+ TŎiDaR#t20tRt^RIt^RIt^RIt^RIt^RIt^RIHtH t H t H t H t H t HtHtHt^RIHt^RIHt^RIHt^RIHt^RIHtHt^RIHt!R R ]R R 7tR ]P>R]P>R]P@R]P@R]PBR]PBR]PBR]PBR]PDR]PDR]PDR]PD/ t#]^k]PH!]PJR$8dRMR4t&R%t']^k](!])!]#PU444t+]^k],!0R&m4t-]^kRRlt.RRlt/RR lt0!R!R"4t1R#)'av Digest authentication middleware for aiohttp client. This middleware implements HTTP Digest Authentication according to RFC 7616, providing a more secure alternative to Basic Authentication. It supports all standard hash algorithms including MD5, SHA, SHA-256, SHA-512 and their session variants, as well as both 'auth' and 'auth-int' quality of protection (qop) options. N) CallableDictFinal FrozenSetListLiteralTuple TypedDictUnion)URL)hdrs) ClientError)ClientHandlerType) ClientRequestClientResponse)Payloadc,a]tRt^$toV3RltRtVtR#)DigestAuthChallengecn<V^8dQh/S[;R&S[;R&S[;R&S[;R&S[;R&S[;R&S[;R&#)realmnonceqop algorithmopaquedomainstalestr)format __classdict__s"t/Users/ahmad/.openclaw/workspace/scripts/.venv/lib/python3.14/site-packages/aiohttp/client_middleware_digest_auth.py __annotate__ DigestAuthChallenge.__annotate__$sU J J HN  K  K  JN)__name__ __module__ __qualname____firstlineno____annotate_func____static_attributes____classdictcell__r s@r!rr$sr$rF)totalMD5zMD5-SESSSHAzSHA-SESSSHA256z SHA256-SESSzSHA-256z SHA-256-SESSSHA512z SHA512-SESSzSHA-512z SHA-512-SESSz:(?:^|\s|,\s*)(\w+)\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+))z>(?:^|\s|,\s*)((?>\w+))\s*=\s*(?:"((?:[^"\\]|\\.)*)"|([^\s,]+))c0V^8dQhR\R\/#rvaluereturnr)rs"r!r"r"us%%%%r$c&VPRR4#)z,Escape double quotes for HTTP header values."\"replacer5s&r! escape_quotesr=us ==e $$r$c0V^8dQhR\R\/#r4r)rs"r!r"r"zs%%3%3%r$c&VPRR4#)z-Unescape double quotes in HTTP header values.r9r8r:r<s&r!unescape_quotesr@zs == $$r$cRV^8dQhR\R\\\3,/#)rheaderr6)rr)rs"r!r"r"s"stCH~r$c \PV4UUUu/uF5wrpVP4;p'gK YB'd \V4MTbK7 uppp#uupppi)aI Parse key-value pairs from WWW-Authenticate or similar HTTP headers. This function handles the complex format of WWW-Authenticate header values, supporting both quoted and unquoted values, proper handling of commas in quoted values, and whitespace variations per RFC 7616. Examples of supported formats: - key1="value1", key2=value2 - key1 = "value1" , key2="value, with, commas" - key1=value1,key2="value2" - realm="example.com", nonce="12345", qop="auth" Args: header: The header value string to parse Returns: Dictionary mapping parameter names to their values )_HEADER_PAIRS_PATTERNfindallstripr@)rBkey quoted_val unquoted_val stripped_keys& r!parse_header_pairsrKs\,.C-J-J6-R -R )C\IIK 'L ' R Zoj1\Q-R  s AAca]tRt^toRtRV3RlRlltV3RlRltV3RlRltV3RlR ltV3R lR lt R t Vt R #)DigestAuthMiddlewarea HTTP digest authentication middleware for aiohttp client. This middleware intercepts 401 Unauthorized responses containing a Digest authentication challenge, calculates the appropriate digest credentials, and automatically retries the request with the proper Authorization header. Features: - Handles all aspects of Digest authentication handshake