o sh\W@sxddlmZddlmZddlmZmZddlmZm Z m Z m Z m Z ddl mZddlmZmZmZmZddlmZmZdd lmZmZmZmZmZmZmZdd lZdd l Z Gd d d e!Z"e"d e"_#edddGddde!Z$edddGddde!Z%edddGddde!Z&edddGddde!Z'GdddeZ(Gddde)ee(dZ*eGddde*Z+eGd d!d!e*Z,eGd"d#d#e*Z-eGd$d%d%e*Z.eGd&d'd'e*Z/eGd(d)d)e*Z0Gd*d+d+e Z1dNd/d0Z2eddd1Gd2d3d3e1Z3eddd1Gd4d5d5e1Z4eddd1Gd6d7d7e1Z5eddd1Gd8d9d9e1Z6eddd1Gd:d;d;e1Z7eddd1Gdd?d?e1Z9eddd1Gd@dAdAe1Z:eddd1GdBdCdCe1Z;eddd1GdDdEdEe1Zeddd1GdJdKdKe1Z?GdLdMdMee)efZ@d S)O) annotations)cbor)CoseKeyES256)sha256websafe_decodewebsafe_encode ByteBuffer_JsonDataObject)webauthn_json_mapping)EnumEnumMetauniqueIntFlag) dataclassfield)AnyMappingOptionalSequenceTupleUnioncastNc@sFeZdZUdddZddZddZd d ZedddZde d<dS)AaguiddatabytescCst|dkr tddS)NzAAGUID must be 16 bytes)len ValueError)selfrr!I/var/www/html/env_mimamsha/lib/python3.10/site-packages/fido2/webauthn.py__init__8s zAaguid.__init__cCs |tjkSN)rNONEr r!r!r"__bool__< zAaguid.__bool__c CsP|}|ddd|ddd|ddd|ddd|dd S)N- r)hex)r hr!r!r"__str__?sHzAaguid.__str__cCsdt|dS)NzAAGUID())strr&r!r!r"__repr__CszAaguid.__repr__valuer1returncCs||ddS)Nr*)fromhexreplaceclsr3r!r!r"parseFz Aaguid.parser%N)rr)r3r1r4r) __name__ __module__ __qualname__r#r'r/r2 classmethodr:__annotations__r!r!r!r"r7s   rsFT)initfrozencsxeZdZUded<ded<ded<dfdd Zd d ZedddZedddZ edddZ edddZ Z S)AttestedCredentialDataraaguidr credential_idr public_key_cs^tt|}t|d|dt|d|dt|d|d|dr-tddS) NrDrrErrF Wrong length)superr#rC_parseobject __setattr__r)r rGparsed __class__r!r"r#Ws  zAttestedCredentialData.__init__cCt|Sr$reprr&r!r!r"r/azAttestedCredentialData.__str__rr4#Tuple[bytes, bytes, CoseKey, bytes]cCsJt|}t|d}||d}t|\}}||t||fS)zParse the components of an AttestedCredentialData from a binary string, and return them. :param data: A binary string containing an attested credential data. :return: AAGUID, credential ID, public key, and remaining data. r>H)r rreadunpackr decode_fromrr:)rreaderrDcred_idpub_keyrestr!r!r"rLds zAttestedCredentialData._parsecCs&||tdt||t|S)a%Create an AttestedCredentialData by providing its components. :param aaguid: The AAGUID of the authenticator. :param credential_id: The binary ID of the credential. :param public_key: A COSE formatted public key. :return: The attested credential data. rW)structpackrrencode)r9rDrErFr!r!r"creaters zAttestedCredentialData.create$Tuple[AttestedCredentialData, bytes]cCs$||\}}}}|||||fS)aUnpack an AttestedCredentialData from a byte string, returning it and any remaining data. :param data: A binary string containing an attested credential data. :return: The parsed AttestedCredentialData, and any remaining data from the