S!SrSSKrSSKrSSKrSSKrSSKrSSKrSSKrSSKJ r SSKJ r SSK J r Sr SrSrSrS r"S S \ R$5rg) z4Class to offload the end to end flow of U2F signing.N)errors)model)baseauthenticatorSK_SIGNING_PLUGINiiijcv\rSrSrSrSr\RR4Sjr Sr Sr Sr Sr S rS rS rg ) CustomAuthenticator%aOffloads U2F signing to a pluggable command-line tool. Offloads U2F signing to a signing plugin which takes the form of a command-line tool. The command-line tool is configurable via the SK_SIGNING_PLUGIN environment variable. The signing plugin should implement the following interface: Communication occurs over stdin/stdout, and messages are both sent and received in the form: [4 bytes - payload size (little-endian)][variable bytes - json payload] Signing Request JSON { "type": "sign_helper_request", "signData": [{ "keyHandle": , "appIdHash": , "challengeHash": , "version": U2F protocol version (usually "U2F_V2") },...], "timeoutSeconds": } Signing Response JSON { "type": "sign_helper_reply", "code": . "errorDetail": , "responseData": { "appIdHash": , "challengeHash": , "keyHandle": , "version": , "signatureData": } } Possible response error codes are: NoError = 0 UnknownError = -127 TouchRequired = 0x6985 WrongData = 0x6a80 cXlg)Norigin)selfr s 8lib/third_party/pyu2f/convenience/customauthenticator.py__init__CustomAuthenticator.__init__UsKcr[RR[5nUc)[R "SR [55eURXUR5upVU"S5 URU/U5nUSUS4nXXn U R5n URXU5$)See base class.z{} env var is not setz*Please insert and touch your security key keyHandle challengeHash) osenvirongetSK_SIGNING_PLUGIN_ENV_VARr PluginErrorformat_BuildPluginRequestr _CallPluginencode_BuildAuthenticatorResponse) rapp_idchallenge_dataprint_callback plugin_cmdclient_data_map signing_inputresponsekey_challenge_pairclient_data_json client_datas r Authenticate CustomAuthenticator.AuthenticateXs  9:J   6 &'@ A CC&*%=%= &-"O@A m>3 4D @@rc0n/nURURU55nUHnUSnURUR5n USn [R"[RR U U5R 5n URURU 55n URUU U URS.5 X4n XU 'M SU[SS.nU[R"U54$)z:Builds a JSON request in the form that the plugin expects.key challenge) appIdHashrrversionsign_helper_requestT)typesignDatatimeoutSeconds localAlways) _Base64Encode_SHA256 key_handler ClientDataTYP_AUTHENTICATIONGetJsonappendr4U2F_SIGNATURE_TIMEOUT_SECONDSjsondumps)rr!r"r r%encoded_challengesapp_id_hash_encodedchallenge_itemr1key_handle_encoded raw_challenger)challenge_hash_encodedr(signing_requests rr'CustomAuthenticator._BuildPluginRequesttsO,,T\\&-AB( 5 !c--cnn=$[1m))    - -  ') $11 ,,' ( **1)[[ ! /G,<()1)6&&7 O DJJ7 77rcnURU5n[US5n[US5nUUUUS.nU$)z,Builds the response to return to the caller. signatureDatar) clientDatarM applicationIdr)r:str)rr!r*plugin_responseencoded_client_datasignature_datar<r's rr /CustomAuthenticator._BuildAuthenticatorResponsesM,,[99:N_[12J*' H Orc[U5n[R"SU5nXBR5-n[R "U[R [R S9nURU5SnUR5nUSSn [R"SU 5Sn USSn U [U 5:wa0[R"SRU [U 5U55e[R"U R55n U R#S5S :waGS RU5n U R#S 5nU(aU S U-- n [R"U 5eU R#S 5nUc%[R"SRU55eU[$:Xa.[R&"[R&R(5eU[*:Xa.[R&"[R&R,5eU[.:wa6[R"SRUU R#S 5U55eU R#S5nUc%[R0"SRU55eU$![ a& [R"SRU55ef=f)z,Calls the plugin and validates the response.z> 2 2    = 6+##M2   "%%n5M    M 6+    K 5   P &{ 3 555s /$J0Kc[R"5nURUR55 UR 5$)z Helper method to perform SHA256.)hashlibsha256updaterdigest)rstringmds rr;CustomAuthenticator._SHA256s,  BIIfmmo 99;rch[R"U5R5RS5$)zEHelper method to base64 encode, strip padding, and return str result.=)base64urlsafe_b64encodergrstrip)r bytes_datas rr:!CustomAuthenticator._Base64Encodes) % %j 1 8 8 : A A# FFrr N)__name__ __module__ __qualname____firstlineno____doc__rsysstderrwriter+r.rr rr;r:__static_attributes__rrr r %sE-^#&**"2"2K0A&8P @D Grr )rrrrBrr^r`rpyu2frrpyu2f.conveniencerrrArnrirlBaseAuthenticatorr rrrrs];   // !#) %PG+==PGr