�n��|�s��t�d�|�f�����n��|�|�f�S(���Ns
���tag must be unicode/string: %rs#���tag contains invalid characters: %rRB���s ���secret %rs
���tag contains empty secret: %r(
���RG���R
���RV���t���strRY���t���_tag_ret���matchRO���R@���R���(���Rb���RT���R:���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRr���\��s����
c���������C`�s
���|��j��d�k �S(���s2���whether at least one application secret is presentN(���Ra���RU���(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���has_secretso��s����c���������C`�s[���|��j��}�|�s
�t�d�����n��y
�|�|�SWn*�t�k
�rV�t�t�d�|�f�������n�Xd�S(���sh���
resolve a secret tag to the secret (as bytes).
throws a KeyError if not found.
s!���no application secrets configureds���unknown secret tag: %rN(���R]���t���KeyErrorR$���(���Rb���RT���Rc���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR^���t��s����
c������ ���C`�s����t��d �k�r�t�d�����n��t�d�|�d�|�d�d�|�>d�d��}�t��j�t��j�j�|�d� ��t��j�j�|�d� ��t ������}�|�r��|�j
����n �|�j
����}�|�j
�|����|�j
����S(
���s&��
Internal helper for :meth:`encrypt_key` --
handles lowlevel encryption/decryption.
Algorithm details:
This function uses PBKDF2-HMAC-SHA256 to generate a 32-byte AES key
and a 16-byte IV from the application secret & random salt.
It then uses AES-256-CTR to encrypt/decrypt the TOTP key.
CTR mode was chosen over CBC because the main attack scenario here
is that the attacker has stolen the database, and is trying to decrypt a TOTP key
(the plaintext value here). To make it hard for them, we want every password
to decrypt to a potentially valid key -- thus need to avoid any authentication
or padding oracle attacks. While some random padding construction could be devised
to make this work for CBC mode, a stream cipher mode is just plain simpler.
OFB/CFB modes would also work here, but seeing as they have malleability
and cyclic issues (though remote and barely relevant here),
CTR was picked as the best overall choice.
sI���TOTP encryption requires 'cryptography' package (https://cryptography.io)t���sha256t���saltt���roundsi���t���keyleni0���i ���N(���t
���_cg_ciphersRU���t
���RuntimeErrorR)���t���Ciphert
���algorithmst���AESt���modest���CTRt���_cg_default_backendt ���decryptort ���encryptort���updatet���finalize(���R:���Rp���R����t���costt���decryptt���keyivt���ciphert���ctx(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���_cipher_aes_key���s����
%
c������
���C`�s����|�s�t��d�����n��t�t�|��j���}�|��j�}�|��j�}�|�sN�t�d�����n��|��j�|�|��j�|���|�|���}�t �d�d�d�|�d�|�d�t
�|���d�t
�|�����S( ���s0��
Helper used to encrypt TOTP keys for storage.
:param key:
TOTP key to encrypt, as raw bytes.
:returns:
dict containing encrypted TOTP key & configuration parameters.
this format should be treated as opaque, and potentially subject
to change, though it is designed to be easily serialized/deserialized
(e.g. via JSON).
.. note::
This function requires installation of the external
`cryptography <https://cryptography.io>`_ package.
To give some algorithm details: This function uses AES-256-CTR to encrypt
the provided data. It takes the application secret and randomly generated salt,
and uses PBKDF2-HMAC-SHA256 to combine them and generate the AES key & IV.
s���no key provideds8���no application secrets configured, can't encrypt OTP keyt���vi���t���ct���tt���st���k(
���RO���R���R���t ���salt_sizeRX���Ra���RY���R����R^���Rx���R���(���Rb���RA���R����R����RT���t���ckey(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���encrypt_key���s���� !c������ ���C`�s����t��|�t���s
�t�d�����n��|�j�d�d
���}�t�}�|�d�k�rN�|��j�}�n�t�d�|�f�����|�d�}�|�d�}�|�d�t�|�d���d �|��j �|���d
�t�|�d
���d
�|���}�|�|��j
�k�s��|�|��j
�k�r��t
�}�n��|�|�f�S(���s���
Helper used to decrypt TOTP keys from storage format.
Consults configured secrets to decrypt key.
:param source:
source object, as returned by :meth:`encrypt_key`.
:returns:
``(key, needs_recrypt)`` --
**key** will be the decrypted key, as bytes.
**needs_recrypt** will be a boolean flag indicating
whether encryption cost or default tag is too old,
and henace that key needs re-encrypting before storing.
.. note::
This function requires installation of the external
`cryptography <https://cryptography.io>`_ package.