input. )rLrb)r9rrDr\r]r^r!r!r" unpack_froms z"AttestedCredentialData.unpack_from key_handlecCs|tj|t|S)apCreate an AttestatedCredentialData from a CTAP1 RegistrationData instance. :param key_handle: The CTAP1 credential key_handle. :type key_handle: bytes :param public_key: The CTAP1 65 byte public key. :type public_key: bytes :return: The credential data, using an all-zero AAGUID. :rtype: AttestedCredentialData )rbrr%r from_ctap1)r9rerFr!r!r"rfs z!AttestedCredentialData.from_ctap1rGr)rrr4rV)rDrrErrFrr4rC)rrr4rc)rerrFrr4rC) r<r=r>r@r#r/ staticmethodrLr?rbrdrf __classcell__r!r!rPr"rCQs      rCcseZdZUdZGdddeZded<ded<ded <d ed <d ed <d%fdd ZddZe  d&d'ddZ d(ddZ d(ddZ d(ddZ d(dd Zd(d!d"Zd(d#d$ZZS))AuthenticatorDataaBinary encoding of the authenticator data. :param _: The binary representation of the authenticator data. :ivar rp_id_hash: SHA256 hash of the RP ID. :ivar flags: The flags of the authenticator data, see AuthenticatorData.FLAG. :ivar counter: The signature counter of the authenticator. :ivar credential_data: Attested credential data, if available. :ivar extensions: Authenticator extensions, if available. c@s@eZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdS) AuthenticatorData.FLAGzqAuthenticator data flags See https://www.w3.org/TR/webauthn/#sec-authenticator-data for details rr)r@N)r<r=r>__doc__UPUVBEBSATED USER_PRESENT USER_VERIFIEDBACKUP_ELIGIBILITY BACKUP_STATEATTESTEDEXTENSION_DATAr!r!r!r"FLAGsr|r rp_id_hashrkflagsintcounterz Optional[AttestedCredentialData]credential_dataOptional[Mapping] extensionsrGcstt|}t|d|dt|d|dt|d|d|}|jtj j @r:t |\}}nd}t|d||jtj j @rRt|\}}nd}t|d||ratd dS) Nr} r~Brz>IrrrJ)rKr#r rMrNrXrYr~rjr|rtrCrdrurrZr)r rGr[r^rrrPr!r"r#s" zAuthenticatorData.__init__cCrRr$rSr&r!r!r"r/rUzAuthenticatorData.__str__NcCs4||td||||durt|SdS)aCreate an AuthenticatorData instance. :param rp_id_hash: SHA256 hash of the RP ID. :param flags: Flags of the AuthenticatorData. :param counter: Signature counter of the authenticator data. :param credential_data: Authenticated credential data (only if attested credential data flag is set). :param extensions: Authenticator extensions (only if ED flag is set). :return: The authenticator data. z>BINr)r_r`rra)r9r}r~rrrr!r!r"rbs zAuthenticatorData.creater4boolcCt|jtjj@S)z,Return true if the User Present flag is set.)rr~rjr|rpr&r!r!r"is_user_presentr;z!AuthenticatorData.is_user_presentcCr)z-Return true if the User Verified flag is set.)rr~rjr|rqr&r!r!r"is_user_verifiedr;z"AuthenticatorData.is_user_verifiedcCr)z2Return true if the Backup Eligibility flag is set.)rr~rjr|rrr&r!r!r"is_backup_eligibler;z$AuthenticatorData.is_backup_eligiblecCr)z,Return