§
    !¾<iT7  م                   َب   — d Z ddlZddlZddlZddlmZ ddlmZ ddlmZ ddl	m
Z
 ddl	mZ d	Zd
ZdZdZdZdZdd„Zdd„Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ Zd„ ZdS )zصauthlib.oauth1.rfc5849.signature.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This module represents a direct implementation of `section 3.4`_ of the spec.

.. _`section 3.4`: https://tools.ietf.org/html/rfc5849#section-3.4
é    N)عto_bytes)ع
to_unicode)عurlparseé   ©عescape)عunescapez	HMAC-SHA1zRSA-SHA1ع	PLAINTEXTعHEADERعQUERYعBODYc                 َv  — t          ||¦  «        }g }|D ]E\  }}|dv rŒ
|                     d¦  «        rt          |¦  «        }|                     ||f¦  «         ŒFt	          |¦  «        }d                     t          |                      ¦   «         ¦  «        t          |¦  «        t          |¦  «        g¦  «        S )aX  Generate signature base string from request, per `Section 3.4.1`_.

    For example, the HTTP request::

        POST /request?b5=%3D%253D&a3=a&c%40=&a2=r%20b HTTP/1.1
        Host: example.com
        Content-Type: application/x-www-form-urlencoded
        Authorization: OAuth realm="Example",
            oauth_consumer_key="9djdj82h48djs9d2",
            oauth_token="kkk9d7dh3k39sjv7",
            oauth_signature_method="HMAC-SHA1",
            oauth_timestamp="137131201",
            oauth_nonce="7d8f3e4a",
            oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D"

        c2&a3=2+q

    is represented by the following signature base string (line breaks
    are for display purposes only)::

        POST&http%3A%2F%2Fexample.com%2Frequest&a2%3Dr%2520b%26a3%3D2%2520q
        %26a3%3Da%26b5%3D%253D%25253D%26c%2540%3D%26c2%3D%26oauth_consumer_
        key%3D9djdj82h48djs9d2%26oauth_nonce%3D7d8f3e4a%26oauth_signature_m
        ethod%3DHMAC-SHA1%26oauth_timestamp%3D137131201%26oauth_token%3Dkkk
        9d7dh3k39sjv7

    .. _`Section 3.4.1`: https://tools.ietf.org/html/rfc5849#section-3.4.1
    )عoauth_signatureعrealmعoauth_ْ&)عnormalize_base_string_uriع
startswithr	   عappendعnormalize_parametersعjoinr   عupper)	عmethodعuriعparamsعhostعbase_string_uriعunescaped_paramsعkعvعnormalized_paramss	            ْ›/Users/kimhansen/Desktop/03 Workspace/ceo-agents/chl-effectiveness/mcp-servers/whoop/.venv/lib/python3.11/site-packages/authlib/oauth1/rfc5849/signature.pyعconstruct_base_stringr#      sر   € ُ< 0°°Tر:ش:€Oً ذطً (ً (‰ˆˆ1àذ,ذ,ذ,طً ڈ<ٹ<کر!ش!ً 	فک‘”ˆAط×ز  A ر'ش'ذ'ذ'ُ -ذ-=ر>ش>ذً ڈ8ٹ8هگ6—<’<‘>”>ر"ش"فگ?ر#ش#فذ$ر%ش%ً	
ٌô ً َ    c                 َ‚  — t          | ¦  «        } t          j        | ¦  «        \  }}}}}}|r|st          d¦  «        ‚|sd}|                     ¦   «         }|                     ¦   «         }|پ|                     ¦   «         }d}d|v r!|                     dd¦  «        \  }}	||	f|v r|}t          j        ||||ddf¦  «        S )a7  Normalize Base String URI per `Section 3.4.1.2`_.

    For example, the HTTP request::

        GET /r%20v/X?id=123 HTTP/1.1
        Host: EXAMPLE.COM:80

    is represented by the base string URI: "http://example.com/r%20v/X".

    In another example, the HTTPS request::

        GET /?q=1 HTTP/1.1
        Host: www.example.net:8080

    is represented by the base string URI: "https://www.example.net:8080/".