s���'enckey' must be dictionaryR����i���s+���missing / unrecognized 'enckey' version: %rR����R����R:���R����Rp���R����R����R����N(
���RG���Rx���RY���t���getRU���Rw���R����RO���R���R^���RX���Ra���Rs���(���Rb���t���enckeyt���versiont
���needs_recryptt
���_cipher_keyRT���R����RA���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���decrypt_key���s"����
N(���t���__name__t
���__module__t���__doc__R����RX���RU���R]���Ra���Re���R\���Rr���t���propertyR~���R^���t
���staticmethodRw���R����R����R����(����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR+�������s
���X
( , % !s���>Qs���>It����i���c��������
���B`�s���e��Z�d��Z�d�Z�d�Z�Z�d.�Z�e�j �Z
�d.�Z
�d.�Z
�d.�Z
�d�Z�d�Z�d.�Z�d.�Z�d�Z�e�Z�e�d.�d.�d.�d.�d.�d.�d�����Z�e�d������Z�d.�d�e�d.�d.�d.�d.�d.�d.�e�d ��
�Z�e�d
�d
�����Z�e�d
������Z�e�d
������Z
�e
�d������Z
�e
�j �d������Z
�e
�d������Z �e �j �d������Z �e
�d������Z!�e
�d������Z"�d�d�d���Z#�e�d������Z$�d����Z%�d����Z&�e'�d������Z(�d.�d���Z)�d����Z*�e�d
������Z+�d.�d�d
�d.�d
���Z,�d.�d
���Z-�e�d ������Z.�e�d ������Z/�e�d!������Z0�e�d"������Z1�e�d.�d.�d.�d.�d.�d.�d#�����Z2�e�d$������Z3�e�d%������Z4�d.�d.�d&���Z5�d'����Z6�e�d(������Z7�d.�d)���Z8�e�d*������Z9�e�d+������Z:�e�d,������Z;�d.�d-���Z<�RS(/���s9
��
Helper for generating and verifying TOTP codes.
Given a secret key and set of configuration options, this object
offers methods for token generation, token validation, and serialization.
It can also be used to track important persistent TOTP state,
such as the last counter used.
This class accepts the following options
(only **key** and **format** may be specified as positional arguments).
:arg str key:
The secret key to use. By default, should be encoded as
a base32 string (see **format** for other encodings).
Exactly one of **key** or ``new=True`` must be specified.
:arg str format:
The encoding used by the **key** parameter. May be one of:
``"base32"`` (base32-encoded string),
``"hex"`` (hexadecimal string), or ``"raw"`` (raw bytes).
Defaults to ``"base32"``.
:param bool new:
If ``True``, a new key will be generated using :class:`random.SystemRandom`.
Exactly one ``new=True`` or **key** must be specified.
:param str label:
Label to associate with this token when generating a URI.
Displayed to user by most OTP client applications (e.g. Google Authenticator),
and typically has format such as ``"John Smith"`` or ``"jsmith@webservice.example.org"``.
Defaults to ``None``.
See :meth:`to_uri` for details.
:param str issuer:
String identifying the token issuer (e.g. the domain name of your service).
Used internally by some OTP client applications (e.g. Google Authenticator) to distinguish entries
which otherwise have the same label.
Optional but strongly recommended if you're rendering to a URI.
Defaults to ``None``.
See :meth:`to_uri` for details.
:param int size:
Number of bytes when generating new keys. Defaults to size of hash algorithm (e.g. 20 for SHA1).
.. warning::
Overriding the default values for ``digits``, ``period``, or ``alg`` may
cause problems with some OTP client programs (such as Google Authenticator),
which may have these defaults hardcoded.
:param int digits:
The number of digits in the generated / accepted tokens. Defaults to ``6``.
Must be in range [6 .. 10].
.. rst-class:: inline-title
.. caution::
Due to a limitation of the HOTP algorithm, the 10th digit can only take on values 0 .. 2,
and thus offers very little extra security.
:param str alg:
Name of hash algorithm to use. Defaults to ``"sha1"``.
``"sha256"`` and ``"sha512"`` are also accepted, per :rfc:`6238`.
:param int period:
The time-step period to use, in integer seconds. Defaults to ``30``.
..
See the passlib documentation for a full list of attributes & methods.
i
���i���i���t���sha1i
���c��� ������
`�sc��t��d�|��f�i����������f�d����}�|�d
�k �rE�|�d�|������_�n��|�d
�k �rf�|�d�|������_�n��|�d
�k �r��|�d�|������_�n��|�d
�k �r��|�d�|������_�n��|�r��t�|�������_�|�rt�d�����qn?�|�d
�k �rt �|�t���st
�j
�|�t�d�����n��|����_�n��|�d
�k �r_t �|����t
���rA|����d �k�sMt
�d
�����t�|������_�n�����S(
���s:��
Dynamically create subtype of :class:`!TOTP` class
which has the specified defaults set.
:parameters: **digits, alg, period, issuer**:
All these options are the same as in the :class:`TOTP` constructor,
and the resulting class will use any values you specify here
as the default for all TOTP instances it creates.
:param wallet:
Optional :class:`AppWallet` that will be used for encrypting/decrypting keys.
:param secrets, secrets_path, encrypt_cost:
If specified, these options will be passed to the :class:`AppWallet` constructor,
allowing you to directly specify the secret keys that should be used
to encrypt & decrypt stored keys.
:returns:
subclass of :class:`!TOTP`.
This method is useful for creating a TOTP class configured
to use your application's secrets for encrypting & decrypting
keys, as well as create new keys using it's desired configuration defaults.
As an example::
>>> # your application can create a custom class when it initializes
>>> from passlib.totp import TOTP, generate_secret
>>> TotpFactory = TOTP.using(secrets={"1": generate_secret()})
>>> # subsequent TOTP objects created from this factory
>>> # will use the specified secrets to encrypt their keys...