automatically - Supports all standard hash algorithms: - MD5, MD5-SESS - SHA, SHA-SESS - SHA256, SHA256-SESS, SHA-256, SHA-256-SESS - SHA512, SHA512-SESS, SHA-512, SHA-512-SESS - Supports 'auth' and 'auth-int' quality of protection modes - Properly handles quoted strings and parameter parsing - Includes replay attack protection with client nonce count tracking - Supports preemptive authentication per RFC 7616 Section 3.6 Standards compliance: - RFC 7616: HTTP Digest Access Authentication (primary reference) - RFC 2617: HTTP Authentication (deprecated by RFC 7616) - RFC 1945: Section 11.1 (username restrictions) Implementation notes: The core digest calculation is inspired by the implementation in https://github.com/requests/requests/blob/v2.18.4/requests/auth.py with added support for modern digest auth features and error handling. c0<V^8dQhRS[RS[RS[RR/#)rloginpassword preemptiver6N)rbool)rr s"r!r"!DigestAuthMiddleware.__annotate__s3//// /  /r$cVf \R4hVf \R4hRV9d \R4hWnVPR4VnVPR4VnRVn^Vn/VnW0n.Vn R#)Nz"None is not allowed as login valuez%None is not allowed as password value:z8A ":" is not allowed in username (RFC 1945#section-11.1)utf-8r$) ValueError _login_strencode _login_bytes_password_bytes_last_nonce_bytes _nonce_count _challenge _preemptive_protection_space)selfrOrPrQs&&&&r!__init__DigestAuthMiddleware.__init__s =AB B  DE E %<WX X&+*/,,w*?-5__W-E!$/1!+,.r$c V<V^8dQhRS[RS[RS[S[S[R,3,RS[/#)rmethodurlbodyr$r6)rr r rr)rr s"r!r"rSsAa,a,a, #a,+0'#,1F+Ga, a,r$c a#a$"VPpRV9d \R4hRV9d \R4hVR,pVR,pV'g \R4hVPRR4pVPRR 4pVP4p VPR R4p VP R 4p VP R 4p \ V4P p RpR pV'dR R0PVPR4Uu0uF+pVP4'gKVP4kK- up4pV'g\RV 24hRV9dRMR pVP R 4pV \9d%\RV RRP\4 24h\V ,o$RV$3Rllo#RV#3RllpRPVPWP34pVP4 RV 2P 4pVR8XdM\V\ 4'dVP#4GRjxL pMTpS#!V4pRPVV34pS#!V4pS#!V4pWP$8XdV;P&^, unM^VnWnVP&R pVP R 4p\(P*!R P\-VP&4P R 4V \.P0!4P R 4\2P4!^4.44P74R,pVP R 4pV P4P9R4'dS#!RPVV V344pV'd!RPV VVVV34pV!VV4pMV!VRPV V344pR\;VP<4R\;V4R\;V4RV R VP?4RV/pV 'd\;V 4VR &V'dVVR&VVR!&VVR"&.p VPA4F@wp!p"V!\B9dV PEV! R#V" R$24K*V PEV! R%V" 24KB R&RPV 4 2#uupiEL5i)'a} Build digest authorization header for the current challenge. Args: method: The HTTP method (GET, POST, etc.) url: The request URL body: The request body (used for qop=auth-int) Returns: A fully formatted Digest authorization header string Raises: ClientError: If the challenge is missing required parameters or contains unsupported values rz:Malformed Digest auth challenge: Missing 'realm' parameterrz:Malformed Digest auth challenge: Missing 'nonce' parameterzBSecurity issue: Digest auth challenge contains empty 'nonce' valuerrr/rrVr$authzauth-int,zEDigest auth error: Unsupported Quality of Protection (qop) value(s): z/Digest auth error: Unsupported hash algorithm: z. Supported algorithms: z, c0V^8dQhR\R\/#)rxr6bytes)rs"r!r"2DigestAuthMiddleware._encode..