    .. _`Section 3.4.1.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.2

    The host argument overrides the netloc part of the uri argument.
    z$uri must include a scheme and netlocْ/N))عhttpع80)عhttpsع443ْ:r   ع )r   r   ع
ValueErrorعlowerعsplitع
urlunparse)
r   r   عschemeعnetlocعpathr   عqueryعfragmentعdefault_portsعports
             r"   r   r   V   sé   € ُ* گS‰/Œ/€Cف4<ش4Eہcر4Jش4Jر1€FˆFگDک& %¨ً ً Aکً Aفذ?ر@ش@ذ@ً ً طˆً ڈ\ٹ\‰^Œ^€Fطڈ\ٹ\‰^Œ^€Fً ذط—’‘”ˆً€Mً ˆf€}€}ط—\’\ # qر)ش)‰
ˆˆdطگDˆ>ک]ذ*ذ*طˆFهش ¨°°f¸bہ"ذEرFشFذFr$   c                 َ„   — d„ | D ¦   «         }|                      ¦   «          d„ |D ¦   «         }d                     |¦  «        S )a×
  Normalize parameters per `Section 3.4.1.3.2`_.

    For example, the list of parameters from the previous section would
    be normalized as follows:

    Encoded::

    +------------------------+------------------+
    |          Name          |       Value      |
    +------------------------+------------------+
    |           b5           |     %3D%253D     |
    |           a3           |         a        |
    |          c%40          |                  |
    |           a2           |       r%20b      |
    |   oauth_consumer_key   | 9djdj82h48djs9d2 |
    |       oauth_token      | kkk9d7dh3k39sjv7 |
    | oauth_signature_method |     HMAC-SHA1    |
    |     oauth_timestamp    |     137131201    |
    |       oauth_nonce      |     7d8f3e4a     |
    |           c2           |                  |
    |           a3           |       2%20q      |
    +------------------------+------------------+

    Sorted::

    +------------------------+------------------+
    |          Name          |       Value      |
    +------------------------+------------------+
    |           a2           |       r%20b      |
    |           a3           |       2%20q      |
    |           a3           |         a        |
    |           b5           |     %3D%253D     |
    |          c%40          |                  |
    |           c2           |                  |
    |   oauth_consumer_key   | 9djdj82h48djs9d2 |
    |       oauth_nonce      |     7d8f3e4a     |
    | oauth_signature_method |     HMAC-SHA1    |
    |     oauth_timestamp    |     137131201    |
    |       oauth_token      | kkk9d7dh3k39sjv7 |
    +------------------------+------------------+

    Concatenated Pairs::

    +-------------------------------------+
    |              Name=Value             |
    +-------------------------------------+
    |               a2=r%20b              |
    |               a3=2%20q              |
    |                 a3=a                |
    |             b5=%3D%253D             |
    |                c%40=                |
    |                 c2=                 |
    | oauth_consumer_key=9djdj82h48djs9d2 |
    |         oauth_nonce=7d8f3e4a        |
    |   oauth_signature_method=HMAC-SHA1  |
    |      oauth_timestamp=137131201      |
    |     oauth_token=kkk9d7dh3k39sjv7    |
    +-------------------------------------+

    and concatenated together into a single string (line breaks are for
    display purposes only)::

        a2=r%20b&a3=2%20q&a3=a&b5=%3D%253D&c%40=&c2=&oauth_consumer_key=9dj
        dj82h48djs9d2&oauth_nonce=7d8f3e4a&oauth_signature_method=HMAC-SHA1
        &oauth_timestamp=137131201&oauth_token=kkk9d7dh3k39sjv7