>>> totp = TotpFactory.new()
>>> totp.to_dict()
{'enckey': {'c': 14,
'k': 'H77SYXWORDPGVOQTFRR2HFUB3C45XXI7',
's': 'G5DOQPIHIBUM2OOHHADQ',
't': '1',
'v': 1},
'type': 'totp',
'v': 1}
.. seealso:: :ref:`totp-creation` and :ref:`totp-storing-instances` tutorials for a usage example
R,���c���������`�s8���t��d�t�d�d���}�|�|�|��<���|����}�t�|�|����S(���s����
helper which uses constructor to validate parameter value.
it returns corresponding attribute, so we use normalized value.
RA���RP���R?���(���Rx���t
���_DUMMY_KEYt���getattr(���t���attrR:���t���kwdst���obj(���t���subcls(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���norm_param���s����
t���digitst���algt���periodt���issuers6���'wallet' and 'secrets' keywords are mutually exclusivet���walleti����s1���now() function must return non-negative int/floatN(���t���typeRU���R����R����R����R����R+���R����RY���RG���R
���RH���R ���RW���R����t���now( ���t���clsR����R����R����R����R����R����R����R����(����(���R����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���using���s.����8
$ c���������K`�s���|��d�t��|���S(���sY���
convenience alias for creating new TOTP key, same as ``TOTP(new=True)``
t���new(���Rs���(���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s����RF���c
���������K`�sP��t��t�|����j�|
����|
�r(�|
�|��_�n��t�|�p7�|��j���}
�|
�j�|��_�|
�j�}
�|
�d�k��rq�t�d�|�����n��|�r��|�r��t �d�����n��|�d��k�r��|
�}�n �|�|
�k�r��t
�d�|
�����n��t
�t
�|���|��_�nH�|�s��t �d�����n3�|�d�k�r|�|��_�n�|�r
t�|�|���|��_�n��t�|��j���|��j�k��rpd�|��j�}�|�rWt
�|�����qpt�|�t�j�d�d ��n��|�d��k�r�|��j�}�n��t�|�t���s�t �d
�t�|�������n��|�d
�k��s�|�d
�k�r�t
�d
�����n��|�|��_�|�r�|��j�|���|�|��_�n��| �r
|��j
�| ���| �|��_
�n��|�d��k �rL|��j
�|�d�d�d ��|�|��_ �n��d��S(���Ni���s���%r hash digest too smalls+���'key' and 'new=True' are mutually exclusives+���'size' should be less than digest size (%d)s4���must specify either an existing 'key', or 'new=True't ���encrypteds5���for security purposes, secret key must be >= %d bytest
���stackleveli���s#���digits must be an integer, not a %ri���i
���s���digits must in range(6,11)R����t���minval( ���t���superR,���Re���t���changedR'���R����t���namet
���digest_sizeR����RY���RU���RO���R���R���RA���t
���encrypted_keyRQ���R;���t
���_min_key_sizeR���R
���t���PasslibSecurityWarningR����RG���R ���R����t
���_check_labelt���labelt
���_check_issuerR����t
���_check_serialR����(���Rb���RA���RP���R����R����R����R3���R����R����R����R����R����t���infoR����t���msg(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRe�����sX����
i����c���������C`�sP���t��|��t���s'�t�j�|��d�|�����n��|��|�k��rL�t�d�|�|�f�����n��d�S(���sR���
check that serial value (e.g. 'counter') is non-negative integer
RV���s���%s must be >= %dN(���RG���R ���R
���RH���RO���(���R:���RB���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����Q��s����
c���������C`�s%���|��r!�d�|��k�r!�t��d�����n��d�S(���sQ���
check that label doesn't contain chars forbidden by KeyURI spec
Rh���s���label may not contain ':'N(���RO���(���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����[��s����c���������C`�s%���|��r!�d�|��k�r!�t��d�����n��d�S(���sR���
check that issuer doesn't contain chars forbidden by KeyURI spec
Rh���s���issuer may not contain ':'N(���RO���(���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����c��s����c���������C`�s���|��j��S(���s)���
secret key as raw bytes
(���t���_key(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRA���r��s����c���������C`�sD���t��|�t���s'�t�j�|�t�d�����n��|�|��_�d��|��_�|��_�d��S(���NRA���(���RG���R@���R
���RH���R����RU���t���_encrypted_keyt
���_keyed_hmac(���Rb���R:���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRA���y��s���� c���������C`�sS���|��j��}�|�d�k�rO�|��j�}�|�s3�t�d�����n��|�j�|��j���}�|��_��n��|�S(���s����
secret key, encrypted using application secret.
this match the output of :meth:`AppWallet.encrypt_key`,
and should be treated as an opaque json serializable object.
s6���no application secrets present, can't encrypt TOTP keyN(���R����RU���R����RY���R����RA���(���Rb���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s����
c���������C`�sU���|��j��}�|�s
�t�d�����n��|�j�|���\�|��_�}�|�rH�t�|��_�n �|�|��_�d��S(���Ns6���no application secrets present, can't decrypt TOTP key(���R����RY���R����RA���Rs���R����R����(���Rb���R:���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s����
c���������C`�s
���t��t�j�|��j�����j����S(���s:���
secret key encoded as hexadecimal string
(���R
���RL���t ���b16encodeRA���t���lower(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���hex_key���s����c���������C`�s
���t��|��j���S(���s5���
secret key encoded as base32 string
(���R���RA���(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���base32_key���s����R7���c���������C`�sk���|�d�k�s�|�d�k�r$�|��j��}�n+�|�d�k�r<�|��j�}�n�t�d�|�f�����|�rg�t�|�|���}�n��|�S(���s���
pretty-print the secret key.
