qh}@Sr/SQrSSKJr SSKrSSKrSrSrSrSr S r \R"S 5r S r S r"S S\5r"SS\5r\\l"SS\5r\\lg)zAn implementation of the OpenID Provider Authentication Policy Extension 1.0, Draft 5 @see: http://openid.net/developers/specs/ @since: 2.1.0 )RequestResponsens_uriAUTH_PHISHING_RESISTANTAUTH_MULTI_FACTORAUTH_MULTI_FACTOR_PHYSICAL LEVELS_NIST LEVELS_JISA) ExtensionNz+http://specs.openid.net/extensions/pape/1.0zEhttp://schemas.openid.net/pape/policies/2007/06/multi-factor-physicalz[[U] 5 Uc/nXlX l/UlUbUHnUR U5 M ggr)superrrpreferred_auth_policies max_auth_agepreferred_auth_level_types addAuthLevel)rr:r;r< auth_level __class__s rrRequest.__init__ssU gt%' " *&( #'>$(*,' % 18 !!*-9 2rc|[UR=(d! URSL=(d UR5$r)boolr:r;r<rs r__bool__Request.__bool__s8D004%%T14335 5rcZXR;aURRU5 gg)aeAdd an acceptable authentication policy URI to this request This method is intended to be used by the relying party to add acceptable authentication types to the request. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-05.html#auth_policies N)r:appendr policy_uris r addPolicyURIRequest.addPolicyURIs) 99 9  ( ( / / ; :rc|URX5 XR;aURRU5 ggr)r%r<rF)rr"r#s rr=Request.addAuthLevels6 6 !@!@ @  + + 2 2> B ArcRSSRUR50nURb[UR5US'UR(aS/nURH-nUR U5nX1SU<3'UR U5 M/ SRU5US'U$)/@see: C{L{Extension.getExtensionArgs}} r: r;auth_level.ns.r<)joinr:r;strr<rrF)rns_argspreferred_typesr"r#s rgetExtensionArgsRequest.getExtensionArgss &sxx0L0L'M     (&)$*;*;&>@G ,14#)C;(FK*OPP%%c1! &    #!">>BB5I" #s*#D,5E,EE,E72E76E7cT[[URRU55$)aGGiven a list of authentication policy URIs that a provider supports, this method returns the subsequence of those types that are preferred by the relying party. @param supported_types: A sequence of authentication policy type URIs that are supported by a provider @returns: The sub-sequence of the supported types that are preferred by the relying party. This list will be ordered in the order that the types appear in the supported_types sequence, and may be empty if the provider does not prefer any of the supported authentication types. @returntype: [str] )listfilterr: __contains__)rsupported_typess rpreferredTypesRequest.preferredTypess)  4//<[[U] 5 U(aXlO/UlX l0UlUc0nUR 5HupEURXE5 M gr)r9rr auth_policies auth_time auth_levelsr- setAuthLevel)rrrrrllevelr?s rrResponse.__init__ s\ h&( !. !#D "  K%++-JC   c ).rcBURX5 X RU'g)aVSet the value for the given auth level type. @param level: string representation of an authentication level valid for level_uri @param alias: An optional namespace alias for the given auth level URI. May be omitted if the alias is not significant. The library will use a reasonable default for widely-used auth level types. N)r%r)r level_urirr#s rrResponse.setAuthLevel0s   1&+#rc URU$)zReturn the auth level for the specified auth level identifier @returns: A string that should map to the auth levels defined for the auth level type @raises KeyError: If the auth level type is not present in this message )r)rrs r getAuthLevelResponse.getAuthLevel>s **rc`[UR[55$![a gf=fr)rgrrrrs r_getNISTAuthLevelResponse._getNISTAuthLevelJs/ t((56 6  s  --z7Backward-compatibility accessor for the NIST auth level)doccU[:Xa [S5eXR;aURRU5 gg)agAdd a authentication policy to this response This method is intended to be used by the provider to add a policy that the provider conformed to when authenticating the user. @param policy_uri: The identifier for the preferred type of authentication. @see: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-01.html#auth_policies z4To send no policies, do not set any on the response.N) AUTH_NONEr)rrFrGs rrIResponse.addPolicyURITsE  "FH H // /    % %j 1 0rcU"5nURUR5nUR5nUbURX45 U$g)aCreate a C{L{Response}} object from a successful OpenID library response (C{L{openid.consumer.consumer.SuccessResponse}}) response message @param success_response: A SuccessResponse from consumer.complete() @type success_response: C{L{openid.consumer.consumer.SuccessResponse}} @rtype: Response or None @returns: A provider authentication policy response from the data that was supplied with the C{id_res} response or None if the provider sent no signed PAPE response arguments. N) getSignedNSrrZr[)r\success_responserr^r_s rfromSuccessResponseResponse.fromSuccessResponseesMu ++DKK8%//1     # #D 5KrcURS5nU(aURS5nOU(a [S5e/n[U5S:a U(a[U;a[SU<35eSU;a)SnU(a [U5e[ R "USS 9 UVs/sHowS[4;dMUPM nnXPlUR5HqupURS 5(dMUS S n U RS 5(aM:USU <3n U cU(a[SU <35eM_URXU 5 Ms URS5n U (a4[RU 5(aXlg U(a [S5eg g s snf![a) U(aURRU 5n NS n Nf=f)aAParse the provider authentication policy arguments into the internal state of this object @param args: unqualified provider authentication policy arguments @param strict: Whether to raise an exception when bad data is encountered @returns: None. The data is parsed into the internal fields of this object. rrOzMissing auth_policiesz;Got some auth policies, as well as the special "none" URI: nonez0"none" used as a policy URI (see PAPE draft < 5)) stacklevel auth_level. Nzns.rPzUndefined auth level alias: r#auth_time must be in RFC3339 format)r rfrhlenrwarningswarnrr- startswithrrrTIME_VALIDATORmatchr) rr^r_rjrkrmsgurovalr#rlrs rr[Response.parseExtensionArgssxx0 (..s3M 45 5M   "v)}2L1>BC C ] "DC o% ca0% $!&)1D(DA}  +**,JS~~m,,BC##E**#U=>C;(*/*344%%c6+'.HH[) ##I..!* !FGG =  #!">>BB5I" #s$!F4F F,G G  G c[UR5S:Xa S[0nOSSRUR50nURR 5H0up#UR U5nX!SU<3'[U5USU<3'M2 URb>[RUR5(d [S5eURUS'U$)rNr rrOrPrrr) rrrrQrr-rrRrrrrh)rrS level_typerr#s rrUResponse.getExtensionArgss t!! "a 'G  $*<*> %!''77 !FGG#'>>GK r)rrrrxrry)r/r0r1r2rzr{rrrrpropertynist_auth_levelrIrr[r|rUr3r}r~s@rrrs`H* , +  EGO2"8BHH&&9:rr)rz__all__openid.extensionr rrerrrrrcompilerrr r rrr4rrrs ' 6LCI; CDT : 2'I2'jrPmrPjH}HVr