    .. _`Section 3.4.1.3.2`: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.2
    c                 َP   — g | ]#\  }}t          |¦  «        t          |¦  «        f‘Œ$S © r   ©ع.0r   r    s      r"   ْ
<listcomp>z(normalize_parameters.<locals>.<listcomp>و   s-   € ذ<ذ<ذ<©T¨Q°•6ک!‘9”9‌f Q™iœiذ(ذ<ذ<ذ<r$   c                 َ"   — g | ]\  }}|› d |› ‌‘ŒS )ْ=r:   r;   s      r"   r=   z(normalize_parameters.<locals>.<listcomp>ً   s&   € ذ9ذ9ذ9،d a¨ک!گzگzکaگzگzذ9ذ9ذ9r$   r   )عsortr   )r   ع
key_valuesعparameter_partss      r"   r   r   ‌   sS   € ًR =ذ<°Vذ<ر<ش<€Jً
 ‡O‚Oرشذً
 :ذ9¨jذ9ر9ش9€Oً
 ڈ8ٹ8گOر$ش$ذ$r$   c                 َz   — | j                              dd¦  «        }t          | j        | j        | j        |¦  «        S )z,Generate signature base string from request.عHostN)عheadersعgetr#   r   r   r   )عrequestr   s     r"   عgenerate_signature_base_stringrH   ّ   s3   € àŒ?×زکv tر,ش,€Dف  ¤°´¸g¼nبdرSشSذSr$   c                 َH  — | }t          |pd¦  «        }|dz  }|t          |pd¦  «        z  }t          j        t          |¦  «        t          |¦  «        t          j        ¦  «        }t          j        |                     ¦   «         ¦  «        dd…         }t          |¦  «        S )a[  Generate signature via HMAC-SHA1 method, per `Section 3.4.2`_.

    The "HMAC-SHA1" signature method uses the HMAC-SHA1 signature
    algorithm as defined in `RFC2104`_::

        digest = HMAC - SHA1(key, text)

    .. _`RFC2104`: https://tools.ietf.org/html/rfc2104
    .. _`Section 3.4.2`: https://tools.ietf.org/html/rfc5849#section-3.4.2
    r,   r   Néےےےے)
r   عhmacعnewr   عhashlibعsha1عbinasciiع
b2a_base64عdigestr   )عbase_stringعclient_secretعtoken_secretعtextعkeyع	signatureعsigs          r"   عhmac_sha1_signaturerY   ‏   s•   € ً" €Dُ گذ$ "ر
%ش
%€Cً ˆ3پJ€Cً
 چ6گ,ذ$ "ر%ش%ر%€Cه”‌ #™œ­°©¬½¼رEشE€Iُ ش
کi×.ز.ر0ش0ر
1ش
1°#°2°#ش
6€Cفگc‰?Œ?ذr$   c                 َ´   — ddl m} t          | ¦  «        }  |t          | ¦  «        |¦  «        }t          j        |¦  «        dd…         }t          |¦  «        S )ar  Generate signature via RSA-SHA1 method, per `Section 3.4.3`_.

    The "RSA-SHA1" signature method uses the RSASSA-PKCS1-v1_5 signature
    algorithm as defined in `RFC3447, Section 8.2`_ (also known as
    PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5.  To
    use this method, the client MUST have established client credentials
    with the server that included its RSA public key (in a manner that is
    beyond the scope of this specification).

    .. _`Section 3.4.3`: https://tools.ietf.org/html/rfc5849#section-3.4.3
    .. _`RFC3447, Section 8.2`: https://tools.ietf.org/html/rfc3447#section-8.2
    r   )ع	sign_sha1NrJ   )عrsar[   r   rO   rP   r   )rR   عrsa_private_keyr[   عsrX   s        r"   عrsa_sha1_signaturer_   +  sa   € ً ذذذذذهک;ر'ش'€Kطˆ	•(ک;ر'ش'¨ر9ش9€Aف
ش
کaر
 ش
   " ش
%€Cفگc‰?Œ?ذr$   c                 َZ   — t          | pd¦  «        }|dz  }|t          |pd¦  «        z  }|S )aت  Generate signature via PLAINTEXT method, per `Section 3.4.4`_.

    The "PLAINTEXT" method does not employ a signature algorithm.  It
    MUST be used with a transport-layer mechanism such as TLS or SSL (or
    sent over a secure channel with equivalent protections).  It does not
    utilize the signature base string or the "oauth_timestamp" and
    "oauth_nonce" parameters.