This is mainly useful for situations where the user cannot get the qrcode to work,
and must enter the key manually into their TOTP client. It tries to format
the key in a manner that is easier for humans to read.
:param format:
format to output secret key. ``"hex"`` and ``"base32"`` are both accepted.
:param sep:
separator to insert to break up key visually.
can be any of ``"-"`` (the default), ``" "``, or ``False`` (no separator).
:return:
key as native string.
Usage example::
>>> t = TOTP('s3jdvb7qd2r7jpxx')
>>> t.pretty_key()
'S3JD-VB7Q-D2R7-JPXX'
RD���RE���RF���s ���unknown byte-encoding format: %r(���R����R����RO���R>���(���Rb���RP���R=���RA���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���pretty_key���s����
c���������C`�s����t��|�t���r�|�St��|�t���r,�t�|���S|�d�k�rH�t�|��j������St�|�d���rj�t�j�|�j ������St
�j
�|�d�d�����d�S(���ss��
Normalize time value to unix epoch seconds.
:arg time:
Can be ``None``, :class:`!datetime`,
or unix epoch timestamp as :class:`!float` or :class:`!int`.
If ``None``, uses current system time.
Naive datetimes are treated as UTC.
:returns:
unix epoch timestamp as :class:`int`.
t
���utctimetuples���int, float, or datetimet���timeN(
���RG���R ���t���floatRV���RU���R����t���hasattrt���calendart���timegmR����R
���RH���(���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���normalize_time���s����
c���������C`�s
���|�|��j��S(���sI���
convert timestamp to HOTP counter using :attr:`period`.
(���R����(���Rb���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���_time_to_counter���s����c���������C`�s
���|�|��j��S(���sI���
convert HOTP counter to timestamp using :attr:`period`.
(���R����(���Rb���t���counter(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���_counter_to_time���s����c���������C`�s����|��j��}�t�|�t���r1�t�d���|�|�f�}�nE�t�|�d�d��}�t�j�t�d���|���}�|�j����sv�t�d�����n��t �|���|�k�r��t�d�|�����n��|�S(���s���
Normalize OTP token representation:
strips whitespace, converts integers to a zero-padded string,
validates token content & number of digits.
This is a hybrid method -- it can be called at the class level,
as ``TOTP.normalize_token()``, or the instance level as ``TOTP().normalize_token()``.
It will normalize to the instance-specific number of :attr:`~TOTP.digits`,
or use the class default.
:arg token:
token as ascii bytes, unicode, or an integer.
:raises ValueError:
if token has wrong number of digits, or contains non-numeric characters.
:returns:
token as :class:`!unicode` string, containing only digits 0-9.
s���%0*dRB���t���tokenRC���s&���Token must contain only the digits 0-9s!���Token must have exactly %d digits(
���R����RG���R ���R���R���RI���RJ���RS���R
���R;���(���t
���self_or_clsR����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���normalize_token��s����
c���������C`�sX���|��j��|���}�|��j�|���}�|�d�k��r9�t�d�����n��|��j�|���}�t�|��|�|���S(���s���
Generate token for specified time
(uses current time if none specified).
:arg time:
Can be ``None``, a :class:`!datetime`,
or class:`!float` / :class:`!int` unix epoch timestamp.
If ``None`` (the default), uses current system time.
Naive datetimes are treated as UTC.
:returns:
A :class:`TotpToken` instance, which can be treated
as a sequence of ``(token, expire_time)`` -- see that class
for more details.
Usage example::
>>> # generate a new token, wrapped in a TotpToken instance...
>>> otp = TOTP('s3jdvb7qd2r7jpxx')
>>> otp.generate(1419622739)
<TotpToken token='897212' expire_time=1419622740>
>>> # when you just need the token...
>>> otp.generate(1419622739).token
'897212'
i����s���timestamp must be >= 0(���R����R����RO���t ���_generateR-���(���Rb���R����R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���generate0��s
����
c���������C`�s8��t��|�t���s�t�d�����|�d�k�s3�t�d�����|��j�}�|�d�k�rg�t�|��j�|��j���}�|��_�n��|�t�|�����}�|�j �j
�}�t
�|���|�k�s��t�d�����|�d�k�s��t�d�����t
�|�d���d�@}�t
�|�|�|�d �!��d�d
�@}�|��j�}�d�|�k��od
�k��n�s t�d
�����t�d
���|�|�f�|�
S(���s����
base implementation of HOTP token generation algorithm.
:arg counter: HOTP counter, as non-negative integer
:returns: token as unicode string
s���counter must be integeri����s
���counter must be non-negatives ���digest_size: sanity check failedi���s"���digest_size: sanity check 2 failedi����i���i���i���i
���s���digits: sanity check faileds���%0*dN(���RG���R ���RW���R����RU���R(���R����RA���t
���_pack_uint64t
���digest_infoR����R;���R"���t���_unpack_uint32R����R���(���Rb���R����t
���keyed_hmact���digestR����t���offsetR:���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����S��s
����
(c���������K`�s���|��j��|���j�|�|���S(���s���
Convenience wrapper around :meth:`TOTP.from_source` and :meth:`TOTP.match`.
This parses a TOTP key & configuration from the specified source,
and tries and match the token.
It's designed to parallel the :meth:`passlib.ifc.PasswordHash.verify` method.
