OwlCyberSecurity - MANAGER

Edit File: digest.pyc

�
�t�ac�����������@���s��d��d�l��m�Z�d��d�l�m�Z�m�Z�d��d�l�m�Z�d��d�l�m�Z�d��d�l�m	�Z	�d��d�l�m
�Z
�d��d�l�m�Z�d��d�l�m�Z�d��d	�l
�m�Z�d��d
�l�m�Z�d��d�l�m�Z�m�Z�d��d�l�Z�e����Z�d
�e�f�d�������YZ�d�e�f�d�������YZ�d�e�f�d�������YZ�d�S(���i����(���t���error(���t���inlineCallbackst���returnValue(���t���DigestCredentialFactory(���t���DigestedCredentials(���t���Token(���t
���parseKeyValue(���t���split(���t���tokenize(���t���Logger(���t	���Memcacher(���t
���implementst	���InterfaceNt���IDigestCredentialsDatabasec�����������B���s2���e��Z�d��Z�d����Z�d����Z�d����Z�d����Z�RS(���s����
    An interface to a digest credentials database that is used to hold per-client digest credentials so that fast
    re-authentication can be done with replay attacks etc prevented.
    c���������C���s���d�S(���s����
        See whether the matching key exists.

@param key:    the key to check.
        @type key:     C{str}.

@return:       C{True} if the key exists, C{False} otherwise.
        N(����(���t���selft���key(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���has_key2���s����	c���������C���s���d�S(���s��
        Store per-client credential information the first time a nonce is generated and used.

@param key:        the key for the data to store.
        @type key:         C{str}
        @param value:      the data to store.
        @type value:       any.
        N(����(���R���R���t���value(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���set=���s����	c���������C���s���d�S(���so��
        Validate client supplied credentials by comparing with the cached values. If valid, store the new
        cnonce value in the database so that it can be used on the next validate.

@param key:    the key to check.
        @type key:     C{str}.

@return:       the value for the corresponding key, or C{None} if the key is not found.
        N(����(���R���R���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���getH���s����
c���������C���s���d�S(���s����
        Remove the record associated with the supplied key.

@param key:        the key to remove.
        @type key:         C{str}
        N(����(���R���R���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���deleteT���s����(���t���__name__t
���__module__t���__doc__R���R���R���R���(����(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR
���,���s
���			t���DigestCredentialsMemcachec�����������B���s3���e��Z�e�e���d�Z�d����Z�d����Z�d����Z�RS(���i���i<���c���������C���s#���t��t�|����j�d�|�d�t���d��S(���Nt	���namespacet���pickle(���t���superR���t���__init__t���True(���R���R���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR���d���s����c���������C���s#���|��j��|���}�|�j�d������|�S(���s1���
        See IDigestCredentialsDatabase.
        c���������S���s
���|��d��k	�S(���N(���t���None(���R���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���<lambda>o���t����(���R���t���addCallback(���R���R���t���d(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR���j���s����c���������C���s&���t��t�|����j�|�|�d�|��j��d�S(���s1���
        See IDigestCredentialsDatabase.
        t
���expireTimeN(���R���R���R���t���CHALLENGE_MAXTIME_SECS(���R���R���R���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR���r���s����i���i�p��(���R���R���R���R
���R$���R���R���R���(����(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR���^���s
���
		t���QopDigestCredentialFactoryc�����������B���sP���e��Z�d��Z�d�d���Z�e�d������Z�e�d������Z�e�d������Z�d����Z�RS(���s8���
    See txweb2.auth.digest.DigestCredentialFactory
    t���DIGESTCREDENTIALSc���������C���s5���t��t�|����j�|�|���|�|��_�t�|���|��_�d�S(���s���
        @type algorithm: C{str}
        @param algorithm: case insensitive string that specifies
            the hash algorithm used, should be either, md5, md5-sess
            or sha

@type qop: C{str}
        @param qop: case insensitive string that specifies
            the qop to use

@type realm: C{str}
        @param realm: case sensitive string that specifies the realm
            portion of the challenge
        N(���R���R%���R���t���qopR���t���db(���R���t	���algorithmR'���t���realmR���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR�������s����	c���������c���s����t��t�|����j�|���V}�|�d�}�|��j�j�|���V}�|�rR�t�d�|�f�����n��|��j�j�|�d�t�j����f���V|��j�r��|��j�|�d�<n�|�d�=t	�|�d���r��|�j
�r��d�|�d�<n��t�|���d�S(���si��
        Generate the challenge for use in the WWW-Authenticate header Do the
        default behavior but then strip out any 'qop' from the challenge fields
        if no qop was specified.