true if the Backup State flag is set.)rr~rjr|rsr&r!r!r" is_backed_upr;zAuthenticatorData.is_backed_upcCr)z8Return true if the Attested credential data flag is set.)rr~rjr|rtr&r!r!r" is_attested r;zAuthenticatorData.is_attestedcCr)z/Return true if the Extenstion data flag is set.)rr~rjr|rur&r!r!r"has_extension_datar;z$AuthenticatorData.has_extension_datarg)rN) r}rr~rkrrrrrr)r4r)r<r=r>rorr|r@r#r/r?rbrrrrrrrir!r!rPr"rjs(       rjcs`eZdZUdZded<ded<ded<dfd d Zd d ZedddZedddZ Z S)AttestationObjectaBinary CBOR encoded attestation object. :param _: The binary representation of the attestation object. :ivar fmt: The type of attestation used. :ivar auth_data: The attested authenticator data. :ivar att_statement: The attestation statement. r1fmtrj auth_dataMapping[str, Any]att_stmtrGrcsdtttttftt|}t |d|dt |dt |dt |d|ddS)NrrauthDatarattStmt) rKr#rrr1rrdecoderrMrNrjr rGrrPr!r"r##s zAttestationObject.__init__cCrRr$rSr&r!r!r"r/+rUzAttestationObject.__str__r4cCs|t|||dS)N)rrr)rra)r9rrrr!r!r"rb.szAttestationObject.create app_paramc Cs>|dt|tjjtjjBdt|j|j|j g|j dS)aCreate an AttestationObject from a CTAP1 RegistrationData instance. :param app_param: SHA256 hash of the RP ID used for the CTAP1 request. :type app_param: bytes :param registration: The CTAP1 registration data. :type registration: RegistrationData :return: The attestation object, using the "fido-u2f" format. :rtype: AttestationObject zfido-u2fr)x5csig) rbrjr|rtrprCrfrerF certificate signature)r9r registrationr!r!r"rf6s zAttestationObject.from_ctap1rg)rr1rrjrrr4r)rrr4r) r<r=r>ror@r#r/r?rbrfrir!r!rPr"rs  rcseZdZUeGdddeeZded<ded<ded<dZd ed <dfd d Z e ddddZ ddZ e dddZe dddZZS)CollectedClientDatac@eZdZdZdZdS)zCollectedClientData.TYPEzwebauthn.createz webauthn.getN)r<r=r>CREATEGETr!r!r!r"TYPEQrr1typer challengeoriginFr cross_originrGcsltt|}t|d|dt|dt|dt|d|dt|d|dddS)Nrrrr crossOriginF) rKr#jsonloadsrrMrNrgetrrPr!r"r#[s zCollectedClientData.__init__Union[bytes, str]r4cKs<t|tr t|}n|}|tj||||d|ddS)N)rrrr),:) separators) isinstancerr rdumpsra)r9rrrrkwargsencoded_challenger!r!r"rbds  zCollectedClientData.createcCrRr$rSr&r!r!r"r/~rUzCollectedClientData.__str__cCrRr$)r r&r!r!r"b64zCollectedClientData.b64cCrRr$)rr&r!r!r"hashrzCollectedClientData.hashrg)F) rr1rrrr1rrr4r)r4r1)r4r)r<r=r>rr1r rr@rr#r?rbr/propertyrrrir!r!rPr"rOs    rcs$eZdZddZfddZZS)_StringEnumMetacCsdSr$r!r8r!r!r" _get_valuesz_StringEnumMeta._get_valuecs:ztj|g|Ri|WSty||YSwr$)rK__call__rr)r9r3argsrrPr!r"rs  z_StringEnumMeta.