:param token:
Token string to match.
:param source:
Serialized TOTP key.
Can be anything accepted by :meth:`TOTP.from_source`.
:param \*\*kwds:
All additional keywords passed to :meth:`TOTP.match`.
:return:
A :class:`TotpMatch` instance, or raises a :exc:`TokenError`.
(���t
���from_sourceR}���(���R����R����Rn���R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���verifyu��s����c���
������C`�s����|��j��|���}�|��j�|�d���|�|�}�|�d�k�r>�d�}�n��t�|�|��j�|�|�����}�|��j�|�|���d�}�|��j�|�|�|���} �| �|�k�s��t�d�����| �|�k�r��t�d�|�d�|��j�����n��t �|��| �|�|���S(���sP
��
Match TOTP token against specified timestamp.
Searches within a window before & after the provided time,
in order to account for transmission delay and small amounts of skew in the client's clock.
:arg token:
Token to validate.
may be integer or string (whitespace and hyphens are ignored).
:param time:
Unix epoch timestamp, can be any of :class:`!float`, :class:`!int`, or :class:`!datetime`.
if ``None`` (the default), uses current system time.
*this should correspond to the time the token was received from the client*.
:param int window:
How far backward and forward in time to search for a match.
Measured in seconds. Defaults to ``30``. Typically only useful if set
to multiples of :attr:`period`.
:param int skew:
Adjust timestamp by specified value, to account for excessive
client clock skew. Measured in seconds. Defaults to ``0``.
Negative skew (the common case) indicates transmission delay,
and/or that the client clock is running behind the server.
Positive skew indicates the client clock is running ahead of the server
(and by enough that it cancels out any negative skew added by
the transmission delay).
You should ensure the server clock uses a reliable time source such as NTP,
so that only the client clock's inaccuracy needs to be accounted for.
This is an advanced parameter that should usually be left at ``0``;
The **window** parameter is usually enough to account
for any observed transmission delay.
:param last_counter:
Optional value of last counter value that was successfully used.
If specified, verify will never search earlier counters,
no matter how large the window is.
Useful when client has previously authenticated,
and thus should never provide a token older than previously
verified value.
:raises ~passlib.exc.TokenError:
If the token is malformed, fails to match, or has already been used.
:returns TotpMatch:
Returns a :class:`TotpMatch` instance on successful match.
Can be treated as tuple of ``(counter, time)``.
Raises error if token is malformed / can't be verified.
Usage example::
>>> totp = TOTP('s3jdvb7qd2r7jpxx')
>>> # valid token for this time period
>>> totp.match('897212', 1419622729)
<TotpMatch counter=47320757 time=1419622729 cache_seconds=60>
>>> # token from counter step 30 sec ago (within allowed window)
>>> totp.match('000492', 1419622729)
<TotpMatch counter=47320756 time=1419622729 cache_seconds=60>
>>> # invalid token -- token from 60 sec ago (outside of window)
>>> totp.match('760389', 1419622729)
Traceback:
...
InvalidTokenError: Token did not match
t���windowi����i���s*���sanity check failed: counter went backwardt
���expire_timeN(
���R����R����RU���R`���R����t
���_find_matchRW���R���R����R.���(
���Rb���R����R����R����t���skewt
���last_countert
���client_timet���startt���endR����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR}������s����K
c���������C`�s����|��j��|���}�|�d�k��r$�d�}�n��|�|�k�r<�t������n��|��j�}�|�d�k�pZ�|�|�k��
rw�t�|�|�|�����rw�|�S|�}�x3�|�|�k��r��t�|�|�|�����r��|�S|�d�7}�q��Wt������d�S(���sw��
helper for verify() --
returns counter value within specified range that matches token.
:arg token:
token value to match (will be normalized internally)
:arg start:
starting counter value to check
:arg end:
check up to (but not including) this counter value
:arg expected:
optional expected value where search should start,
to help speed up searches.
:raises ~passlib.exc.TokenError:
If the token is malformed, or fails to verify.
:returns:
counter value that matched
i����i���N(���R����R���R����RU���R���(���Rb���R����R����R����t���expectedR����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s
����
.c���������C`�s����t��|�t���r:�|��j�|�j�k�r%�|�S|�j�d�t���}�n��t��|�t���rV�|��j�|���St�|�d�d��}�|�j�d���r��|��j �|���S|��j
�|���Sd�S(���s���
Load / create a TOTP object from a serialized source.
This acts as a wrapper for the various deserialization methods:
* TOTP URIs are handed off to :meth:`from_uri`
* Any other strings are handed off to :meth:`from_json`
* Dicts are handed off to :meth:`from_dict`
:param source:
Serialized TOTP object.
:raises ValueError:
If the key has been encrypted, but the application secret isn't available;
or if the string cannot be recognized, parsed, or decoded.
See :meth:`TOTP.using()` for how to configure application secrets.
:returns:
a :class:`TOTP` instance.
t���encryptRB���s
���totp sources
���otpauth://N(
���RG���R,���R����t���to_dictRw���Rx���t ���from_dictR���Rl���t���from_urit ���from_json(���R����Rn���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����'��s����
c���������C`�sb���t��|�d�d��j����}�t�|���}�|�j�d�k�rE�|��j�d�����n��|��j�|�j���|��j�|���S(���s<��
create an OTP instance from a URI (such as returned by :meth:`to_uri`).
