)Jf}@dZgdZddlmZddlZddlZdZdZdZdZ d Z ej d Z d Z d ZGd deZGddeZee_GddeZee_dS)zAn implementation of the OpenID Provider Authentication Policy Extension 1.0, Draft 5 @see: http://openid.net/developers/specs/ @since: 2.1.0 )RequestResponsens_uriAUTH_PHISHING_RESISTANTAUTH_MULTI_FACTORAUTH_MULTI_FACTOR_PHYSICAL LEVELS_NIST LEVELS_JISA) ExtensionNz+http://specs.openid.net/extensions/pape/1.0zEhttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physicalz$(*,' % 18 . . !!*---- 2 1 . .rcJt|jp|jdup|jSr)boolr2r3r4rs r__bool__zRequest.__bool__s4D04%T14355 5rcP||jvr|j|dSdS)aAdd an acceptable authentication policy URI to this request This method is intended to be used by the relying party to add acceptable authentication types to the request. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-05.html#auth_policies N)r2appendr policy_uris r addPolicyURIzRequest.addPolicyURIs7 T9 9 9  ( / / ; ; ; ; ; : 9rc||||||jvr|j|dSdSr)r#r4r<)rr r!s rr5zRequest.addAuthLevelsL 666 !@ @ @  + 2 2> B B B B B A @rc4dd|ji}|jt|j|d<|jrVg}|jD]4}||}||d|<||5d||d<|S)/@see: C{L{Extension.getExtensionArgs}} r2 Nr3auth_level.ns.r4)joinr2r3strr4rr<)rns_argspreferred_typesr r!s rgetExtensionArgszRequest.getExtensionArgss &sxx0L'M'M    (&)$*;&<&>@@G  2 2,1E4#s)CC###!#">BB5II" # ;P(jFKee*OPPPP%%c51111% 2 2 2 2s$B44 CCD)EEcPtt|jj|S)aGiven a list of authentication policy URIs that a provider supports, this method returns the subsequence of those types that are preferred by the relying party. @param supported_types: A sequence of authentication policy type URIs that are supported by a provider @returns: The sub-sequence of the supported types that are preferred by the relying party. This list will be ordered in the order that the types appear in the supported_types sequence, and may be empty if the provider does not prefer any of the supported authentication types. @returntype: [str] )listfilterr2 __contains__)rsupported_typess rpreferredTypeszRequest.preferredTypess,  4/s **rct t|tS#t$rYdSwxYwr)rYryrrrs r_getNISTAuthLevelzResponse._getNISTAuthLevelJsE t((5566 6   44 s &) 77z7Backward-compatibility accessor for the NIST auth level)docc|tkrtd||jvr|j|dSdS)aAdd a authentication policy to this response This method is intended to be used by the provider to add a policy that the provider conformed to when authenticating the user. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies z4To send no policies, do not set any on the response.N) AUTH_NONEr&rqr<r=s rr?zResponse.addPolicyURITs\  " "FHH H T/ / /   % %j 1 1 1 1 1 0 /rc|}||j}|}|||||SdS)a9Create a C{L{Response}} object from a successful OpenID library response (C{L{openid.consumer.consumer.SuccessResponse}}) response message @param success_response: A SuccessResponse from consumer.complete() @type success_response: C{L{openid.consumer.consumer.SuccessResponse}} @rtype: Response or None @returns: A provider authentication policy response from the data that was supplied with the C{id_res} response or None if the provider sent no signed PAPE response arguments. N) getSignedNSrrMrN)rOsuccess_responserrQrRs rfromSuccessResponsezResponse.fromSuccessResponsees_suu ++DK88%//11     # #D* 5 5 5K4rFcr|d}|r|d}n|rtdg}t|dkr|rt|vrtd|d|vr)d}|rt|t j|d d |D}||_|D]\}}| d r|d d } | dr: |d| } n/#t$r"|r|j | } nd } YnwxYw| |rtd| | | || |d} | r4t| r | |_d S|rtdd Sd S)aParse the provider authentication policy arguments into the internal state of this object @param args: unqualified provider authentication policy arguments @param strict: Whether to raise an exception when bad data is encountered @returns: None. The data is parsed into the internal fields of this object. rqrCzMissing auth_policiesz;Got some auth policies, as well as the special "none" URI: nonez0"none" used as a policy URI (see PAPE draft < 5)) stacklevelc(g|]}|dtfv |S)r)r~).0us r z/Response.parseExtensionArgs..s.   &)1D(D(DA(D(D(Dr auth_level. Nzns.rDzUndefined auth level alias: rr#auth_time must be in RFC3339 format)rrXrZlenr~warningswarnrqr) startswithrrrtTIME_VALIDATORmatchrr) rrQrRr\r]rqmsgravalr!r^rrs rrNzResponse.parseExtensionArgss_xx00  (..s33MM  455 5M    " "v ")}2L2L*1>BCC C ] " "DC 1 oo% ca0000  $   +**,, 7 7JS#~~m,, 7BCC##E**#$UU=>CC###!#">BB5II" # ;4(j*/%*34444%%c3666HH[))  H##I.. H!* H !FGGG  H H H Hs D  )D87D8ct|jdkr dti}ndd|ji}|jD]7\}}||}||d|<t||d|<8|j8t |jstd|j|d<|S) rBr rqrCrDrNrrr) rrqr~rErsr)rrFrrrrrZ)rrG level_typerur!s rrIzResponse.getExtensionArgss t! " "a ' 'GG  $* > JNN:..E6@GG%%2 336u::GGuu/ 0 0 > %!''77 H !FGGG#'>GK rrhrri)r*r+r,rjrkrrtryr{propertynist_auth_levelr?rrNrlrIrmrns@rrrsH****** , , , , + + + h EGGGO222"8BHBHBHBHH&+&9::rr)rj__all__openid.extensionr rrerrrrr~compilerrr r rrr-rrrsC   '&&&&& 6LCI; CDDT : 2'2'2'2'2'I2'2'2'jrPrPrPrPrPmrPrPrPjHHHHH}HHHVr