+
    TjD"                     H   R t ^ RIt^ RIt^ RIt^ RIt^ RIt^ RIHt ^ RIH	t	H
t
 ^ RIHt ^ RIHt ^ RIHt ]! R4      tRt ! R	 R
]4      t ! R R]4      tR tR tR tR tRR ltR tRR lt ! R R4      tRR]R3R ltRR]RR3R lt ! R R4      t  ! R R] 4      t!R# ) a_  
Functions for creating and restoring url-safe signed JSON objects.

The format used looks like this:

>>> signing.dumps("hello")
'ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk'

There are two components here, separated by a ':'. The first component is a
URLsafe base64 encoded JSON of the object passed to dumps(). The second
component is a base64 encoded hmac/SHA-256 hash of "$first_component:$secret"

signing.loads(s) checks the signature and returns the deserialized object.
If the signature fails, a BadSignature exception is raised.

>>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv422nZA4sgmk")
'hello'
>>> signing.loads("ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified")
...
BadSignature: Signature "ImhlbGxvIg:1QaUZC:YIye-ze3TTx7gtSv42-modified" does
not match

You can optionally compress the JSON prior to base64 encoding it to save
space, using the compress=True argument. This checks if compression actually
helps and only applies compression if the result is a shorter string:

>>> signing.dumps(list(range(1, 20)), compress=True)
'.eJwFwcERACAIwLCF-rCiILN47r-GyZVJsNgkxaFxoDgxcOHGxMKD_T7vhAml:1QaUaL:BA0thEZrp4FQVXIXuOvYJtLJSrQ'

The fact that the string is compressed is signalled by the prefixed '.' at the
start of the base64 JSON.

There are 65 url-safe characters: the 64 used by url-safe base64 and the ':'.
These functions make use of all of them.
N)settings)constant_time_comparesalted_hmacforce_bytes)import_string)_lazy_re_compilez^[A-z0-9-_=]*$>0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzc                       ] tR t^5tRtRtR# )BadSignaturezSignature does not match. N__name__
__module____qualname____firstlineno____doc____static_attributes__r       H/var/www/idalgo/venv/lib/python3.14/site-packages/django/core/signing.pyr   r   5   s    #r   r   c                       ] tR t^;tRtRtR# )SignatureExpiredz3Signature timestamp is older than required max_age.r   Nr   r   r   r   r   r   ;   s    =r   r   c                     V ^ 8X  d   R# V ^ 8  d   RMRp\        V 4      p RpV ^ 8  d%   \        V ^>4      w  r\        V,          V,           pK+  W,           # )    0- )absdivmodBASE62_ALPHABET)ssignencoded	remainders   &   r   
b62_encoder$   A   sR    Ava%3RDAAG
a%a}!),w6>r   c                     V R 8X  d   ^ # ^pV ^ ,          R8X  d   V R,          p Rp^ pV  F&  pV^>,          \         P                  V4      ,           pK(  	  W,          # )r   r      NN)r   index)r    r!   decodeddigits   &   r   
b62_decoder,   M   sZ    CxDts{bEGB,!6!6u!== >r   c                 L    \         P                  ! V 4      P                  R 4      #    =)base64urlsafe_b64encodestrip)r    s   &r   
b64_encoder3   Z   s    ##A&,,T22r   c                 n    R \        V 4      ) ^,          ,          p\        P                  ! W,           4      # r.   )lenr0   urlsafe_b64decode)r    pads   & r   
b64_decoder8   ^   s)    
3q6'A+
C##AG,,r   c           	      f    \        \        WW#R 7      P                  4       4      P                  4       # )	algorithm)r3   r   digestdecode)saltvaluekeyr;   s   &&&&r   base64_hmacrA   c   s)    D:AACfhr   c                 &    R \        V 4      ,           # )s   django.http.cookiesr   )r@   s   &r   _cookie_signer_keyrC   i   s    !K$444r   c                     \        \        P                  4      pV! \        \        P                  4      \        \        \        P                  4      V R 7      # ))r@   fallback_keysr>   )r   r   SIGNING_BACKENDrC   
SECRET_KEYmapSECRET_KEY_FALLBACKS)r>   Signers   & r   get_cookie_signerrK   n   sA    8334Fx223,h.K.KL r   c                   0   a  ] tR t^wt o RtR tR tRtV tR# )JSONSerializerzK
Simple wrapper around json to be used in signing.dumps and
signing.loads.
c                P    \         P                  ! VRR7      P                  R4      # ),)
separatorslatin-1)rO   :)jsondumpsencode)selfobjs   &&r   rT   JSONSerializer.dumps}   s    zz#*5<<YGGr   c                L    \         P                  ! VP                  R 4      4      # )rQ   )rS   loadsr=   )rV   datas   &&r   rZ   JSONSerializer.loads   s    zz$++i011r   r   N)	r   r   r   r   r   rT   rZ   r   __classdictcell____classdict__s   @r   rM   rM   w   s     
H2 2r   rM   zdjango.core.signingFc                <    \        WR7      P                  WVR7      # )a  
Return URL-safe, hmac signed base64 compressed JSON string. If key is
None, use settings.SECRET_KEY instead. The hmac algorithm is the default
Signer algorithm.

If compress is True (not the default), check if compressing using zlib can
save some space. Prepend a '.' to signify compression. This is included
in the signature, to protect against zip bombs.

Salt can be used to namespace the hash, so that a signed string is
only valid for a given namespace. Leaving this at the default
value or re-using a salt value across different parts of your
application without good cause is a security risk.