:returns:
:class:`TOTP` instance.
:raises ValueError:
if the uri cannot be parsed or contains errors.
.. seealso:: :ref:`totp-configuring-clients` tutorial for a usage example
RB���t���uriR0���s���wrong uri scheme(���R���Rk���R���t���schemet���_uri_parse_errort���_check_otp_typet���netloct���_from_parsed_uri(���R����R����t���result(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����O��s
����
c���������C`�s?���|�d�k�r�t��S|�d�k�r+�t�d�����n��t�d�|�����d�S(���sg���
validate otp URI type is supported.
returns True or raises appropriate error.
t���totpt���hotps���HOTP not supporteds���unknown otp type: %rN(���Rs���t���NotImplementedErrorRO���(���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����f��s
����
c���������C`�sj��|�j��}�|�j�d���r=�t�|���d�k�r=�t�|�d� ��}�n�|��j�d�����d�|�k�r��y�|�j�d���\�}�}�Wq��t�k
�r��|��j�d�����q��Xn�d
�}�|�r��|�j����p��d
�}�n��t �d�|���}�xI�t
�|�j
���D]8�\�}�}�|�|�k�r|��j�d�|�����n��|�|�|�<q��W|�rWd�|�k�r2|�|�d�<qW|�d�|�k�rW|��j�d �����qWn��|��|��j
�|�������S(
���s����
internal from_uri() helper --
handles parsing a validated TOTP URI
:param result:
a urlparse() instance
:returns:
cls instance
t���/i���s
���missing labelRh���s���malformed labelR����s���duplicate parameter (%r)R����s
���conflicting issuer identifiersN(
���t���pathRl���R;���R���R����Rm���RO���RU���Rk���Rx���R���t���queryt���_adapt_uri_params(���R����R����R����R����t���paramsR����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����r��s.���� !
c��� ��� ���K`�s����|�s�t��d�����|�s*�|��j�d�����n��t�d�|�d�|�d�|�d�d���}�|�rj�|��j�|�d���|�d�<n��|�r}�|�|�d �<n��|�r��|��j�|�d
���|�d
�<n��|�r��t�d
�|��|�f�t�j���n��|�S(
���sY���
from_uri() helper --
converts uri params into constructor args.
s"���from_uri() failed to provide labels���missing 'secret' parameterR����R����RA���RP���RF���R����R����R����s4���%s: unexpected parameters encountered in otp uri: %r(���RW���R����Rx���t���_uri_parse_intR���R
���t���PasslibRuntimeWarning( ���R����R����Rp���R����R����t ���algorithmR����t���extraR����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�����s
����!
c���������C`�s���t��d�|��f���S(���s8���uri parsing helper -- creates preformatted error messages���Invalid otpauth uri: %s(���RO���(���t���reason(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s����c���������C`�s9���y�t��|���SWn$�t�k
�r4�|��j�d�|�����n�Xd�S(���s#���uri parsing helper -- int() wrappers���Malformed %r parameterN(���RV���RO���R����(���R����Rn���RB���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�����s����
c���������C`�s����|�d�k�r�|��j�}�n��|�s-�t�d�����n��|��j�|���t�|�d���}�|��j����}�|�d�k�rm�|��j�}�n��|�r��|��j�|���|�j�d�|�f���n��t �d���j
�d����|�D����}�|�s��t
�d�����t �d���|�|�f�S( ���s1��
Serialize key and configuration into a URI, per
Google Auth's `KeyUriFormat <http://code.google.com/p/google-authenticator/wiki/KeyUriFormat>`_.
:param str label:
Label to associate with this token when generating a URI.
Displayed to user by most OTP client applications (e.g. Google Authenticator),
and typically has format such as ``"John Smith"`` or ``"jsmith@webservice.example.org"``.
Defaults to **label** constructor argument. Must be provided in one or the other location.
May not contain ``:``.
:param str issuer:
String identifying the token issuer (e.g. the domain or canonical name of your service).
Optional but strongly recommended if you're rendering to a URI.
Used internally by some OTP client applications (e.g. Google Authenticator) to distinguish entries
which otherwise have the same label.
Defaults to **issuer** constructor argument, or ``None``.
May not contain ``:``.
:raises ValueError:
* if a label was not provided either as an argument, or in the constructor.
* if the label or issuer contains invalid characters.
:returns:
all the configuration information for this OTP token generator,
encoded into a URI.
These URIs are frequently converted to a QRCode for transferring
to a TOTP client application such as Google Auth.
Usage example::
>>> from passlib.totp import TOTP
>>> tp = TOTP('s3jdvb7qd2r7jpxx')
>>> uri = tp.to_uri("user@example.org", "myservice.another-example.org")
>>> uri
'otpauth://totp/user@example.org?secret=S3JDVB7QD2R7JPXX&issuer=myservice.another-example.org'
s<���a label must be specified as argument, or in the constructort���@R����t���&c���������s`�s4���|��]*�\�}�}�t��d����|�t�|�d���f�Vq�d�S(���s���%s=%sRC���N(���R���R���(���R8���RA���R:���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pys ���<genexpr>��s���s
���argstr should never be emptys���otpauth://totp/%s?%sN(
���RU���R����RO���R����R���t���_to_uri_paramsR����R����t���appendR���R<���RW���(���Rb���R����R����t���argst���argstr(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���to_uri���s ����)
c���������C`�s����d�|��j��f�g�}�|��j�d�k�r@�|�j�d�|��j�j����f���n��|��j�d�k�rn�|�j�d�t�|��j���f���n��|��j�d�k�r��|�j�d�t�|��j���f���n��|�S(���s+���return list of (key, param) entries for URIRp���R����R
��i���R����i
���R����(���R����R����R��RN���R����R{���R����(���Rb���R��(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����s���� c���������C`�s(���t��|�d�d��}�|��j�t�j�|�����S(���sn��
Load / create an OTP object from a serialized json string
(as generated by :meth:`to_json`).