    .. _`Section 3.4.4`: https://tools.ietf.org/html/rfc5849#section-3.4.4
    r,   r   r   )rS   rT   rW   s      r"   عplaintext_signaturera   @  sA   € ُ" گ}ذ*¨ر+ش+€Iً گر€Iً
 •کذ*¨ر+ش+ر+€Iàذr$   c                 َV   — t          |¦  «        }t          || j        | j        ¦  «        S )zSign a HMAC-SHA1 signature.)rH   rY   rS   rT   ©عclientrG   rR   s      r"   عsign_hmac_sha1re   _  s'   € ه0°ر9ش9€Kفک{¨Fش,@ہ&شBUرVشVذVr$   c                 َJ   — t          |¦  «        }t          || j        ¦  «        S )z4Sign a RSASSA-PKCS #1 v1.5 base64 encoded signature.)rH   r_   عrsa_keyrc   s      r"   عsign_rsa_sha1rh   e  s!   € ه0°ر9ش9€Kفکk¨6¬>ر:ش:ذ:r$   c                 َ6   — t          | j        | j        ¦  «        S )zSign a PLAINTEXT signature.)ra   rS   rT   )rd   rG   s     r"   عsign_plaintextrj   k  s   € هکvش3°Vش5HرIشIذIr$   c                 َٹ   — t          | ¦  «        }t          || j        | j        ¦  «        }t	          j        || j        ¦  «        S )zVerify a HMAC-SHA1 signature.)rH   rY   rS   rT   rK   عcompare_digestrW   )rG   rR   rX   s      r"   عverify_hmac_sha1rm   p  s<   € ه0°ر9ش9€Kف
کk¨7ش+@ہ'شBVر
Wش
W€Cفشکs Gش$5ر6ش6ذ6r$   c                 َ¶   — ddl m} t          | ¦  «        }t          j        t          | j        ¦  «        ¦  «        } ||t          |¦  «        | j        ¦  «        S )z6Verify a RSASSA-PKCS #1 v1.5 base64 encoded signature.r   )عverify_sha1)r\   ro   rH   rO   ع
a2b_base64r   rW   عrsa_public_key)rG   ro   rR   rX   s       r"   عverify_rsa_sha1rr   w  s[   € à ذ ذ ذ ذ ذ ه0°ر9ش9€Kف
ش
‌h wش'8ر9ش9ر
:ش
:€Cطˆ;گs‌H [ر1ش1°7ش3IرJشJذJr$   c                 َj   — t          | j        | j        ¦  «        }t          j        || j        ¦  «        S )zVerify a PLAINTEXT signature.)ra   rS   rT   rK   rl   rW   )rG   rX   s     r"   عverify_plaintextrt   €  s-   € ه
کgش3°Wش5Iر
Jش
J€Cفشکs Gش$5ر6ش6ذ6r$   )N)ع__doc__rO   rM   rK   عauthlib.common.encodingr   r   عauthlib.common.urlsr   عutilr   r	   عSIGNATURE_HMAC_SHA1عSIGNATURE_RSA_SHA1عSIGNATURE_PLAINTEXTعSIGNATURE_TYPE_HEADERعSIGNATURE_TYPE_QUERYعSIGNATURE_TYPE_BODYr#   r   r   rH   rY   r_   ra   re   rh   rj   rm   rr   rt   r:   r$   r"   ْ<module>r      sœ  ًًً ً €€€ط €€€ط €€€à ,ذ ,ذ ,ذ ,ذ ,ذ ,ط .ذ .ذ .ذ .ذ .ذ .ط (ذ (ذ (ذ (ذ (ذ (à ذ ذ ذ ذ ذ ط ذ ذ ذ ذ ذ à!ذ طذ ط!ذ à ذ طذ طذ ً6ً 6ً 6ً 6ًrDGً DGً DGً DGًNX%ً X%ً X%ًvTً Tً Tً*ً *ً *ًZً ً ً*ً ً ً>Wً Wً Wً;ً ;ً ;ًJً Jً Jً
7ً 7ً 7ًKً Kً Kً7ً 7ً 7ً 7ً 7r$   