f %dZgdZddlmZddlZdZdZdZdZejd Z Gd d eZ ee _Gd d eZ ee _y)zAn implementation of the OpenID Provider Authentication Policy Extension 1.0 @see: http://openid.net/developers/specs/ @since: 2.1.0 )RequestResponsens_uriAUTH_PHISHING_RESISTANTAUTH_MULTI_FACTORAUTH_MULTI_FACTOR_PHYSICAL) ExtensionNz+http://specs.openid.net/extensions/pape/1.0zEhttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physicalz$(cLt|jxs|jduSr )boolrr)rs r__bool__zRequest.__bool__9s*D002%%T13 3rcX||jvr|jj|yy)aAdd an acceptable authentication policy URI to this request This method is intended to be used by the relying party to add acceptable authentication types to the request. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies N)rappendr policy_uris r addPolicyURIzRequest.addPolicyURI=s+ T99 9  ( ( / / ; :rcddj|ji}|jt|j|d<|S)/@see: C{L{Extension.getExtensionArgs}} r r)joinrrstrrns_argss rgetExtensionArgszRequest.getExtensionArgsJsG &sxx0L0L'M     (&)$*;*;& __classcell__rs@rrr!sB H)3 <  $$56BPrrcXeZdZdZdZ dfd ZdZdZd dZe eZdZ xZ S) rz[A Provider Authentication Policy response, sent from a provider to a relying party r chtt| |r||_ng|_||_||_yr )rrr auth_policies auth_timenist_auth_level)rrIrJrKrs rrzResponse.__init__s4 h&( !.D !#D ".rcX||jvr|jj|yy)aAdd a authentication policy to this response This method is intended to be used by the provider to add a policy that the provider conformed to when authenticating the user. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies N)rIrrs rrzResponse.addPolicyURIs+ T// /    % %j 1 0rcr|}|j|j}||j||Sy)a9Create a C{L{Response}} object from a successful OpenID library response (C{L{openid.consumer.consumer.SuccessResponse}}) response message @param success_response: A SuccessResponse from consumer.complete() @type success_response: C{L{openid.consumer.consumer.SuccessResponse}} @rtype: Response or None @returns: A provider authentication policy response from the data that was supplied with the C{id_res} response or None if the provider sent no signed PAPE response arguments. N) getSignedNSrr))r*success_responserr,s rfromSuccessResponsezResponse.fromSuccessResponses?u ++DKK8    # #D )Krc|jd}|r|dk7r|jd|_|jd}|r" t|}d|cxkrdkr nn||_ |jd }|r+t j|r||_y|r t d yy#t $r|r t dd|_Y^wxYw) aParse the provider authentication policy arguments into the internal state of this object @param args: unqualified provider authentication policy arguments @param strict: Whether to raise an exception when bad data is encountered @returns: None. The data is parsed into the internal fields of this object. rInoner rKrCnist_auth_level must be an integer between zero and four, inclusiveNrJ#auth_time must be in RFC3339 format) r0r3rIr4rKr5TIME_VALIDATORmatchrJ)rr,strictr6nist_level_str nist_levelrJs rr)zResponse.parseExtensionArgssxx0 LF2!-!3!3C!8D "34  6 0  &Q&+5D(HH[) ##I.!* !FGG  0$344,0D(  0s B##CCct|jdk(rddi}nddj|ji}|jD|jt t ddvr t dt|j|d<|j9tj|js t d|j|d <|S) rrrIrRr rSrTrKrUrJ) lenrIr!rKr:ranger5r"rJrVrWr#s rr%zResponse.getExtensionArgss t!! "a 'G  $*<*> %!''7 !FGG#'>>GK r)NNN)F) r?r@rArBrCrrrPr)rDr%rErFs@rrrsCH $!% / 26%HN&&9:rr) rB__all__openid.extensionr rerrrrcompilerVrrrrrcs ' 6LCIBCvPivPr}y}@r