:arg json:
Serialized output from :meth:`to_json`, as unicode or ascii bytes.
:raises ValueError:
If the key has been encrypted, but the application secret isn't available;
or if the string cannot be recognized, parsed, or decoded.
See :meth:`TOTP.using()` for how to configure application secrets.
:returns:
a :class:`TOTP` instance.
.. seealso:: :ref:`totp-storing-instances` tutorial for a usage example
RB���s
���json source(���R���R����Ru���Rv���(���R����Rn���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����
��s����c���������C`�s+���|��j��d�|���}�t�j�|�d�t�d�d��S(���s
��
Serialize configuration & internal state to a json string,
mainly useful for persisting client-specific state in a database.
All keywords passed to :meth:`to_dict`.
:returns:
json string containing serializes configuration & state.
R����t ���sort_keyst
���separatorst���,Rh���(���R��Rh���(���R����Ru���t���dumpsRs���(���Rb���R����t���state(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���to_json5��s���� c���������C`�sA���t��|�t���
s
�d�|�k�r.�|��j�d�����n��|��|��j�|�������S(���sU��
Load / create a TOTP object from a dictionary
(as generated by :meth:`to_dict`)
:param source:
dict containing serialized TOTP key & configuration.
:raises ValueError:
If the key has been encrypted, but the application secret isn't available;
or if the dict cannot be recognized, parsed, or decoded.
See :meth:`TOTP.using()` for how to configure application secrets.
:returns:
A :class:`TOTP` instance.
.. seealso:: :ref:`totp-storing-instances` tutorial for a usage example
R����s���unrecognized format(���RG���Rx���t���_dict_parse_errort���_adapt_dict_kwds(���R����Rn���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����E��s����
c���������K`�s����|��j��|���s�t���|�j�d�d
���}�|�
sL�|�|��j�k��sL�|�|��j�k�re�|��j�d�|�f�����n
�|�|��j�k�r��t�|�d�<n��d�|�k�r��d�|�k�s��t���|�j�d�|�j�d���d�d���n
�d�|�k�r��|��j�d�����n��|�j�d �d
���|�S(
���st���
Internal helper for .from_json() --
Adapts serialized json dict into constructor keywords.
R����s ���missing/unsupported version (%r)R����R����RA���RP���R����s���missing 'enckey' / 'key'R����N( ���R����RW���t���popRU���t���min_json_versiont
���json_versionR��Rs���R����(���R����R����R����t���ver(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR��]��s���� %
"
c���������C`�s���t��d�|��f���S(���s9���dict parsing helper -- creates preformatted error messages���Invalid totp data: %s(���RO���(���R
��(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR��|��s����c���������C`�s
��t��d�|��j�d�d���}�|��j�d�k�r7�|��j�|�d�<n��|��j�d�k�rV�|��j�|�d�<n��|��j�d�k�ru�|��j�|�d �<n��|��j�r��|��j�|�d
�<n��|��j�}�|�r��|�t�|����j�k�r��|�|�d
�<n��|�d�k�r��|��j �}�|�o��|�j
�}�n��|�r��|��j
�|�d
�<n
�|��j
�|�d
�<|�S(���sw��
Serialize configuration & internal state to a dict,
mainly useful for persisting client-specific state in a database.
:param encrypt:
Whether to output should be encrypted.
* ``None`` (the default) -- uses encrypted key if application
secrets are available, otherwise uses plaintext key.
* ``True`` -- uses encrypted key, or raises TypeError
if application secret wasn't provided to OTP constructor.
* ``False`` -- uses raw key.
:returns:
dictionary, containing basic (json serializable) datatypes.
R����R����R���R����R����i���R����i
���R����R����R����R����RA���N(
���Rx���R
��R����R����R����R����R����R����RU���R����R~���R����R����(���Rb���R����R��R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s&����
N(=���R����R����R����R����R
��R
��RU���R����t���_timeR����R����R����R����R����R����R����R����R����R����Rw���R����t
���classmethodR����R����Re���R����R����R����R����R����RA���t���setterR����R����R����R����R����R����R����R%���R����R����R����R����R}���R����R����R����R����R����R��R����R��R��R��R����R��R����R��R��R����(����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR,�����st���G
gJ
&
.
# "b
8(
0
D
c�����������B`�sw���e��Z�d��Z�d�Z�d�Z�d�Z�d����Z�e�d������Z �e�d������Z
�e
�d������Z
�e
�d������Z
�d����Z�d����Z�RS( ���s@��
Object returned by :meth:`TOTP.generate`.
It can be treated as a sequence of ``(token, expire_time)``,
or accessed via the following attributes:
.. autoattribute:: token
.. autoattribute:: expire_time
.. autoattribute:: counter
.. autoattribute:: remaining
.. autoattribute:: valid
c���������C`�s ���|�|��_��|�|��_�|�|��_�d�S(���su���
.. warning::
the constructor signature is an internal detail, and is subject to change.