__call__)r<r=r>rrrir!r!rPr"rsrc@eZdZdZdS) _StringEnumzYEnum of strings for WebAuthn types. Unrecognized values are treated as missing. N)r<r=r>ror!r!r!r"rsr) metaclassc@seZdZdZdZdZdZdS)AttestationConveyancePreferencenoneindirectdirect enterpriseN)r<r=r>r%INDIRECTDIRECT ENTERPRISEr!r!r!r"rs rc@eZdZdZdZdZdS)UserVerificationRequirementrequired preferred discouragedNr<r=r>REQUIRED PREFERRED DISCOURAGEDr!r!r!r"rrc@r)ResidentKeyRequirementrrrNrr!r!r!r"rrrc@r)AuthenticatorAttachmentplatformzcross-platformN)r<r=r>PLATFORMCROSS_PLATFORMr!r!r!r"rrrc@s eZdZdZdZdZdZdZdS)AuthenticatorTransportusbnfcblehybridinternalN)r<r=r>USBNFCBLEHYBRIDINTERNALr!r!r!r"rs rc@r)PublicKeyCredentialTypez public-keyN)r<r=r> PUBLIC_KEYr!r!r!r"rsrcs<eZdZfddZefddZefddZZS)_WebAuthnDataObjectcs"tjr t|Stt||Sr$)r enabledrK __getitem__r r keyrPr!r"rs z_WebAuthnDataObject.__getitem__cs&tjr t||Stt|||Sr$)r rrK _parse_valuer r9tr3rPr!r"rsz _WebAuthnDataObject._parse_valuecstt|Sr$)r warnrK from_dict)r9rrPr!r"rs z_WebAuthnDataObject.from_dict)r<r=r>rr?rrrir!r!rPr"rs  rrr4rcsfddDS)Ncsi|] }|tt|qSr!)rKr r).0krr!r" z_as_cbor..r!rr!rr"_as_cborsr)eqrBc@s0eZdZUded<dZded<ed dd ZdS) PublicKeyCredentialRpEntityr1nameN Optional[str]idr4Optional[bytes]cCs|jr t|jdSdS)z%Return SHA256 hash of the identifier.utf8N)rrrar&r!r!r"id_hashsz#PublicKeyCredentialRpEntity.id_hash)r4r)r<r=r>r@rrrr!r!r!r"rs  rc@*eZdZUded<ded<dZded<dS)PublicKeyCredentialUserEntityr1rrrNr display_name)r<r=r>r@rr!r!r!r"r rc@seZdZUded<ded<dS)PublicKeyCredentialParametersrrralgNr<r=r>r@r!r!r!r"rs  rc@r)PublicKeyCredentialDescriptorrrrrNz*Optional[Sequence[AuthenticatorTransport]] transports)r<r=r>r@rr!r!r!r"rrrcsNeZdZUdZded<dZded<dZded<dZd ed <fd d ZZ S) AuthenticatorSelectionCriteriaN!Optional[AuthenticatorAttachment]authenticator_attachmentz Optional[ResidentKeyRequirement] resident_key%Optional[UserVerificationRequirement]user_verificationFzOptional[bool]require_resident_keycsJt|jdurt|d|jrtjntjt|d|jtjkdS)Nrr ) rK __post_init__rrMrNr rrrr&rPr!r"r s    z,AuthenticatorSelectionCriteria.__post_init__) r<r=r>rr@rr r r rir!r!rPr"rs    rc@sjeZdZUded<ded<ded<ded<d Zd ed <d Zd ed <d Zded<d Zded<d Zded<d S)"PublicKeyCredentialCreationOptionsrrpruserrrz'Sequence[PublicKeyCredentialParameters]pub_key_cred_paramsN Optional[int]timeout1Optional[Sequence[PublicKeyCredentialDescriptor]]exclude_credentialsz(Optional[AuthenticatorSelectionCriteria]authenticator_selectionz)Optional[AttestationConveyancePreference] attestationOptional[Mapping[str, Any]]r) r<r=r>r@rrrrrr!r!r!r"r s     r c@sReZdZUded<dZded<dZded<dZded <dZd ed <dZd ed <dS)!PublicKeyCredentialRequestOptionsrrNrrrrp_idrallow_credentialsrr rr) r<r=r>r@rrrr rr!r!r!r"r#s     rcsjeZdZUeedddZded<ded<dZd ed <fd d Ze fd dZ e fddZ Z S) AuthenticatorAttestationResponseclientDataJSONrmetadatar client_datarattestation_objectNrextension_resultsc |dkr tjs |jSt|SN clientDatar rrrKrrrPr!r"r4 z,AuthenticatorAttestationResponse.