__annotate__s 3 3 35 3r$cL<S!V4P4P4#)z.Hs1:'')002 2r$c<V^8dQhR\R\R\/#)rsdr6rn)rs"r!r"rp s! ( (% (E (e (r$c4<S!RPW344#)zDRFC 7616 Section 3: KD(secret, data) = H(concat(secret, ":", data)).:)join)rwrxrts&&r!KD(DigestAuthMiddleware._encode..KD sTYYv&' 'r$rzrUN08x:NNz-SESSusernameuriresponsenccnoncez="r8=zDigest )#r^r getupperrYr path_qs intersectionsplitrFDigestFunctionsr{SUPPORTED_ALGORITHMSrZr[ isinstanceras_bytesr\r]hashlibsha1rtimectimeosurandomrrendswithr=rXdecodeitemsQUOTED_AUTH_FIELDSappend)%rarerfrg challengerrqop_rawalgorithm_originalrr nonce_bytes realm_bytespathr qop_bytesq valid_qopsr|A1A2 entity_bytes entity_hashHA1HA2ncvalue ncvalue_bytesr cnonce_bytesnoncebitresponse_digest header_fieldspairsfieldr5rtrss%&&&& @@r!_encodeDigestAuthMiddleware._encodes&OO ) #L  ) #L  '"'"T --r*&]];>&,,. x,ll7+ ll7+ 3x  *-::$+MM#$6D$6q!'')$6DJ![\c[de!+j 8*fC 7+I O +A)M))-3G)H(IK )3 3 3 ( ( YY));8L8LM N q ' . . 0 * $((%)]]_4 # L/KB ,-Bee 00 0    "  !D !,&&s+w/  HH))*11':JJL''0JJqM     )+c }}W-  ??  % %g . .DIIsK>?@C yym\9cJH!h/O diic0B&CDO  doo6 ]5) ]5) 4 ..0 +  &3F&;M( # #&M% ")M$ &,M( #)//1LE5** wbq12 waw/0 2 5)*++SE< 5sAA SB4SR> R>4SC2S5S6E5S,BSA?Sc&<V^8dQhRS[RS[/#)rrfr6)r rR)rr s"r!r"rSvsr$c \V4pVPF`pVPV4'gK\V4\V48XgVR,R8XdR#V\V4,R8XgK_R# R#)z Check if the given URL is within the current protection space. According to RFC 7616, a URI is in the protection space if any URI in the protection space is a prefix of it (after both have been made absolute). /TF)rr` startswithlen)rarf request_str space_strs&& r!_in_protection_space)DigestAuthMiddleware._in_protection_spacevsi#h //I)))44;3y>1Yr]c5I3y>*c10r$c&<V^8dQhRS[RS[/#)rrr6)rrR)rr s"r!r"rSs9%9%n9%9%r$c  VPR8wdR#VPPRR4pV'gR#VPR4wr4pV'gR#VP 4R8wdR#V'gR#\ V4;p'gR#/Vn\F,pVPV4;p'gKWP V&K. VPP4p VP PR4;p 'd.Vn V P4Fp V PR4p V PR 4'd?VPP\V P!\#V 4444KiVPP\\#V 444K M\V 4.Vn \%VP 4#) zr Takes the given response and tries digest-auth, if needed. Returns true if the original request must be resent. iFzwww-authenticateri digestrr8r)statusheadersr partitionlowerrKr^CHALLENGE_FIELDSrforiginr`rrFrrrr{r rR) rar auth_headerresepr header_pairsrr5rrrs && r! _authenticate"DigestAuthMiddleware._authenticatesx ??c !&&**+=rB *44S9W <<>X %!37 ;; ;%E$((//u//).&& $$&__((2 26 2%'D "||~iin>>#&&**11#fkk#c(6K2LM**11#c#h-@&'*&k]D "DOO$$r$c,<V^8dQhRS[RS[RS[/#)rrequesthandlerr6)rrr)rr s"r!r"rSs%$/@ r$c "Rp\^4FpV^8gFVP'dVP'dvVPVP4'dUVP VP VPVP4GRjxL VP\P&V!V4GRjxL pVPV4'dKM VfQhV#LTL+5i)zRun the digest auth middleware.N) ranger_r^rrfrrergrr AUTHORIZATIONr)rarrr retry_counts&&& r!__call__DigestAuthMiddleware.__call__s 8KQ   OOO--gkk::<@LLNNGKK=7 2 23 %W--H%%h//%$*###7 .s9)C,C, C,4C,C(*C,>C*?C, C,*C,)r^r\rZrXr]r[r_r`N)T) r&r'r(r)__doc__rbrrrrr+r,r-s@r!rMrMs@<//4a,a,F(9%9%vr$rMcV^8dQh/^\9d)\\\\.R3,3,;R&^\9d)\ \ \R,R3,,;R&^\9d"\ \ \R3,,;R&^\9d \ \\,,;R&#)rz hashlib._Hashr.rrrrrrrrrr) __conditional_annotations__rrrrorrrr)rs"r!r"r"sZ  c8UG_$<==> [p  % QRTWW qPUTeE#s(O,TQ^E)C.)_r$) r>rrrrrrr)3rrrrresysrtypingrrrrrrrr r yarlr rir client_exceptionsr client_middlewaresr client_reqreprrpayloadrrmd5rsha256sha512rcompile version_inforDrtuplesortedkeysr frozensetrr=r@rKrMr")rs@r!rsM    *18)5 7;;  7<<  gnn7>> w~~GNN gnn7>> w~~GNN B "  '!B J<   05VO