N(���R���R����R����(���Rb���R���R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRe������s���� c���������C`�s���|��j��j�|��j���S(���s9���Timestamp marking beginning of period when token is valid(���R���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���start_time���s����c���������C`�s���|��j��j�|��j�d���S(���s3���Timestamp marking end of period when token is validi���(���R���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR�������s����c���������C`�s
���t��d�|��j�|��j�j������S(���s.���number of (float) seconds before token expiresi����(���R`���R����R���R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt ���remaining���s����c���������C`�s
���t��|��j���S(���s
���whether token is still valid(���t���boolR$��(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���valid���s����c���������C`�s���|��j��|��j�f�S(���N(���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt ���_as_tuple���s����c���������C`�s,���|��j��r�d�n�d�}�d�|��j�|��j�|�f�S(���NRC���s��� expireds'���<TotpToken token='%s' expire_time=%d%s>(���R$��R����R����(���Rb���t���expired(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���__repr__���s����N(���R����R����R����RU���R���R����R����Re���R&���R#��R����R����R$��R&��R'��R)��(����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR-������s���
c�����������B`�s����e��Z�d��Z�d
�Z�d�Z�d�Z�d�Z�d�d���Z�e �d������Z
�e �d������Z
�e �d������Z
�e �d������Z
�e �d������Z�d ����Z�d
����Z�RS(
���s���
Object returned by :meth:`TOTP.match` and :meth:`TOTP.verify` on a successful match.
It can be treated as a sequence of ``(counter, time)``,
or accessed via the following attributes:
.. autoattribute:: counter
:annotation: = 0
.. autoattribute:: time
:annotation: = 0
.. autoattribute:: expected_counter
:annotation: = 0
.. autoattribute:: skipped
:annotation: = 0
.. autoattribute:: expire_time
:annotation: = 0
.. autoattribute:: cache_seconds
:annotation: = 60
.. autoattribute:: cache_time
:annotation: = 0
This object will always have a ``True`` boolean value.
i����i
���c���������C`�s(���|�|��_��|�|��_�|�|��_�|�|��_�d�S(���su���
.. warning::
the constructor signature is an internal detail, and is subject to change.
N(���R���R����R����R����(���Rb���R���R����R����R����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyRe���
��s���� c���������C`�s���|��j��j�|��j���S(���s7���
Counter value expected for timestamp.
(���R���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���expected_counter(��s����c���������C`�s���|��j��|��j�S(���s����
How many steps were skipped between expected and actual matched counter
value (may be positive, zero, or negative).
(���R����R*��(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���skipped/��s����c���������C`�s���|��j��j�|��j�d���S(���s3���Timestamp marking end of period when token is validi���(���R���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR����<��s����c���������C`�s���|��j��j�|��j�S(���s����
Number of seconds counter should be cached
before it's guaranteed to have passed outside of verification window.
(���R���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���cache_secondsA��s����c���������C`�s���|��j��|��j�S(���s[���
Timestamp marking when counter has passed outside of verification window.
(���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt
���cache_timeK��s����c���������C`�s���|��j��|��j�f�S(���N(���R����R����(���Rb���(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR'��R��s����c���������C`�s ���|��j��|��j�|��j�f�}�d�|�S(���Ns/���<TotpMatch counter=%d time=%d cache_seconds=%d>(���R����R����R,��(���Rb���R��(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR)��U��s����N(���R����R����R����RU���R���R����R����R����Re���R&���R*��R+��R����R,��R-��R'��R)��(����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyR.������s���
i���i����c���������C`�se���|��d�k�s�t����t�|���d�k�s*�t����t�t�j�|��t�j�d�t�|���������}�t�t�|�|���S(���s����
generate a random string suitable for use as an
:class:`AppWallet` application secret.
:param entropy:
number of bits of entropy (controls size/complexity of password).
i����i���i���(���RW���R;���RV���t���matht���ceilt���logR���R���(���t���entropyt���charsett���count(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���generate_secret]��s����+(j���R����t
���__future__R����R���R���t���passlib.utils.compatR���RL���t
���collectionsR����Ru���t���loggingt ���getLoggerR����R0��R.��t���structt���sysR����R ��t���ret
���urllib.parseR���R���R���R���t���urllibt���warningsR���t
���cryptography.hazmat.backendsR ���R����t1���cryptography.hazmat.primitives.ciphers.algorithmst
���cryptographyt,���cryptography.hazmat.primitives.ciphers.modest
���cryptography.hazmat.primitivesR
���R����t
���ImportErrort���debugRU���t���passlibR
���t
���passlib.excR
���R
���R���R���t
���passlib.utilsR���R���R���R���R���R���R���R���t���passlib.utils.binaryR���R���R���R���R
���R
���R
���R ���R ���R!���R"���R#���R$���t���passlib.utils.decorR%���R&���t���passlib.crypto.digestR'���R(���R)���t
���passlib.hashR*���t���__all__t
���version_infoR/���R��t���compilet���URI���R1���R6���R>���RQ���R%��t
���AES_SUPPORTR|���t���objectR+���t���Structt���packR����t���unpackR����R����R,���R-���R.���R4��(����(����(����s0���/usr/lib/python2.7/site-packages/passlib/totp.pyt���<module>���s����
�
%
":
F
��g
���������;l