qhW8Sr/SQrSSKJr SSKJr SSKJrJr SSK r SSK r \ R"\ 5r SS/r/S Qr\ R "S 5r"S S \5rS r"SS\5rSrSrSrSr\4Sjrg)aQ This module contains the C{L{TrustRoot}} class, which helps handle trust root checking. This module is used by the C{L{openid.server.server}} module, but it is also available to server implementers who wish to use it for additional trust root checking. It also implements relying party return_to URL verification, based on the realm. ) TrustRootRP_RETURN_TO_URL_TYPEextractReturnToURLsreturnToMatchesverifyReturnTo)urinorm)services)urlparse urlunparseNhttphttps(acadaeaeroafagaialamanaoaqararpaasasiaatauawaxazbabbbdbebfbgbhbibizbjbmbnbobrbsbtbvbwbybzcacatcccdcfcgchcickclcmcncocomcoopcrcucvcxcyczdedjdkdmdodzecedueeegereseteufifjfkfmfofrgagbgdgegfggghgiglgmgngovgpgqgrgsgtgugwgyhkhmhnhrhthuidieilimininfointioiqirisitjejmjojobsjpkekgkhkikmknkpkrkwkykzlalblclilklrlsltlulvlymamcmdmemgmhmilmkmlmmmnmomobimpmqmrmsmtmumuseummvmwmxmymznanamencnenetnfngninlnonpnrnunzomorgpapepfpgphpkplpmpnprpropsptpwpyqarerorsrurwsasbscsdsesgshsisjskslsmsnsosrstsusvsysztctdteltftgthtjtktltmtntotptrtraveltttvtwtzuaugukusuyuzvavcvevgvivnvuwfwsz xn--0zwm56dzxn--11b5bs3a9aj6gzxn--80akhbyknj4fzxn--9t4b11yi5az xn--deba0adz xn--g6w251dzxn--hgbk6aj7f53bbazxn--hlcj6aya9esc7az xn--jxalpdlpz xn--kgbechtvz xn--zckzahyeytyuzazmzwz3(?:[-a-zA-Z0-9!$&'\(\)\*+,;=._~]|%[a-zA-Z0-9]{2})+$c$\rSrSrSrSrSrSrg)RealmVerificationRedirectedBzGAttempting to verify this realm resulted in a redirect. @since: 2.1.0 cXlX lgNrelying_party_urlrp_url_after_redirects)selfr!r"s I/var/www/html/env/lib/python3.13/site-packages/openid/server/trustroot.py__init__$RealmVerificationRedirected.__init__Hs!2&<#c>SUR<SUR<3$)NzAttempting to verify z resulted in redirect to r r#s r$__str__#RealmVerificationRedirected.__str__Ls $($:$:$($?$?A Br'r N)__name__ __module__ __qualname____firstlineno____doc__r%r*__static_attributes__r'r$rrBs =Br'rc[R"U5n[U5upp4pVU(d#U(dSU;aURSS5up%Sn[ SSX4XV45nSU;a2URS5upx[ R "SU5(dgOUnSnUR5n[R U5(dgXX4$![a gf=f![a gf=f)N?/:z\d+$) r ValueErrorr splitr rmatchlowerhost_segment_re) urlprotonetlocpathparamsqueryfraghostports r$ _parseURLrGRsooc"08},E4 "LLa0MF r2tU9 :D f} c*JDxx&&' :: url_partsr?rErFrApath_len trust_prefix url_prefixalloweds r$ validateURLTrustRoot.validateURLscN  "+T JJ  99  $;}}yy !==++#*1J 99 499~H99Yh/LixJ) diiIIbMW,I'0I Jr'c$[U5nUcgUup4pVU[;agURS5S:wagURSS5S:wagURS5(a![ U5S:a USS:wagUSSnSnOSnU"XXtXV5nU$) aH This method creates a C{L{TrustRoot}} instance from the given input, if possible. @param trust_root: This is the trust root to parse into a C{L{TrustRoot}} object. @type trust_root: C{str} @return: A C{L{TrustRoot}} instance if trust_root parses as a trust root, C{None} otherwise. @rtype: C{NoneType} or C{L{TrustRoot}} N#rRr]r5rQTF)rG _protocolsfind startswithrW) cls trust_rootr`r?rErFrAwilcardrs r$parseTrustRoot.parses"j)  "+T  " 99S>R  99S!  " ??3  4y1}aC8DGGG4 > r'cLURU5nUcgUR5$)z(str -> bool is this a sane trust root? F)rorZ)rltrust_root_stringrms r$ checkSanityTrustRoot.checkSanity-s+ YY01  $$& &r'c\URU5nUSL=(a URU5$)zhquick func for validating a url against a trust root. See the TrustRoot class if you need more control.N)rore)rlrmr>rs r$checkURLTrustRoot.checkURL:s*YYz "~5".."55r'cUR(a`URRS5(dUR5eSUR-nUR<SU<UR<3$UR $)a"Return a discovery URL for this realm. This function does not check to make sure that the realm is valid. Its behaviour on invalid inputs is undefined. @rtype: str @returns: The URL upon which relying party discovery should be run in order to verify the return_to URL @since: 2.1.0 rQwwwz://)rMrErkr?rArL)r# www_domains r$buildDiscoveryURLTrustRoot.buildDiscoveryURLBs\ ==99'',, 7dii 7,*J"&**j$))D D== r'c SUR<SUR<SUR<SUR<SUR<SUR <S3 $)Nz TrustRoot(z, )rKr)s r$__repr__TrustRoot.__repr__Ws2 MM4::t}}dii II r'c[U5$r)reprr)s r$r*TrustRoot.__str__\s Dzr')rErArFr?rLrMN)r,r-r.r/r0r%rZrero classmethodrsrvr{rr*r1r2r'r$rrts[ 4l7r2h  E 'k*K6 8$H!* r'rz*http://specs.openid.net/auth/2.0/return_tocRUR[/5(a UR$g)aIf the endpoint is a relying party OpenID return_to endpoint, return the endpoint URL. Otherwise, return None. This function is intended to be used as a filter for the Yadis filtering interface. @see: C{L{openid.yadis.services}} @see: C{L{openid.yadis.filters}} @param endpoint: An XRDS BasicServiceEndpoint, as returned by performing Yadis dicovery. @returns: The endpoint URL or None if the endpoint is not a relying party endpoint. @rtype: str or NoneType N) matchTypesruri)endpoints r$_extractReturnURLrgs&"1233||r'cUHHn[RU5nUcMUR(aM0URU5(dMH g g)zVIs the return_to URL under one of the supplied allowed return_to URLs? @since: 2.1.0 TF)rrorMre)allowed_return_to_urls return_toallowed_return_to return_realms r$rr~sO4 !'89 (!)))((334$ r'cb[R"U[5upX:wa [UU5eU$)zTGiven a relying party discovery URL return a list of return_to URLs. @since: 2.1.0 )r getServiceEndpointsrr)r!r"return_to_urlss r$getAllowedReturnURLsrsC 08/K/K,0.,2)*;*@B B r'c2[RU5nUcgU"UR55n[XA5(ag[RSU<SU<SU<35 g![a(n[R [ U55 SnAgSnAff=f)aVerify that a return_to URL is valid for the given realm. This function builds a discovery URL, performs Yadis discovery on it, makes sure that the URL does not redirect, parses out the return_to URLs, and finally checks to see if the current return_to URL matches the return_to. @raises DiscoveryFailure: When Yadis discovery fails @returns: True if the return_to URL is valid for the realm @since: 2.1.0 NFTzFailed to validate return_to z for realm z , was not in ) rror{rlogger exceptionstrrerror) realm_strr_vrfyrealmallowable_urlserrs r$rrs OOI &E }u6689 ~11 !*I~G H 'S"sA$$ B.BB)r0__all__openidr openid.yadisr urllib.parser r rlogging getLoggerr,rrirVcompiler= ExceptionrrGobjectrrrrrrr2r'r$rs !-    8 $g  >**:< B) B #Dii`E.8 "0Dr'