o €Ï–ã@s2dZddlZddlZddlZddd„Zdd„ZdS) zm Utility functions for implementing Proof Key for Code Exchange (PKCE) by OAuth Public Clients See RFC7636. éNé@cCsBt t |¡¡ d¡}t|ƒdkrtdƒ‚t|ƒdkrtdƒ‚|S)aŸ Generates a 'code_verifier' as described in section 4.1 of RFC 7636. This is a 'high-entropy cryptographic random string' that will be impractical for an attacker to guess. Args: n_bytes: integer between 31 and 96, inclusive. default: 64 number of bytes of entropy to include in verifier. Returns: Bytestring, representing urlsafe base64-encoded random data. ó=é+z)Verifier too short. n_bytes must be > 30.é€z(Verifier too long. n_bytes must be < 97.)Úbase64Úurlsafe_b64encodeÚosÚurandomÚrstripÚlenÚ ValueError)Ún_bytesÚverifier©rú;/tmp/google-cloud-sdk/lib/third_party/oauth2client/_pkce.pyÚ code_verifiers   rcCst |¡ ¡}t |¡ d¡S)a“ Creates a 'code_challenge' as described in section 4.2 of RFC 7636 by taking the sha256 hash of the verifier and then urlsafe base64-encoding it. Args: verifier: bytestring, representing a code_verifier as generated by code_verifier(). Returns: Bytestring, representing a urlsafe base64-encoded sha256 hash digest, without '=' padding. r)ÚhashlibÚsha256Údigestrrr )rrrrrÚcode_challenge4sr)r)Ú__doc__rrrrrrrrrÚs