__getitem__c6|durtjst|}|dd|d<|}t|SNr$rr rdictpoprKrr9rr3rPr!r"r9  z*AuthenticatorAttestationResponse.from_dictc&|ttttfkr |St||Sr$rrr1rrKrrrPr!r"rAz-AuthenticatorAttestationResponse._parse_value) r<r=r>rr*rr@r!rr?rrrir!r!rPr"r.s   rcseZdZUeedddZded<ded<ded <d Zd ed <d Zd ed <d Z ded<fddZ e fddZ e fddZ ZS)AuthenticatorAssertionResponserrrrrrjauthenticator_datarrNr user_handlerErr!cr"r#r%rrPr!r"rSr&z*AuthenticatorAssertionResponse.__getitem__cr'r(r)r,rPr!r"rXr-z(AuthenticatorAssertionResponse.from_dictcr.r$r/rrPr!r"r`r0z+AuthenticatorAssertionResponse._parse_value)r<r=r>rr*rr@r3rEr!rr?rrrir!r!rPr"r1Js     r1cReZdZUded<ded<dZded<dZded <dZd ed <fd d ZZS)RegistrationResponserrrresponseNrr/Optional[AuthenticationExtensionsClientOutputs]client_extension_results!Optional[PublicKeyCredentialType]rcttdSr$r requirerKr r&rPr!r"r qz"RegistrationResponse.__post_init__ r<r=r>r@rr8rr rir!r!rPr"r5i    r5cr4)AuthenticationResponserrr1r6Nrrr7r8r9rcr:r$r;r&rPr!r"r r=z$AuthenticationResponse.__post_init__r>r!r!rPr"r@wr?r@c@eZdZUded<dS)CredentialCreationOptionsr rFNrr!r!r!r"rB rBc@rA)CredentialRequestOptionsrrFNrr!r!r!r"rDrCrDc@sBeZdZdZdddZddZdd Zd d Zd d ZddZ dS)%AuthenticationExtensionsClientOutputsaHolds extension output from a call to MakeCredential or GetAssertion. When accessed as a dict, all bytes values will be serialized to base64url encoding, capable of being serialized to JSON. When accessed using attributes, richer types will instead be returned. outputsrcCsdd|D|_dS)NcSsi|] \}}|dur||qSr$r!)rrvr!r!r"rrzBAuthenticationExtensionsClientOutputs.__init__..)items_members)r rFr!r!r"r#sz.AuthenticationExtensionsClientOutputs.__init__cC t|jSr$)iterrIr&r!r!r"__iter__r(z.AuthenticationExtensionsClientOutputs.__iter__cCrJr$)rrIr&r!r!r"__len__r(z-AuthenticationExtensionsClientOutputs.__len__cCs<|j|}t|trt|St|trt|tst|S|Sr$)rIrrr rr*)r rr3r!r!r"rs  z1AuthenticationExtensionsClientOutputs.__getitem__cCs:|d}|dddd|ddD}|j|S)NrGrr5css|]}|VqdSr$)title)rpr!r!r" szDAuthenticationExtensionsClientOutputs.__getattr__..r)splitjoinrIr)r rpartsrr!r!r" __getattr__s $ z1AuthenticationExtensionsClientOutputs.__getattr__cCs tt|Sr$)rTr*r&r!r!r"r2s z.AuthenticationExtensionsClientOutputs.__repr__N)rFr) r<r=r>ror#rLrMrrTr2r!r!r!r"rEs  rE)rrr4r)A __future__rr5rcoserrutilsrrr r r featuresr enumr rrr dataclassesrrtypingrrrrrrrr_rrrr%rCrjrrrr1rrrrrrrrrrrrrrr rrr1r5r@rBrDrEr!r!r!r"s   $   L v 9: