f}@dZgdZddlmZddlZddlZdZdZdZdZ d Z ejd Z d Z d ZGd deZGddeZee_GddeZee_y)zAn implementation of the OpenID Provider Authentication Policy Extension 1.0, Draft 5 @see: http://openid.net/developers/specs/ @since: 2.1.0 )RequestResponsens_uriAUTH_PHISHING_RESISTANTAUTH_MULTI_FACTORAUTH_MULTI_FACTOR_PHYSICAL LEVELS_NIST LEVELS_JISA) ExtensionNz+http://specs.openid.net/extensions/pape/1.0zEhttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physicalz$(*,' % 18 . !!*- . 2rcht|jxs|jduxs |jSr)boolr2r3r4rs r__bool__zRequest.__bool__s8D004%%T14335 5rcX||jvr|jj|yy)aAdd an acceptable authentication policy URI to this request This method is intended to be used by the relying party to add acceptable authentication types to the request. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-05.html#auth_policies N)r2appendr policy_uris r addPolicyURIzRequest.addPolicyURIs+ T99 9  ( ( / / ; :rc||j||||jvr|jj|yyr)r#r4r<)rr r!s rr5zRequest.addAuthLevels: 6 !@!@ @  + + 2 2> B ArcBddj|ji}|jt|j|d<|jrQg}|jD],}|j |}||d|<|j |.dj||d<|S)/@see: C{L{Extension.getExtensionArgs}} r2 r3auth_level.ns.r4)joinr2r3strr4rr<)rns_argspreferred_typesr r!s rgetExtensionArgszRequest.getExtensionArgss &sxx0L0L'M     (&)$*;*;&>@G  2,14#s)C;(FK*OPP%%c51 2 &    #!">>BB5I" #s$DD  DD )E  E cTtt|jj|S)aGiven a list of authentication policy URIs that a provider supports, this method returns the subsequence of those types that are preferred by the relying party. @param supported_types: A sequence of authentication policy type URIs that are supported by a provider @returns: The sub-sequence of the supported types that are preferred by the relying party. This list will be ordered in the order that the types appear in the supported_types sequence, and may be empty if the provider does not prefer any of the supported authentication types. @returntype: [str] )listfilterr2 __contains__)rsupported_typess rpreferredTypeszRequest.preferredTypess)  4//<s **rc^ t|jtS#t$rYywxYwr)rYryrrrs r_getNISTAuthLevelzResponse._getNISTAuthLevelJs/ t((56 6  s  ,,z7Backward-compatibility accessor for the NIST auth level)docc|tk(r td||jvr|jj|yy)aAdd a authentication policy to this response This method is intended to be used by the provider to add a policy that the provider conformed to when authenticating the user. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies z4To send no policies, do not set any on the response.N) AUTH_NONEr&rqr<r=s rr?zResponse.addPolicyURITsG  "FH H T// /    % %j 1 0rc|}|j|j}|j}||j|||Sy)a9Create a C{L{Response}} object from a successful OpenID library response (C{L{openid.consumer.consumer.SuccessResponse}}) response message @param success_response: A SuccessResponse from consumer.complete() @type success_response: C{L{openid.consumer.consumer.SuccessResponse}} @rtype: Response or None @returns: A provider authentication policy response from the data that was supplied with the C{id_res} response or None if the provider sent no signed PAPE response arguments. N) getSignedNSrrMrN)rOsuccess_responserrQrRs rfromSuccessResponsezResponse.fromSuccessResponseesOu ++DKK8%//1     # #D* 5Krc|jd}|r|jd}n|r tdg}t|dkDr|rt|vrtd|d|vr&d}|r t|t j |d |Dcgc]}|dtfvs|}}||_|jD]]\}} |jd s|d d } | jd r/ |d| } | |s=td| |j| | | _|jd} | r+tj| r| |_y |r tdy y cc}w#t$r#|r|jj| } nd } YwxYw)aParse the provider authentication policy arguments into the internal state of this object @param args: unqualified provider authentication policy arguments @param strict: Whether to raise an exception when bad data is encountered @returns: None. The data is parsed into the internal fields of this object. rqrCzMissing auth_policiesz;Got some auth policies, as well as the special "none" URI: nonez0"none" used as a policy URI (see PAPE draft < 5)) stacklevel auth_level. Nzns.rDzUndefined auth level alias: rr#auth_time must be in RFC3339 format)rrXrZlenr~warningswarnrqr) startswithrrrtTIME_VALIDATORmatchrr) rrQrRr\r]rqmsguravalr!r^rrs rrNzResponse.parseExtensionArgssxx0 (..s3M 45 5M   "v)}2L1>BC C ] "DC o% ca0% &)1D(DA  +**, 7JS#~~m,BC##E*#U=>C;(*/*344%%c36+ 7.HH[) ##I.!* !FGG =  #!">>BB5I" #s EE&E)FFct|jdk(r dti}nddj|ji}|jj D]/\}}|j |}||d|<t||d|<1|j9tj|js td|j|d<|S)rBr rqrCrDrrrr) rrqr~rErsr)rrFrrrrrZ)rrG level_typerur!s rrIzResponse.getExtensionArgss t!! "a 'G  $*<* JNN:.E6@G%2 336u:Gu/ 0 > >> %!''7 !FGG#'>>GK rrhrri)r*r+r,rjrkrrtryr{propertynist_auth_levelr?rrNrlrIrmrns@rrrs[H* , +  EGO2"8BHH&&9:rr)rj__all__openid.extensionr rrerrrrr~compilerrr r rrr-rrrs ' 6LCI; CDT : 2'I2'jrPmrPjH}HVr