@param peer: The L{IAddress} of the requesting client.

@return: The C{dict} that can be used to generate a WWW-Authenticate
            header.
        t���nonces6���nonce value already cached in credentials database: %si����R'���t���stalet���trueN(���R���R%���t���getChallengeR(���R���t���AssertionErrorR���t���timeR'���t���hasattrR,���R���(���R���t���peert	���challenget���ct���result(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR.�������s����

c���������c���s���d�j��|�j������}�yt�t�t�|�f�d�t��t�d�����}�i��}�xC�g��|�D]�}�t�|���^�qL�D]"�\�}�}�|�j����|�|�j����<qb�WWn �t�k
�r��t	�j
�d�����n�X|�j�d���}�|�s��t	�j
�d�����n��d�|�k�r��t	�j
�d�����n��|��j�|�|���V}	�|	�r�t
�|�d	���r%|�j�}
�n�d�}
�t�|�|
�p=|�j�|��j�j�|���}�|��j�rud
�|�j�k�ru|�j�d
�=n��t�|���n�t	�j
�d�����d�S(
���s����
        Do the default behavior but then strip out any 'qop' from the credential fields
        if no qop was specified.
        t��� t���foldCaset���,s���Invalid response.t���usernames$���Invalid response, no username given.R+���s!���Invalid response, no nonce given.t���originalMethodR'���s���Invalid nonce/cnonce valuesN(���t���joint
���splitlinesR���R���t���FalseR���R���t���stript
���ValueErrorR����t���LoginFailedR���t	���_validateR1���R:���R���R���t���methodt���_realt���authenticationRealmR'���t���fieldsR���(���R���t���responset���requestt���partst���autht���pt���kt���vR9���R5���R:���t���credentials(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���decode����s4����$,

c���������c���s��|�j��d���}�|�j��d���}�|��j�j��|���V}�|�d�k�rV�t�j�d�|�f�����n��|�\�}�}�|�j��d���d�k	�r�|�j��d���d�k�r��|��j�|���Vt�j�d�����n��|�d�k�r��|��j�|���Vt�j�d�����n��y�t�|�d���}�Wn>�t�k
�r+|��j�|���Vt�j�d	�|�j��d
���f�����n�X|�|�d�k�rf|��j�|���Vt�j�d�|�|�f�����n��|��j�j�|�|�|�f���Vn3�|�d
�k�r�|��j�|���Vt�j�d�|�f�����n��|�t	�j
�t�j����k�r|��j�|���V|�j�r�t
�|�j�_�n��t�j�d�����n��t�t
���d�S(���s���
        Check that the parameters in the response represent a valid set of credentials that
        may be being re-used.

@param auth:        the response parameters.
        @type auth:         C{dict}
        @param request:     the request being processed.
        @type request:      L{txweb2.server.Request}

@return:            C{True} if validated.
        @raise LoginFailed: if validation fails.
        R+���t���ncs���Invalid nonce value: %sR'���t���cnonces(���cnonce is required when qop is specifieds-���nonce-count is required when qop is specifiedi���s)���nonce-count is not a valid hex string: %ss���nonce-counti���s@���nonce-count value out of sequence: %s should be one more than %si����s(���nonce-count was sent with this nonce: %ss���Digest credentials expiredN(���R���R(���R���R����R@���t���_invalidatet���intR?���R���R���t���CHALLENGE_LIFETIME_SECSR0���t
���remoteAddrR���R,���R���(���R���RI���RG���R+���t���nonce_countR5���t���db_nonce_countt���db_timestamp(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyRA�������s>����
#	c���������C���s���|��j��j�|���S(���s����
        Invalidate cached credentials for the specified nonce value.

@param nonce:    the nonce for the record to _invalidate.
        @type nonce:     C{str}
        (���R(���R���(���R���R+���(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyRQ���2��s����(	���R���R���R���R���R���R.���RN���RA���RQ���(����(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyR%���}���s���#>;(���t���twisted.credR����t���twisted.internet.deferR���R���t���txweb2.auth.digestR���R���t���txweb2.http_headersR���R���R���R���t���twext.python.logR	���t���twistedcaldav.memcacherR
���t���zope.interfaceR���R���R0���t���logR
���R���R%���(����(����(����s1���/opt/cpanel-ccs/twistedcaldav/directory/digest.pyt���<module>���s���		2