o
    0c                     @   s  U d dl Z d dlZd dlZd dlZd dlZd dlZd dlZejr!	 dZ	dZ
edd ejjejjfD Zeje ed< e
ddfdejeef dejeef d	ed
eje dejejeejf  defddZe
ddfdejeef dejeef d	ed
eje dejejeejf  defddZdededefddZdedefddZdedededejeef fddZ	d(dedededefdd Zd!ededefd"d#Z d$ed%edeje fd&d'Z!dS ))    N>abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789i c                 c   s$    | ]}|d ur|dkr|V  qd S )N/ .0sepr   r   G/var/www/html/gps/gps/lib/python3.10/site-packages/werkzeug/security.py	<genexpr>   s    
r	   _os_alt_sepsdatasalt
iterationskeylenhashfuncreturnc                 C   s$   t jdtdd t| |||| S )a  Like :func:`pbkdf2_bin`, but returns a hex-encoded string.

    :param data: the data to derive.
    :param salt: the salt for the derivation.
    :param iterations: the number of iterations.
    :param keylen: the length of the resulting key.  If not provided,
                   the digest size will be used.
    :param hashfunc: the hash function to use.  This can either be the
                     string name of a known hash function, or a function
                     from the hashlib module.  Defaults to sha256.

    .. deprecated:: 2.0
        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
        instead.

    .. versionadded:: 0.9
    zj'pbkdf2_hex' is deprecated and will be removed in Werkzeug 2.1. Use 'hashlib.pbkdf2_hmac().hex()' instead.   
stacklevel)warningswarnDeprecationWarning
pbkdf2_binhex)r   r   r   r   r   r   r   r   
pbkdf2_hex   s   r   c                 C   sj   t jdtdd t| tr| d} t|tr|d}|s!d}nt|r*| j}n|}t	|| |||S )ae  Returns a binary digest for the PBKDF2 hash algorithm of `data`
    with the given `salt`. It iterates `iterations` times and produces a
    key of `keylen` bytes. By default, SHA-256 is used as hash function;
    a different hashlib `hashfunc` can be provided.

    :param data: the data to derive.
    :param salt: the salt for the derivation.
    :param iterations: the number of iterations.
    :param keylen: the length of the resulting key.  If not provided
                   the digest size will be used.
    :param hashfunc: the hash function to use.  This can either be the
                     string name of a known hash function or a function
                     from the hashlib module.  Defaults to sha256.

    .. deprecated:: 2.0
        Will be removed in Werkzeug 2.1. Use :func:`hashlib.pbkdf2_hmac`
        instead.

    .. versionadded:: 0.9
    zd'pbkdf2_bin' is deprecated and will be removed in Werkzeug 2.1. Use 'hashlib.pbkdf2_hmac()' instead.r   r   utf8sha256)
r   r   r   
isinstancestrencodecallablenamehashlibpbkdf2_hmac)r   r   r   r   r   	hash_namer   r   r   r   5   s   




r   abc                 C   sD   t jdtdd t| tr| d} t|tr|d}t| |S )ai  This function compares strings in somewhat constant time.  This
    requires that the length of at least one string is known in advance.

    Returns `True` if the two strings are equal, or `False` if they are not.

    .. deprecated:: 2.0
        Will be removed in Werkzeug 2.1. Use
        :func:`hmac.compare_digest` instead.

    .. versionadded:: 0.7
    zd'safe_str_cmp' is deprecated and will be removed in Werkzeug 2.1. Use 'hmac.compare_digest' instead.r   r   utf-8)r   r   r   r   r   r   hmaccompare_digest)r$   r%   r   r   r   safe_str_cmpg   s   



r)   lengthc                 C   s(   | dkrt dddd t| D S )zAGenerate a random string of SALT_CHARS with specified ``length``.r   zSalt length must be positive c                 s   s    | ]}t tV  qd S N)secretschoice
SALT_CHARS)r   _r   r   r   r	      s    zgen_salt.<locals>.<genexpr>)
ValueErrorjoinrange)r*   r   r   r   gen_salt   s   r4   methodpasswordc                 C   s   | dkr|| fS | d}| d}| drS|std| dd d}t|dvr0td	|d
} |r?t|d
 p=d
nt}t	| |||
 d|  d| fS |r`t|||  | fS t| | | fS )zInternal password hash helper.  Supports plaintext without salt,
    unsalted and salted passwords.  In case salted passwords are used
    hmac is used.
    plainr&   zpbkdf2:zSalt is required for PBKDF2   N:)   r   z&Invalid number of arguments for PBKDF2r   )r   
startswithr1   splitlenpopintDEFAULT_PBKDF2_ITERATIONSr!   r"   r   r'   new	hexdigest)r5   r   r6   argsr   r   r   r   _hash_internal   s$   



rD   pbkdf2:sha256   salt_lengthc                 C   s8   |dkrt |nd}t||| \}}| d| d| S )a  Hash a password with the given method and salt with a string of
    the given length. The format of the string returned includes the method
    that was used so that :func:`check_password_hash` can check the hash.

    The format for the hashed string looks like this::

        method$salt$hash

    This method can **not** generate unsalted passwords but it is possible
    to set param method='plain' in order to enforce plaintext passwords.
    If a salt is used, hmac is used internally to salt the password.

    If PBKDF2 is wanted it can be enabled by setting the method to
    ``pbkdf2:method:iterations`` where iterations is optional::

        pbkdf2:sha256:80000$salt$hash
        pbkdf2:sha256$salt$hash

    :param password: the password to hash.
    :param method: the hash method to use (one that hashlib supports). Can
                   optionally be in the format ``pbkdf2:method:iterations``
                   to enable PBKDF2.
    :param salt_length: the length of the salt in letters.
    r7   r+   $)r4   rD   )r6   r5   rG   r   hactual_methodr   r   r   generate_password_hash   s   rK   pwhashc                 C   s<   |  ddk r	dS | dd\}}}tt|||d |S )a  Check a password against a given salted and hashed password value.
    In order to support unsalted legacy passwords this method supports
    plain text passwords, md5 and sha1 hashes (both salted and unsalted).

    Returns `True` if the password matched, `False` otherwise.

    :param pwhash: a hashed string like returned by
                   :func:`generate_password_hash`.
    :param password: the plaintext password to compare against the hash.
    rH   r   Fr   )countr<   r'   r(   rD   )rL   r6   r5   r   hashvalr   r   r   check_password_hash   s   rO   	directory	pathnamesc                    sp   | g}|D ]-  dkrt   t fddtD s*tj s* dks* dr- dS |  qt j	| S )a2  Safely join zero or more untrusted path components to a base
    directory to avoid escaping the base directory.

    :param directory: The trusted base directory.
    :param pathnames: The untrusted path components relative to the
        base directory.
    :return: A safe path, otherwise ``None``.
    r+   c                 3   s    | ]}| v V  qd S r,   r   r   filenamer   r   r	      s    zsafe_join.<locals>.<genexpr>z..z../N)
	posixpathnormpathanyr
   ospathisabsr;   appendr2   )rP   rQ   partsr   rR   r   	safe_join   s   	


r\   )rE   rF   )"r!   r'   rW   rT   r-   typingtr   TYPE_CHECKINGr/   r@   listrX   r   altsepr
   Listr   __annotations__Unionbytesr?   OptionalCallabler   r   boolr)   r4   TuplerD   rK   rO   r\   r   r   r   r   <module>   sz   
 
$
2$"
  