The serializer is expected to return a bytestring.
)r@   r>   )
serializercompress)TimestampSignersign_object)rW   r@   r>   ra   rb   s   &&&&&r   rT   rT      s&    & s.::X ;  r   c                @    \        WVR7      P                  V VVR7      # )zp
Reverse of dumps(), raise BadSignature if signature fails.

The serializer is expected to accept a bytestring.
)r@   r>   rE   )ra   max_age)rc   unsign_object)r    r@   r>   ra   rf   rE   s   &&&&&&r   rZ   rZ      s.     -m	  r   c            
       n   a  ] tR t^t o RRRRRRRRRR/R ltRR	 ltR
 tR t]R3R lt	]3R lt
RtV tR# )rJ   r@   NseprR   r>   r;   rE   c                  T;'       g    \         P                  V n        Ve   TM\         P                  V n        W n        T;'       g2    V P                  P                  : RV P                  P                  : 2V n	        T;'       g    RV n
        \        P                  V P
                  4      '       d   \        RV,          4      hR # )N.sha256zJUnsafe Signer separator: %r (cannot be empty or consist of only A-z0-9-_=))r   rG   r@   rI   rE   ri   	__class__r   r   r>   r;   _SEP_UNSAFEmatch
ValueError)rV   r@   ri   r>   r;   rE   s   &$$$$$r   __init__Signer.__init__   s     --(-- ( .. 	
  
 
NN%%NN##
	 #..hTXX&&"$'(  'r   c                    T;'       g    V P                   p\        V P                  R ,           WV P                  R7      # )signerr:   )r@   rA   r>   r;   )rV   r?   r@   s   &&&r   	signatureSigner.signature   s-    ooTXX499x/t~~VVr   c                J    V: V P                   : V P                  V4      : 2# N)ri   ru   )rV   r?   s   &&r   r!   Signer.sign   s     $((DNN5,ABBr   c                D   V P                   V9  d   \        R V P                   ,          4      hVP                  V P                   ^4      w  r#V P                  .V P                  O F'  p\        W0P                  W$4      4      '       g   K%  Vu # 	  \        RV,          4      h)zNo "%s" found in valuezSignature "%s" does not match)ri   r   rsplitr@   rE   r   ru   )rV   signed_valuer?   sigr@   s   &&   r   unsignSigner.unsign   s    88<'7$((BCC!((15
HH2t112C$S..*DEE 3 :S@AAr   Fc                ,   V! 4       P                  V4      pRpV'       d;   \        P                  ! V4      p\        V4      \        V4      ^,
          8  d   TpRp\	        V4      P                  4       pV'       d
   RV,           pV P                  V4      # )a5  
Return URL-safe, hmac signed base64 compressed JSON string.

If compress is True (not the default), check if compressing using zlib
can save some space. Prepend a '.' to signify compression. This is
included in the signature, to protect against zip bombs.

The serializer is expected to return a bytestring.
FTrk   )rT   zlibrb   r5   r3   r=   r!   )rV   rW   ra   rb   r[   is_compressed
compressedbase64ds   &&&&    r   rd   Signer.sign_object   sx     |!!#&t,J:#d)a-0! $T"))+GmGyy!!r   c                    V P                   ! V3/ VB P                  4       pVR ,          R8H  pV'       d
   VR,          p\        V4      pV'       d   \        P                  ! V4      pV! 4       P                  V4      # ):Nr'   N   .r&   )r~   rU   r8   r   
decompressrZ   )rV   
signed_objra   kwargsr   r   r[   s   &&&,   r   rg   Signer.unsign_object   sh     ++j3F3::<R[D(
bkG'"??4(D|!!$''r   )r;   rE   r@   r>   ri   rx   )r   r   r   r   rq   ru   r!   r~   rM   rd   rg   r   r]   r^   s   @r   rJ   rJ      s`     ")-9=MQ*WCB +95 "2 4B ( (r   rJ   c                   H   a a ] tR t^t oR tV 3R ltRV 3R lltRtVtV ;t	# )rc   c                P    \        \        \        P                  ! 4       4      4      # rx   )r$   inttime)rV   s   &r   	timestampTimestampSigner.timestamp   s    #diik*++r   c                h   < V: V P                   : V P                  4       : 2p\        SV `  V4      # rx   )ri   r   superr!   )rV   r?   rm   s   &&r   r!   TimestampSigner.sign  s)    !488T^^-=>w|E""r   c                L  < \         SV `  V4      pVP                  V P                  ^4      w  r\	        V4      pVeg   \        V\        P                  4      '       d   VP                  4       p\        P                  ! 4       V,
          pWR8  d   \        RV: RV: R24      hV# )zS
Retrieve original value and check it wasn't signed more
than max_age seconds ago.
zSignature age z > z seconds)r   r~   r{   ri   r,   
isinstancedatetime	timedeltatotal_secondsr   r   )rV   r?   rf   resultr   agerm   s   &&&   r   r~   TimestampSigner.unsign  s    
 &!==15y)	'8#5#566!//1))+	)C}&#w'WXXr   r   rx   )
r   r   r   r   r   r!   r~   r   r]   __classcell__)rm   r_   s   @@r   rc   rc      s     ,# r   rc   )sha1)z%django.core.signing.get_cookie_signer)"r   r0   r   rS   r   r   django.confr   django.utils.cryptor   r   django.utils.encodingr   django.utils.module_loadingr   django.utils.regex_helperr   rn   r   	Exceptionr   r   r$   r,   r3   r8   rA   rC   rK   rM   rT   rZ   rJ   rc   r   r   r   <module>r      s   "H        B - 5 601R	9 		| 		
3-
5

2 
2 -.SX4 		,J( J(Zf r   